The documentation has been enhanced to describe the verification of firmware with the firmware updater. Examples have also been provided that describe how keys can be generated and how firmware can be signed.
1142: More rp2040 BufferedUart fixes r=Dirbaio a=timokroeger
* Refactor init code
* Make it possible to drop RX without breaking TX (or vice versa)
* Correctly handle RX buffer full scenario
Co-authored-by: Timo Kröger <timokroeger93@gmail.com>
1147: Support codesigning in the firmware updater r=lulf a=huntc
This PR provides a method to verify that firmware has been SHA-512 hashed and signed with a private key given its public key. The implementation provides both [`ed25519-dalek`](https://github.com/dalek-cryptography/ed25519-dalek/blob/main/Cargo.toml) and [`salty`](https://github.com/ycrypto/salty) as the signature verifiers. Either of the `ed25519-dalek` and `ed25519-salty` features is required to enable the functionality from `embassy-boot`.
The `verify_and_mark_updated` method is used in place of `mark_updated` when signing is used via its feature. This avoids the accidental omission of validation where it has been declared as required at compile time. It also keeps the parity of calls at the same number to the previous situation.
The PR permits other types of signature verifiers in the future on the proviso that the [Signature trait](https://github.com/RustCrypto/traits/tree/master/signature) is supported.
Finally, I've updated the CI to include testing `embassy-boot`, which it was doing before. In addition, I've included a unit test for verification based on a `ed25519-dalek` documentation example. This tests both the `dalek` and `salty` implementations.
In terms of code size comparisons, `dalek` adds about 68KiB and `salty` adds about 20KiB. I'm using `salty` myself. I've also tested this out by signing my code with the OpenBSD `signify` utility and then verify it during firmware upload using `salty`.
Co-authored-by: huntc <huntchr@gmail.com>
This commit provides a method to verify that firmware has been signed with a private key given its public key. The implementation uses ed25519-dalek as the signature verifier. An "ed25519" feature is required to enable the functionality. When disabled (the default), calling the firmware updater's verify method will return a failure.
1145: STM32 USB OTG #2 r=Dirbaio a=chemicstry
This is a continuation of #799
The usb serial example is already working!
TODO:
- [x] Add critical sections to registers shared with IRQ
- [x] Fix `disable()`
- [x] ~Implement cable disconnect detection~ - postponed
- [x] Fix `endpoint_set_enabled()`
- [x] ~Endpoint `wait_enabled`~ USB OTG does not have enable delay (?)
- [x] HS internal and HS ULPI PHY - untested
Co-authored-by: chemicstry <chemicstry@gmail.com>
Co-authored-by: Dario Nieuwenhuis <dirbaio@dirbaio.net>
1149: Add samples for nrf5340 r=lulf a=Tiwalun
Samples for the nrf5340, copied from the existing nrf samples.
Not sure if copying them is the best way of adding support, or using features in the existing samples would be better?
The code is mostly the same, with some different peripherals and pin mappings for the DK.
Co-authored-by: Dominik Boehi <dominik.boehi@gmail.com>
* Only clear interrupt flags that have fired (so that we do not lose any error flags)
* Enable RX interrupt when a read is requested, disable it when the RX buffer is full
* Rework TX interrupt handling: its "edge" triggered by a FIFO threshold
1141: feat: compile bootloader examples for nRF91 r=lulf a=lulf
* Add nRF91 as target in CI builds
* Add example linker scripts for nrf91
* Make less nRF52 assumptions example config
* Add llvm-tools-preview required for cargo objcopy example
Co-authored-by: Ulf Lilleengen <lulf@redhat.com>
1143: rp2040: add {tx,rx}-only constructors to UART r=Dirbaio a=pferreir
As discussed with `@henrik-alser` on Matrix. I also added an example, feel free to remove it if it's too much.
Co-authored-by: Pedro Ferreira <pedro@dete.st>
When data is in the RX fifo the RX timeout interrupt goes high again even after clearing it.
The result is a deadlock because execution is stuck in the interrupt handler. No other code
can run to clear the receive buffer.
Enable and disable RX interrupts based on the buffer fill level.
Use the same approach for the TX code path.
* Add nRF91 as target in CI builds
* Add example linker scripts for nrf91
* Make less nRF52 assumptions example config
* Add llvm-tools-preview required for cargo objcopy example
1139: Wdt config changes r=lulf a=huntc
Per commits:
* By passing WDT config around we can control it more easily and promote sharing it between files.
* The memory layout of the s140 crept into a number of memory files, which can cause confusion (well, it did for me!).
* Obtaining the current WDT config is useful so that we do not have to duplicate configurations around the place. A constructor method has been introduced that attempts to return the current running WDT config from the WDT peripheral. The bootloader example has also been updated to show how the watchdog can be obtained and used.
Co-authored-by: huntc <huntchr@gmail.com>
Obtaining the current WDT config is important so that we do not have to duplication configuration around the place. A constructor method has been introduced that returns WDT config in accordance with how the register is presently configured. The bootloader example has also been updated to show the watchdog can be obtained and used.
1093: Add random example r=Dirbaio a=miathedev
Thanks Lulf for the help!
This should be added as example so other people can look it up easily.
With love,
Mia
1127: clean up doc comment generation r=Dirbaio a=Weshnaw
I noticed that when I created doc comments for my tasks that the doc comments got included on the inner function but not the outer functions, I personally prefer keeping the documentation as clean as possible so this PR aims to hide the inner function and then add doc comments to the outer function.
The actual changes include:
* adding #[doc(hidden)] onto the `task_inner` function
* I flip flopped on this one because I could imagine someone may want this in their docs, but decided to include but I think arguments could be made either way
* copy the attributes from `task_inner` to `task_outer`
* I don't work with proc_macros often so I am not entirely sure if the way I went about it is correct but it seems to work fine
* specifically: using `parse_quote` to create the `task_outer` as a `ItemFn` then duplicating the attributes from `task_inner` to `task_outer`
* I also am not sure if it's a good idea to duplicate all attributes over, but I honestly wasn't sure how to just get the just doc comment attributes
![OLD doc](https://user-images.githubusercontent.com/3748858/209456006-bfa6d40d-d3bf-4c1d-a2de-cf40828b58e5.png)
![NEW doc](https://user-images.githubusercontent.com/3748858/209456011-995363a3-f5b1-4ea3-9db9-1c566643efcb.png)
Co-authored-by: miathedev <mia@metzler.systems>
Co-authored-by: Brendon Fallquist <bfallquist@gmail.com>
1130: USB serial (CDC-ACM) improvements r=Dirbaio a=timokroeger
* Remove unused call management descriptor
* Set flag for supported capabilities
The rp `usb_serial` example still works with windows hosts.
Co-authored-by: Timo Kröger <timokroeger93@gmail.com>
1136: Fix a typo r=Dirbaio a=lonesometraveler
Many thanks for maintaining this project. Here is a minor typo fix.
Co-authored-by: Kentaro Okuda <lonesometraveler@mac.com>