mirror of
https://github.com/RIOT-OS/RIOT.git
synced 2025-01-15 22:33:03 +01:00
Kaspar Schleiser
fb12c4aa8d
This commit adds a sys module implementing SUIT draft v4 compatible firmware updates. Co-authored-by: Alexandre Abadie <alexandre.abadie@inria.fr> Co-authored-by: Koen Zandberg <koen@bergzand.net> Co-authored-by: Francisco Molina <femolina@uc.cl>
104 lines
3.3 KiB
Makefile
104 lines
3.3 KiB
Makefile
#
|
|
SUIT_COAP_BASEPATH ?= fw/$(BOARD)
|
|
SUIT_COAP_SERVER ?= localhost
|
|
SUIT_COAP_ROOT ?= coap://$(SUIT_COAP_SERVER)/$(SUIT_COAP_BASEPATH)
|
|
SUIT_COAP_FSROOT ?= $(RIOTBASE)/coaproot
|
|
|
|
#
|
|
SUIT_MANIFEST ?= $(BINDIR_APP)-riot.suitv4.$(APP_VER).bin
|
|
SUIT_MANIFEST_LATEST ?= $(BINDIR_APP)-riot.suitv4.latest.bin
|
|
SUIT_MANIFEST_SIGNED ?= $(BINDIR_APP)-riot.suitv4_signed.$(APP_VER).bin
|
|
SUIT_MANIFEST_SIGNED_LATEST ?= $(BINDIR_APP)-riot.suitv4_signed.latest.bin
|
|
|
|
SUIT_NOTIFY_VERSION ?= latest
|
|
SUIT_NOTIFY_MANIFEST ?= $(BINDIR_APP)-riot.suitv4_signed.$(SUIT_NOTIFY_VERSION).bin
|
|
|
|
# Long manifest names require more buffer space when parsing
|
|
export CFLAGS += -DSOCK_URLPATH_MAXLEN=128
|
|
|
|
SUIT_VENDOR ?= "riot-os.org"
|
|
SUIT_SEQNR ?= $(APP_VER)
|
|
SUIT_CLASS ?= $(BOARD)
|
|
|
|
#
|
|
# SUIT encryption keys
|
|
#
|
|
|
|
# Specify key to use.
|
|
# Will use $(SUIT_KEY_DIR)/$(SUIT_KEY) $(SUIT_KEY_DIR)/$(SUIT_KEY).pub as
|
|
# private/public key files, similar to how ssh names its key files.
|
|
SUIT_KEY ?= default
|
|
|
|
ifeq (1, $(RIOT_CI_BUILD))
|
|
SUIT_KEY_DIR ?= $(BINDIR)
|
|
else
|
|
SUIT_KEY_DIR ?= $(RIOTBASE)/keys
|
|
endif
|
|
|
|
SUIT_SEC ?= $(SUIT_KEY_DIR)/$(SUIT_KEY)
|
|
SUIT_PUB ?= $(SUIT_KEY_DIR)/$(SUIT_KEY).pub
|
|
|
|
SUIT_PUB_HDR = $(BINDIR)/riotbuild/public_key.h
|
|
SUIT_PUB_HDR_DIR = $(dir $(SUIT_PUB_HDR))
|
|
CFLAGS += -I$(SUIT_PUB_HDR_DIR)
|
|
BUILDDEPS += $(SUIT_PUB_HDR)
|
|
|
|
$(SUIT_SEC) $(SUIT_PUB): $(CLEAN)
|
|
@echo suit: generating key pair in $(SUIT_KEY_DIR)
|
|
@mkdir -p $(SUIT_KEY_DIR)
|
|
@$(RIOTBASE)/dist/tools/suit_v4/gen_key.py $(SUIT_SEC) $(SUIT_PUB)
|
|
|
|
# set FORCE so switching between keys using "SUIT_KEY=foo make ..."
|
|
# triggers a rebuild even if the new key would otherwise not (because the other
|
|
# key's mtime is too far back).
|
|
$(SUIT_PUB_HDR): $(SUIT_PUB) FORCE | $(CLEAN)
|
|
@mkdir -p $(SUIT_PUB_HDR_DIR)
|
|
@cp $(SUIT_PUB) $(SUIT_PUB_HDR_DIR)/public.key
|
|
@cd $(SUIT_PUB_HDR_DIR) && xxd -i public.key \
|
|
| '$(LAZYSPONGE)' $(LAZYSPONGE_FLAGS) '$@'
|
|
|
|
suit/genkey: $(SUIT_SEC) $(SUIT_PUB)
|
|
|
|
#
|
|
$(SUIT_MANIFEST): $(SLOT0_RIOT_BIN) $(SLOT1_RIOT_BIN)
|
|
$(RIOTBASE)/dist/tools/suit_v4/gen_manifest.py \
|
|
--template $(RIOTBASE)/dist/tools/suit_v4/test-2img.json \
|
|
--urlroot $(SUIT_COAP_ROOT) \
|
|
--seqnr $(SUIT_SEQNR) \
|
|
--uuid-vendor $(SUIT_VENDOR) \
|
|
--uuid-class $(SUIT_CLASS) \
|
|
--offsets $(SLOT0_OFFSET),$(SLOT1_OFFSET) \
|
|
-o $@ \
|
|
$^
|
|
|
|
$(SUIT_MANIFEST_SIGNED): $(SUIT_MANIFEST) $(SUIT_SEC) $(SUIT_PUB)
|
|
$(RIOTBASE)/dist/tools/suit_v4/sign-04.py \
|
|
$(SUIT_SEC) $(SUIT_PUB) $< $@
|
|
|
|
$(SUIT_MANIFEST_LATEST): $(SUIT_MANIFEST)
|
|
@ln -f -s $< $@
|
|
|
|
$(SUIT_MANIFEST_SIGNED_LATEST): $(SUIT_MANIFEST_SIGNED)
|
|
@ln -f -s $< $@
|
|
|
|
SUIT_MANIFESTS := $(SUIT_MANIFEST) \
|
|
$(SUIT_MANIFEST_LATEST) \
|
|
$(SUIT_MANIFEST_SIGNED) \
|
|
$(SUIT_MANIFEST_SIGNED_LATEST)
|
|
|
|
suit/manifest: $(SUIT_MANIFESTS)
|
|
|
|
suit/publish: $(SUIT_MANIFESTS) $(SLOT0_RIOT_BIN) $(SLOT1_RIOT_BIN)
|
|
@mkdir -p $(SUIT_COAP_FSROOT)/$(SUIT_COAP_BASEPATH)
|
|
@cp -t $(SUIT_COAP_FSROOT)/$(SUIT_COAP_BASEPATH) $^
|
|
@for file in $^; do \
|
|
echo "published \"$$file\""; \
|
|
echo " as \"$(SUIT_COAP_ROOT)/$$(basename $$file)\""; \
|
|
done
|
|
|
|
suit/notify: | $(filter suit/publish, $(MAKECMDGOALS))
|
|
@test -n "$(SUIT_CLIENT)" || { echo "error: SUIT_CLIENT unset!"; false; }
|
|
aiocoap-client -m POST "coap://$(SUIT_CLIENT)/suit/trigger" \
|
|
--payload "$(SUIT_COAP_ROOT)/$$(basename $(SUIT_NOTIFY_MANIFEST))" && \
|
|
echo "Triggered $(SUIT_CLIENT) to update."
|