Skip to content

Updated esp_secure_cert_mgr and IDF v5.0 support #20

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 10 commits into from
May 22, 2023
Merged

Updated esp_secure_cert_mgr and IDF v5.0 support #20

merged 10 commits into from
May 22, 2023

Conversation

@dhavalgujar
Copy link
Collaborator

@dhavalgujar dhavalgujar commented Dec 29, 2022

No description provided.

@dhavalgujar
Adds provision to provide RootCA and moves esp_secure_cert_mgr submod…
92bb6e3 
…ule pointer ahead.

- esp_secure_cert_mgr API usage updated
- Added AmazonRootCA1 as default RootCA
@dhavalgujar
Adds support for IDF v5.0
9f13bd7 
- Partition table changed to reflect new default size of `esp_secure_cert` partition.
- Component `cbor` is now fetched from IDF Component Registry.
@dhavalgujar
Removed esp_secure_cert_mgr submodule and added it via IDF Componen…
882cfeb 
…t Registry

- esp_secure_cert_mgr APIs fixed in qualification_app_main.c
- Added code in qualification_app_main.c to fetch RootCA from file.
@dhavalgujar
Multi-SoC support and fixes to qualification_app_main.c
020b6d6 
- Added support for all Espressif SoCs by adding appropriate checks in `hardware_drivers/`
- `esp_secure_cert_mgr` API fixes in qualification_app_main.c
- Removed `ws2812_led` component in favour of `led_strip` which is fetched from IDF Component Registry.
- Removed C3-specific lines from sdkconfig.defaults
@n9wxu n9wxu mentioned this pull request Feb 3, 2023
Closed
@dhavalgujar dhavalgujar marked this pull request as ready for review February 16, 2023 15:29
@dhavalgujar dhavalgujar requested a review from a team as a code owner February 16, 2023 15:29
jasonpcarroll
jasonpcarroll reviewed Feb 23, 2023
View reviewed changes
@puneet-arora15
Copy link

puneet-arora15 commented Feb 24, 2023

@dhavalgujar The documentation needs a bit of updating, as I'm going through the PR testing the process-
Getting started guide.md
2.3-1- python managed_components/espressif__esp_secure_cert_mgr/tools/configure_esp_secure_cert.py -p /* Serial port */ --keep_ds_data_on_host --efuse_key_id 1 --ca-cert cacert.pem --device-cert client.crt --private-key client.key --target_chip /* target chip */ --secure_cert_type cust_flash

2.3 -2 (Not required anymore as the python script writes to the partition)

I will keep adding comments for the doc stuff on here as I find them out

@kstribrnAmzn
Copy link
Member

kstribrnAmzn commented Feb 28, 2023

How was this tested?

@idea--list idea--list mentioned this pull request May 17, 2023
Closed
@idea--list
Copy link

idea--list commented May 17, 2023
edited
Loading

Am testing this PR for some days now. The last commit that i can get working on my ESP32S3 is that from 3rd january.
Later commits changed something about how certificate related things are implemented and whenever the FW tries to establish a TLS connection i always get esp-tls-mbedtls: mbedtls_x509_crt_parse returned -0x2180 message on the console. Meaning my certificates are not properly formatted. However i use the same certificates as before. Maybe i just miss something with the later commits to get them working.

While testing the commit from 3rd january when sub_pub_unsub_demo is enabled i often get this message in about 10-30 minutes after starting: Error or timed out waiting for ack for publish message X. Re-attempting publish. Right after that message it manages to reestablish the TLS connection, publishes the next message, but then sub_pub_unsub_demo stops doing anything, while ota_demo continues to run. That message comes from line 543 in sub_pub_unsub_demo.c. Inside prvPublishToTopic() there is a do-while loop. By commenting out the do and while part it hangs less often and the messages still get published as the prvPublishToTopic() function is called anyways regularly by prvSubscribePublishUnsubscribeTask. So not sure if the do while loop is of any benefit there.

Update: i added some heap and stack statistics to the code. Tasks SubPub0 and OTADemoTask had only 276 and 796 bytes of free stack which is way too low. So increased the stack size of those including coreMQTTAgentConnectionTask to 4096. SubPub0 still stops within an hour. Next i pinned all the tasks to core 0, which did not help. Then i also have set all the task priorities to the same and let it run overnight. After applying all these changes the program ran 9087 seconds without SubPub0 stopping. Instead of that all the tasks stopped, the system does not do anything for hours now and the power consumption has doubled. Despite more than 130 KB is free on heap and all stacks have more than 1400 bytes free. Have no idea why this happens.

@n9wxu n9wxu merged commit 6bec3de into FreeRTOS:main May 22, 2023
@idea--list idea--list mentioned this pull request Jun 7, 2023
Closed
@JasonYan324
Copy link

JasonYan324 commented Aug 6, 2024

@dhavalgujar The documentation needs a bit of updating, as I'm going through the PR testing the process- Getting started guide.md 2.3-1- python managed_components/espressif__esp_secure_cert_mgr/tools/configure_esp_secure_cert.py -p /* Serial port */ --keep_ds_data_on_host --efuse_key_id 1 --ca-cert cacert.pem --device-cert client.crt --private-key client.key --target_chip /* target chip */ --secure_cert_type cust_flash

2.3 -2 (Not required anymore as the python script writes to the partition)

I will keep adding comments for the doc stuff on here as I find them out

IDF5.2.2 & IDF5.3 are not support yet

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jasonpcarroll jasonpcarroll jasonpcarroll approved these changes

+1 more reviewer

@n9wxu n9wxu n9wxu approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

7 participants

@dhavalgujar @puneet-arora15 @kstribrnAmzn @idea--list @JasonYan324 @n9wxu @jasonpcarroll