Arduino signed updater #3917
Arduino signed updater #3917
Conversation
for OTA and SD/web uploads)
Refactored the ArduinoOTA code to allow multiple auth mechisms,
including 'better than MD5' digest auth.
Added a RFC 3161 signed OTA security layer (with X.509 certs).
Currently requires some glue code that long term will/should
move into mbedtls.
Updated espota.py to support:
- digests other than MD5 (e.g. SHA256)
- local public/private key pair signed OTA
- RFC 3161 Timeserver/signature based signing (so that
the key does not need to be on a build server.
See also redwax.ey.
…(Credits to @noisegate for finding it).
…L output standard, add API docs.
…uino-esp32 into arduino-signed-updater
…uino-esp32 into arduino-signed-updater
…legacy method for SD/HTTP based updating.
|
the amount of code is really overwhelming. I quite like the end result though. looking forward giving this a try for 2.0 |
|
Yes - I apologies for that. Hope I can move the bulk ultimately into MBED TLS. That helps. And another reason it is so large that I updated all the examples/added examples. If it is more digestible without these -and these done in a second phase - no problem of course. |
|
I understand that it requires quite a bit of code :) also you changed the server architecture a bit, which was also nice. I did not see, is the readme included in the changes? |
|
Moving the mbedtls code would mean ESP-IDF or the lib-builder that compiles the libs from esp-idf. |
|
in |
|
Well - pretty much all of it is a WIP - as said in the intro - this was more for discussion than for immediate inclusion. But happy to make it tree ready in the next few days. |
|
ok, let's start one by one :) Maybe from the functions that espota will need and how to make them pure python (so it can be then compiled into EXE for Windows and binary for Mac) |
| /** | ||
| * | ||
| * @file HTTPUpdate.cpp based om ESP8266HTTPUpdate.cpp | ||
| * @file HTTP_updater->cpp based om ESP8266HTTP_updater->cpp |
There was a problem hiding this comment.
search replace also renamed this comment...
|
|
VojtechBartoska
added
Status: Pending
Type: Feature request
|
Is this still relevant? If so, what is blocking it? Is there anything you can do to help move it forward? This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. |
Would be nice to have this feature though |
VojtechBartoska
added
Status: Review needed
|
@dirkx What is missing in this PR ? Could you also fix the merge conflicts ? |
|
let's just close it. it's draft and @dirkx can open a new one on a fresh base |
7 participants
Not so much as a 'real pull request' -- but more as I am not sure how to best start the conversation as to if this is useful for more people.
What this contains is the ability to use public-key encryption (standard X.509 / RFC 3161 digital timestamps/signatures) to secure an over the air update.
See https://github.com/dirkx/arduino-esp32/blob/arduino-signed-updater/tools/digital-signing.md for an explanation of what is going on.
It also refactors the ArduinoOTA and updater code to allow more modern Hashes.