Does the simple security option work for a serial gateway?



  • I'm building a system in which I'd like the users to easily change the password of not only the nodes (with the Simple Security option), but also the gateway.

    So far I've been using the Raspberry Pi ethernet gateway. But I haven't been able to get that to work.

    So my question: if the user creates a serial gateway and uses the Simple Security option in that sketch, does that take care of enabling encryption on the gateway?

    Is it really that simple?

    If so, this would solve my problem of allowing users to easily change the password without having to recompile the gateway software on the Pi.


  • Contest Winner

    @alowhum I am not an expert on the rPi implementation of the settings, but I do believe the rPi extracts config data from a config file so yes, I suppose you could use the simple security option on the rPi and the nodes without having to rebuild the GW. Do note that the GW and the nodes have to agree on the password for any communication to work. And I also think the GW needs to be restarted if the config file changes.



  • I'm not sure I understand completely.

    Why would I need to change anything on the pi if I use a serial Arduino gateway? Wouldn't the Arduino take care of the encryption with all the nodes?

    My expectation/assumption is that from the Raspberry Pi's perspective it will just see a normal unencrypted Arduino gateway with which it communicates over serial.

    If I create an Arduino to use as the gateway, then I don't need to install any MYSensors software on the Pi, right? Then in Domoticz I just select "MySensors Serial Gateway" and I'm done?


  • Contest Winner

    @alowhum sorry, I misunderstood. Yes, that is correct. But you have to recompile the GW if you change key. Your controller remain unaffected.



  • Perfect. Thanks!



  • I'm looking for the easiest way to allow users of the Candle Manager (which runs on the Raspberry Pi) to change the Simple Security password.

    As mentioned above, the easiest route would be to create an Arduino gateway node that is plugged into the Raspberry Pi.

    However, I'm still dreaming of keeping the whole device small and compact by directly plugging the NRF24 onto the Raspberry Pi's GPIO pins, and using the Ethernet Gateway option.

    As @Anticimex mentioned above, this would currently mean that whenever the users changes the password, the entire ethernet gateway software would have to be recompiled.

    I have two questions:

    1. I want to make this possible straight form the Candle Manager. However, after a bit or wrestling the exact .configure command to use the Simple Security option still eludes me. What would this command look like?

    2. Could there theoretically be a way to change the password without having to recompile the gateway software? Recompiling takes quite a while. It this would have to be built in, is that something worth creating a feature request for? Something like:

    mysgw -newSimplePassword="batmanRocks"
    

  • Contest Winner

    @alowhum technically I do not think it will be a problem to have the rPi gw read the static data from a file at runtime. I do not have good insight in the rPi port though so I don't know how much work will be needed to support that.



  • Thanks. Holding the key in a file could be a nice way to make generating it more generic.


  • Contest Winner

    @alowhum but please remember that although the pi might get the ability to replace keys in runtime, nodes will not be able to do that. And that is by design.



  • Right now, when a user changes the password through the interface they are indeed warned that this means they will have to re-upload code to all the nodes. All nodes would use the SIMPLE_SECURITY option.

    But I was hoping that a later version might do that over the air somehow. Couldn't the nodes be updated Over The Air?

    I haven't looked into that enough yet, I must admit.

    • Is it true that OTA only works if you flash a new bootloader onto the Arduino Nano? - Can flashing a new bootloader only be done via the ICMP headers? Or can this be done via Serial? Or is it somehow possible to do OTA from 'userspace' with a library?

    I want my users to only ever have to connect their Arduino via USB.

    Thanks for that extra clarification by the way.

    // I'm reading this: https://www.mysensors.org/about/fota

    It says the beta version of the MYSbootloader can be loaded onto the Arduino via USB. @tekka That looks promising?

    The MySensors master branch does not support upload through ftdi / serial (but the development branch does).
    

    .. Hmmm..or does that mean the normal version ONLY supports uploading user code via the air? And the development version also supports normal uploading via USB?


  • Hardware Contributor

    Hello,

    • yes on the Arduino Nano, OTA will work only if you flash the mcu with a special bootloader (MYSBootloader, DualOptiboot for example).
      The stock bootloader only handles serial upload.
    • yes on the Aduino Nano, flashing bootloader needs ICSP pins. (and for a ARM mcu, it would need a jlink for example)
    • it means MYSBootloader can upload a sketch via OTA or ftdi because if I remember well, in first version, only OTA was available. It's about sketch upload, not bootloader upload.


  • @scalz Thank you for the clarification.

    Is there a way to enable OTA that would be 'n00b friendly'? Perhaps by attaching a small device that can then itself be programmed via the Nano's USB port?


 

346
Online

8.2k
Users

9.0k
Topics

96.0k
Posts