Failed to make encryption work on a barebone ATMEGA328P
Troubleshooting
42
Posts
5
Posters
2.9k
Views
5
Watching
-
I've enabled
MY_DEBUG_VERBOSE_SIGNINGandMY_DEBUG_VERBOSE_RFM69, here is what I get:__ __ ____ | \/ |_ _/ ___| ___ _ __ ___ ___ _ __ ___ | |\/| | | | \___ \ / _ \ `_ \/ __|/ _ \| `__/ __| | | | | |_| |___| | __/ | | \__ \ _ | | \__ \ |_| |_|\__, |____/ \___|_| |_|___/\___/|_| |___/ |___/ 2.3.1 16 MCO:BGN:INIT NODE,CP=RPNNAS-X,REL=255,VER=2.3.1 40 !SGN:PER:TAMPERED 77 SGN:INI:BND OK 79 TSM:INIT 81 TSF:WUR:MS=0 83 RFM69:INIT 83 RFM69:INIT:PIN,CS=10,IQP=2,IQN=0 90 RFM69:PTX:LEVEL=5 dBm 92 TSM:INIT:TSP OK 94 TSM:FPAR 96 SGN:SGN:NREQ=255 98 RFM69:SWR:SEND,TO=255,SEQ=0,RETRY=0 102 RFM69:CSMA:RSSI=-108 108 TSF:MSG:SEND,255-255-255-255,s=255,c=3,t=7,pt=0,l=0,sg=0,ft=0,st=OK: 2117 !TSM:FPAR:NO REPLY 2119 TSM:FPAR 2121 SGN:SGN:NREQ=255 2123 RFM69:SWR:SEND,TO=255,SEQ=1,RETRY=0 2127 RFM69:CSMA:RSSI=-108 2136 TSF:MSG:SEND,255-255-255-255,s=255,c=3,t=7,pt=0,l=0,sg=0,ft=0,st=OK: 4145 !TSM:FPAR:NO REPLY 4147 TSM:FPAR 4149 SGN:SGN:NREQ=255 4151 RFM69:SWR:SEND,TO=255,SEQ=2,RETRY=0 4155 RFM69:CSMA:RSSI=-107 4163 TSF:MSG:SEND,255-255-255-255,s=255,c=3,t=7,pt=0,l=0,sg=0,ft=0,st=OK: 6172 !TSM:FPAR:NO REPLY 6174 TSM:FPAR 6176 SGN:SGN:NREQ=255 6178 RFM69:SWR:SEND,TO=255,SEQ=3,RETRY=0 6182 RFM69:CSMA:RSSI=-108 6191 TSF:MSG:SEND,255-255-255-255,s=255,c=3,t=7,pt=0,l=0,sg=0,ft=0,st=OK: 8200 !TSM:FPAR:FAIL 8202 TSM:FAIL:CNT=1 8204 TSM:FAIL:DIS 8206 TSF:TDI:TSL 8206 RFM69:RSLI'm wondering: maybe I should try to dump the EEPROM memory to be sure the keys were properly set?
Also, regarding my question in the first post, do you know where messages are dropped if the AES key isn't correct? Is it at the radio or software level?
-
@kimot: I used the SecurityPersonalizer sketch with the keys defined in it.
Here is the beginning of the sketch:/* * The MySensors Arduino library handles the wireless radio link and protocol * between your home built sensors/actuators and HA controller of choice. * The sensors forms a self healing radio network with optional repeaters. Each * repeater and gateway builds a routing tables in EEPROM which keeps track of the * network topology allowing messages to be routed to nodes. * * Created by Henrik Ekblad <henrik.ekblad@mysensors.org> * Copyright (C) 2013-2018 Sensnology AB * Full contributor list: https://github.com/mysensors/MySensors/graphs/contributors * * Documentation: http://www.mysensors.org * Support Forum: http://forum.mysensors.org * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License * version 2 as published by the Free Software Foundation. * */ /** * @ingroup MySigninggrp * @{ * @file SecurityPersonalizer.ino * @brief Security personalization sketch * * REVISION HISTORY * - See git log (git log libraries/MySensors/examples/SecurityPersonalizer/SecurityPersonalizer.ino) */ /** * @example SecurityPersonalizer.ino * This sketch will personalize either none-volatile memory or ATSHA204A for security functions * available in the MySensors library.<br> * Details on personalization procedure is given in @ref personalization.<br> * This sketch will when executed without modifications also print a guided workflow on the UART. */ #include "sha204_library.h" #include "sha204_lib_return_codes.h" /** @brief Make use of the MySensors framework without invoking the entire system */ #define MY_CORE_ONLY #include <MySensors.h> /************************************ User defined key data ***************************************/ /** @brief The user-defined HMAC key to use unless @ref GENERATE_HMAC_KEY is set */ #define MY_HMAC_KEY 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x01,0x02,0x03,0x04,0x05 /** @brief The user-defined AES key to store in EEPROM unless @ref GENERATE_AES_KEY is set */ #define MY_AES_KEY 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x01,0x02,0x03,0x04,0x05,0x06,0x07 /** @brief The user-defined soft serial to use for soft signing unless @ref GENERATE_SOFT_SERIAL is set */ #define MY_SOFT_SERIAL 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF /***************************** Flags for guided personalization flow ******************************/ /** * @def GENERATE_KEYS_ATSHA204A * @brief Default settings for generating keys using ATSHA204A * * @note The generated keys displayed in the serial log with this setting needs to be written down * and transferred to all nodes this gateway will communicate with. This is mandatory for ALL * nodes for encryption (AES key). For signing (HMAC key) it is only required for nodes that * use signing. Typically you set the values for @ref MY_HMAC_KEY and @ref MY_AES_KEY. */ //#define GENERATE_KEYS_ATSHA204A /** * @def GENERATE_KEYS_SOFT * @brief Default settings for generating keys using software * * @b Important<br> * You will need to ensure @ref MY_SIGNING_SOFT_RANDOMSEED_PIN is set to an unconnected analog pin * in order to provide entropy to the software RNG if your hardware has no HWRNG. * * @note The generated keys displayed in the serial log with this setting needs to be written down * and transferred to all nodes this gateway will communicate with. This is mandatory for ALL * nodes for encryption (AES key). For signing (HMAC key) it is only required for nodes that * use signing. Typically you set the values for @ref MY_HMAC_KEY and @ref MY_AES_KEY. */ //#define GENERATE_KEYS_SOFT /** * @def PERSONALIZE_ATSHA204A * @brief Default settings for personalizing an ATSHA204A * * It is assumed that you have updated @ref MY_HMAC_KEY and @ref MY_AES_KEY with the keys displayed * when executing this sketch with @ref GENERATE_KEYS_ATSHA204A or @ref GENERATE_KEYS_SOFT defined. */ //#define PERSONALIZE_ATSHA204A /** * @def PERSONALIZE_SOFT * @brief Default settings for personalizing EEPROM for software signing * * It is assumed that you have updated @ref MY_HMAC_KEY and @ref MY_AES_KEY with the keys displayed * when executing this sketch with @ref GENERATE_KEYS_ATSHA204A or @ref GENERATE_KEYS_SOFT defined. */ #define PERSONALIZE_SOFT /** * @def PERSONALIZE_SOFT_RANDOM_SERIAL * @brief This is an alternative to @ref PERSONALIZE_SOFT which will also store a randomly generated * serial to EEPROM in addition to the actions performed by @ref PERSONALIZE_SOFT. Take note of the * generated soft serial as it will be needed if you plan to use whitelisting. It should be * unique for each node. * * @note This is only needed for targets that lack unique device IDs. The sketch will inform you if * there is a need for generating a random serial or not. Check the "Hardware security * peripherals" listing. If a target has a unique device ID and a serial in EEPROM, the serial * in EEPROM will be used. If erased (replaced with FF:es) the unique device ID will be used * instead. */ //#define PERSONALIZE_SOFT_RANDOM_SERIAL /*************************** The settings below are for advanced users ****************************/ /** * @def USE_SOFT_SIGNING * @brief Uncomment this to generate keys by software and store them to EEPROM instead of ATSHA204A */ //#define USE_SOFT_SIGNING /** * @def LOCK_ATSHA204A_CONFIGURATION * @brief Uncomment this to enable locking the ATSHA204A configuration zone * * It is still possible to change the key, and this also enable random key generation. * @warning BE AWARE THAT THIS PREVENTS ANY FUTURE CONFIGURATION CHANGE TO THE CHIP */ //#define LOCK_ATSHA204A_CONFIGURATION /** * @def SKIP_UART_CONFIRMATION * @brief Uncomment this for boards that lack UART * * This will disable additional confirmation for actions that are non-reversible. * * @b Important<br> For ATSHA204A, no confirmation will be required for locking any zones with this * configuration! Also, if you generate keys on a board without UART, you have no way of determining * what the key is unless it is stored in EEPROM. */ //#define SKIP_UART_CONFIRMATION /** * @def GENERATE_HMAC_KEY * @brief Uncomment this to generate a random HMAC key using ATSHA204A or software depending on * @ref USE_SOFT_SIGNING * @note If not enabled, key defined by @ref MY_HMAC_KEY will be used instead. */ //#define GENERATE_HMAC_KEY /** * @def STORE_HMAC_KEY * @brief Uncomment this to store HMAC key to ATSHA204A or EEPROM depending on @ref USE_SOFT_SIGNING */ //#define STORE_HMAC_KEY /** * @def GENERATE_AES_KEY * @brief Uncomment this to generate a random AES key using ATSHA204A or software depending on * @ref USE_SOFT_SIGNING * @note If not enabled, key defined by @ref MY_AES_KEY will be used instead. */ //#define GENERATE_AES_KEY /** * @def STORE_AES_KEY * @brief Uncomment this to store AES key to EEPROM */ //#define STORE_AES_KEY /** * @def GENERATE_SOFT_SERIAL * @brief Uncomment this to generate a random serial number for software signing * @note If not enabled, serial defined by @ref MY_SOFT_SERIAL will be used instead. */ #define GENERATE_SOFT_SERIAL /** * @def STORE_SOFT_SERIAL * @brief Uncomment this to store the serial number to EEPROM */ //#define STORE_SOFT_SERIAL /** * @def PRINT_DETAILED_ATSHA204A_CONFIG * @brief Uncomment to print the detailed ATSHA204A configuration */ //#define PRINT_DETAILED_ATSHA204A_CONFIG /** * @def RESET_EEPROM_PERSONALIZATION * @brief Uncomment to reset the personalization data in EEPROM to 0xFF:es */ //#define RESET_EEPROM_PERSONALIZATION /********************* Guided mode flag configurations (don't change these) ***********************/ #ifdef GENERATE_KEYS_ATSHA204A #define LOCK_ATSHA204A_CONFIGURATION // We have to lock configuration to enable random number generation #define GENERATE_HMAC_KEY // Generate random HMAC key #define GENERATE_AES_KEY // Generate random AES key #define SKIP_UART_CONFIRMATION // This is an automated mode #endif #ifdef GENERATE_KEYS_SOFT #define USE_SOFT_SIGNING // Use software backend #define GENERATE_HMAC_KEY // Generate random HMAC key #define GENERATE_AES_KEY // Generate random AES key #define SKIP_UART_CONFIRMATION // This is an automated mode #endif #ifdef PERSONALIZE_ATSHA204A #define LOCK_ATSHA204A_CONFIGURATION // We have to lock configuration to enable random number generation #define STORE_HMAC_KEY // Store the HMAC key #define STORE_AES_KEY // Store the AES key #define SKIP_UART_CONFIRMATION // This is an automated mode #endif #ifdef PERSONALIZE_SOFT_RANDOM_SERIAL #define GENERATE_SOFT_SERIAL // Generate a soft serial number #define PERSONALIZE_SOFT // Do the rest as PERSONALIZE_SOFT #endif #ifdef PERSONALIZE_SOFT #define USE_SOFT_SIGNING // Use software backend #define STORE_HMAC_KEY // Store the HMAC key #define STORE_AES_KEY // Store the AES key #define STORE_SOFT_SERIAL // Store the soft serial number #define SKIP_UART_CONFIRMATION // This is an automated mode #endif #if defined(GENERATE_HMAC_KEY) || defined(GENERATE_AES_KEY) || defined(GENERATE_SOFT_SERIAL) #define GENERATE_SOMETHING #endif #if defined(MY_LOCK_MCU) #undefine MY_LOCK_MCU // The Sketch after SecurityPersonaliter should lock the MCU #endif /********************************** Preprocessor sanitychecks *************************************/Note that the values of MY_HMAC_KEY and MY_AES_KEY in the text above are not the ones I'm currently using.
I re-checked that the AES and HMAC keys are indeed the same on the gateway and that's correct.I don't use the MY_SOFT_SERIAL key yet, so I let the sketch generate a random one.
@Anticimex: I could indeed see in the file
~/Arduino/hardware/breadboard/avr/boards.txtthatatmega328bb.build.f_cpu=8000000Lis defined. -
@encrypt
I am not sure, if we speak about the same AES key.
I mean encryption key for RFM69 chip, because you select using encryption by this radio in your network.
But I am on my mobile only, so it is dificult study source codes Now. -
I've enabled
MY_DEBUG_VERBOSE_SIGNINGandMY_DEBUG_VERBOSE_RFM69, here is what I get:__ __ ____ | \/ |_ _/ ___| ___ _ __ ___ ___ _ __ ___ | |\/| | | | \___ \ / _ \ `_ \/ __|/ _ \| `__/ __| | | | | |_| |___| | __/ | | \__ \ _ | | \__ \ |_| |_|\__, |____/ \___|_| |_|___/\___/|_| |___/ |___/ 2.3.1 16 MCO:BGN:INIT NODE,CP=RPNNAS-X,REL=255,VER=2.3.1 40 !SGN:PER:TAMPERED 77 SGN:INI:BND OK 79 TSM:INIT 81 TSF:WUR:MS=0 83 RFM69:INIT 83 RFM69:INIT:PIN,CS=10,IQP=2,IQN=0 90 RFM69:PTX:LEVEL=5 dBm 92 TSM:INIT:TSP OK 94 TSM:FPAR 96 SGN:SGN:NREQ=255 98 RFM69:SWR:SEND,TO=255,SEQ=0,RETRY=0 102 RFM69:CSMA:RSSI=-108 108 TSF:MSG:SEND,255-255-255-255,s=255,c=3,t=7,pt=0,l=0,sg=0,ft=0,st=OK: 2117 !TSM:FPAR:NO REPLY 2119 TSM:FPAR 2121 SGN:SGN:NREQ=255 2123 RFM69:SWR:SEND,TO=255,SEQ=1,RETRY=0 2127 RFM69:CSMA:RSSI=-108 2136 TSF:MSG:SEND,255-255-255-255,s=255,c=3,t=7,pt=0,l=0,sg=0,ft=0,st=OK: 4145 !TSM:FPAR:NO REPLY 4147 TSM:FPAR 4149 SGN:SGN:NREQ=255 4151 RFM69:SWR:SEND,TO=255,SEQ=2,RETRY=0 4155 RFM69:CSMA:RSSI=-107 4163 TSF:MSG:SEND,255-255-255-255,s=255,c=3,t=7,pt=0,l=0,sg=0,ft=0,st=OK: 6172 !TSM:FPAR:NO REPLY 6174 TSM:FPAR 6176 SGN:SGN:NREQ=255 6178 RFM69:SWR:SEND,TO=255,SEQ=3,RETRY=0 6182 RFM69:CSMA:RSSI=-108 6191 TSF:MSG:SEND,255-255-255-255,s=255,c=3,t=7,pt=0,l=0,sg=0,ft=0,st=OK: 8200 !TSM:FPAR:FAIL 8202 TSM:FAIL:CNT=1 8204 TSM:FAIL:DIS 8206 TSF:TDI:TSL 8206 RFM69:RSLI'm wondering: maybe I should try to dump the EEPROM memory to be sure the keys were properly set?
Also, regarding my question in the first post, do you know where messages are dropped if the AES key isn't correct? Is it at the radio or software level?
@encrypt
The key here is "!SGN:PER:Tampered".
The security backend checks a checksum of the eeprom data used for security. If it is not valid, it considers data tampered and will not use it. So your eeprom has been corrupted one way or another. Or you use either a really old personalizer or a really old library version.
Edit: not old library. And old library would not care about checksum. -
Hello again,
I don't know why I'm getting that "!SGN:PER:Tampered" message...
I've run the SecurityPersonalizer sketch again and it reported that everything went as expected:+------------------------------------------------------------------------------------+ | MySensors security personalizer | +------------------------------------------------------------------------------------+ +------------------------------------------------------------------------------------+ | Configuration settings | +------------------------------------------------------------------------------------+ | * Guided personalization/storage of keys in EEPROM | | * Software based personalization (no ATSHA204A usage whatsoever) | | * Will not require any UART confirmations | | * Will store HMAC key to EEPROM | | * Will store AES key to EEPROM | | * Will generate soft serial using software | | * Will store soft serial to EEPROM | +------------------------------------------------------------------------------------+ +------------------------------------------------------------------------------------+ | Hardware security peripherals | +--------------+--------------+--------------+------------------------------+--------+ | Device | Status | Revision | Serial number | Locked | +--------------+--------------+--------------+------------------------------+--------+ | AVR | DETECTED | N/A | N/A (generation required) | N/A | +--------------+--------------+--------------+------------------------------+--------+ +------------------------------------------------------------------------------------+ | Key generation | +--------+--------+------------------------------------------------------------------+ | Key ID | Status | Key | +--------+--------+------------------------------------------------------------------+ | SERIAL | OK | 2DFECBDAE05BB8414C | +--------+--------+------------------------------------------------------------------+ +------------------------------------------------------------------------------------+ | Key copy section | +------------------------------------------------------------------------------------+ #define MY_SOFT_SERIAL 0x2D,0xFE,0xCB,0xDA,0xE0,0x5B,0xB8,0x41,0x4C +------------------------------------------------------------------------------------+ +------------------------------------------------------------------------------------+ | Key storage | +--------+--------+------------------------------------------------------------------+ | Key ID | Status | Key | +--------+--------+------------------------------------------------------------------+ | HMAC | OK | XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX | | AES | OK | XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX | | SERIAL | OK | 2DFECBDAE05BB8414C | +--------+--------+------------------------------------------------------------------+ +------------------------------------------------------------------------------------+ | EEPROM | +--------+--------+------------------------------------------------------------------+ | Key ID | Status | Key | +--------+--------+------------------------------------------------------------------+ | HMAC | OK | XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX | | AES | OK | XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX | | SERIAL | OK | 2DFECBDAE05BB8414C | +--------+--------+------------------------------------------------------------------+ +------------------------------------------------------------------------------------+ | This nodes whitelist entry on other nodes | +------------------------------------------------------------------------------------+ {.nodeId = <ID of this node>,.serial = {0x2D,0xFE,0xCB,0xDA,0xE0,0x5B,0xB8,0x41,0x4C}} +------------------------------------------------------------------------------------+ +------------------------------------------------------------------------------------+ | WHAT TO DO NEXT? | +------------------------------------------------------------------------------------+ | This device has now been personalized. Run this sketch with its current settings | | on all the devices in your network that have security enabled. | +------------------------------------------------------------------------------------+ +------------------------------------------------------------------------------------+ | Execution result | +------------------------------------------------------------------------------------+ | SUCCESS | +------------------------------------------------------------------------------------+Also, note I'm running the latest version of the SecurityPersonalizer sketch, which can be found here: https://github.com/mysensors/MySensors/blob/development/examples/SecurityPersonalizer/SecurityPersonalizer.ino
I really don't know what can be wrong here...
Could the 8MHz internal clock be the faulty part? Maybe it fails to correctly read the EEPROM data due to a misconfigured clock?Here is what avrdude shows in the debug view of the Arduino IDE ; using the Arduino Uno as a programmer:
/opt/arduino-1.8.7/hardware/tools/avr/bin/avrdude -C/opt/arduino-1.8.7/hardware/tools/avr/etc/avrdude.conf -v -patmega328p -carduino -P/dev/ttyACM0 -b19200 -Uflash:w:/tmp/arduino_build_879921/fil_pilote.ino.hex:i avrdude: Version 6.3-20171130 Copyright (c) 2000-2005 Brian Dean, http://www.bdmicro.com/ Copyright (c) 2007-2014 Joerg Wunsch System wide configuration file is "/opt/arduino-1.8.7/hardware/tools/avr/etc/avrdude.conf" User configuration file is "/home/encrypt/.avrduderc" User configuration file does not exist or is not a regular file, skipping Using Port : /dev/ttyACM0 Using Programmer : arduino Overriding Baud Rate : 19200 AVR Part : ATmega328P Chip Erase delay : 9000 us PAGEL : PD7 BS2 : PC2 RESET disposition : dedicated RETRY pulse : SCK serial program mode : yes parallel program mode : yes Timeout : 200 StabDelay : 100 CmdexeDelay : 25 SyncLoops : 32 ByteDelay : 0 PollIndex : 3 PollValue : 0x53 Memory Detail : Block Poll Page Polled Memory Type Mode Delay Size Indx Paged Size Size #Pages MinW MaxW ReadBack ----------- ---- ----- ----- ---- ------ ------ ---- ------ ----- ----- --------- eeprom 65 20 4 0 no 1024 4 0 3600 3600 0xff 0xff flash 65 6 128 0 yes 32768 128 256 4500 4500 0xff 0xff lfuse 0 0 0 0 no 1 0 0 4500 4500 0x00 0x00 hfuse 0 0 0 0 no 1 0 0 4500 4500 0x00 0x00 efuse 0 0 0 0 no 1 0 0 4500 4500 0x00 0x00 lock 0 0 0 0 no 1 0 0 4500 4500 0x00 0x00 calibration 0 0 0 0 no 1 0 0 0 0 0x00 0x00 signature 0 0 0 0 no 3 0 0 0 0 0x00 0x00 Programmer Type : Arduino Description : Arduino Hardware Version: 2 Firmware Version: 1.18 Topcard : Unknown Vtarget : 0.0 V Varef : 0.0 V Oscillator : Off SCK period : 0.1 us avrdude: AVR device initialized and ready to accept instructions Reading | ################################################## | 100% 0.01s avrdude: Device signature = 0x1e950f (probably m328p) avrdude: NOTE: "flash" memory has been specified, an erase cycle will be performed To disable this feature, specify the -D option. avrdude: erasing chip avrdude: reading input file "/tmp/arduino_build_879921/fil_pilote.ino.hex" avrdude: writing flash (21394 bytes): Writing | ################################################## | 100% 23.60s avrdude: 21394 bytes of flash written avrdude: verifying flash memory against /tmp/arduino_build_879921/fil_pilote.ino.hex: avrdude: load data flash data from input file /tmp/arduino_build_879921/fil_pilote.ino.hex: avrdude: input file /tmp/arduino_build_879921/fil_pilote.ino.hex contains 21394 bytes avrdude: reading on-chip flash data: Reading | ################################################## | 100% 13.37s avrdude: verifying ... avrdude: 21394 bytes of flash verified avrdude done. Thank you.Come have fun with me on IRC: #mysensors on Libera.chat :)
-
Hello again,
I don't know why I'm getting that "!SGN:PER:Tampered" message...
I've run the SecurityPersonalizer sketch again and it reported that everything went as expected:+------------------------------------------------------------------------------------+ | MySensors security personalizer | +------------------------------------------------------------------------------------+ +------------------------------------------------------------------------------------+ | Configuration settings | +------------------------------------------------------------------------------------+ | * Guided personalization/storage of keys in EEPROM | | * Software based personalization (no ATSHA204A usage whatsoever) | | * Will not require any UART confirmations | | * Will store HMAC key to EEPROM | | * Will store AES key to EEPROM | | * Will generate soft serial using software | | * Will store soft serial to EEPROM | +------------------------------------------------------------------------------------+ +------------------------------------------------------------------------------------+ | Hardware security peripherals | +--------------+--------------+--------------+------------------------------+--------+ | Device | Status | Revision | Serial number | Locked | +--------------+--------------+--------------+------------------------------+--------+ | AVR | DETECTED | N/A | N/A (generation required) | N/A | +--------------+--------------+--------------+------------------------------+--------+ +------------------------------------------------------------------------------------+ | Key generation | +--------+--------+------------------------------------------------------------------+ | Key ID | Status | Key | +--------+--------+------------------------------------------------------------------+ | SERIAL | OK | 2DFECBDAE05BB8414C | +--------+--------+------------------------------------------------------------------+ +------------------------------------------------------------------------------------+ | Key copy section | +------------------------------------------------------------------------------------+ #define MY_SOFT_SERIAL 0x2D,0xFE,0xCB,0xDA,0xE0,0x5B,0xB8,0x41,0x4C +------------------------------------------------------------------------------------+ +------------------------------------------------------------------------------------+ | Key storage | +--------+--------+------------------------------------------------------------------+ | Key ID | Status | Key | +--------+--------+------------------------------------------------------------------+ | HMAC | OK | XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX | | AES | OK | XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX | | SERIAL | OK | 2DFECBDAE05BB8414C | +--------+--------+------------------------------------------------------------------+ +------------------------------------------------------------------------------------+ | EEPROM | +--------+--------+------------------------------------------------------------------+ | Key ID | Status | Key | +--------+--------+------------------------------------------------------------------+ | HMAC | OK | XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX | | AES | OK | XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX | | SERIAL | OK | 2DFECBDAE05BB8414C | +--------+--------+------------------------------------------------------------------+ +------------------------------------------------------------------------------------+ | This nodes whitelist entry on other nodes | +------------------------------------------------------------------------------------+ {.nodeId = <ID of this node>,.serial = {0x2D,0xFE,0xCB,0xDA,0xE0,0x5B,0xB8,0x41,0x4C}} +------------------------------------------------------------------------------------+ +------------------------------------------------------------------------------------+ | WHAT TO DO NEXT? | +------------------------------------------------------------------------------------+ | This device has now been personalized. Run this sketch with its current settings | | on all the devices in your network that have security enabled. | +------------------------------------------------------------------------------------+ +------------------------------------------------------------------------------------+ | Execution result | +------------------------------------------------------------------------------------+ | SUCCESS | +------------------------------------------------------------------------------------+Also, note I'm running the latest version of the SecurityPersonalizer sketch, which can be found here: https://github.com/mysensors/MySensors/blob/development/examples/SecurityPersonalizer/SecurityPersonalizer.ino
I really don't know what can be wrong here...
Could the 8MHz internal clock be the faulty part? Maybe it fails to correctly read the EEPROM data due to a misconfigured clock?Here is what avrdude shows in the debug view of the Arduino IDE ; using the Arduino Uno as a programmer:
/opt/arduino-1.8.7/hardware/tools/avr/bin/avrdude -C/opt/arduino-1.8.7/hardware/tools/avr/etc/avrdude.conf -v -patmega328p -carduino -P/dev/ttyACM0 -b19200 -Uflash:w:/tmp/arduino_build_879921/fil_pilote.ino.hex:i avrdude: Version 6.3-20171130 Copyright (c) 2000-2005 Brian Dean, http://www.bdmicro.com/ Copyright (c) 2007-2014 Joerg Wunsch System wide configuration file is "/opt/arduino-1.8.7/hardware/tools/avr/etc/avrdude.conf" User configuration file is "/home/encrypt/.avrduderc" User configuration file does not exist or is not a regular file, skipping Using Port : /dev/ttyACM0 Using Programmer : arduino Overriding Baud Rate : 19200 AVR Part : ATmega328P Chip Erase delay : 9000 us PAGEL : PD7 BS2 : PC2 RESET disposition : dedicated RETRY pulse : SCK serial program mode : yes parallel program mode : yes Timeout : 200 StabDelay : 100 CmdexeDelay : 25 SyncLoops : 32 ByteDelay : 0 PollIndex : 3 PollValue : 0x53 Memory Detail : Block Poll Page Polled Memory Type Mode Delay Size Indx Paged Size Size #Pages MinW MaxW ReadBack ----------- ---- ----- ----- ---- ------ ------ ---- ------ ----- ----- --------- eeprom 65 20 4 0 no 1024 4 0 3600 3600 0xff 0xff flash 65 6 128 0 yes 32768 128 256 4500 4500 0xff 0xff lfuse 0 0 0 0 no 1 0 0 4500 4500 0x00 0x00 hfuse 0 0 0 0 no 1 0 0 4500 4500 0x00 0x00 efuse 0 0 0 0 no 1 0 0 4500 4500 0x00 0x00 lock 0 0 0 0 no 1 0 0 4500 4500 0x00 0x00 calibration 0 0 0 0 no 1 0 0 0 0 0x00 0x00 signature 0 0 0 0 no 3 0 0 0 0 0x00 0x00 Programmer Type : Arduino Description : Arduino Hardware Version: 2 Firmware Version: 1.18 Topcard : Unknown Vtarget : 0.0 V Varef : 0.0 V Oscillator : Off SCK period : 0.1 us avrdude: AVR device initialized and ready to accept instructions Reading | ################################################## | 100% 0.01s avrdude: Device signature = 0x1e950f (probably m328p) avrdude: NOTE: "flash" memory has been specified, an erase cycle will be performed To disable this feature, specify the -D option. avrdude: erasing chip avrdude: reading input file "/tmp/arduino_build_879921/fil_pilote.ino.hex" avrdude: writing flash (21394 bytes): Writing | ################################################## | 100% 23.60s avrdude: 21394 bytes of flash written avrdude: verifying flash memory against /tmp/arduino_build_879921/fil_pilote.ino.hex: avrdude: load data flash data from input file /tmp/arduino_build_879921/fil_pilote.ino.hex: avrdude: input file /tmp/arduino_build_879921/fil_pilote.ino.hex contains 21394 bytes avrdude: reading on-chip flash data: Reading | ################################################## | 100% 13.37s avrdude: verifying ... avrdude: 21394 bytes of flash verified avrdude done. Thank you.@encrypt normally when this happens, it is the main sketch that writes something to eeprom without taking into consideration what parts of the eeprom the MySensors library reserves for internal use.
Could you try to run the personalizer to write the eeprom, then your main sketch, and after that the personalizer again, but this time, configured to not write any data, just print out what is already there?
Sara should be identical but I strongly suspect it will not be (as the main sketch consider data "tampered"). -
I've run the Arduino IDE in "debug" mode to be sure the F_CPU variable was taken into account and it seems it is indeed:
/opt/arduino-1.8.7/arduino-builder -dump-prefs -logger=machine -hardware /opt/arduino-1.8.7/hardware -hardware /home/encrypt/Arduino/hardware -tools /opt/arduino-1.8.7/tools-builder -tools /opt/arduino-1.8.7/hardware/tools/avr -built-in-libraries /opt/arduino-1.8.7/libraries -libraries /home/encrypt/Arduino/libraries -fqbn=breadboard:avr:atmega328bb -vid-pid=0X2341_0X0043 -ide-version=10807 -build-path /tmp/arduino_build_879921 -warnings=none -build-cache /tmp/arduino_cache_286732 -prefs=build.warn_data_percentage=75 -prefs=runtime.tools.avr-gcc.path=/opt/arduino-1.8.7/hardware/tools/avr -prefs=runtime.tools.avr-gcc-5.4.0-atmel3.6.1-arduino2.path=/opt/arduino-1.8.7/hardware/tools/avr -prefs=runtime.tools.avrdude.path=/opt/arduino-1.8.7/hardware/tools/avr -prefs=runtime.tools.avrdude-6.3.0-arduino14.path=/opt/arduino-1.8.7/hardware/tools/avr -prefs=runtime.tools.arduinoOTA.path=/opt/arduino-1.8.7/hardware/tools/avr -prefs=runtime.tools.arduinoOTA-1.2.1.path=/opt/arduino-1.8.7/hardware/tools/avr -verbose /home/encrypt/Documents/Projets/Domotique/Fil_pilote/fil_pilote/fil_pilote.ino /opt/arduino-1.8.7/arduino-builder -compile -logger=machine -hardware /opt/arduino-1.8.7/hardware -hardware /home/encrypt/Arduino/hardware -tools /opt/arduino-1.8.7/tools-builder -tools /opt/arduino-1.8.7/hardware/tools/avr -built-in-libraries /opt/arduino-1.8.7/libraries -libraries /home/encrypt/Arduino/libraries -fqbn=breadboard:avr:atmega328bb -vid-pid=0X2341_0X0043 -ide-version=10807 -build-path /tmp/arduino_build_879921 -warnings=none -build-cache /tmp/arduino_cache_286732 -prefs=build.warn_data_percentage=75 -prefs=runtime.tools.avr-gcc.path=/opt/arduino-1.8.7/hardware/tools/avr -prefs=runtime.tools.avr-gcc-5.4.0-atmel3.6.1-arduino2.path=/opt/arduino-1.8.7/hardware/tools/avr -prefs=runtime.tools.avrdude.path=/opt/arduino-1.8.7/hardware/tools/avr -prefs=runtime.tools.avrdude-6.3.0-arduino14.path=/opt/arduino-1.8.7/hardware/tools/avr -prefs=runtime.tools.arduinoOTA.path=/opt/arduino-1.8.7/hardware/tools/avr -prefs=runtime.tools.arduinoOTA-1.2.1.path=/opt/arduino-1.8.7/hardware/tools/avr -verbose /home/encrypt/Documents/Projets/Domotique/Fil_pilote/fil_pilote/fil_pilote.ino Using board 'atmega328bb' from platform in folder: /home/encrypt/Arduino/hardware/breadboard/avr Using core 'arduino' from platform in folder: /opt/arduino-1.8.7/hardware/arduino/avr Detecting libraries used... /opt/arduino-1.8.7/hardware/tools/avr/bin/avr-g++ -c -g -Os -w -std=gnu++11 -fpermissive -fno-exceptions -ffunction-sections -fdata-sections -fno-threadsafe-statics -Wno-error=narrowing -flto -w -x c++ -E -CC -mmcu=atmega328p -DF_CPU=8000000L -DARDUINO=10807 -DARDUINO_AVR_ATMEGA328BB -DARDUINO_ARCH_AVR -I/opt/arduino-1.8.7/hardware/arduino/avr/cores/arduino -I/opt/arduino-1.8.7/hardware/arduino/avr/variants/standard /tmp/arduino_build_879921/sketch/fil_pilote.ino.cpp -o /dev/null /opt/arduino-1.8.7/hardware/tools/avr/bin/avr-g++ -c -g -Os -w -std=gnu++11 -fpermissive -fno-exceptions -ffunction-sections -fdata-sections -fno-threadsafe-statics -Wno-error=narrowing -flto -w -x c++ -E -CC -mmcu=atmega328p -DF_CPU=8000000L -DARDUINO=10807 -DARDUINO_AVR_ATMEGA328BB -DARDUINO_ARCH_AVR -I/opt/arduino-1.8.7/hardware/arduino/avr/cores/arduino -I/opt/arduino-1.8.7/hardware/arduino/avr/variants/standard -I/home/encrypt/Arduino/libraries/MySensors /tmp/arduino_build_879921/sketch/fil_pilote.ino.cpp -o /dev/null /opt/arduino-1.8.7/hardware/tools/avr/bin/avr-g++ -c -g -Os -w -std=gnu++11 -fpermissive -fno-exceptions -ffunction-sections -fdata-sections -fno-threadsafe-statics -Wno-error=narrowing -flto -w -x c++ -E -CC -mmcu=atmega328p -DF_CPU=8000000L -DARDUINO=10807 -DARDUINO_AVR_ATMEGA328BB -DARDUINO_ARCH_AVR -I/opt/arduino-1.8.7/hardware/arduino/avr/cores/arduino -I/opt/arduino-1.8.7/hardware/arduino/avr/variants/standard -I/home/encrypt/Arduino/libraries/MySensors -I/opt/arduino-1.8.7/hardware/arduino/avr/libraries/SPI/src /tmp/arduino_build_879921/sketch/fil_pilote.ino.cpp -o /dev/null Using cached library dependencies for file: /home/encrypt/Arduino/libraries/MySensors/MyASM.S Using cached library dependencies for file: /opt/arduino-1.8.7/hardware/arduino/avr/libraries/SPI/src/SPI.cpp Generating function prototypes... /opt/arduino-1.8.7/hardware/tools/avr/bin/avr-g++ -c -g -Os -w -std=gnu++11 -fpermissive -fno-exceptions -ffunction-sections -fdata-sections -fno-threadsafe-statics -Wno-error=narrowing -flto -w -x c++ -E -CC -mmcu=atmega328p -DF_CPU=8000000L -DARDUINO=10807 -DARDUINO_AVR_ATMEGA328BB -DARDUINO_ARCH_AVR -I/opt/arduino-1.8.7/hardware/arduino/avr/cores/arduino -I/opt/arduino-1.8.7/hardware/arduino/avr/variants/standard -I/home/encrypt/Arduino/libraries/MySensors -I/opt/arduino-1.8.7/hardware/arduino/avr/libraries/SPI/src /tmp/arduino_build_879921/sketch/fil_pilote.ino.cpp -o /tmp/arduino_build_879921/preproc/ctags_target_for_gcc_minus_e.cpp /opt/arduino-1.8.7/tools-builder/ctags/5.8-arduino11/ctags -u --language-force=c++ -f - --c++-kinds=svpf --fields=KSTtzns --line-directives /tmp/arduino_build_879921/preproc/ctags_target_for_gcc_minus_e.cpp Compilation du croquis... /opt/arduino-1.8.7/hardware/tools/avr/bin/avr-g++ -c -g -Os -w -std=gnu++11 -fpermissive -fno-exceptions -ffunction-sections -fdata-sections -fno-threadsafe-statics -Wno-error=narrowing -MMD -flto -mmcu=atmega328p -DF_CPU=8000000L -DARDUINO=10807 -DARDUINO_AVR_ATMEGA328BB -DARDUINO_ARCH_AVR -I/opt/arduino-1.8.7/hardware/arduino/avr/cores/arduino -I/opt/arduino-1.8.7/hardware/arduino/avr/variants/standard -I/home/encrypt/Arduino/libraries/MySensors -I/opt/arduino-1.8.7/hardware/arduino/avr/libraries/SPI/src /tmp/arduino_build_879921/sketch/fil_pilote.ino.cpp -o /tmp/arduino_build_879921/sketch/fil_pilote.ino.cpp.o Compiling libraries... Compiling library "MySensors" Utilisation du fichier déjà compilé : /tmp/arduino_build_879921/libraries/MySensors/MyASM.S.o Compiling library "SPI" Utilisation du fichier déjà compilé : /tmp/arduino_build_879921/libraries/SPI/SPI.cpp.o Compiling core... Using precompiled core: /tmp/arduino_cache_286732/core/core_breadboard_avr_atmega328bb_8bcbb10bb0e7a5b614c24d1e9ac07d80.a Linking everything together... /opt/arduino-1.8.7/hardware/tools/avr/bin/avr-gcc -w -Os -g -flto -fuse-linker-plugin -Wl,--gc-sections -mmcu=atmega328p -o /tmp/arduino_build_879921/fil_pilote.ino.elf /tmp/arduino_build_879921/sketch/fil_pilote.ino.cpp.o /tmp/arduino_build_879921/libraries/MySensors/MyASM.S.o /tmp/arduino_build_879921/libraries/SPI/SPI.cpp.o /tmp/arduino_build_879921/../arduino_cache_286732/core/core_breadboard_avr_atmega328bb_8bcbb10bb0e7a5b614c24d1e9ac07d80.a -L/tmp/arduino_build_879921 -lm /opt/arduino-1.8.7/hardware/tools/avr/bin/avr-objcopy -O ihex -j .eeprom --set-section-flags=.eeprom=alloc,load --no-change-warnings --change-section-lma .eeprom=0 /tmp/arduino_build_879921/fil_pilote.ino.elf /tmp/arduino_build_879921/fil_pilote.ino.eep /opt/arduino-1.8.7/hardware/tools/avr/bin/avr-objcopy -O ihex -R .eeprom /tmp/arduino_build_879921/fil_pilote.ino.elf /tmp/arduino_build_879921/fil_pilote.ino.hex Utilisation de la bibliothèque MySensors version 2.3.1 dans le dossier: /home/encrypt/Arduino/libraries/MySensors Utilisation de la bibliothèque SPI version 1.0 dans le dossier: /opt/arduino-1.8.7/hardware/arduino/avr/libraries/SPI /opt/arduino-1.8.7/hardware/tools/avr/bin/avr-size -A /tmp/arduino_build_879921/fil_pilote.ino.elf Le croquis utilise 21394 octets (69%) de l'espace de stockage de programmes. Le maximum est de 30720 octets. Les variables globales utilisent 1022 octets de mémoire dynamique.Now, to answer your question @Anticimex, how do you run the SecurityPersonalizer sketch to only print the content of the EEPROM and not do any write? I've commented out all options but now it reports that no #define has been set :sweat_smile:
Come have fun with me on IRC: #mysensors on Libera.chat :)
-
I've run the Arduino IDE in "debug" mode to be sure the F_CPU variable was taken into account and it seems it is indeed:
/opt/arduino-1.8.7/arduino-builder -dump-prefs -logger=machine -hardware /opt/arduino-1.8.7/hardware -hardware /home/encrypt/Arduino/hardware -tools /opt/arduino-1.8.7/tools-builder -tools /opt/arduino-1.8.7/hardware/tools/avr -built-in-libraries /opt/arduino-1.8.7/libraries -libraries /home/encrypt/Arduino/libraries -fqbn=breadboard:avr:atmega328bb -vid-pid=0X2341_0X0043 -ide-version=10807 -build-path /tmp/arduino_build_879921 -warnings=none -build-cache /tmp/arduino_cache_286732 -prefs=build.warn_data_percentage=75 -prefs=runtime.tools.avr-gcc.path=/opt/arduino-1.8.7/hardware/tools/avr -prefs=runtime.tools.avr-gcc-5.4.0-atmel3.6.1-arduino2.path=/opt/arduino-1.8.7/hardware/tools/avr -prefs=runtime.tools.avrdude.path=/opt/arduino-1.8.7/hardware/tools/avr -prefs=runtime.tools.avrdude-6.3.0-arduino14.path=/opt/arduino-1.8.7/hardware/tools/avr -prefs=runtime.tools.arduinoOTA.path=/opt/arduino-1.8.7/hardware/tools/avr -prefs=runtime.tools.arduinoOTA-1.2.1.path=/opt/arduino-1.8.7/hardware/tools/avr -verbose /home/encrypt/Documents/Projets/Domotique/Fil_pilote/fil_pilote/fil_pilote.ino /opt/arduino-1.8.7/arduino-builder -compile -logger=machine -hardware /opt/arduino-1.8.7/hardware -hardware /home/encrypt/Arduino/hardware -tools /opt/arduino-1.8.7/tools-builder -tools /opt/arduino-1.8.7/hardware/tools/avr -built-in-libraries /opt/arduino-1.8.7/libraries -libraries /home/encrypt/Arduino/libraries -fqbn=breadboard:avr:atmega328bb -vid-pid=0X2341_0X0043 -ide-version=10807 -build-path /tmp/arduino_build_879921 -warnings=none -build-cache /tmp/arduino_cache_286732 -prefs=build.warn_data_percentage=75 -prefs=runtime.tools.avr-gcc.path=/opt/arduino-1.8.7/hardware/tools/avr -prefs=runtime.tools.avr-gcc-5.4.0-atmel3.6.1-arduino2.path=/opt/arduino-1.8.7/hardware/tools/avr -prefs=runtime.tools.avrdude.path=/opt/arduino-1.8.7/hardware/tools/avr -prefs=runtime.tools.avrdude-6.3.0-arduino14.path=/opt/arduino-1.8.7/hardware/tools/avr -prefs=runtime.tools.arduinoOTA.path=/opt/arduino-1.8.7/hardware/tools/avr -prefs=runtime.tools.arduinoOTA-1.2.1.path=/opt/arduino-1.8.7/hardware/tools/avr -verbose /home/encrypt/Documents/Projets/Domotique/Fil_pilote/fil_pilote/fil_pilote.ino Using board 'atmega328bb' from platform in folder: /home/encrypt/Arduino/hardware/breadboard/avr Using core 'arduino' from platform in folder: /opt/arduino-1.8.7/hardware/arduino/avr Detecting libraries used... /opt/arduino-1.8.7/hardware/tools/avr/bin/avr-g++ -c -g -Os -w -std=gnu++11 -fpermissive -fno-exceptions -ffunction-sections -fdata-sections -fno-threadsafe-statics -Wno-error=narrowing -flto -w -x c++ -E -CC -mmcu=atmega328p -DF_CPU=8000000L -DARDUINO=10807 -DARDUINO_AVR_ATMEGA328BB -DARDUINO_ARCH_AVR -I/opt/arduino-1.8.7/hardware/arduino/avr/cores/arduino -I/opt/arduino-1.8.7/hardware/arduino/avr/variants/standard /tmp/arduino_build_879921/sketch/fil_pilote.ino.cpp -o /dev/null /opt/arduino-1.8.7/hardware/tools/avr/bin/avr-g++ -c -g -Os -w -std=gnu++11 -fpermissive -fno-exceptions -ffunction-sections -fdata-sections -fno-threadsafe-statics -Wno-error=narrowing -flto -w -x c++ -E -CC -mmcu=atmega328p -DF_CPU=8000000L -DARDUINO=10807 -DARDUINO_AVR_ATMEGA328BB -DARDUINO_ARCH_AVR -I/opt/arduino-1.8.7/hardware/arduino/avr/cores/arduino -I/opt/arduino-1.8.7/hardware/arduino/avr/variants/standard -I/home/encrypt/Arduino/libraries/MySensors /tmp/arduino_build_879921/sketch/fil_pilote.ino.cpp -o /dev/null /opt/arduino-1.8.7/hardware/tools/avr/bin/avr-g++ -c -g -Os -w -std=gnu++11 -fpermissive -fno-exceptions -ffunction-sections -fdata-sections -fno-threadsafe-statics -Wno-error=narrowing -flto -w -x c++ -E -CC -mmcu=atmega328p -DF_CPU=8000000L -DARDUINO=10807 -DARDUINO_AVR_ATMEGA328BB -DARDUINO_ARCH_AVR -I/opt/arduino-1.8.7/hardware/arduino/avr/cores/arduino -I/opt/arduino-1.8.7/hardware/arduino/avr/variants/standard -I/home/encrypt/Arduino/libraries/MySensors -I/opt/arduino-1.8.7/hardware/arduino/avr/libraries/SPI/src /tmp/arduino_build_879921/sketch/fil_pilote.ino.cpp -o /dev/null Using cached library dependencies for file: /home/encrypt/Arduino/libraries/MySensors/MyASM.S Using cached library dependencies for file: /opt/arduino-1.8.7/hardware/arduino/avr/libraries/SPI/src/SPI.cpp Generating function prototypes... /opt/arduino-1.8.7/hardware/tools/avr/bin/avr-g++ -c -g -Os -w -std=gnu++11 -fpermissive -fno-exceptions -ffunction-sections -fdata-sections -fno-threadsafe-statics -Wno-error=narrowing -flto -w -x c++ -E -CC -mmcu=atmega328p -DF_CPU=8000000L -DARDUINO=10807 -DARDUINO_AVR_ATMEGA328BB -DARDUINO_ARCH_AVR -I/opt/arduino-1.8.7/hardware/arduino/avr/cores/arduino -I/opt/arduino-1.8.7/hardware/arduino/avr/variants/standard -I/home/encrypt/Arduino/libraries/MySensors -I/opt/arduino-1.8.7/hardware/arduino/avr/libraries/SPI/src /tmp/arduino_build_879921/sketch/fil_pilote.ino.cpp -o /tmp/arduino_build_879921/preproc/ctags_target_for_gcc_minus_e.cpp /opt/arduino-1.8.7/tools-builder/ctags/5.8-arduino11/ctags -u --language-force=c++ -f - --c++-kinds=svpf --fields=KSTtzns --line-directives /tmp/arduino_build_879921/preproc/ctags_target_for_gcc_minus_e.cpp Compilation du croquis... /opt/arduino-1.8.7/hardware/tools/avr/bin/avr-g++ -c -g -Os -w -std=gnu++11 -fpermissive -fno-exceptions -ffunction-sections -fdata-sections -fno-threadsafe-statics -Wno-error=narrowing -MMD -flto -mmcu=atmega328p -DF_CPU=8000000L -DARDUINO=10807 -DARDUINO_AVR_ATMEGA328BB -DARDUINO_ARCH_AVR -I/opt/arduino-1.8.7/hardware/arduino/avr/cores/arduino -I/opt/arduino-1.8.7/hardware/arduino/avr/variants/standard -I/home/encrypt/Arduino/libraries/MySensors -I/opt/arduino-1.8.7/hardware/arduino/avr/libraries/SPI/src /tmp/arduino_build_879921/sketch/fil_pilote.ino.cpp -o /tmp/arduino_build_879921/sketch/fil_pilote.ino.cpp.o Compiling libraries... Compiling library "MySensors" Utilisation du fichier déjà compilé : /tmp/arduino_build_879921/libraries/MySensors/MyASM.S.o Compiling library "SPI" Utilisation du fichier déjà compilé : /tmp/arduino_build_879921/libraries/SPI/SPI.cpp.o Compiling core... Using precompiled core: /tmp/arduino_cache_286732/core/core_breadboard_avr_atmega328bb_8bcbb10bb0e7a5b614c24d1e9ac07d80.a Linking everything together... /opt/arduino-1.8.7/hardware/tools/avr/bin/avr-gcc -w -Os -g -flto -fuse-linker-plugin -Wl,--gc-sections -mmcu=atmega328p -o /tmp/arduino_build_879921/fil_pilote.ino.elf /tmp/arduino_build_879921/sketch/fil_pilote.ino.cpp.o /tmp/arduino_build_879921/libraries/MySensors/MyASM.S.o /tmp/arduino_build_879921/libraries/SPI/SPI.cpp.o /tmp/arduino_build_879921/../arduino_cache_286732/core/core_breadboard_avr_atmega328bb_8bcbb10bb0e7a5b614c24d1e9ac07d80.a -L/tmp/arduino_build_879921 -lm /opt/arduino-1.8.7/hardware/tools/avr/bin/avr-objcopy -O ihex -j .eeprom --set-section-flags=.eeprom=alloc,load --no-change-warnings --change-section-lma .eeprom=0 /tmp/arduino_build_879921/fil_pilote.ino.elf /tmp/arduino_build_879921/fil_pilote.ino.eep /opt/arduino-1.8.7/hardware/tools/avr/bin/avr-objcopy -O ihex -R .eeprom /tmp/arduino_build_879921/fil_pilote.ino.elf /tmp/arduino_build_879921/fil_pilote.ino.hex Utilisation de la bibliothèque MySensors version 2.3.1 dans le dossier: /home/encrypt/Arduino/libraries/MySensors Utilisation de la bibliothèque SPI version 1.0 dans le dossier: /opt/arduino-1.8.7/hardware/arduino/avr/libraries/SPI /opt/arduino-1.8.7/hardware/tools/avr/bin/avr-size -A /tmp/arduino_build_879921/fil_pilote.ino.elf Le croquis utilise 21394 octets (69%) de l'espace de stockage de programmes. Le maximum est de 30720 octets. Les variables globales utilisent 1022 octets de mémoire dynamique.Now, to answer your question @Anticimex, how do you run the SecurityPersonalizer sketch to only print the content of the EEPROM and not do any write? I've commented out all options but now it reports that no #define has been set :sweat_smile:
-
Maybe I've missed something but any #define set will make the code write to the EEPROM.
I ran the SecurityPersonalizer again, it reset the EEPROM to FF's.
I enabled thePERSONALIZE_SOFT_RANDOM_SERIALflag ran it again and finally re-uploaded my pilot wire code.I still have that "tempered" message in the logs, I really don't know what I can do...
I may just end up disabling encryption I guess...Come have fun with me on IRC: #mysensors on Libera.chat :)
-
Maybe I've missed something but any #define set will make the code write to the EEPROM.
I ran the SecurityPersonalizer again, it reset the EEPROM to FF's.
I enabled thePERSONALIZE_SOFT_RANDOM_SERIALflag ran it again and finally re-uploaded my pilot wire code.I still have that "tempered" message in the logs, I really don't know what I can do...
I may just end up disabling encryption I guess... -
Here is what I get with the SecurityPersonalizer sketch directly from GitHub:
+------------------------------------------------------------------------------------+ | MySensors security personalizer | +------------------------------------------------------------------------------------+ +------------------------------------------------------------------------------------+ | You are running without any configuration flags set. | | No changes will be made to ATSHA204A or EEPROM except for the EEPROM checksum | | which will be updated. | | | | If you want to personalize your device, you have two options. | | | | 1. a. Enable either GENERATE_KEYS_ATSHA204A or GENERATE_KEYS_SOFT | | This will generate keys for ATSHA204A or software signing. | | b. Execute the sketch. You will be guided through the steps below under | | WHAT TO DO NEXT? | | c. Copy the generated keys and replace the topmost definitions in this file. | | d. Save the sketch and then disable the flag you just enabled. | | e. Enable PERSONALIZE_ATSHA204A to personalize the ATSHA204A device. | | or | | Enable PERSONALIZE_SOFT to personalize the EEPROM for software signing. | | If you want to use whitelisting you need to pick a unique serial number | | for each device you run the sketch on and fill in MY_SOFT_SERIAL. | | or | | Enable PERSONALIZE_SOFT_RANDOM_SERIAL to personalzie the EEPROM and | | include a new random serial number every time the sketch is executed. | | Take note of each saved serial number if you plan to use whitelisting. | | f. Execute the sketch on each device you want to personalize that is supposed | | to communicate securely. | | | | 2. Enable any configuration flag as you see fit. | | It is assumed that you know what you are doing. | +------------------------------------------------------------------------------------+ +------------------------------------------------------------------------------------+ | Hardware security peripherals | +--------------+--------------+--------------+------------------------------+--------+ | Device | Status | Revision | Serial number | Locked | +--------------+--------------+--------------+------------------------------+--------+ | AVR | DETECTED | N/A | N/A (generation required) | N/A | +--------------+--------------+--------------+------------------------------+--------+ | ATSHA204A | NOT DETECTED | N/A | N/A | N/A | +--------------+--------------+--------------+------------------------------+--------+ +------------------------------------------------------------------------------------+ | Execution result | +------------------------------------------------------------------------------------+ | FAILURE (last ATSHA204A return code: 0xE7) | +------------------------------------------------------------------------------------+Come have fun with me on IRC: #mysensors on Libera.chat :)
-
Here is what I get with the SecurityPersonalizer sketch directly from GitHub:
+------------------------------------------------------------------------------------+ | MySensors security personalizer | +------------------------------------------------------------------------------------+ +------------------------------------------------------------------------------------+ | You are running without any configuration flags set. | | No changes will be made to ATSHA204A or EEPROM except for the EEPROM checksum | | which will be updated. | | | | If you want to personalize your device, you have two options. | | | | 1. a. Enable either GENERATE_KEYS_ATSHA204A or GENERATE_KEYS_SOFT | | This will generate keys for ATSHA204A or software signing. | | b. Execute the sketch. You will be guided through the steps below under | | WHAT TO DO NEXT? | | c. Copy the generated keys and replace the topmost definitions in this file. | | d. Save the sketch and then disable the flag you just enabled. | | e. Enable PERSONALIZE_ATSHA204A to personalize the ATSHA204A device. | | or | | Enable PERSONALIZE_SOFT to personalize the EEPROM for software signing. | | If you want to use whitelisting you need to pick a unique serial number | | for each device you run the sketch on and fill in MY_SOFT_SERIAL. | | or | | Enable PERSONALIZE_SOFT_RANDOM_SERIAL to personalzie the EEPROM and | | include a new random serial number every time the sketch is executed. | | Take note of each saved serial number if you plan to use whitelisting. | | f. Execute the sketch on each device you want to personalize that is supposed | | to communicate securely. | | | | 2. Enable any configuration flag as you see fit. | | It is assumed that you know what you are doing. | +------------------------------------------------------------------------------------+ +------------------------------------------------------------------------------------+ | Hardware security peripherals | +--------------+--------------+--------------+------------------------------+--------+ | Device | Status | Revision | Serial number | Locked | +--------------+--------------+--------------+------------------------------+--------+ | AVR | DETECTED | N/A | N/A (generation required) | N/A | +--------------+--------------+--------------+------------------------------+--------+ | ATSHA204A | NOT DETECTED | N/A | N/A | N/A | +--------------+--------------+--------------+------------------------------+--------+ +------------------------------------------------------------------------------------+ | Execution result | +------------------------------------------------------------------------------------+ | FAILURE (last ATSHA204A return code: 0xE7) | +------------------------------------------------------------------------------------+ -
Hmmm... I'm starting to believe that the bootloader i used could be the problem.
Someone using an "alternative" bootloader got problems with signing a few years ago: https://forum.mysensors.org/topic/4991/mysbootloader-1-3pre2-testing/2 -
According to that post, it seems there is a high correlation between the fuses value and the fact that security may or may not work.
Here is the boards.txt file I got from the official "Arduino on a breadboard with internal 8MHz clock" bootloader:
############################################################## atmega328bb.name=ATmega328 on a breadboard (8 MHz internal clock) atmega328bb.upload.protocol=arduino atmega328bb.upload.maximum_size=30720 atmega328bb.upload.speed=57600 atmega328bb.bootloader.low_fuses=0xE2 atmega328bb.bootloader.high_fuses=0xDA atmega328bb.bootloader.extended_fuses=0x05 atmega328bb.bootloader.file=atmega/ATmegaBOOT_168_atmega328_pro_8MHz.hex atmega328bb.bootloader.unlock_bits=0x3F atmega328bb.bootloader.lock_bits=0x0F atmega328bb.build.board=AVR_ATMEGA328BB atmega328bb.build.mcu=atmega328p atmega328bb.build.f_cpu=8000000L atmega328bb.build.core=arduino:arduino atmega328bb.build.variant=arduino:standard atmega328bb.bootloader.tool=arduino:avrdude atmega328bb.upload.tool=arduino:avrdudeDo you have any clue @Anticimex / @mfalkvidd?
Come have fun with me on IRC: #mysensors on Libera.chat :)
-
According to that post, it seems there is a high correlation between the fuses value and the fact that security may or may not work.
Here is the boards.txt file I got from the official "Arduino on a breadboard with internal 8MHz clock" bootloader:
############################################################## atmega328bb.name=ATmega328 on a breadboard (8 MHz internal clock) atmega328bb.upload.protocol=arduino atmega328bb.upload.maximum_size=30720 atmega328bb.upload.speed=57600 atmega328bb.bootloader.low_fuses=0xE2 atmega328bb.bootloader.high_fuses=0xDA atmega328bb.bootloader.extended_fuses=0x05 atmega328bb.bootloader.file=atmega/ATmegaBOOT_168_atmega328_pro_8MHz.hex atmega328bb.bootloader.unlock_bits=0x3F atmega328bb.bootloader.lock_bits=0x0F atmega328bb.build.board=AVR_ATMEGA328BB atmega328bb.build.mcu=atmega328p atmega328bb.build.f_cpu=8000000L atmega328bb.build.core=arduino:arduino atmega328bb.build.variant=arduino:standard atmega328bb.bootloader.tool=arduino:avrdude atmega328bb.upload.tool=arduino:avrdudeDo you have any clue @Anticimex / @mfalkvidd?
@encrypt sorry no. There is no direct dependency between the security functionality and avr fuses. Atsha communications and some timeouts do expect the clocks to be working at expected rates though so the concept of time is valid. If the core clock is not matching what the preprocessor flags specify (F_CPU) then there could be problems.
Perhaps your device is not really running @8Mhz?Perhaps you could test running a simple sketch that prints something at a specific pace and match that with a "real" clock. For example printing something every 10s specified by some delay or wait function and measure that that is reasonably accurate.
I would expect that if the MCU is not executing at the speed F_CPU specifies, a thing like delay(10s) would not really delay for 10s.
-
According to that post, it seems there is a high correlation between the fuses value and the fact that security may or may not work.
Here is the boards.txt file I got from the official "Arduino on a breadboard with internal 8MHz clock" bootloader:
############################################################## atmega328bb.name=ATmega328 on a breadboard (8 MHz internal clock) atmega328bb.upload.protocol=arduino atmega328bb.upload.maximum_size=30720 atmega328bb.upload.speed=57600 atmega328bb.bootloader.low_fuses=0xE2 atmega328bb.bootloader.high_fuses=0xDA atmega328bb.bootloader.extended_fuses=0x05 atmega328bb.bootloader.file=atmega/ATmegaBOOT_168_atmega328_pro_8MHz.hex atmega328bb.bootloader.unlock_bits=0x3F atmega328bb.bootloader.lock_bits=0x0F atmega328bb.build.board=AVR_ATMEGA328BB atmega328bb.build.mcu=atmega328p atmega328bb.build.f_cpu=8000000L atmega328bb.build.core=arduino:arduino atmega328bb.build.variant=arduino:standard atmega328bb.bootloader.tool=arduino:avrdude atmega328bb.upload.tool=arduino:avrdudeDo you have any clue @Anticimex / @mfalkvidd?
-
@Anticimex: I have just found that there is an EESAVE fuse on the ATMEGA328P which prevents the EEPROM from being erased whenever a new sketch is pushed to the microcontroller.
It seems to be the root cause of the issue since I've found references in other posts of the MySensors forum to that problem.
I'll test that now and let you know.
Come have fun with me on IRC: #mysensors on Libera.chat :)
-
@Anticimex: I have just found that there is an EESAVE fuse on the ATMEGA328P which prevents the EEPROM from being erased whenever a new sketch is pushed to the microcontroller.
It seems to be the root cause of the issue since I've found references in other posts of the MySensors forum to that problem.
I'll test that now and let you know.
-
IT WORKS @Anticimex !!! :the_horns:
The issue was indeed the EESAVE fuse not set, which caused the EEPROM to be erased after each sketch upload.
Here is my modified boards.txt file:
############################################################## atmega328bb.name=ATmega328 on a breadboard (8 MHz internal clock) atmega328bb.upload.protocol=arduino atmega328bb.upload.maximum_size=30720 atmega328bb.upload.speed=57600 atmega328bb.bootloader.low_fuses=0xE2 atmega328bb.bootloader.high_fuses=0xD2 atmega328bb.bootloader.extended_fuses=0x05 atmega328bb.bootloader.file=atmega/ATmegaBOOT_168_atmega328_pro_8MHz.hex atmega328bb.bootloader.unlock_bits=0x3F atmega328bb.bootloader.lock_bits=0x0F atmega328bb.build.board=AVR_ATMEGA328BB atmega328bb.build.mcu=atmega328p atmega328bb.build.f_cpu=8000000L atmega328bb.build.core=arduino:arduino atmega328bb.build.variant=arduino:standard atmega328bb.bootloader.tool=arduino:avrdude atmega328bb.upload.tool=arduino:avrdudeSo, basically, for people coming here in the future:
Follow the tutorial https://www.arduino.cc/en/Tutorial/ArduinoToBreadboard to flash the bootloader of your ATMEGA328P but replace the given boards.txt file (in the breadboard-1-6-x.zip archive) by the one above.A useful link to calculate the fuses values: http://www.engbedded.com/fusecalc/
Thanks for your help @Anticimex, @mfalkvidd and @kimot :)
Come have fun with me on IRC: #mysensors on Libera.chat :)
-
IT WORKS @Anticimex !!! :the_horns:
The issue was indeed the EESAVE fuse not set, which caused the EEPROM to be erased after each sketch upload.
Here is my modified boards.txt file:
############################################################## atmega328bb.name=ATmega328 on a breadboard (8 MHz internal clock) atmega328bb.upload.protocol=arduino atmega328bb.upload.maximum_size=30720 atmega328bb.upload.speed=57600 atmega328bb.bootloader.low_fuses=0xE2 atmega328bb.bootloader.high_fuses=0xD2 atmega328bb.bootloader.extended_fuses=0x05 atmega328bb.bootloader.file=atmega/ATmegaBOOT_168_atmega328_pro_8MHz.hex atmega328bb.bootloader.unlock_bits=0x3F atmega328bb.bootloader.lock_bits=0x0F atmega328bb.build.board=AVR_ATMEGA328BB atmega328bb.build.mcu=atmega328p atmega328bb.build.f_cpu=8000000L atmega328bb.build.core=arduino:arduino atmega328bb.build.variant=arduino:standard atmega328bb.bootloader.tool=arduino:avrdude atmega328bb.upload.tool=arduino:avrdudeSo, basically, for people coming here in the future:
Follow the tutorial https://www.arduino.cc/en/Tutorial/ArduinoToBreadboard to flash the bootloader of your ATMEGA328P but replace the given boards.txt file (in the breadboard-1-6-x.zip archive) by the one above.A useful link to calculate the fuses values: http://www.engbedded.com/fusecalc/
Thanks for your help @Anticimex, @mfalkvidd and @kimot :)
@encrypt great news! Thanks for joining the community and for your troubleshooting. This information will be compiled into the docs for future reference. Happy signing :spock-hand:
Do you feel secure today? No? Start requiring some signatures and feel better tomorrow ;)
