Skip to content

SUIT: Update to draft-ietf-v3#13486

Merged
kaspar030 merged 6 commits intoRIOT-OS:masterfrom
bergzand:pr/suit/ietf_v3
Mar 20, 2020
Merged

SUIT: Update to draft-ietf-v3#13486
kaspar030 merged 6 commits intoRIOT-OS:masterfrom
bergzand:pr/suit/ietf_v3

Conversation

@bergzand
Copy link
Copy Markdown
Member

@bergzand bergzand commented Feb 26, 2020

Contribution description

This PR:

  • Removes the currently available draft-moran-v4 SUIT firmware update module.
  • Adds a reworked parser and update module based on draft-ietf-v3.
  • Adds tooling to generated v3-style manifests using ARM python code.
  • Adds a manifest parser test for the new SUIT firmware update module.
  • Reworks the examples/suit_update to use the new SUIT firmware update module.

Removal of moran-v4 parser

The moran-v4 parser is outdated by now and should be removed as a replacement is provided with this PR. It has always been marked as experimental, so (IMHO) it should not have to go through a deprecation period first.

SUIT draft-ietf-v3 parser

The new parser is based on version 3 of the ietf draft. Compared to the previous version the manifest format is simplified a bit and functionality provided between the two versions is similar. As it is a draft it again is marked experimental and we expect minor (but incompatible) changes in follow up versions.

Tooling

The tool to generate manifests can be used in a similar way as the v4 tools. The tool is based on python code provided by ARM.

Test application

The test application generates a key and a number of correct and incorrect manifests. These are parsed and the expected result is asserted.

For the v4 version I placed the generated manifests in bin/manifest (it is a binary file) and it conveniently ensures that the files are included in the gitignore, please let me know if this should also be done with this PR.

Testing procedure

  • Workflow as described by examples/suit_update works.
  • Test application passes.

Issues/PRs references

Obsoletes #13440

@bergzand bergzand added Type: enhancement The issue suggests enhanceable parts / The PR enhances parts of the codebase / documentation Type: new feature The issue requests / The PR implemements a new feature for RIOT Process: API change Integration Process: PR contains or issue proposes an API change. Should be handled with care. Area: OTA Area: Over-the-air updates labels Feb 26, 2020
@bergzand bergzand added CI: ready for build If set, CI server will compile all applications for all available boards for the labeled PR and removed CI: ready for build If set, CI server will compile all applications for all available boards for the labeled PR labels Feb 26, 2020
kaspar030
kaspar030 reviewed Feb 26, 2020
View reviewed changes
@bergzand bergzand removed the CI: ready for build If set, CI server will compile all applications for all available boards for the labeled PR label Feb 27, 2020
kaspar030
kaspar030 previously requested changes Feb 27, 2020
View reviewed changes
@bergzand bergzand added the CI: ready for build If set, CI server will compile all applications for all available boards for the labeled PR label Feb 27, 2020
@bergzand bergzand mentioned this pull request Mar 3, 2020
Closed
emmanuelsearch
emmanuelsearch reviewed Mar 3, 2020
View reviewed changes
@bergzand bergzand removed the CI: ready for build If set, CI server will compile all applications for all available boards for the labeled PR label Mar 4, 2020
@fjmolinas
Copy link
Copy Markdown
Contributor

fjmolinas commented Mar 18, 2020

Here is a gist with putting up to date some things in the README. If you agree with the suggestions you can apply squash.

@bergzand
Copy link
Copy Markdown
Member Author

bergzand commented Mar 18, 2020

Here is a gist with putting up to date some things in the README. If you agree with the suggestions you can apply squash.

Thanks! applied

@fjmolinas
Copy link
Copy Markdown
Contributor

fjmolinas commented Mar 18, 2020

Thanks! applied

Pleas squash!

@bergzand
Copy link
Copy Markdown
Member Author

bergzand commented Mar 19, 2020

Squashed!

@fjmolinas
Copy link
Copy Markdown
Contributor

fjmolinas commented Mar 19, 2020

Seem there are some boards needing blacklist, and travis has a couple of complaints, Squash right away when addressed.

Otherwise there is still this:

@kaspar030 Is it possible that the Pi-based workers do not have ed25519 support in OpenSSL yet? The build run fails on generating the crypto keys.

@bergzand
Copy link
Copy Markdown
Member Author

bergzand commented Mar 19, 2020

Seem there are some boards needing blacklist, and travis has a couple of complaints, Squash right away when addressed.

Added them

@bergzand bergzand removed the CI: ready for build If set, CI server will compile all applications for all available boards for the labeled PR label Mar 19, 2020
@bergzand bergzand added the CI: ready for build If set, CI server will compile all applications for all available boards for the labeled PR label Mar 19, 2020
@bergzand
Copy link
Copy Markdown
Member Author

bergzand commented Mar 20, 2020

@kaspar030, @fjmolinas All green here!

@bergzand
Copy link
Copy Markdown
Member Author

bergzand commented Mar 20, 2020

@kaspar030, @fjmolinas All green here!

I added the examples/suit-update to the CI blacklist:

# This can be removed as soon as the Pi-fleet runners support an Openssl version
# with ed25519 support.
TEST_ON_CI_BLACKLIST = all

The suit_manifest test doesn't need to be blacklisted, all the crypto handling is done on build servers and those have a sufficiently modern Openssl.

fjmolinas
fjmolinas approved these changes Mar 20, 2020
View reviewed changes
Copy link
Copy Markdown
Contributor

@fjmolinas fjmolinas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

All my change requests have been addressed. I have tested the new test and the example. The Readme and documentation are up to date. ACK!

@kaspar030 kaspar030 dismissed their stale review March 20, 2020 13:44

comments addressed

@kaspar030 kaspar030 merged commit 7d0c475 into RIOT-OS:master Mar 20, 2020
@bergzand
Copy link
Copy Markdown
Member Author

bergzand commented Mar 20, 2020

🎉

Thanks!

@bergzand bergzand deleted the pr/suit/ietf_v3 branch March 20, 2020 13:48
@benpicco benpicco mentioned this pull request Mar 22, 2020
Closed
@benpicco
Copy link
Copy Markdown
Contributor

benpicco commented Mar 22, 2020
edited
Loading

btw.: I now get

Traceback (most recent call last):
  File "/home/benpicco/dev/RIOT/dist/tools/suit_v3/suit-manifest-generator/bin/suit-tool", line 25, in <module>
    from suit_tool import clidriver
  File "/home/benpicco/dev/RIOT/dist/tools/suit_v3/suit-manifest-generator/bin/../suit_tool/clidriver.py", line 24, in <module>
    from suit_tool import create, sign, parse, get_uecc_pubkey
  File "/home/benpicco/dev/RIOT/dist/tools/suit_v3/suit-manifest-generator/bin/../suit_tool/create.py", line 20, in <module>
    from suit_tool.compile import compile_manifest
  File "/home/benpicco/dev/RIOT/dist/tools/suit_v3/suit-manifest-generator/bin/../suit_tool/compile.py", line 29, in <module>
    from suit_tool.manifest import SUITComponentId, SUITCommon, SUITSequence, \
  File "/home/benpicco/dev/RIOT/dist/tools/suit_v3/suit-manifest-generator/bin/../suit_tool/manifest.py", line 22, in <module>
    import cbor
ModuleNotFoundError: No module named 'cbor'

when building anything.
The build continues successfully, but this is of course annoying 😉

Maybe something like this?

diff --git a/Makefile.dep b/Makefile.dep
index 6c07ef3a2..4dc857eba 100644
--- a/Makefile.dep
+++ b/Makefile.dep
@@ -959,6 +959,9 @@ ifneq (,$(filter suit,$(USEMODULE)))
   USEMODULE += libcose_crypt_c25519
   USEMODULE += uuid
 
+  BUILDDEPS += $(SUIT_PUB_HDR)
+  CFLAGS += -I$(SUIT_PUB_HDR_DIR)
+
   # tests/suit_manifest has some mock implementations,
   # only add the non-mock dependencies if not building that test.
   ifeq (,$(filter suit_transport_mock,$(USEMODULE)))
diff --git a/makefiles/suit.base.inc.mk b/makefiles/suit.base.inc.mk
index ab0d84c10..710a3506e 100644
--- a/makefiles/suit.base.inc.mk
+++ b/makefiles/suit.base.inc.mk
@@ -21,8 +21,6 @@ SUIT_SEC ?= $(SUIT_KEY_DIR)/$(SUIT_KEY).pem
 
 SUIT_PUB_HDR = $(BINDIR)/riotbuild/public_key.h
 SUIT_PUB_HDR_DIR = $(dir $(SUIT_PUB_HDR))
-CFLAGS += -I$(SUIT_PUB_HDR_DIR)
-BUILDDEPS += $(SUIT_PUB_HDR)
 
 $(SUIT_SEC): $(CLEAN)
        @echo suit: generating key in $(SUIT_KEY_DIR)

@leandrolanzieri leandrolanzieri added this to the Release 2020.04 milestone Mar 26, 2020
@aabadie aabadie mentioned this pull request Dec 30, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@emmanuelsearch emmanuelsearch emmanuelsearch left review comments

@fjmolinas fjmolinas fjmolinas approved these changes

@kaspar030 kaspar030 kaspar030 left review comments

@aabadie aabadie Awaiting requested review from aabadie aabadie is a code owner

Assignees

@fjmolinas fjmolinas

Labels

Area: OTA Area: Over-the-air updates CI: ready for build If set, CI server will compile all applications for all available boards for the labeled PR CI: run tests If set, CI server will run tests on hardware for the labeled PR Process: API change Integration Process: PR contains or issue proposes an API change. Should be handled with care. Reviewed: 1-fundamentals The fundamentals of the PR were reviewed according to the maintainer guidelines Reviewed: 2-code-design The code design of the PR was reviewed according to the maintainer guidelines Reviewed: 3-testing The PR was tested according to the maintainer guidelines Reviewed: 4-code-style The adherence to coding conventions by the PR were reviewed according to the maintainer guidelines Type: enhancement The issue suggests enhanceable parts / The PR enhances parts of the codebase / documentation Type: new feature The issue requests / The PR implemements a new feature for RIOT

Projects

None yet

Milestone

Release 2020.04

Development

Successfully merging this pull request may close these issues.

8 participants

@bergzand @janosbrodbeck @fjmolinas @benpicco @emmanuelsearch @kaspar030 @leandrolanzieri @smlng