From ce35647f6a7d8fc7e02f64163418ba0675c38f63 Mon Sep 17 00:00:00 2001 From: Francisco Molina Date: Tue, 27 Jul 2021 11:42:30 +0200 Subject: [PATCH 1/5] makefiles: allow to override suit manifest payloads This adds: * SUIT_MANIFEST_BASENAME: allow for non slotfiles payloads to have different names that slotfiles payloads. * SUIT_MANIFEST_PAYLOADS: firmware payloads to be published with the manifest. * SUIT_MANIFEST_SLOTFILES: firmware payloads referenced by the manifest in the form 'filename:[offset]:[comp_name]' as expected by gen_manifest.py. With this the same recipes suit/publish suit/notify can be used with non slotfiles payloads. --- Makefile.include | 7 ++++++- makefiles/boot/riotboot.mk | 5 ----- makefiles/suit.inc.mk | 25 +++++++++++++++---------- 3 files changed, 21 insertions(+), 16 deletions(-) diff --git a/Makefile.include b/Makefile.include index 01648d3573..7b0295605e 100644 --- a/Makefile.include +++ b/Makefile.include @@ -654,7 +654,7 @@ HEXFILE ?= $(ELFFILE:.elf=.hex) BINFILE ?= $(ELFFILE:.elf=.bin) MAPFILE ?= $(ELFFILE:.elf=.map) -ifneq (,$(filter suit, $(USEMODULE))) +ifneq (,$(filter suit,$(USEMODULE))) include $(RIOTMAKE)/suit.base.inc.mk endif @@ -663,6 +663,11 @@ endif # It should be included after defining 'BINFILE' for 'riotboot.bin' handling. include $(RIOTMAKE)/boot/riotboot.mk +# include suit targets +ifneq (,$(filter suit,$(USEMODULE))) + include $(RIOTMAKE)/suit.inc.mk +endif + # Targets to get given file elffile: $(ELFFILE) hexfile: $(HEXFILE) diff --git a/makefiles/boot/riotboot.mk b/makefiles/boot/riotboot.mk index 1567d72e26..94c6ed1f01 100644 --- a/makefiles/boot/riotboot.mk +++ b/makefiles/boot/riotboot.mk @@ -154,11 +154,6 @@ riotboot/flash: riotboot/flash-slot0 riotboot/flash-bootloader # It also makes 'flash' and 'flash-only' work without specific command. FLASHFILE = $(RIOTBOOT_EXTENDED_BIN) -# include suit targets -ifneq (,$(filter suit, $(USEMODULE))) - include $(RIOTMAKE)/suit.inc.mk -endif - else riotboot: $(Q)echo "error: riotboot feature not selected! (try FEATURES_REQUIRED += riotboot)" diff --git a/makefiles/suit.inc.mk b/makefiles/suit.inc.mk index 2f4a141e65..bb196d4240 100644 --- a/makefiles/suit.inc.mk +++ b/makefiles/suit.inc.mk @@ -10,13 +10,14 @@ SUIT_COAP_ROOT ?= coap://$(SUIT_COAP_SERVER)/$(SUIT_COAP_BASEPATH) SUIT_COAP_FSROOT ?= $(RIOTBASE)/coaproot # -SUIT_MANIFEST ?= $(BINDIR_APP)-riot.suit.$(APP_VER).bin -SUIT_MANIFEST_LATEST ?= $(BINDIR_APP)-riot.suit.latest.bin -SUIT_MANIFEST_SIGNED ?= $(BINDIR_APP)-riot.suit_signed.$(APP_VER).bin -SUIT_MANIFEST_SIGNED_LATEST ?= $(BINDIR_APP)-riot.suit_signed.latest.bin +SUIT_MANIFEST_BASENAME ?= riot.suit +SUIT_MANIFEST ?= $(BINDIR_APP)-$(SUIT_MANIFEST_BASENAME).$(APP_VER).bin +SUIT_MANIFEST_LATEST ?= $(BINDIR_APP)-$(SUIT_MANIFEST_BASENAME).latest.bin +SUIT_MANIFEST_SIGNED ?= $(BINDIR_APP)-$(SUIT_MANIFEST_BASENAME)_signed.$(APP_VER).bin +SUIT_MANIFEST_SIGNED_LATEST ?= $(BINDIR_APP)-$(SUIT_MANIFEST_BASENAME)_signed.latest.bin SUIT_NOTIFY_VERSION ?= latest -SUIT_NOTIFY_MANIFEST ?= $(APPLICATION)-riot.suit_signed.$(SUIT_NOTIFY_VERSION).bin +SUIT_NOTIFY_MANIFEST ?= $(APPLICATION)-$(SUIT_MANIFEST_BASENAME)_signed.$(SUIT_NOTIFY_VERSION).bin # Long manifest names require more buffer space when parsing export CFLAGS += -DCONFIG_SOCK_URLPATH_MAXLEN=128 @@ -25,22 +26,26 @@ SUIT_VENDOR ?= "riot-os.org" SUIT_SEQNR ?= $(APP_VER) SUIT_CLASS ?= $(BOARD) +ifneq (,$(filter riotboot,$(USEMODULE))) + SUIT_MANIFEST_PAYLOADS ?= $(SLOT0_RIOT_BIN) $(SLOT1_RIOT_BIN) + SUIT_MANIFEST_SLOTFILES ?= $(SLOT0_RIOT_BIN):$(SLOT0_OFFSET) \ + $(SLOT1_RIOT_BIN):$(SLOT1_OFFSET) +endif # -$(SUIT_MANIFEST): $(SLOT0_RIOT_BIN) $(SLOT1_RIOT_BIN) + +$(SUIT_MANIFEST): $(SUIT_MANIFEST_PAYLOADS) $(Q)$(RIOTBASE)/dist/tools/suit/gen_manifest.py \ --urlroot $(SUIT_COAP_ROOT) \ --seqnr $(SUIT_SEQNR) \ --uuid-vendor $(SUIT_VENDOR) \ --uuid-class $(SUIT_CLASS) \ -o $@.tmp \ - $(SLOT0_RIOT_BIN):$(SLOT0_OFFSET) \ - $(SLOT1_RIOT_BIN):$(SLOT1_OFFSET) + $(SUIT_MANIFEST_SLOTFILES) $(Q)$(SUIT_TOOL) create -f suit -i $@.tmp -o $@ $(Q)rm -f $@.tmp - $(SUIT_MANIFEST_SIGNED): $(SUIT_MANIFEST) $(SUIT_SEC) $(Q)$(SUIT_TOOL) sign -k $(SUIT_SEC) -m $(SUIT_MANIFEST) -o $@ @@ -57,7 +62,7 @@ SUIT_MANIFESTS := $(SUIT_MANIFEST) \ suit/manifest: $(SUIT_MANIFESTS) -suit/publish: $(SUIT_MANIFESTS) $(SLOT0_RIOT_BIN) $(SLOT1_RIOT_BIN) +suit/publish: $(SUIT_MANIFESTS) $(SUIT_MANIFEST_PAYLOADS) $(Q)mkdir -p $(SUIT_COAP_FSROOT)/$(SUIT_COAP_BASEPATH) $(Q)cp $^ $(SUIT_COAP_FSROOT)/$(SUIT_COAP_BASEPATH) $(Q)for file in $^; do \ From 17c6717093b482834852d1c4eaedd9b406e876e9 Mon Sep 17 00:00:00 2001 From: Francisco Molina Date: Thu, 16 Sep 2021 15:46:02 +0200 Subject: [PATCH 2/5] makefiles/boot/riotboot: refactor file storage and naming - rename riotboot files so that they are of the form: slot..bin - move all generated files under $(BINDIR)/riotboot_files (this can be overwritten. --- makefiles/boot/riotboot.mk | 31 ++++++++++--------- tests/riotboot_flashwrite/README.md | 2 +- .../tests-with-config/01-run.py | 2 +- 3 files changed, 19 insertions(+), 16 deletions(-) diff --git a/makefiles/boot/riotboot.mk b/makefiles/boot/riotboot.mk index 94c6ed1f01..d708c2a02a 100644 --- a/makefiles/boot/riotboot.mk +++ b/makefiles/boot/riotboot.mk @@ -9,7 +9,10 @@ CFLAGS += -I$(BINDIR)/riotbuild HEADER_TOOL_DIR = $(RIOTBASE)/dist/tools/riotboot_gen_hdr HEADER_TOOL ?= $(HEADER_TOOL_DIR)/bin/genhdr -BINDIR_APP = $(BINDIR)/$(APPLICATION) +BINDIR_RIOTBOOT = $(BINDIR)/riotboot_files + +$(BINDIR_RIOTBOOT): $(CLEAN) + $(Q)mkdir -p $(BINDIR_RIOTBOOT) # export SLOT0_OFFSET SLOT0_LEN SLOT1_OFFSET SLOT1_LEN @@ -19,8 +22,8 @@ EPOCH := $(shell date +%s) APP_VER ?= $(EPOCH) # Final target for slot 0 with riot_hdr -SLOT0_RIOT_BIN = $(BINDIR_APP)-slot0.$(APP_VER).riot.bin -SLOT1_RIOT_BIN = $(BINDIR_APP)-slot1.$(APP_VER).riot.bin +SLOT0_RIOT_BIN = $(BINDIR_RIOTBOOT)/slot0.$(APP_VER).bin +SLOT1_RIOT_BIN = $(BINDIR_RIOTBOOT)/slot1.$(APP_VER).bin SLOT_RIOT_BINS = $(SLOT0_RIOT_BIN) $(SLOT1_RIOT_BIN) # if RIOTBOOT_SKIP_COMPILE is set to 1, "make riotboot/slot[01](-flash)" @@ -28,7 +31,7 @@ SLOT_RIOT_BINS = $(SLOT0_RIOT_BIN) $(SLOT1_RIOT_BIN) # This results in the equivalent to "make flash-only" for # "make riotboot/flash-slot[01]". ifneq (1, $(RIOTBOOT_SKIP_COMPILE)) -$(BINDIR_APP)-%.elf: $(BASELIBS) $(ARCHIVES) +$(BINDIR_RIOTBOOT)/%.elf: $(BASELIBS) $(ARCHIVES) $(BINDIR_RIOTBOOT) $(Q)$(_LINK) -o $@ endif @@ -37,11 +40,11 @@ SLOT0_IMAGE_OFFSET := $$(($(SLOT0_OFFSET) + $(RIOTBOOT_HDR_LEN))) SLOT1_IMAGE_OFFSET := $$(($(SLOT1_OFFSET) + $(RIOTBOOT_HDR_LEN))) # Link slots ELF *after* riot_hdr and limit the ROM to the slots length -$(BINDIR_APP)-slot0.elf: FW_ROM_LEN=$$((SLOT0_LEN - $(RIOTBOOT_HDR_LEN))) -$(BINDIR_APP)-slot0.elf: ROM_OFFSET=$(SLOT0_IMAGE_OFFSET) -$(BINDIR_APP)-slot1.elf: FW_ROM_LEN=$$((SLOT1_LEN - $(RIOTBOOT_HDR_LEN))) -$(BINDIR_APP)-slot1.elf: ROM_OFFSET=$(SLOT1_IMAGE_OFFSET) -SLOT_RIOT_ELFS = $(BINDIR_APP)-slot0.elf $(BINDIR_APP)-slot1.elf +$(BINDIR_RIOTBOOT)/slot0.elf: FW_ROM_LEN=$$((SLOT0_LEN - $(RIOTBOOT_HDR_LEN))) +$(BINDIR_RIOTBOOT)/slot0.elf: ROM_OFFSET=$(SLOT0_IMAGE_OFFSET) +$(BINDIR_RIOTBOOT)/slot1.elf: FW_ROM_LEN=$$((SLOT1_LEN - $(RIOTBOOT_HDR_LEN))) +$(BINDIR_RIOTBOOT)/slot1.elf: ROM_OFFSET=$(SLOT1_IMAGE_OFFSET) +SLOT_RIOT_ELFS = $(BINDIR_RIOTBOOT)/slot0.elf $(BINDIR_RIOTBOOT)/slot1.elf # ensure both slot elf files are always linked # this ensures that both "make test" and "make test-murdock" can rely on them @@ -49,7 +52,7 @@ SLOT_RIOT_ELFS = $(BINDIR_APP)-slot0.elf $(BINDIR_APP)-slot1.elf BUILD_FILES += $(SLOT_RIOT_ELFS) # Create binary target with RIOT header -$(SLOT_RIOT_BINS): %.$(APP_VER).riot.bin: %.hdr %.bin +$(SLOT_RIOT_BINS): %.$(APP_VER).bin: %.hdr %.bin @echo "creating $@..." $(Q)cat $^ > $@ @@ -68,8 +71,8 @@ $(HEADER_TOOL): FORCE %.hdr: $(HEADER_TOOL) %.bin FORCE $(Q)$(HEADER_TOOL) generate $< $(APP_VER) $$(($(ROM_START_ADDR)+$(OFFSET))) $(RIOTBOOT_HDR_LEN) - > $@ -$(BINDIR_APP)-slot0.hdr: OFFSET=$(SLOT0_IMAGE_OFFSET) -$(BINDIR_APP)-slot1.hdr: OFFSET=$(SLOT1_IMAGE_OFFSET) +$(BINDIR_RIOTBOOT)/slot0.hdr: OFFSET=$(SLOT0_IMAGE_OFFSET) +$(BINDIR_RIOTBOOT)/slot1.hdr: OFFSET=$(SLOT1_IMAGE_OFFSET) # Generic target to create a binary files for both slots riotboot: $(SLOT_RIOT_BINS) @@ -104,12 +107,12 @@ ifneq ($(BOOTLOADER_BIN)/riotboot.bin,$(BINFILE)) endif # Create combined binary booloader + RIOT firmware with header -RIOTBOOT_COMBINED_BIN = $(BINDIR_APP)-slot0-combined.bin +RIOTBOOT_COMBINED_BIN = $(BINDIR_RIOTBOOT)/slot0-combined.bin riotboot/combined-slot0: $(RIOTBOOT_COMBINED_BIN) $(RIOTBOOT_COMBINED_BIN): $(BOOTLOADER_BIN)/riotboot.extended.bin $(SLOT0_RIOT_BIN) $(Q)cat $^ > $@ -RIOTBOOT_EXTENDED_BIN = $(BINDIR_APP)-slot0-extended.bin +RIOTBOOT_EXTENDED_BIN = $(BINDIR_RIOTBOOT)/slot0-extended.bin # Generate a binary file from slot 0 which covers slot 1 riot_hdr # in order to invalidate slot 1 diff --git a/tests/riotboot_flashwrite/README.md b/tests/riotboot_flashwrite/README.md index 76dd90198c..683eaae638 100644 --- a/tests/riotboot_flashwrite/README.md +++ b/tests/riotboot_flashwrite/README.md @@ -50,6 +50,6 @@ number: Then send via CoAP, for example, with libcoap's coap_client: $ coap-client -m post coap://[]/flashwrite \ - -f bin//tests_riotboot_flashwrite-slot1.riot.bin -b 64 + -f bin//riotboot_files/slot1.bin -b 64 Then reboot the node manually, confirming that it booted from slot 1. diff --git a/tests/riotboot_flashwrite/tests-with-config/01-run.py b/tests/riotboot_flashwrite/tests-with-config/01-run.py index 4752a2a9ec..190866c99a 100755 --- a/tests/riotboot_flashwrite/tests-with-config/01-run.py +++ b/tests/riotboot_flashwrite/tests-with-config/01-run.py @@ -36,7 +36,7 @@ def make_notify(client_url, slot, version): "POST", "coap://{}/flashwrite".format(client_url), "--payload", - "@tests_riotboot_flashwrite-slot{}.{}.riot.bin".format(slot, version), + "@riotboot_files/slot{}.{}.bin".format(slot, version), "--payload-initial-szx", "2", ] From ac5c3163612a6adcb1a6a6071d3368794e12f6c8 Mon Sep 17 00:00:00 2001 From: Francisco Molina Date: Thu, 16 Sep 2021 15:46:44 +0200 Subject: [PATCH 3/5] makefiles/suit.inc.mk: refactor file storage and naming - move all generated manifests under $(BINDIR)/suit_files (this can be overwritten. - rename signed manifests so that they are of the form: ..bin, where is by default riot.suit. This avoids cluterring BINDIR while as well having a naming scheme that allows custom names for manifests addresssing different types of payloads. --- examples/suit_update/README.hardware.md | 8 +++---- makefiles/suit.inc.mk | 31 ++++++++++++------------- 2 files changed, 19 insertions(+), 20 deletions(-) diff --git a/examples/suit_update/README.hardware.md b/examples/suit_update/README.hardware.md index 996e5d1f34..e8ec9ba344 100644 --- a/examples/suit_update/README.hardware.md +++ b/examples/suit_update/README.hardware.md @@ -574,10 +574,10 @@ The following variables are defined in makefiles/suit.inc.mk: The following convention is used when naming a manifest - SUIT_MANIFEST ?= $(BINDIR_APP)-riot.suitv3.$(APP_VER).bin - SUIT_MANIFEST_LATEST ?= $(BINDIR_APP)-riot.suitv3.latest.bin - SUIT_MANIFEST_SIGNED ?= $(BINDIR_APP)-riot.suitv3_signed.$(APP_VER).bin - SUIT_MANIFEST_SIGNED_LATEST ?= $(BINDIR_APP)-riot.suitv3_signed.latest.bin + SUIT_MANIFEST ?= $(BINDIR_RIOTBOOT)/riot.suitv3.$(APP_VER).bin + SUIT_MANIFEST_LATEST ?= $(BINDIR_RIOTBOOT)/riot.suitv3.latest.bin + SUIT_MANIFEST_SIGNED ?= $(BINDIR_RIOTBOOT)/riot.suitv3_signed.$(APP_VER).bin + SUIT_MANIFEST_SIGNED_LATEST ?= $(BINDIR_RIOTBOOT)/riot.suitv3_signed.latest.bin The following default values are using for generating the manifest: diff --git a/makefiles/suit.inc.mk b/makefiles/suit.inc.mk index bb196d4240..4aed631084 100644 --- a/makefiles/suit.inc.mk +++ b/makefiles/suit.inc.mk @@ -4,20 +4,24 @@ # makefiles/suit.base.inc.mk # # -SUIT_COAP_BASEPATH ?= fw/$(BOARD) +SUIT_COAP_BASEPATH ?= fw/$(APPLICATION)/$(BOARD) SUIT_COAP_SERVER ?= localhost SUIT_COAP_ROOT ?= coap://$(SUIT_COAP_SERVER)/$(SUIT_COAP_BASEPATH) SUIT_COAP_FSROOT ?= $(RIOTBASE)/coaproot +BINDIR_SUIT = $(BINDIR)/suit_files +$(BINDIR_SUIT): $(CLEAN) + $(Q)mkdir -p $(BINDIR_SUIT) + # SUIT_MANIFEST_BASENAME ?= riot.suit -SUIT_MANIFEST ?= $(BINDIR_APP)-$(SUIT_MANIFEST_BASENAME).$(APP_VER).bin -SUIT_MANIFEST_LATEST ?= $(BINDIR_APP)-$(SUIT_MANIFEST_BASENAME).latest.bin -SUIT_MANIFEST_SIGNED ?= $(BINDIR_APP)-$(SUIT_MANIFEST_BASENAME)_signed.$(APP_VER).bin -SUIT_MANIFEST_SIGNED_LATEST ?= $(BINDIR_APP)-$(SUIT_MANIFEST_BASENAME)_signed.latest.bin +SUIT_MANIFEST ?= $(BINDIR_SUIT)/$(SUIT_MANIFEST_BASENAME)_unsigned.$(APP_VER).bin +SUIT_MANIFEST_LATEST ?= $(BINDIR_SUIT)/$(SUIT_MANIFEST_BASENAME)_unsigned.latest.bin +SUIT_MANIFEST_SIGNED ?= $(BINDIR_SUIT)/$(SUIT_MANIFEST_BASENAME).$(APP_VER).bin +SUIT_MANIFEST_SIGNED_LATEST ?= $(BINDIR_SUIT)/$(SUIT_MANIFEST_BASENAME).latest.bin SUIT_NOTIFY_VERSION ?= latest -SUIT_NOTIFY_MANIFEST ?= $(APPLICATION)-$(SUIT_MANIFEST_BASENAME)_signed.$(SUIT_NOTIFY_VERSION).bin +SUIT_NOTIFY_MANIFEST ?= $(SUIT_MANIFEST_BASENAME).$(SUIT_NOTIFY_VERSION).bin # Long manifest names require more buffer space when parsing export CFLAGS += -DCONFIG_SOCK_URLPATH_MAXLEN=128 @@ -26,14 +30,11 @@ SUIT_VENDOR ?= "riot-os.org" SUIT_SEQNR ?= $(APP_VER) SUIT_CLASS ?= $(BOARD) -ifneq (,$(filter riotboot,$(USEMODULE))) - SUIT_MANIFEST_PAYLOADS ?= $(SLOT0_RIOT_BIN) $(SLOT1_RIOT_BIN) - SUIT_MANIFEST_SLOTFILES ?= $(SLOT0_RIOT_BIN):$(SLOT0_OFFSET) \ - $(SLOT1_RIOT_BIN):$(SLOT1_OFFSET) -endif -# +SUIT_MANIFEST_PAYLOADS ?= $(SLOT0_RIOT_BIN) $(SLOT1_RIOT_BIN) +SUIT_MANIFEST_SLOTFILES ?= $(SLOT0_RIOT_BIN):$(SLOT0_OFFSET) \ + $(SLOT1_RIOT_BIN):$(SLOT1_OFFSET) -$(SUIT_MANIFEST): $(SUIT_MANIFEST_PAYLOADS) +$(SUIT_MANIFEST): $(SUIT_MANIFEST_PAYLOADS) $(BINDIR_SUIT) $(Q)$(RIOTBASE)/dist/tools/suit/gen_manifest.py \ --urlroot $(SUIT_COAP_ROOT) \ --seqnr $(SUIT_SEQNR) \ @@ -55,9 +56,7 @@ $(SUIT_MANIFEST_LATEST): $(SUIT_MANIFEST) $(SUIT_MANIFEST_SIGNED_LATEST): $(SUIT_MANIFEST_SIGNED) $(Q)ln -f -s $< $@ -SUIT_MANIFESTS := $(SUIT_MANIFEST) \ - $(SUIT_MANIFEST_LATEST) \ - $(SUIT_MANIFEST_SIGNED) \ +SUIT_MANIFESTS := $(SUIT_MANIFEST_SIGNED) \ $(SUIT_MANIFEST_SIGNED_LATEST) suit/manifest: $(SUIT_MANIFESTS) From 993af3d96a5df4710fc0cd82f71669043673765c Mon Sep 17 00:00:00 2001 From: Francisco Molina Date: Mon, 20 Sep 2021 09:58:44 +0200 Subject: [PATCH 4/5] examples/suit_update/README.hardware.md: update logs --- examples/suit_update/README.hardware.md | 30 +++++++------------------ 1 file changed, 8 insertions(+), 22 deletions(-) diff --git a/examples/suit_update/README.hardware.md b/examples/suit_update/README.hardware.md index e8ec9ba344..2a321d8af8 100644 --- a/examples/suit_update/README.hardware.md +++ b/examples/suit_update/README.hardware.md @@ -265,7 +265,6 @@ If this optional step is skipped then `SUIT_COAP_SERVER` will be the link local address of the `bt0` interface and `SUIT_CLIENT` will be the link local address of the device, with the interface specified. e.g: - SUIT_COAP_SERVER=[fe80::19:86ff:fe00:16ca] SUIT_CLIENT=[fe80::e4dd:e0ff:fe8f:7365%bt0] @@ -306,10 +305,10 @@ see 6 pairs of messages indicating where (filepath) the file was published and the corresponding coap resource URI ... - published "/home/francisco/workspace/RIOT/examples/suit_update/bin/samr21-xpro/suit_update-riot.suitv3_signed.1557135946.bin" - as "coap://[2001:db8::1]/fw/samr21-xpro/suit_update-riot.suitv3_signed.1557135946.bin" - published "/home/francisco/workspace/RIOT/examples/suit_update/bin/samr21-xpro/suit_update-riot.suitv3_signed.latest.bin" - as "coap://[2001:db8::1]/fw/samr21-xpro/suit_update-riot.suitv3_signed.latest.bin" + published "${RIOTBASE}/examples/suit_update/bin/samr21-xpro/suit_files/riot.suit.1632124156.bin" + as "coap://[2001:db8::1]/fw/suit_update/samr21-xpro/riot.suit.1632124156.bin" + published "${RIOTBASE}/examples/suit_update/bin/samr21-xpro/suit_files/riot.suit.latest.bin" + as "coap://[2001:db8::1]/fw/suit_update/samr21-xpro/riot.suit.latest.bin" ... ### Notify an update to the device @@ -497,19 +496,6 @@ When a new manifest url is received on the trigger resource a message is resent to the coap thread with the manifest's url. The thread will then fetch the manifest by a block coap request to the specified url. -- **support for v3** - -This includes v3 manifest support. When a url is received in the /suit/trigger -coap resource it will trigger a coap blockwise fetch of the manifest. When this -manifest is received it will be parsed. The signature of the manifest will be -verified and then the rest of the manifest content. If the received manifest is valid it -will extract the url for the firmware location from the manifest. - -It will then fetch the firmware, write it to the inactive slot and reboot the device. -Digest validation is done once all the firmware is written to flash. -From there the bootloader takes over, verifying the slot riotboot_hdr and boots -from the newest image. - #### Key Generation To sign the manifest and for the device to verify the manifest a pair of keys @@ -574,10 +560,10 @@ The following variables are defined in makefiles/suit.inc.mk: The following convention is used when naming a manifest - SUIT_MANIFEST ?= $(BINDIR_RIOTBOOT)/riot.suitv3.$(APP_VER).bin - SUIT_MANIFEST_LATEST ?= $(BINDIR_RIOTBOOT)/riot.suitv3.latest.bin - SUIT_MANIFEST_SIGNED ?= $(BINDIR_RIOTBOOT)/riot.suitv3_signed.$(APP_VER).bin - SUIT_MANIFEST_SIGNED_LATEST ?= $(BINDIR_RIOTBOOT)/riot.suitv3_signed.latest.bin + SUIT_MANIFEST ?= $(BINDIR_SUIT)/$(SUIT_MANIFEST_BASENAME)_unsigned.$(APP_VER).bin + SUIT_MANIFEST_LATEST ?= $(BINDIR_SUIT)/$(SUIT_MANIFEST_BASENAME)_unsigned.latest.bin + SUIT_MANIFEST_SIGNED ?= $(BINDIR_SUIT)/$(SUIT_MANIFEST_BASENAME).$(APP_VER).bin + SUIT_MANIFEST_SIGNED_LATEST ?= $(BINDIR_SUIT)/$(SUIT_MANIFEST_BASENAME).latest.bin The following default values are using for generating the manifest: From 76ee54e69ce39bf6482a8daec19239e6f4c0b378 Mon Sep 17 00:00:00 2001 From: Francisco Molina Date: Thu, 14 Apr 2022 13:45:44 +0200 Subject: [PATCH 5/5] makefiles: use memoized for EPOCH, also define for suit APP_VER must also be defined for suit.inc.mk in case non-fw payloads are used (e.g. no riotboot) Use memoized so the shell call happens only if needed --- makefiles/boot/riotboot.mk | 2 +- makefiles/suit.inc.mk | 17 +++++++++++------ 2 files changed, 12 insertions(+), 7 deletions(-) diff --git a/makefiles/boot/riotboot.mk b/makefiles/boot/riotboot.mk index d708c2a02a..61ebef6fcc 100644 --- a/makefiles/boot/riotboot.mk +++ b/makefiles/boot/riotboot.mk @@ -18,7 +18,7 @@ $(BINDIR_RIOTBOOT): $(CLEAN) export SLOT0_OFFSET SLOT0_LEN SLOT1_OFFSET SLOT1_LEN # Mandatory APP_VER, set to epoch by default -EPOCH := $(shell date +%s) +EPOCH = $(call memoized,EPOCH,$(shell date +%s)) APP_VER ?= $(EPOCH) # Final target for slot 0 with riot_hdr diff --git a/makefiles/suit.inc.mk b/makefiles/suit.inc.mk index 4aed631084..f5f97892f3 100644 --- a/makefiles/suit.inc.mk +++ b/makefiles/suit.inc.mk @@ -4,6 +4,15 @@ # makefiles/suit.base.inc.mk # # + +# Mandatory APP_VER, set to epoch by default +EPOCH = $(call memoized,EPOCH,$(shell date +%s)) +APP_VER ?= $(EPOCH) + +SUIT_VENDOR ?= "riot-os.org" +SUIT_SEQNR ?= $(APP_VER) +SUIT_CLASS ?= $(BOARD) + SUIT_COAP_BASEPATH ?= fw/$(APPLICATION)/$(BOARD) SUIT_COAP_SERVER ?= localhost SUIT_COAP_ROOT ?= coap://$(SUIT_COAP_SERVER)/$(SUIT_COAP_BASEPATH) @@ -15,9 +24,9 @@ $(BINDIR_SUIT): $(CLEAN) # SUIT_MANIFEST_BASENAME ?= riot.suit -SUIT_MANIFEST ?= $(BINDIR_SUIT)/$(SUIT_MANIFEST_BASENAME)_unsigned.$(APP_VER).bin +SUIT_MANIFEST ?= $(BINDIR_SUIT)/$(SUIT_MANIFEST_BASENAME)_unsigned.$(SUIT_SEQNR).bin SUIT_MANIFEST_LATEST ?= $(BINDIR_SUIT)/$(SUIT_MANIFEST_BASENAME)_unsigned.latest.bin -SUIT_MANIFEST_SIGNED ?= $(BINDIR_SUIT)/$(SUIT_MANIFEST_BASENAME).$(APP_VER).bin +SUIT_MANIFEST_SIGNED ?= $(BINDIR_SUIT)/$(SUIT_MANIFEST_BASENAME).$(SUIT_SEQNR).bin SUIT_MANIFEST_SIGNED_LATEST ?= $(BINDIR_SUIT)/$(SUIT_MANIFEST_BASENAME).latest.bin SUIT_NOTIFY_VERSION ?= latest @@ -26,10 +35,6 @@ SUIT_NOTIFY_MANIFEST ?= $(SUIT_MANIFEST_BASENAME).$(SUIT_NOTIFY_VERSION).bin # Long manifest names require more buffer space when parsing export CFLAGS += -DCONFIG_SOCK_URLPATH_MAXLEN=128 -SUIT_VENDOR ?= "riot-os.org" -SUIT_SEQNR ?= $(APP_VER) -SUIT_CLASS ?= $(BOARD) - SUIT_MANIFEST_PAYLOADS ?= $(SLOT0_RIOT_BIN) $(SLOT1_RIOT_BIN) SUIT_MANIFEST_SLOTFILES ?= $(SLOT0_RIOT_BIN):$(SLOT0_OFFSET) \ $(SLOT1_RIOT_BIN):$(SLOT1_OFFSET)