-
Notifications
You must be signed in to change notification settings - Fork 13.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
EKF2: Spoofing GPS check #23366
base: main
Are you sure you want to change the base?
EKF2: Spoofing GPS check #23366
Conversation
@@ -703,6 +719,12 @@ void EstimatorChecks::checkGps(const Context &context, Report &reporter, const s | |||
events::ID("check_estimator_gps_multiple_spoofing_indicated"), | |||
events::Log::Critical, "GPS reports multiple spoofing indicated"); | |||
|
|||
if (!_gps_spoofed) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we should be getting this event any time it transitions to spoofed right?
@@ -450,6 +450,22 @@ void EstimatorChecks::checkEstimatorStatus(const Context &context, Report &repor | |||
events::ID("check_estimator_gps_vert_speed_drift_too_high"), | |||
log_level, "GPS Vertical Speed Drift too high"); | |||
|
|||
} else if (estimator_status.gps_check_fail_flags & (1 << estimator_status_s::GPS_CHECK_FAIL_SPOOFED)) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Now that we're getting this through the estimator I would delete all the checks directly on vehicle_gps_position spoofing.
The check through the estimator is better because we can decide to ignore it or need through the EKF2_GPS_CHECK bit.
@@ -136,6 +137,29 @@ void Ekf::collect_gps(const gnssSample &gps) | |||
|
|||
bool Ekf::runGnssChecks(const gnssSample &gps) | |||
{ | |||
// Check GPS spoofing | |||
// hysterisis: spoofing needs to be consistent for 1 second before it is declared | |||
constexpr uint64_t hysteresis_gps_spoofing_us = 1e6; // 1 second, hardcoded |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- Does GNSS spoofing really require its own dedicated hysteresis (remember we have that on all these checks as a whole as well)
- If yes, then let's start using
src/lib/hysteresis/hysteresis.h
for these to keep it simple. https://github.com/PX4/PX4-Autopilot/blob/ac1effa32a4bc4541481778295d4a0d0c213f86f/src/lib/hysteresis/hysteresis.h
@@ -450,6 +450,22 @@ void EstimatorChecks::checkEstimatorStatus(const Context &context, Report &repor | |||
events::ID("check_estimator_gps_vert_speed_drift_too_high"), | |||
log_level, "GPS Vertical Speed Drift too high"); | |||
|
|||
} else if (estimator_status.gps_check_fail_flags & (1 << estimator_status_s::GPS_CHECK_FAIL_SPOOFED)) { | |||
message = "Preflight%s: GPS signal spoofed"; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This one is relevant beyond preflight.
Here is a log with an example with false positive spoofing. We probably want spoofing state to be >=2 for a period of time before failing the check. https://review.px4.io/plot_app?log=8e03bae1-1551-4c93-bf6b-19c22e3c78a1 |
Solved Problem
Currently the spoofing state, which gets set by the GPS driver, does not have any effect on the estimator.
Solution
One can now add the spoofing state to the EKF2_GPS_CHECK. For it to fail, the spoofing flag has to be consistently true over a second and vice-versa for it to pass again.
There is now also a event which gets sent once when the first spoofed message arrives. This will notify the user, independent of the settings chosen in EKF2_GPS_CHECK.