Overview
This is a custom OTA update system I built for the ESP32. It handles firmware updates over the network, switches partitions safely, and gives you full control over how and when devices get updated. Everything is built around making updates reliable without sacrificing flexibility.
The ESP runs the firmware, hosts a web dashboard on the local network, and pulls new firmware from a backend when triggered. It writes to the inactive partition, flips the boot config, and reboots into the new firmware. If that fails, it auto-rolls back to the last good state. You don't need to touch it and there's no risk of bricking or any external dependencies you can't see or modify.
The dual partition approach ensures there's always a working firmware version available, while the automated rollback mechanism protects against failed updates. Each update is verified with checksums before activation, with complete transparency through the dashboard.
The web dashboard shows firmware info, update history, and provides a firmware upload interface. You can trigger updates directly from the browser, with full visibility into device status and update logs.
Project Structure
On the ESP32:
- Dual partition logic using esp_ota_ops.h and esp_partition.h
- Firmware is split into modules: main app logic, OTA update manager, display output
- Boot counter stored in NVS to detect failures
- Rollback after 3 failed boots
- Firmware versions and boot logs saved to SPIFFS
- OLED screen shows boot state and firmware version on startup
- Hosts a local HTTP(S) server for the update dashboard
Boot Process
The bootloader is paired with a counter that gets incremented every time the device boots unsuccessfully. If the counter goes over a set limit (3 by default), it flips the boot partition back to the previous one and reboots again. That rollback logic is persistent, automatic, and doesn't rely on user input.
The update logic is built to avoid touching the running partition. Firmware gets written to the other slot, verified, then the boot config is changed. If it fails, it self-heals.
Frontend
There's a web dashboard I made that shows firmware info, update history, and a firmware upload interface. You can trigger updates directly from the browser. It includes:
- File upload (drag and drop or file select)
- Version and timestamp display
- Auth (basic HTTP login)
- Device status and update logs
- API endpoints for triggering updates and pulling status
The dashboard is static, hosted on GitHub Pages or anywhere you want, and talks to the backend and device through simple REST calls.
Backend BETA
Firmware is hosted on an HTTPS server (AWS S3). The ESP32 downloads from there when instructed, using a secure connection and verifying the SHA256 checksum before flashing anything. You can configure auth, signed URLs, or whatever storage logic you need.
Key Features
Safe OTA updates that don't brick
Always writes to the inactive partition. If something goes wrong, the fallback kicks in with no intervention.
Full update control from your browser
No IDE, no serial cable. Upload a .bin file from your dashboard and the ESP takes care of the rest.
Persistent state tracking
Every boot is logged. Failed ones increment a counter. Success clears it. Rollbacks happen automatically if needed.
Built for scaling or self-hosting
Works offline or online. Can be deployed across multiple devices or used in one-off setups.
Tech Stack
This project is made to be reused. I've used it on different ESP32 projects, and it keeps things sane when you're managing firmware that might change often. No part of it is hidden or magic. Everything from the frontend to the flash memory logic is visible and adjustable.
A scalable OTA update framework for ESP32 devices with safe dual-partitioning.
View Showcase →