HTTPS OTA

When IOTMER_AUTO_OTA is enabled and the provision response includes firmware_url and firmware_checksum_sha256, the SDK can download the image over HTTPS (CA bundle), validate it, update NVS metadata, and esp_restart() into the new slot.

Skip when SHA unchanged (default field behaviour)

If the server SHA equals the SHA stored in NVS as last successfully applied firmware, OTA is skipped — saves time and flash wear.

Re-download the same SHA

Two mechanisms exist:

IOTMER_OTA_APPLY_EVEN_IF_SAME_SHA (Kconfig, y in 01_provisioning example defaults) — always re-download when URL + checksum are present, even if NVS already recorded that SHA.
After a successful HTTPS provision on the same boot — the SDK passes after_https_provision = true into the OTA step so one OTA attempt runs even when the SHA matches (aligns NVS and rollouts with a fresh provision response).

NVS keys

Applied firmware SHA is stored under short NVS key names compatible with the 15-character NVS key limit (see component iotmer_nvs.c).

Partition table

ESP-IDF OTA requires two OTA application partitions (plus otadata). The examples default to 4 MB flash and dual OTA in sdkconfig.defaults; adjust flash size and partitions for the target module.

Skip when SHA unchanged (default field behaviour)​

Re-download the same SHA​

NVS keys​

Partition table​

Skip when SHA unchanged (default field behaviour)

Re-download the same SHA

NVS keys

Partition table