mirror of
https://github.com/RIOT-OS/RIOT.git
synced 2025-01-18 12:52:44 +01:00
344 lines
12 KiB
Markdown
344 lines
12 KiB
Markdown
|
# Testing Without Hardware
|
||
|
|
||
|
The SUIT update example is compatible with the native application to try out the
|
||
|
update process without requiring separate hardware. While it is not possible to
|
||
|
update the running code in the application, the workflow can be used to
|
||
|
update memory-backed storage.
|
||
|
|
||
|
- [Quickest start][quickest-start]
|
||
|
- [Introduction][introduction]
|
||
|
- [Workflow][workflow]
|
||
|
- [Setting up networking][setting-up-networking]
|
||
|
- [Starting the CoAP server][starting-the-coap-server]
|
||
|
- [Building and starting the example][building-and-starting-the-example]
|
||
|
- [Exploring the native instance][exploring-the-native-instance]
|
||
|
- [Generating the payload and manifest][generating-the-payload-and-manifest]
|
||
|
- [Updating the storage location][updating-the-storage-location]
|
||
|
|
||
|
## Quickest start
|
||
|
[quickest-start]: #quickest-start
|
||
|
|
||
|
1. Set up networking with:
|
||
|
```console
|
||
|
$ sudo dist/tools/tapsetup/tapsetup -c
|
||
|
$ sudo ip address add 2001:db8::1/64 dev tapbr0
|
||
|
```
|
||
|
|
||
|
2. Start a CoAP server in a separate shell and leave it running:
|
||
|
```
|
||
|
$ aiocoap-fileserver coaproot
|
||
|
```
|
||
|
|
||
|
3. Build and start the native instance:
|
||
|
```
|
||
|
$ BOARD=native make -C examples/suit_update all term
|
||
|
```
|
||
|
and add an address from the same range to the interface in RIOT
|
||
|
```console
|
||
|
> ifconfig 5 add 2001:db8::2/64
|
||
|
```
|
||
|
|
||
|
4. Generate a payload and a signed manifest for the payload:
|
||
|
```console
|
||
|
$ echo "AABBCCDD" > coaproot/payload.bin
|
||
|
$ dist/tools/suit/gen_manifest.py --urlroot coap://[2001:db8::1]/ --seqnr 1 -o suit.tmp coaproot/payload.bin:0:ram:0
|
||
|
$ dist/tools/suit/suit-manifest-generator/bin/suit-tool create -f suit -i suit.tmp -o coaproot/suit_manifest
|
||
|
$ dist/tools/suit/suit-manifest-generator/bin/suit-tool sign -k keys/default.pem -m coaproot/suit_manifest -o coaproot/suit_manifest.signed
|
||
|
```
|
||
|
|
||
|
5. Pull the manifest from the native instance:
|
||
|
```
|
||
|
> suit coap://[2001:db8::1]/suit_manifest.signed
|
||
|
```
|
||
|
|
||
|
6. Verify the content of the storage location
|
||
|
|
||
|
```Console
|
||
|
> storage_content .ram.0 0 64
|
||
|
41414242434344440A
|
||
|
```
|
||
|
|
||
|
## Introduction
|
||
|
[introduction]: #introduction
|
||
|
|
||
|
When building the example application for the native target, the firmware update
|
||
|
capability is removed. Instead two in-memory slots are created that can be
|
||
|
updated with new payloads. These act as a demonstrator for the SUIT
|
||
|
capabilities.
|
||
|
|
||
|
The steps described here show how to use SUIT manifests to deliver content
|
||
|
updates to a RIOT instance. The full workflow is described, including the setup
|
||
|
of simple infrastructure.
|
||
|
|
||
|
![Native execution steps](native_steps.svg?sanitize=true)
|
||
|
|
||
|
The steps are as follow: First the network configuration is done. A CoAP server
|
||
|
is started to host the files for the RIOT instance. The necessary keys to sign
|
||
|
the manifest with are generated. After this the RIOT native instance is compiled
|
||
|
and launched. With this infrastructure running, the content and the manifest is
|
||
|
generated. Finally the RIOT instance is instructed to fetch the manifest and
|
||
|
update the storage location with the content.
|
||
|
|
||
|
## Workflow
|
||
|
[workflow]: #workflow
|
||
|
|
||
|
While the above examples use make targets to create and submit the manifest,
|
||
|
this workflow aims to provide a better view of the SUIT manifest and signature
|
||
|
workflow. Because of this the steps below use the low level scripts to manually
|
||
|
creates a payload and manifest and sign it.
|
||
|
|
||
|
### Setting up networking
|
||
|
[setting-up-networking]: #setting-up-networking
|
||
|
|
||
|
To deliver the payload to the native instance, a network connection between a
|
||
|
coap server and the instance is required.
|
||
|
|
||
|
First a bridge with two tap devices is created:
|
||
|
|
||
|
echo "AABBCCDD" > coaproot/payload.bin
|
||
|
dist/tools/suit/gen_manifest.py --urlroot coap://[2001:db8::1]/ --seqnr 1 -o suit.tmp coaproot/payload.bin:0:ram:0
|
||
|
dist/tools/suit/suit-manifest-generator/bin/suit-tool create -f suit -i suit.tmp -o coaproot/suit_manifest
|
||
|
dist/tools/suit/suit-manifest-generator/bin/suit-tool sign -k keys/default.pem -m coaproot/suit_manifest -o coaproot/suit_manifest.signed
|
||
|
```console
|
||
|
$ sudo dist/tools/tapsetup/tapsetup -c
|
||
|
```
|
||
|
|
||
|
This creates a bridge called `tapbr0` and a `tap0` and `tap1`. These last two
|
||
|
tap devices are used by native instances to inject and receive network packets
|
||
|
to and from.
|
||
|
|
||
|
On the bridge device `tapbr0` an routable IP address is added such as
|
||
|
`2001:db8::1/64`:
|
||
|
|
||
|
```console
|
||
|
$ sudo ip address add 2001:db8::1/64 dev tapbr0
|
||
|
```
|
||
|
|
||
|
### Starting the CoAP server
|
||
|
[starting-the-coap-server]: #starting-the-coap-server
|
||
|
|
||
|
As mentioned above, a CoAP server is required to allow the native instance to
|
||
|
retrieve the manifest and payload. The `aiocoap-fileserver` is used for this,
|
||
|
hosting files under the `coaproot` directory:
|
||
|
|
||
|
```console
|
||
|
$ aiocoap-fileserver coaproot
|
||
|
```
|
||
|
|
||
|
This should be left running in the background. A different directory can be used
|
||
|
if preferred.
|
||
|
|
||
|
### Building and starting the example
|
||
|
[building-and-starting-the-example]: #building-and-starting-the-example
|
||
|
|
||
|
Before the natice instance can be started, it must be compiled first.
|
||
|
Compilation can be started from the root of your RIOT directory with:
|
||
|
|
||
|
```
|
||
|
$ BOARD=native make -C examples/suit_update
|
||
|
```
|
||
|
|
||
|
Then start the example with:
|
||
|
|
||
|
```console
|
||
|
$ BOARD=native make -C examples/suit_update term
|
||
|
```
|
||
|
|
||
|
This starts an instance of the suit_update example as a process on your
|
||
|
computer. It can be stopped by pressing `ctrl+c` from within the application.
|
||
|
|
||
|
The instance must also be provided with a routable IP address in the same range
|
||
|
configured on the `tapbr0` interface on the host. In the RIOT shell, this can be
|
||
|
done with:
|
||
|
|
||
|
```console
|
||
|
> ifconfig 5 add 2001:db8::2/64
|
||
|
```
|
||
|
|
||
|
Where 5 is the interface number of the interface shown with the `ifconfig`
|
||
|
command.
|
||
|
|
||
|
|
||
|
### Exploring the native instance
|
||
|
[exploring-the-native-instance]: #exploring-the-native-instance
|
||
|
|
||
|
The native instance has two shell commands to inspect the storage backends for
|
||
|
the payloads.
|
||
|
|
||
|
- The `lsstorage` command shows the available storage locations:
|
||
|
|
||
|
```console
|
||
|
> lsstorage
|
||
|
lsstorage
|
||
|
RAM slot 0: ".ram.0"
|
||
|
RAM slot 1: ".ram.1"
|
||
|
```
|
||
|
|
||
|
As shown above, two storage locations are available, `.ram.0` and `.ram.1`.
|
||
|
While two slots are available, in this example only the content of the `.ram.0`
|
||
|
slot will be updated.
|
||
|
|
||
|
- The `storage_content` command can be used to display a hex dump command of one
|
||
|
of the storage locations. It requires a location string, an offset and a
|
||
|
number of bytes to print:
|
||
|
|
||
|
```console
|
||
|
> storage_content .ram.0 0 64
|
||
|
|
||
|
```
|
||
|
As the storage location is empty on boot, nothing is printed.
|
||
|
|
||
|
### Generating the payload and manifest
|
||
|
[generating-the-payload-and-manifest]: #generating-the-payload-and-manifest
|
||
|
|
||
|
To update the storage location we first need a payload. A trivial payload is
|
||
|
used in this example:
|
||
|
|
||
|
```console
|
||
|
$ echo "AABBCCDD" > coaproot/payload.bin
|
||
|
```
|
||
|
|
||
|
Make sure to store it in the directory selected for the CoAP file server.
|
||
|
|
||
|
Next, a manifest template is created. This manifest template is a JSON file that
|
||
|
acts as a template for the real SUIT manifest. Within RIOT, the script
|
||
|
`dist/tools/suit/gen_manifest.py` is used.
|
||
|
|
||
|
```console
|
||
|
$ dist/tools/suit/gen_manifest.py --urlroot coap://[2001:db8::1]/ --seqnr 1 -o suit.tmp coaproot/payload.bin:0:ram:0
|
||
|
```
|
||
|
|
||
|
This generates a suit manifest template with the sequence number set to `1`, a
|
||
|
payload that should be stored at slot offset zero in slot `.ram.0`. The url for
|
||
|
the payload starts with `coap://[fe80::4049:bfff:fe60:db09]/`. Make sure to
|
||
|
match these with the locations and IP addresses used on your own device.
|
||
|
|
||
|
SUIT supports a check for a slot offset. Within RIOT this is normally used to
|
||
|
distinguish between the different firmware slots on a device. As this is not
|
||
|
used on a native instance, it is set to zero here. The location within a SUIT
|
||
|
manifest is an array of path components. Which character is used to separate
|
||
|
these path components is out of the scope of the SUIT manifest. The
|
||
|
`gen_manifest.py` command uses colons (`:`) to separate these components.
|
||
|
Within the manifest this will show up as an array containing `[ "ram", "0" ]`.
|
||
|
|
||
|
The content of this template file should look like this:
|
||
|
|
||
|
```json
|
||
|
{
|
||
|
"manifest-version": 1,
|
||
|
"manifest-sequence-number": 1,
|
||
|
"components": [
|
||
|
{
|
||
|
"install-id": [
|
||
|
"ram",
|
||
|
"0"
|
||
|
],
|
||
|
"vendor-id": "547d0d746d3a5a9296624881afd9407b",
|
||
|
"class-id": "bcc90984fe7d562bb4c9a24f26a3a9cd",
|
||
|
"file": "coaproot/suit_test.bin",
|
||
|
"uri": "coap://[fe80::4049:bfff:fe60:db09]/suit_test.bin",
|
||
|
"bootable": false
|
||
|
}
|
||
|
]
|
||
|
}
|
||
|
```
|
||
|
|
||
|
The manifest version indicates the SUIT manifest specification version numbers,
|
||
|
this will always be 1 for now. The sequence number is the monotonically
|
||
|
increasing anti-rollback counter.
|
||
|
|
||
|
Each component, or payload, also has a number of parameters. The install-id
|
||
|
indicates the unique path where this component must be installed.
|
||
|
The vendor and class ID are used in manifest conditionals to ensure that the
|
||
|
payload is valid for the device it is going to be installed in. It is generated
|
||
|
based on the UUID(v5) of `riot-os.org` and the board name (`native`).
|
||
|
|
||
|
The file and uri are used to generated the URL parameter and the digest in the
|
||
|
manifest. The bootable flag specifies if the manifest generator should instruct
|
||
|
the node to reboot after applying the update.
|
||
|
|
||
|
Generating the actual SUIT manifest from this is done with:
|
||
|
|
||
|
```console
|
||
|
$ dist/tools/suit/suit-manifest-generator/bin/suit-tool create -f suit -i suit.tmp -o coaproot/suit_manifest
|
||
|
```
|
||
|
|
||
|
This generates the manifest in SUIT CBOR format. The content can be inspected by
|
||
|
using the `parse` subcommand:
|
||
|
|
||
|
```console
|
||
|
$ dist/tools/suit/suit-manifest-generator/bin/suit-tool parse -m coaproot/suit_manifest
|
||
|
```
|
||
|
|
||
|
The manifest generated doesn't have an authentication wrapper, it is unsigned
|
||
|
and will not pass inspection on the device or RIOT instance. The manifest can be
|
||
|
signed with the `sign` subcommand together with the keys generated earlier.
|
||
|
|
||
|
```console
|
||
|
$ dist/tools/suit/suit-manifest-generator/bin/suit-tool sign -k keys/default.pem -m coaproot/suit_manifest -o coaproot/suit_manifest.signed
|
||
|
```
|
||
|
|
||
|
This generates an authentication to the manifest. This is visible when
|
||
|
inspecting with the `parse` subcommand. The URL to this signed manifest will be
|
||
|
submitted to the instance so it can retrieve it and in turn retrieve the
|
||
|
component payload specified by the manifest.
|
||
|
|
||
|
### Updating the storage location
|
||
|
[updating-the-storage-location]: #updating-the-storage-location
|
||
|
|
||
|
The update process is a two stage process where first the instance pulls in the
|
||
|
manifest via a supplied url. It will download the manifest and verify the
|
||
|
content. After the manifest is verified, it will proceed with executing the
|
||
|
command sequences in the manifest and download the payload when instructed to.
|
||
|
|
||
|
The URL for the manifest can be supplied to the instance via the command line.
|
||
|
|
||
|
```console
|
||
|
> suit coap://[2001:db8::1]/suit_manifest.signed
|
||
|
```
|
||
|
|
||
|
The payload is the full URL to the signed manifest. The native instance should
|
||
|
respond on this by downloading and executing the manifest. If all went well, the
|
||
|
output of the native instance should look something like this:
|
||
|
|
||
|
```
|
||
|
suit coap://[2001:db8::1]/suit_manifest.signed
|
||
|
suit_coap: trigger received
|
||
|
suit_coap: downloading "coap://[2001:db8::1]/suit_manifest.signed"
|
||
|
suit_coap: got manifest with size 276
|
||
|
suit: verifying manifest signature
|
||
|
suit: validated manifest version
|
||
|
Retrieved sequence number: 0
|
||
|
Manifest seq_no: 1, highest available: 0
|
||
|
suit: validated sequence number
|
||
|
Formatted component name: .ram.0
|
||
|
validating vendor ID
|
||
|
Comparing 547d0d74-6d3a-5a92-9662-4881afd9407b to 547d0d74-6d3a-5a92-9662-4881afd9407b from manifest
|
||
|
validating vendor ID: OK
|
||
|
validating class id
|
||
|
Comparing bcc90984-fe7d-562b-b4c9-a24f26a3a9cd to bcc90984-fe7d-562b-b4c9-a24f26a3a9cd from manifest
|
||
|
validating class id: OK
|
||
|
SUIT policy check OK.
|
||
|
Formatted component name: .ram.0
|
||
|
Fetching firmware |█████████████████████████| 100%
|
||
|
Finalizing payload store
|
||
|
Verifying image digest
|
||
|
Starting digest verification against image
|
||
|
Install correct payload
|
||
|
Verifying image digest
|
||
|
Starting digest verification against image
|
||
|
Install correct payload
|
||
|
```
|
||
|
|
||
|
The storage location can now be inspected using the built-in command. If the
|
||
|
same payload as suggested above was used, it should look like this:
|
||
|
|
||
|
```Console
|
||
|
> storage_content .ram.0 0 64
|
||
|
41414242434344440A
|
||
|
```
|
||
|
|
||
|
The process can be done multiple times with both slot `.ram.0` and `.ram.1` and
|
||
|
different payloads. Keep in mind that the sequence number is a strict
|
||
|
monotonically number and must be increased after every update.
|