Over the air (OTA) bootloading update tutorial?
-
As both sender and receiver are on the same channel, blocking out the receiver from hearing the sender also means the receiver does not hear anything else, so from rf knowledge I have, it ought not be possible to jam a transmitter without also jamming a receiver in this case. Someone might perhaps correct me on this though, but I find it an unlikely care. Also, the jammer has to both jam the sender and at the same time listen in on the sender to determine the crc to fake and that ought also be a tricky problem.
-
ok. That means that my attack scenario 2 is invalid, which is fine. Thanks a lot for bearing with me.
If we are sure that the attacker is unable to send while the controller is transmitting, why do we bother with signing the CRC? We are saying that the attacker will be unable to transmit any firmware in the short time frame available during the signing. Why add the complexity of signing the CRC if it doesn't add to security?
Edit: I'm not arguing that we should skip the signed message, but we should keep the signed message as standard as a regular signed message and not extend it by including CRC.
-
It is still a good idea to validate that the received firmware is not corrupted in "any" way during transfer before it is accepted and booted. CRC offer a reasonable validation in this sense.
-
I agree that it is a good idea to try to detect unintentional errors when transmitting the firmware. That doesn't mean the CRC should be signed.
Signing the CRC might fool someone that the CRC can be trusted, leading to unnecessary mistakes in the future. Sending the CRC unsigned makes it clear that the CRC can only be used to detect unintentional errors.
-
Let's agree to disagree ;) anyway, the OTA security for 2.0.0 is currently under discussion and it might well be that we go for sha256 checksumming. That remains to be seen.
-
It's been decided that we do go for sha256. It will be hashed by the controller and the receiver will calculate the hash of the received payload. The controller will then send the calculated hash of the true firmware in a separate message (that will be signed if enabled) or possibly several (if we want to use the full 32 byte hash in the verification which we probably want). @tekka and me will communicate on the matter and security related activities can be tracked on the GitHub issue list.
-
@mfalkvidd thanks for challenging OTA security. Although I maintain that crc with signature is safe, we never picked up the topic of repeaters where the ability to inject bad stuff is a very real scenario. But sha256 will put a definite end to any questions about OTA FW authentication. (together with signing, because the hash means nothing if it is not trusted)
-
Can I use i2c EEPROM for OTA bootloading with DualOptiboot or it has to be Serial SPI. I was not able to find any documentation on it. I brought a breakout board and it seems to be i2c, and i2c chips are easily available where I live.
-
Can I use i2c EEPROM for OTA bootloading with DualOptiboot or it has to be Serial SPI. I was not able to find any documentation on it. I brought a breakout board and it seems to be i2c, and i2c chips are easily available where I live.
Request, if some one help me with this question. Thanks
-
Dualoptiboot use spi protocol for eeprom. So you can't. you would have to rewrite the code to use i2c protocol.
I don't know if there are cheap spi alternative and I have not looked at ali, I buy mine at mouser. -
@scalz Thanks buddy :thumbsup: . Probably I would have to keep hunting for SPI EEPROMs iguess.:sweat:
@Suresh-Mali I have the same problem. Only I2C IC is available in my country :(
Looks like we have to hack the code. I will inform you when I reach this phase in my project. -
@Suresh-Mali I have the same problem. Only I2C IC is available in my country :(
Looks like we have to hack the code. I will inform you when I reach this phase in my project.@ahmedadelhosni, @Suresh-Mali : I don't know if you have a soldering iron ?? But you could use this ref : w25x40clsnig . This is the one used on moteino from lowpowerlab (they created Dualoptiboot).
You can find this flash ic on aliexpress. It is cheap but ic only, no eval board..
Then you can use this :
https://www.openhardware.io/view/18/OTA-and-Authentication-Evaluation-BoardI hope it helps. I have not tried these aliexpress flash but it should work. I hope ;) I will order some to see too.
Few months ago, I made this french tut about OTA and dualoptiboot for jeedom users. I never had time to translate it. I will see when I will be able, but in case it can help, with some google translate, there are some pics too so maybe...
https://www.jeedom.com/forum/viewtopic.php?f=35&t=9539 -
@Suresh-Mali I have the same problem. Only I2C IC is available in my country :(
Looks like we have to hack the code. I will inform you when I reach this phase in my project.@ahmedadelhosni Great, do let us know once you have something.
-
@Suresh-Mali I have the same problem. Only I2C IC is available in my country :(
Looks like we have to hack the code. I will inform you when I reach this phase in my project.@ahmedadelhosni Hey, I found this article. Seems like the guy has used i2c for remote flash. I was not able to extactly understand whats going on, maybe you can help.
http://www.rotwang.co.uk/projects/bootloader.html -
nice catch ;) yes it should work with some tests and code changes in mysensors lib to write into the i2c flash instead of spi flash...
@scalz , Thanks:smiley:
I am not a Device Programmer, I am counting on some one to hack and make it possible. Hope somebody puts in efforts that will help everybody like me. -
@Suresh-Mali : yep, I understand :confused: unfortunately, I have no time, even if it is maybe not the biggest thing, tests take time..there are so much things I would like to do! Do you have a soldering iron??? What I have showed to you in previous post don't need big soldering skills...
