I made a mistake.
Secure OTA is using RSA code in ROM, so it is a feature that's only available on 20737S.
My apologies for the confusion.
If I don't want the Secure OTA and just implement the normal OTA as explained in the example - ota_firmware_upgrade for hello sensor
Just to ask: what does secure mean here?
Is it encrypted when sent via BLE from Android to device? Or also encrypted when FW image (OTA bin file) is taken from an Internet server? Or the OTA file itself is encrypted? (where is it decrypted?)
I want to do this:
The OTA bin file should sit in my local Android phone, e.g. copied to Android phone via USB from PC into a folder on SD Card. Or, at best: if APK will be installed - it comes with the OTA bin file (as part of "res/raw" or "assets").
If I go to the settings menu - I want to select to send this local OTA file from Android phone via BLE to device.
Not via Internet or connecting a hosting server.
Is there anything to bear in mind due to security (encryption)?
Could I make it also open (for easier use)?
Is there anything to sign, e.g. the OTA bin file itself?
You should be fine then. The AppNote describes the Secure version of OTA, which leverages the Polar SSL port of the RSA Code that is resident in ROM:How to operate RSA in BCM20737S & BCM20737S document
As you have noted, for non-scure OTA, there is a simple explanation in the headers of the sources. Plus there is a Readme in the ota_firmware_upgrade\peerapps\windows\wsotaupgrade directory.