Over the air (OTA) bootloading update tutorial?
-
I agree that it is a good idea to try to detect unintentional errors when transmitting the firmware. That doesn't mean the CRC should be signed.
Signing the CRC might fool someone that the CRC can be trusted, leading to unnecessary mistakes in the future. Sending the CRC unsigned makes it clear that the CRC can only be used to detect unintentional errors.
-
Let's agree to disagree ;) anyway, the OTA security for 2.0.0 is currently under discussion and it might well be that we go for sha256 checksumming. That remains to be seen.
-
It's been decided that we do go for sha256. It will be hashed by the controller and the receiver will calculate the hash of the received payload. The controller will then send the calculated hash of the true firmware in a separate message (that will be signed if enabled) or possibly several (if we want to use the full 32 byte hash in the verification which we probably want). @tekka and me will communicate on the matter and security related activities can be tracked on the GitHub issue list.
-
@mfalkvidd thanks for challenging OTA security. Although I maintain that crc with signature is safe, we never picked up the topic of repeaters where the ability to inject bad stuff is a very real scenario. But sha256 will put a definite end to any questions about OTA FW authentication. (together with signing, because the hash means nothing if it is not trusted)
-
Can I use i2c EEPROM for OTA bootloading with DualOptiboot or it has to be Serial SPI. I was not able to find any documentation on it. I brought a breakout board and it seems to be i2c, and i2c chips are easily available where I live.
-
Can I use i2c EEPROM for OTA bootloading with DualOptiboot or it has to be Serial SPI. I was not able to find any documentation on it. I brought a breakout board and it seems to be i2c, and i2c chips are easily available where I live.
Request, if some one help me with this question. Thanks
-
Dualoptiboot use spi protocol for eeprom. So you can't. you would have to rewrite the code to use i2c protocol.
I don't know if there are cheap spi alternative and I have not looked at ali, I buy mine at mouser. -
@scalz Thanks buddy :thumbsup: . Probably I would have to keep hunting for SPI EEPROMs iguess.:sweat:
@Suresh-Mali I have the same problem. Only I2C IC is available in my country :(
Looks like we have to hack the code. I will inform you when I reach this phase in my project. -
@Suresh-Mali I have the same problem. Only I2C IC is available in my country :(
Looks like we have to hack the code. I will inform you when I reach this phase in my project.@ahmedadelhosni, @Suresh-Mali : I don't know if you have a soldering iron ?? But you could use this ref : w25x40clsnig . This is the one used on moteino from lowpowerlab (they created Dualoptiboot).
You can find this flash ic on aliexpress. It is cheap but ic only, no eval board..
Then you can use this :
https://www.openhardware.io/view/18/OTA-and-Authentication-Evaluation-BoardI hope it helps. I have not tried these aliexpress flash but it should work. I hope ;) I will order some to see too.
Few months ago, I made this french tut about OTA and dualoptiboot for jeedom users. I never had time to translate it. I will see when I will be able, but in case it can help, with some google translate, there are some pics too so maybe...
https://www.jeedom.com/forum/viewtopic.php?f=35&t=9539 -
@Suresh-Mali I have the same problem. Only I2C IC is available in my country :(
Looks like we have to hack the code. I will inform you when I reach this phase in my project.@ahmedadelhosni Great, do let us know once you have something.
-
@Suresh-Mali I have the same problem. Only I2C IC is available in my country :(
Looks like we have to hack the code. I will inform you when I reach this phase in my project.@ahmedadelhosni Hey, I found this article. Seems like the guy has used i2c for remote flash. I was not able to extactly understand whats going on, maybe you can help.
http://www.rotwang.co.uk/projects/bootloader.html -
nice catch ;) yes it should work with some tests and code changes in mysensors lib to write into the i2c flash instead of spi flash...
@scalz , Thanks:smiley:
I am not a Device Programmer, I am counting on some one to hack and make it possible. Hope somebody puts in efforts that will help everybody like me. -
@Suresh-Mali : yep, I understand :confused: unfortunately, I have no time, even if it is maybe not the biggest thing, tests take time..there are so much things I would like to do! Do you have a soldering iron??? What I have showed to you in previous post don't need big soldering skills...
-
@Suresh-Mali : yep, I understand :confused: unfortunately, I have no time, even if it is maybe not the biggest thing, tests take time..there are so much things I would like to do! Do you have a soldering iron??? What I have showed to you in previous post don't need big soldering skills...
@scalz Oh yes, soldering is not an issue. I have rework station and I am proficient with soldering Through Hole and SMD components.
Its about getting the EEPROMs.Buying from Ali would be my last resort. I am hunting for this chip in other parts of India. I should have an answer by day end, If I dont get them then I'll order from Ali. Waiting is the worst part of ordering from Ali. I had Order ATSHA204 on 12th Dec and still waiting.:disappointed:
-
Hey Guys, I managed to find a EEPROM chip from Bangalore, India. Its 25LC512, priced at Rs.65(~$1). I hope it works. I should get it next 2days. It has the same footprint as one used in SenseBenderMicro. Will try once I have them and update.
-
nice catch for the I2C bootloader.
Keep us updated please of your progress. I can't actually start this phase now as I am working on other things at the moment.
Good luck.
