Skip to content

Conversation

@dirkx
Copy link
Contributor

@dirkx dirkx commented Apr 19, 2020

Not so much as a 'real pull request' -- but more as I am not sure how to best start the conversation as to if this is useful for more people.

What this contains is the ability to use public-key encryption (standard X.509 / RFC 3161 digital timestamps/signatures) to secure an over the air update.

See https://github.com/dirkx/arduino-esp32/blob/arduino-signed-updater/tools/digital-signing.md for an explanation of what is going on.

It also refactors the ArduinoOTA and updater code to allow more modern Hashes.

dirkx added 26 commits April 19, 2020 19:42
for OTA and SD/web uploads)

Refactored the ArduinoOTA code to allow multiple auth mechisms,
including 'better than MD5' digest auth.

Added a RFC 3161 signed OTA security layer (with X.509 certs).

Currently requires some glue code that long term will/should
move into mbedtls.

Updated espota.py to support:

  - digests other than MD5 (e.g. SHA256)
  - local public/private key pair signed OTA
  - RFC 3161 Timeserver/signature based signing (so that
    the key does not need to be on a build server.
    See also redwax.ey.
@me-no-dev
Copy link
Member

the amount of code is really overwhelming. I quite like the end result though. looking forward giving this a try for 2.0

@dirkx
Copy link
Contributor Author

dirkx commented Nov 2, 2020

Yes - I apologies for that. Hope I can move the bulk ultimately into MBED TLS. That helps.

And another reason it is so large that I updated all the examples/added examples.

If it is more digestible without these -and these done in a second phase - no problem of course.

@me-no-dev
Copy link
Member

I understand that it requires quite a bit of code :) also you changed the server architecture a bit, which was also nice. I did not see, is the readme included in the changes?

@me-no-dev
Copy link
Member

Moving the mbedtls code would mean ESP-IDF or the lib-builder that compiles the libs from esp-idf.

@me-no-dev
Copy link
Member

in espota.py I notice shell commands being executed (openssl, curl). Also some hardcoded values. Should I presume the changes to espota.py to be WIP?

@dirkx
Copy link
Contributor Author

dirkx commented Nov 2, 2020

Well - pretty much all of it is a WIP - as said in the intro - this was more for discussion than for immediate inclusion.

But happy to make it tree ready in the next few days.

@me-no-dev
Copy link
Member

ok, let's start one by one :)

Maybe from the functions that espota will need and how to make them pure python (so it can be then compiled into EXE for Windows and binary for Mac)

/**
*
* @file HTTPUpdate.cpp based om ESP8266HTTPUpdate.cpp
* @file HTTP_updater->cpp based om ESP8266HTTP_updater->cpp

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

search replace also renamed this comment...

@CLAassistant
Copy link

CLAassistant commented Apr 28, 2021

CLA assistant check
All committers have signed the CLA.

@VojtechBartoska VojtechBartoska added Status: Pending Type: Feature request Feature request for Arduino ESP32 and removed Type: Next major labels Oct 21, 2021
@VojtechBartoska VojtechBartoska marked this pull request as draft October 21, 2021 13:48
@stale
Copy link

stale bot commented Apr 16, 2022

Is this still relevant? If so, what is blocking it? Is there anything you can do to help move it forward?

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.

@stale stale bot added the wontfix label Apr 16, 2022
@torntrousers
Copy link
Contributor

Is this still relevant? If so, what is blocking it? Is there anything you can do to help move it forward?

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.

Would be nice to have this feature though

@stale stale bot removed the wontfix label Apr 16, 2022
@VojtechBartoska VojtechBartoska added Status: Review needed Issue or PR is awaiting review and removed Status: Pending labels Jan 24, 2024
@lucasssvaz
Copy link
Member

@dirkx What is missing in this PR ? Could you also fix the merge conflicts ?

@me-no-dev
Copy link
Member

let's just close it. it's draft and @dirkx can open a new one on a fresh base

@me-no-dev me-no-dev closed this Jan 31, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Status: Review needed Issue or PR is awaiting review Type: Feature request Feature request for Arduino ESP32

Projects

None yet

Development

Successfully merging this pull request may close these issues.

7 participants