Security OTA Sketch
-
I have not yet enabled signing or encryption on the node that was running the personalizer with radio activated. Therefor I would expect it to give serial output mysensors started, find parent and so on. Nothing on the output after that security
Execution result SUCCESS
The gateway also has no security activated for now, as this node was the first one to test the personalizer with radio and OTA -
I have not yet enabled signing or encryption on the node that was running the personalizer with radio activated. Therefor I would expect it to give serial output mysensors started, find parent and so on. Nothing on the output after that security
Execution result SUCCESS
The gateway also has no security activated for now, as this node was the first one to test the personalizer with radio and OTA -
that might be true... so it's kind of impossible I think to merge those.
So I have to first upload the personalizer and directly after that the sketch with security enabled and OTA. Is the personalizer sketch the only way to find out its serial for whitelisting? Maybe I need this feature down the road so it's good to know how to get it later -
that might be true... so it's kind of impossible I think to merge those.
So I have to first upload the personalizer and directly after that the sketch with security enabled and OTA. Is the personalizer sketch the only way to find out its serial for whitelisting? Maybe I need this feature down the road so it's good to know how to get it later -
@Anticimex still the question: is there a way to find out a nodes whitelist serial later?
-
that's sad.
Maybe it would be possible to write a sketch to read out the atsha serial and transmit it via mysensors... I will be looking into this further when in need of whitelisting. Until then I will just leave it as it is and only use signing and maybe encryption. -
that's sad.
Maybe it would be possible to write a sketch to read out the atsha serial and transmit it via mysensors... I will be looking into this further when in need of whitelisting. Until then I will just leave it as it is and only use signing and maybe encryption. -
I understand that. Two questions:
what about updating via OTA with whitelisting enabled? Everyone could sniff the new hexfile and read the serial of the whitelisted node, correct?
what about activating encryption? Would that prevent both of these cases? No one could read the hexfile or the send serial without knowing the AES key before. -
I understand that. Two questions:
what about updating via OTA with whitelisting enabled? Everyone could sniff the new hexfile and read the serial of the whitelisted node, correct?
what about activating encryption? Would that prevent both of these cases? No one could read the hexfile or the send serial without knowing the AES key before.@Anduril if encrypted the data "cannot" be decoded. The serial is not stored in any firmware. The only exception being a personalizer sketch that will personalize for software signing.
For atsha204a based signing, serial is never stored in sketch, only in runtime. -
Just in the rare case I want to use it later (and I have encryption enabled in the whole mysensors network) I could theoretically write a sketch inspired by the personalizer to read the serial and send this as a payload to the gateway without anyone out there able to read.
-
Just in the rare case I want to use it later (and I have encryption enabled in the whole mysensors network) I could theoretically write a sketch inspired by the personalizer to read the serial and send this as a payload to the gateway without anyone out there able to read.
@Anduril Well, its all opensource, so you are free to do whatever you want. Just remember that if you are starting to alter the behaviour and use of the security infrastructure, you could potentially compromise it for yourself and those that use your code.
