First stab at Mavlink signing #7530
Conversation
|
@simonegu when do you expect to have it ready to be reviewed, based on your bandwidth? |
|
@TSC21 right now I'm validating it if effectively can parse correctly the signed messages. |
|
@simonegu do you think you can attend the dev call this coming Wednesday (July 19th)? we think this should be discussed at the dev call with the rest of the team, can you please confirm? |
|
@mrpollo sure. |
Hard code the same key for testing as in PX4/PX4-Autopilot#7530
Hard code the same key for testing as in PX4/PX4-Autopilot#7530
|
Update: Thanks to @DonLakeFlyer for implementing the MAVLink signing on QGC (mavlink/qgroundcontrol#5463) with some tweaks, such as hard coding the signing key, I was able to get the parameter, do a take off and a small mission in SITL. |
Hard code the same key for testing as in PX4/PX4-Autopilot#7530
|
@simonegu did you make progress on this? We are interested on adding this on MAVROS (mavlink/mavros#545), so we just wanted to be sync with the implementation on the Firmware and on the GCS. |
|
New QGC PR: mavlink/qgroundcontrol#5582 |
LorenzMeier
force-pushed
the
mavlink_signing
branch
3 times, most recently
from
b171630
to
c4ce5ce
Compare
LorenzMeier
changed the title
|
This is good to go as a first stab. It is not configurable yet but achieves the goal for anyone wanting to set a fixed key and can serve as proof-of-concept. We need to hash out how to restart both sides and make sure system time is right before deploying this widely. |
This adds support for MAVLink 2.0 signing. When enabled only signed messages (or the ones in the unsigned accept list) will be parsed by the system. This allows to harden the link and to ensure that only authorized access is possible.
LorenzMeier
force-pushed
the
mavlink_signing
branch
from
c4ce5ce
to
92fdd34
Compare
|
@simonegu can you rebase please? |
|
@simonegu Could we update / rebase this and cut down the diff to your working version? |
|
We let this die unfortunately. But there's always time to revive it? @simonegu is this still something you are willing to bring in? |
|
Could you give this a rebase? |
|
Since we really need the possibility to sign messages. What is the hampering factor to move forward? |
|
@dk7xe Rebase, then someone to do the remainder of the work, which has essentially not changed since the initial post:
How it should work is pretty well documented: https://mavlink.io/en/guide/message_signing.html @simonegu Can you confirm that is a fair summation of status? |
|
This issue has been automatically marked as stale because it has not had recent activity. Thank you for your contributions. |
|
@simonegu , can you rebase this branch to continue the PR? Thanks! |
|
@jbeyerstedt fyi |
DO NOT MERGE! First attempt to enable MAVLink v2 signing.
A modification is need in the mavlink module. This one https://github.com/mavlink/pymavlink/pull/1 in order to work.
This adds a signing variable to each MAVLink instances.
Right now the key is hard coded this need to be replaced with loading from a persistent memory.
ToDos: