Offload IoT Cloud connection to Nina module #208
Conversation
Codecov Report
@@ Coverage Diff @@
## master #208 +/- ##
=======================================
Coverage 95.27% 95.27%
=======================================
Files 25 25
Lines 889 889
=======================================
Hits 847 847
Misses 42 42
Continue to review full report at Codecov.
|
There was a problem hiding this comment.
Concerning 46aa5f6 : Why? Can't imagine writing all the data via I2C is faster than doing it all in software. An additional drawback regarding security is that the whole application is available on the I2C lines for sniffing on every startup. It doesn't make a difference right now, with no read-out protection fuses blown, but could be in the future with Arduino Cloud being used for industrial grade solutions.
The goal is to get rid of bearssl entirely in case we offload SSL operation to the Nina; this path is "free" since we already include ECCx08 library, any other strategy will add a dependency. |
|
I understand your motivation but we can get rid of 98% of BearSSL and still keep their software-hash implementation. I consider the drawbacks of exposing the binary (runtime, secrecy) to severe to justify doing it. |
|
@aentinger fixed by 13fbaf5 |
facchinm
force-pushed
the
offload-ssl-nina-take2
branch
from
13fbaf5
to
df6818a
Compare
|
Hi @per1234 👋 Can you please extend this PR by adding CI build for Arduino Uno WiFi. Rev. 2? One additional needed dependency for Uno WiFi Rev. 2 build is |
OK, here you go; |
Temporarily remove OTA support since it depends on bearssl's SHA256 APIs
Need to add a patch to Arduino_ConnectionHandler: diff --git a/src/Arduino_ConnectionHandler.h b/src/Arduino_ConnectionHandler.h index 195ab13..8d80f2e 100644 --- a/src/Arduino_ConnectionHandler.h +++ b/src/Arduino_ConnectionHandler.h @@ -29,7 +29,8 @@ #define WIFI_FIRMWARE_VERSION_REQUIRED WIFI_FIRMWARE_REQUIRED #endif -#if defined(ARDUINO_SAMD_MKRWIFI1010) || defined(ARDUINO_SAMD_NANO_33_IOT) +#if defined(ARDUINO_SAMD_MKRWIFI1010) || defined(ARDUINO_SAMD_NANO_33_IOT) || \ + defined(ARDUINO_AVR_UNO_WIFI_REV2) #include <WiFiNINA.h> #include <WiFiUdp.h>
Loses 2KB of flash compared with 46aa5f6 but it's surely faster
…of and maintainable way.
…ROR/WARNING/... to avoid name clashes with ídentically named constants within Arduino_DebugUtils
…compiled in (which is the case when working with Uno WiFi Rev. 2
aentinger
force-pushed
the
offload-ssl-nina-take2
branch
from
484cca9
to
7ed85b0
Compare
…ion anyway only servers as a stub to allow compilation for megaavr architecture.
…rchitecture in samd, mbed and megaavr (all currently supported arduino boards.
It's required by the offloaded ecc anyway, so it will be ok
|
Memory usage change @ b57d900
Click for full report table
Click for full report CSV |
…s actually defined, i.e. if any debug output is enabled on the platform.
…le to see errors otherwise)?
|
As far as I understand this is a breaking change that requires the nina firmware to be updated. This would need a UI/UX works from our side, so please do not release a new version for now 😄 |
|
@eclipse1985 - yes 😉 |
Requires nina-fw 1.4.2
The SHA256 on OTA should be retested on the field (could be too slow for real world usage). In that case we should vendor a software only, embedded friendly implementation.
TODO: add control code if fw is < 1.4.2 that HALTS the execution. Strings comparison (
<=>) should be checked on megaAVR since it reports false results.