Failed to make encryption work on a barebone ATMEGA328P

Anticimex

@kimot AES key is stored in eeprom for all radios. It is fetched and loaded to the radio in runtime. Not compiletime.

Anticimex

@encrypt
The key here is "!SGN:PER:Tampered".
The security backend checks a checksum of the eeprom data used for security. If it is not valid, it considers data tampered and will not use it. So your eeprom has been corrupted one way or another. Or you use either a really old personalizer or a really old library version.
Edit: not old library. And old library would not care about checksum.

Encrypt

Hello again,

I don't know why I'm getting that "!SGN:PER:Tampered" message...
I've run the SecurityPersonalizer sketch again and it reported that everything went as expected:

+------------------------------------------------------------------------------------+
|                           MySensors security personalizer                          |
+------------------------------------------------------------------------------------+

+------------------------------------------------------------------------------------+
|                               Configuration settings                               |
+------------------------------------------------------------------------------------+
| * Guided personalization/storage of keys in EEPROM                                 |
| * Software based personalization (no ATSHA204A usage whatsoever)                   |
| * Will not require any UART confirmations                                          |
| * Will store HMAC key to EEPROM                                                    |
| * Will store AES key to EEPROM                                                     |
| * Will generate soft serial using software                                         |
| * Will store soft serial to EEPROM                                                 |
+------------------------------------------------------------------------------------+

+------------------------------------------------------------------------------------+
|                           Hardware security peripherals                            |
+--------------+--------------+--------------+------------------------------+--------+
| Device       | Status       | Revision     | Serial number                | Locked |
+--------------+--------------+--------------+------------------------------+--------+
| AVR          | DETECTED     | N/A          | N/A (generation required)    | N/A    |
+--------------+--------------+--------------+------------------------------+--------+

+------------------------------------------------------------------------------------+
|                                   Key generation                                   |
+--------+--------+------------------------------------------------------------------+
| Key ID | Status | Key                                                              |
+--------+--------+------------------------------------------------------------------+
| SERIAL | OK     | 2DFECBDAE05BB8414C                                               |
+--------+--------+------------------------------------------------------------------+

+------------------------------------------------------------------------------------+
|                                  Key copy section                                  |
+------------------------------------------------------------------------------------+
#define MY_SOFT_SERIAL 0x2D,0xFE,0xCB,0xDA,0xE0,0x5B,0xB8,0x41,0x4C
+------------------------------------------------------------------------------------+

+------------------------------------------------------------------------------------+
|                                    Key storage                                     |
+--------+--------+------------------------------------------------------------------+
| Key ID | Status | Key                                                              |
+--------+--------+------------------------------------------------------------------+
| HMAC   | OK     | XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX |
| AES    | OK     | XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX                                 |
| SERIAL | OK     | 2DFECBDAE05BB8414C                                               |
+--------+--------+------------------------------------------------------------------+

+------------------------------------------------------------------------------------+
|                                       EEPROM                                       |
+--------+--------+------------------------------------------------------------------+
| Key ID | Status | Key                                                              |
+--------+--------+------------------------------------------------------------------+
| HMAC   | OK     | XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX |
| AES    | OK     | XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX                                 |
| SERIAL | OK     | 2DFECBDAE05BB8414C                                               |
+--------+--------+------------------------------------------------------------------+

+------------------------------------------------------------------------------------+
|                      This nodes whitelist entry on other nodes                     |
+------------------------------------------------------------------------------------+
{.nodeId = <ID of this node>,.serial = {0x2D,0xFE,0xCB,0xDA,0xE0,0x5B,0xB8,0x41,0x4C}}
+------------------------------------------------------------------------------------+

+------------------------------------------------------------------------------------+
|                                  WHAT TO DO NEXT?                                  |
+------------------------------------------------------------------------------------+
| This device has now been personalized. Run this sketch with its current settings   |
| on all the devices in your network that have security enabled.                     |
+------------------------------------------------------------------------------------+

+------------------------------------------------------------------------------------+
|                                  Execution result                                  |
+------------------------------------------------------------------------------------+
| SUCCESS                                                                            |
+------------------------------------------------------------------------------------+

Also, note I'm running the latest version of the SecurityPersonalizer sketch, which can be found here: https://github.com/mysensors/MySensors/blob/development/examples/SecurityPersonalizer/SecurityPersonalizer.ino

I really don't know what can be wrong here...
Could the 8MHz internal clock be the faulty part? Maybe it fails to correctly read the EEPROM data due to a misconfigured clock?

Here is what avrdude shows in the debug view of the Arduino IDE ; using the Arduino Uno as a programmer:

/opt/arduino-1.8.7/hardware/tools/avr/bin/avrdude -C/opt/arduino-1.8.7/hardware/tools/avr/etc/avrdude.conf -v -patmega328p -carduino -P/dev/ttyACM0 -b19200 -Uflash:w:/tmp/arduino_build_879921/fil_pilote.ino.hex:i 

avrdude: Version 6.3-20171130
         Copyright (c) 2000-2005 Brian Dean, http://www.bdmicro.com/
         Copyright (c) 2007-2014 Joerg Wunsch

         System wide configuration file is "/opt/arduino-1.8.7/hardware/tools/avr/etc/avrdude.conf"
         User configuration file is "/home/encrypt/.avrduderc"
         User configuration file does not exist or is not a regular file, skipping

         Using Port                    : /dev/ttyACM0
         Using Programmer              : arduino
         Overriding Baud Rate          : 19200
         AVR Part                      : ATmega328P
         Chip Erase delay              : 9000 us
         PAGEL                         : PD7
         BS2                           : PC2
         RESET disposition             : dedicated
         RETRY pulse                   : SCK
         serial program mode           : yes
         parallel program mode         : yes
         Timeout                       : 200
         StabDelay                     : 100
         CmdexeDelay                   : 25
         SyncLoops                     : 32
         ByteDelay                     : 0
         PollIndex                     : 3
         PollValue                     : 0x53
         Memory Detail                 :

                                  Block Poll               Page                       Polled
           Memory Type Mode Delay Size  Indx Paged  Size   Size #Pages MinW  MaxW   ReadBack
           ----------- ---- ----- ----- ---- ------ ------ ---- ------ ----- ----- ---------
           eeprom        65    20     4    0 no       1024    4      0  3600  3600 0xff 0xff
           flash         65     6   128    0 yes     32768  128    256  4500  4500 0xff 0xff
           lfuse          0     0     0    0 no          1    0      0  4500  4500 0x00 0x00
           hfuse          0     0     0    0 no          1    0      0  4500  4500 0x00 0x00
           efuse          0     0     0    0 no          1    0      0  4500  4500 0x00 0x00
           lock           0     0     0    0 no          1    0      0  4500  4500 0x00 0x00
           calibration    0     0     0    0 no          1    0      0     0     0 0x00 0x00
           signature      0     0     0    0 no          3    0      0     0     0 0x00 0x00

         Programmer Type : Arduino
         Description     : Arduino
         Hardware Version: 2
         Firmware Version: 1.18
         Topcard         : Unknown
         Vtarget         : 0.0 V
         Varef           : 0.0 V
         Oscillator      : Off
         SCK period      : 0.1 us

avrdude: AVR device initialized and ready to accept instructions

Reading | ################################################## | 100% 0.01s

avrdude: Device signature = 0x1e950f (probably m328p)
avrdude: NOTE: "flash" memory has been specified, an erase cycle will be performed
         To disable this feature, specify the -D option.
avrdude: erasing chip
avrdude: reading input file "/tmp/arduino_build_879921/fil_pilote.ino.hex"
avrdude: writing flash (21394 bytes):

Writing | ################################################## | 100% 23.60s

avrdude: 21394 bytes of flash written
avrdude: verifying flash memory against /tmp/arduino_build_879921/fil_pilote.ino.hex:
avrdude: load data flash data from input file /tmp/arduino_build_879921/fil_pilote.ino.hex:
avrdude: input file /tmp/arduino_build_879921/fil_pilote.ino.hex contains 21394 bytes
avrdude: reading on-chip flash data:

Reading | ################################################## | 100% 13.37s

avrdude: verifying ...
avrdude: 21394 bytes of flash verified

avrdude done.  Thank you.

Anticimex

@encrypt normally when this happens, it is the main sketch that writes something to eeprom without taking into consideration what parts of the eeprom the MySensors library reserves for internal use.
Could you try to run the personalizer to write the eeprom, then your main sketch, and after that the personalizer again, but this time, configured to not write any data, just print out what is already there?
Sara should be identical but I strongly suspect it will not be (as the main sketch consider data "tampered").

Encrypt

I've run the Arduino IDE in "debug" mode to be sure the F_CPU variable was taken into account and it seems it is indeed:

/opt/arduino-1.8.7/arduino-builder -dump-prefs -logger=machine -hardware /opt/arduino-1.8.7/hardware -hardware /home/encrypt/Arduino/hardware -tools /opt/arduino-1.8.7/tools-builder -tools /opt/arduino-1.8.7/hardware/tools/avr -built-in-libraries /opt/arduino-1.8.7/libraries -libraries /home/encrypt/Arduino/libraries -fqbn=breadboard:avr:atmega328bb -vid-pid=0X2341_0X0043 -ide-version=10807 -build-path /tmp/arduino_build_879921 -warnings=none -build-cache /tmp/arduino_cache_286732 -prefs=build.warn_data_percentage=75 -prefs=runtime.tools.avr-gcc.path=/opt/arduino-1.8.7/hardware/tools/avr -prefs=runtime.tools.avr-gcc-5.4.0-atmel3.6.1-arduino2.path=/opt/arduino-1.8.7/hardware/tools/avr -prefs=runtime.tools.avrdude.path=/opt/arduino-1.8.7/hardware/tools/avr -prefs=runtime.tools.avrdude-6.3.0-arduino14.path=/opt/arduino-1.8.7/hardware/tools/avr -prefs=runtime.tools.arduinoOTA.path=/opt/arduino-1.8.7/hardware/tools/avr -prefs=runtime.tools.arduinoOTA-1.2.1.path=/opt/arduino-1.8.7/hardware/tools/avr -verbose /home/encrypt/Documents/Projets/Domotique/Fil_pilote/fil_pilote/fil_pilote.ino
/opt/arduino-1.8.7/arduino-builder -compile -logger=machine -hardware /opt/arduino-1.8.7/hardware -hardware /home/encrypt/Arduino/hardware -tools /opt/arduino-1.8.7/tools-builder -tools /opt/arduino-1.8.7/hardware/tools/avr -built-in-libraries /opt/arduino-1.8.7/libraries -libraries /home/encrypt/Arduino/libraries -fqbn=breadboard:avr:atmega328bb -vid-pid=0X2341_0X0043 -ide-version=10807 -build-path /tmp/arduino_build_879921 -warnings=none -build-cache /tmp/arduino_cache_286732 -prefs=build.warn_data_percentage=75 -prefs=runtime.tools.avr-gcc.path=/opt/arduino-1.8.7/hardware/tools/avr -prefs=runtime.tools.avr-gcc-5.4.0-atmel3.6.1-arduino2.path=/opt/arduino-1.8.7/hardware/tools/avr -prefs=runtime.tools.avrdude.path=/opt/arduino-1.8.7/hardware/tools/avr -prefs=runtime.tools.avrdude-6.3.0-arduino14.path=/opt/arduino-1.8.7/hardware/tools/avr -prefs=runtime.tools.arduinoOTA.path=/opt/arduino-1.8.7/hardware/tools/avr -prefs=runtime.tools.arduinoOTA-1.2.1.path=/opt/arduino-1.8.7/hardware/tools/avr -verbose /home/encrypt/Documents/Projets/Domotique/Fil_pilote/fil_pilote/fil_pilote.ino
Using board 'atmega328bb' from platform in folder: /home/encrypt/Arduino/hardware/breadboard/avr
Using core 'arduino' from platform in folder: /opt/arduino-1.8.7/hardware/arduino/avr
Detecting libraries used...
/opt/arduino-1.8.7/hardware/tools/avr/bin/avr-g++ -c -g -Os -w -std=gnu++11 -fpermissive -fno-exceptions -ffunction-sections -fdata-sections -fno-threadsafe-statics -Wno-error=narrowing -flto -w -x c++ -E -CC -mmcu=atmega328p -DF_CPU=8000000L -DARDUINO=10807 -DARDUINO_AVR_ATMEGA328BB -DARDUINO_ARCH_AVR -I/opt/arduino-1.8.7/hardware/arduino/avr/cores/arduino -I/opt/arduino-1.8.7/hardware/arduino/avr/variants/standard /tmp/arduino_build_879921/sketch/fil_pilote.ino.cpp -o /dev/null
/opt/arduino-1.8.7/hardware/tools/avr/bin/avr-g++ -c -g -Os -w -std=gnu++11 -fpermissive -fno-exceptions -ffunction-sections -fdata-sections -fno-threadsafe-statics -Wno-error=narrowing -flto -w -x c++ -E -CC -mmcu=atmega328p -DF_CPU=8000000L -DARDUINO=10807 -DARDUINO_AVR_ATMEGA328BB -DARDUINO_ARCH_AVR -I/opt/arduino-1.8.7/hardware/arduino/avr/cores/arduino -I/opt/arduino-1.8.7/hardware/arduino/avr/variants/standard -I/home/encrypt/Arduino/libraries/MySensors /tmp/arduino_build_879921/sketch/fil_pilote.ino.cpp -o /dev/null
/opt/arduino-1.8.7/hardware/tools/avr/bin/avr-g++ -c -g -Os -w -std=gnu++11 -fpermissive -fno-exceptions -ffunction-sections -fdata-sections -fno-threadsafe-statics -Wno-error=narrowing -flto -w -x c++ -E -CC -mmcu=atmega328p -DF_CPU=8000000L -DARDUINO=10807 -DARDUINO_AVR_ATMEGA328BB -DARDUINO_ARCH_AVR -I/opt/arduino-1.8.7/hardware/arduino/avr/cores/arduino -I/opt/arduino-1.8.7/hardware/arduino/avr/variants/standard -I/home/encrypt/Arduino/libraries/MySensors -I/opt/arduino-1.8.7/hardware/arduino/avr/libraries/SPI/src /tmp/arduino_build_879921/sketch/fil_pilote.ino.cpp -o /dev/null
Using cached library dependencies for file: /home/encrypt/Arduino/libraries/MySensors/MyASM.S
Using cached library dependencies for file: /opt/arduino-1.8.7/hardware/arduino/avr/libraries/SPI/src/SPI.cpp
Generating function prototypes...
/opt/arduino-1.8.7/hardware/tools/avr/bin/avr-g++ -c -g -Os -w -std=gnu++11 -fpermissive -fno-exceptions -ffunction-sections -fdata-sections -fno-threadsafe-statics -Wno-error=narrowing -flto -w -x c++ -E -CC -mmcu=atmega328p -DF_CPU=8000000L -DARDUINO=10807 -DARDUINO_AVR_ATMEGA328BB -DARDUINO_ARCH_AVR -I/opt/arduino-1.8.7/hardware/arduino/avr/cores/arduino -I/opt/arduino-1.8.7/hardware/arduino/avr/variants/standard -I/home/encrypt/Arduino/libraries/MySensors -I/opt/arduino-1.8.7/hardware/arduino/avr/libraries/SPI/src /tmp/arduino_build_879921/sketch/fil_pilote.ino.cpp -o /tmp/arduino_build_879921/preproc/ctags_target_for_gcc_minus_e.cpp
/opt/arduino-1.8.7/tools-builder/ctags/5.8-arduino11/ctags -u --language-force=c++ -f - --c++-kinds=svpf --fields=KSTtzns --line-directives /tmp/arduino_build_879921/preproc/ctags_target_for_gcc_minus_e.cpp
Compilation du croquis...
/opt/arduino-1.8.7/hardware/tools/avr/bin/avr-g++ -c -g -Os -w -std=gnu++11 -fpermissive -fno-exceptions -ffunction-sections -fdata-sections -fno-threadsafe-statics -Wno-error=narrowing -MMD -flto -mmcu=atmega328p -DF_CPU=8000000L -DARDUINO=10807 -DARDUINO_AVR_ATMEGA328BB -DARDUINO_ARCH_AVR -I/opt/arduino-1.8.7/hardware/arduino/avr/cores/arduino -I/opt/arduino-1.8.7/hardware/arduino/avr/variants/standard -I/home/encrypt/Arduino/libraries/MySensors -I/opt/arduino-1.8.7/hardware/arduino/avr/libraries/SPI/src /tmp/arduino_build_879921/sketch/fil_pilote.ino.cpp -o /tmp/arduino_build_879921/sketch/fil_pilote.ino.cpp.o
Compiling libraries...
Compiling library "MySensors"
Utilisation du fichier déjà compilé : /tmp/arduino_build_879921/libraries/MySensors/MyASM.S.o
Compiling library "SPI"
Utilisation du fichier déjà compilé : /tmp/arduino_build_879921/libraries/SPI/SPI.cpp.o
Compiling core...
Using precompiled core: /tmp/arduino_cache_286732/core/core_breadboard_avr_atmega328bb_8bcbb10bb0e7a5b614c24d1e9ac07d80.a
Linking everything together...
/opt/arduino-1.8.7/hardware/tools/avr/bin/avr-gcc -w -Os -g -flto -fuse-linker-plugin -Wl,--gc-sections -mmcu=atmega328p -o /tmp/arduino_build_879921/fil_pilote.ino.elf /tmp/arduino_build_879921/sketch/fil_pilote.ino.cpp.o /tmp/arduino_build_879921/libraries/MySensors/MyASM.S.o /tmp/arduino_build_879921/libraries/SPI/SPI.cpp.o /tmp/arduino_build_879921/../arduino_cache_286732/core/core_breadboard_avr_atmega328bb_8bcbb10bb0e7a5b614c24d1e9ac07d80.a -L/tmp/arduino_build_879921 -lm
/opt/arduino-1.8.7/hardware/tools/avr/bin/avr-objcopy -O ihex -j .eeprom --set-section-flags=.eeprom=alloc,load --no-change-warnings --change-section-lma .eeprom=0 /tmp/arduino_build_879921/fil_pilote.ino.elf /tmp/arduino_build_879921/fil_pilote.ino.eep
/opt/arduino-1.8.7/hardware/tools/avr/bin/avr-objcopy -O ihex -R .eeprom /tmp/arduino_build_879921/fil_pilote.ino.elf /tmp/arduino_build_879921/fil_pilote.ino.hex
Utilisation de la bibliothèque MySensors version 2.3.1 dans le dossier: /home/encrypt/Arduino/libraries/MySensors 
Utilisation de la bibliothèque SPI version 1.0 dans le dossier: /opt/arduino-1.8.7/hardware/arduino/avr/libraries/SPI 
/opt/arduino-1.8.7/hardware/tools/avr/bin/avr-size -A /tmp/arduino_build_879921/fil_pilote.ino.elf
Le croquis utilise 21394 octets (69%) de l'espace de stockage de programmes. Le maximum est de 30720 octets.
Les variables globales utilisent 1022 octets de mémoire dynamique.

Now, to answer your question @Anticimex, how do you run the SecurityPersonalizer sketch to only print the content of the EEPROM and not do any write? I've commented out all options but now it reports that no #define has been set :sweat_smile:

Anticimex

@encrypt you should be able to run it without any local modifications to get it to print the data.

Encrypt

Maybe I've missed something but any #define set will make the code write to the EEPROM.

I ran the SecurityPersonalizer again, it reset the EEPROM to FF's.
I enabled the PERSONALIZE_SOFT_RANDOM_SERIAL flag ran it again and finally re-uploaded my pilot wire code.

I still have that "tempered" message in the logs, I really don't know what I can do...
I may just end up disabling encryption I guess...

Anticimex

@encrypt that sounds very strange to me. The sketch is written to do nothing when left unchanged from git. Just output the current status.

Encrypt

Here is what I get with the SecurityPersonalizer sketch directly from GitHub:

+------------------------------------------------------------------------------------+
|                           MySensors security personalizer                          |
+------------------------------------------------------------------------------------+

+------------------------------------------------------------------------------------+
| You are running without any configuration flags set.                               |
| No changes will be made to ATSHA204A or EEPROM except for the EEPROM checksum      |
| which will be updated.                                                             |
|                                                                                    |
| If you want to personalize your device, you have two options.                      |
|                                                                                    |
| 1. a. Enable either GENERATE_KEYS_ATSHA204A or GENERATE_KEYS_SOFT                  |
|       This will generate keys for ATSHA204A or software signing.                   |
|    b. Execute the sketch. You will be guided through the steps below under         |
|       WHAT TO DO NEXT?                                                             |
|    c. Copy the generated keys and replace the topmost definitions in this file.    |
|    d. Save the sketch and then disable the flag you just enabled.                  |
|    e. Enable PERSONALIZE_ATSHA204A to personalize the ATSHA204A device.            |
|       or                                                                           |
|       Enable PERSONALIZE_SOFT to personalize the EEPROM for software signing.      |
|       If you want to use whitelisting you need to pick a unique serial number      |
|       for each device you run the sketch on and fill in MY_SOFT_SERIAL.            |
|       or                                                                           |
|       Enable PERSONALIZE_SOFT_RANDOM_SERIAL to personalzie the EEPROM and          |
|       include a new random serial number every time the sketch is executed.        |
|       Take note of each saved serial number if you plan to use whitelisting.       |
|    f. Execute the sketch on each device you want to personalize that is supposed   |
|       to communicate securely.                                                     |
|                                                                                    |
| 2. Enable any configuration flag as you see fit.                                   |
|    It is assumed that you know what you are doing.                                 |
+------------------------------------------------------------------------------------+

+------------------------------------------------------------------------------------+
|                           Hardware security peripherals                            |
+--------------+--------------+--------------+------------------------------+--------+
| Device       | Status       | Revision     | Serial number                | Locked |
+--------------+--------------+--------------+------------------------------+--------+
| AVR          | DETECTED     | N/A          | N/A (generation required)    | N/A    |
+--------------+--------------+--------------+------------------------------+--------+
| ATSHA204A    | NOT DETECTED | N/A          | N/A                          | N/A    |
+--------------+--------------+--------------+------------------------------+--------+


+------------------------------------------------------------------------------------+
|                                  Execution result                                  |
+------------------------------------------------------------------------------------+
| FAILURE (last ATSHA204A return code: 0xE7)                                         |
+------------------------------------------------------------------------------------+

Anticimex

@encrypt hm ok. Try to enable the MY_SIGNING_SOFT flag. I am on cell phone so I have a hard time reading the logic flow of the code.

Encrypt

Hmmm... I'm starting to believe that the bootloader i used could be the problem.
Someone using an "alternative" bootloader got problems with signing a few years ago: https://forum.mysensors.org/topic/4991/mysbootloader-1-3pre2-testing/2

Encrypt

According to that post, it seems there is a high correlation between the fuses value and the fact that security may or may not work.

Here is the boards.txt file I got from the official "Arduino on a breadboard with internal 8MHz clock" bootloader:

##############################################################

atmega328bb.name=ATmega328 on a breadboard (8 MHz internal clock)

atmega328bb.upload.protocol=arduino
atmega328bb.upload.maximum_size=30720
atmega328bb.upload.speed=57600

atmega328bb.bootloader.low_fuses=0xE2
atmega328bb.bootloader.high_fuses=0xDA
atmega328bb.bootloader.extended_fuses=0x05

atmega328bb.bootloader.file=atmega/ATmegaBOOT_168_atmega328_pro_8MHz.hex
atmega328bb.bootloader.unlock_bits=0x3F
atmega328bb.bootloader.lock_bits=0x0F

atmega328bb.build.board=AVR_ATMEGA328BB
atmega328bb.build.mcu=atmega328p
atmega328bb.build.f_cpu=8000000L
atmega328bb.build.core=arduino:arduino
atmega328bb.build.variant=arduino:standard


atmega328bb.bootloader.tool=arduino:avrdude
atmega328bb.upload.tool=arduino:avrdude

Do you have any clue @Anticimex / @mfalkvidd?

Anticimex

@encrypt sorry no. There is no direct dependency between the security functionality and avr fuses. Atsha communications and some timeouts do expect the clocks to be working at expected rates though so the concept of time is valid. If the core clock is not matching what the preprocessor flags specify (F_CPU) then there could be problems.
Perhaps your device is not really running @8Mhz?

Perhaps you could test running a simple sketch that prints something at a specific pace and match that with a "real" clock. For example printing something every 10s specified by some delay or wait function and measure that that is reasonably accurate.

I would expect that if the MCU is not executing at the speed F_CPU specifies, a thing like delay(10s) would not really delay for 10s.

Anticimex

@encrypt but I still do not get how the bootloader could cause you to get tampered eeprom data.
Unless the fuses also affect eeprom writes of course.

Encrypt

@Anticimex: I have just found that there is an EESAVE fuse on the ATMEGA328P which prevents the EEPROM from being erased whenever a new sketch is pushed to the microcontroller.

It seems to be the root cause of the issue since I've found references in other posts of the MySensors forum to that problem.

I'll test that now and let you know.

Anticimex

@encrypt ah, that would indeed explain a lot and especially the tampered indication.
If true, I'll see if I can add that to the troubleshooting section to the documentation.
I was not aware of this fuse.

Encrypt

IT WORKS @Anticimex !!! :the_horns:

The issue was indeed the EESAVE fuse not set, which caused the EEPROM to be erased after each sketch upload.

Here is my modified boards.txt file:

##############################################################

atmega328bb.name=ATmega328 on a breadboard (8 MHz internal clock)

atmega328bb.upload.protocol=arduino
atmega328bb.upload.maximum_size=30720
atmega328bb.upload.speed=57600

atmega328bb.bootloader.low_fuses=0xE2
atmega328bb.bootloader.high_fuses=0xD2
atmega328bb.bootloader.extended_fuses=0x05

atmega328bb.bootloader.file=atmega/ATmegaBOOT_168_atmega328_pro_8MHz.hex
atmega328bb.bootloader.unlock_bits=0x3F
atmega328bb.bootloader.lock_bits=0x0F

atmega328bb.build.board=AVR_ATMEGA328BB
atmega328bb.build.mcu=atmega328p
atmega328bb.build.f_cpu=8000000L
atmega328bb.build.core=arduino:arduino
atmega328bb.build.variant=arduino:standard


atmega328bb.bootloader.tool=arduino:avrdude
atmega328bb.upload.tool=arduino:avrdude

So, basically, for people coming here in the future:
Follow the tutorial https://www.arduino.cc/en/Tutorial/ArduinoToBreadboard to flash the bootloader of your ATMEGA328P but replace the given boards.txt file (in the breadboard-1-6-x.zip archive) by the one above.

A useful link to calculate the fuses values: http://www.engbedded.com/fusecalc/

Thanks for your help @Anticimex, @mfalkvidd and @kimot :)

Anticimex

@encrypt great news! Thanks for joining the community and for your troubleshooting. This information will be compiled into the docs for future reference. Happy signing :spock-hand:

tekka

@anticimex @Encrypt That's a bit odd and certainly specific to the bootloader you're using (ATmegaBoot): AVRdude does (at least with optiboot) a page erase (vs. chip erase where EESAVE has an effect). I do not have the EESAVE fuse bit set and no issues with erased eeprom when loading a new sketch, also see below:

Arduino Uno with optiboot:

uno.bootloader.tool=avrdude
uno.bootloader.low_fuses=0xFF
uno.bootloader.high_fuses=0xDE
uno.bootloader.extended_fuses=0xFD
uno.bootloader.unlock_bits=0x3F
uno.bootloader.lock_bits=0x0F
uno.bootloader.file=optiboot/optiboot_atmega328.hex

High fuse (0xDE) does not enable EESAVE.

Encrypt

Hello @tekka and thank you for your remarks!

Your input makes questions come to my mind:

What is the difference between Optiboot and the bootloader given in the Arduino tutorial? I am quite new to the world of microcontrollers and I don't know much for the moment, I simply use what is working, eh eh :P
The configuration you gave here doesn't use the internal 8MHz clock, therefore it doesn't fit my needs here, eh eh. Could I just use the "regular" Arduino Uno bootloader and set the proper fuses values in the boards.txt file to use the internal 8MHz clock?
You are saying that it's actually optiboot which does the page erase and not avrdude? I believed there the "chip erase" instruction is the only instruction possible to erase the flash, handled by avrdude. And according to the ATMEGA328P datasheet (page 297), I have understood that any "chip erase" instruction will also erase the EEPROM if the EESAVE fuse isn't set. That operation seems to be mandatory too as they say: « A Chip Erase must be performed before the Flash and/or EEPROM are reprogrammed ». So, how does Optiboot / avrdude handle that in such a configuration?

Finally, it seems there is no tutorial in the MySensors documentation explaining how to build a project using a standalone ATMEGA328P and which bootloader to choose (there are a few discussions though). It could be worth creating a tutorial / post about that and I could contribute to it of course :)

Failed to make encryption work on a barebone ATMEGA328P

10

11.7k

11.2k

113.1k