Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

makefiles: allow to override suit manifest payloads #16771

Merged

Conversation

fjmolinas
Copy link
Contributor

@fjmolinas fjmolinas commented Aug 23, 2021

Contribution description

This PR re-work how suit manifests are named and stored as well as the naming of suit manifests payloads (e.g. riotboot). FIles that need to hold version (or sequence number) are of the form: <somename>.<version>.bin manifests follow the same format
with but with a <somename> == riot.suit by default. Since both suit files and riotboot files can easily clutter the bin directory they are moth moved to their own directories within BINDIR, but having distinct directories for both.

This adds:

  • SUIT_MANIFEST_BASENAME: allow for non-slotfiles payloads to have different names than slotfiles payloads.
  • SUIT_MANIFEST_PAYLOADS: firmware payloads to be published with the
    manifest.
  • SUIT_MANIFEST_SLOTFILES: firmware payloads referenced by the manifest
    in the form 'filename:[offset]:[comp_name]' as expected by
    gen_manifest.py.

With this the same recipes suit/publish suit/notify can be used with
non-slotfiles payloads.

PS: bikeshedding the names is very welcome.

Testing procedure

examples/suit_update still passes.

suit/publish suit/notify can work out of the box with for example a patch like this:

diff --git a/examples/suit_update/Makefile b/examples/suit_update/Makefile
index b5c09cc73a..cffcb60d94 100644
--- a/examples/suit_update/Makefile
+++ b/examples/suit_update/Makefile
@@ -57,11 +57,12 @@ ifeq ($(BOARD),native)
   USE_ETHOS ?= 0
   # Configure two RAM regions with 2K each
   CFLAGS += -DCONFIG_SUIT_STORAGE_RAM_REGIONS=2 -DCONFIG_SUIT_STORAGE_RAM_SIZE=2048
+  include $(CURDIR)/Makefile.suit.native
+else
+  # Change this to 0 to not use ethos
+  USE_ETHOS ?= 1
 endif

-# Change this to 0 to not use ethos
-USE_ETHOS ?= 1
-
 ifeq (1,$(USE_ETHOS))
   USEMODULE += stdio_ethos
   USEMODULE += gnrc_uhcpc
diff --git a/examples/suit_update/Makefile.suit.native b/examples/suit_update/Makefile.suit.native
new file mode 100644
index 0000000000..69510260a6
--- /dev/null
+++ b/examples/suit_update/Makefile.suit.native
@@ -0,0 +1,20 @@
+# Required variables defined in riotboot.inc.mk or Makefile.include
+BINDIR_APP = $(CURDIR)/bin/$(BOARD)/$(APPLICATION)
+EPOCH := $(shell date +%s)
+APP_VER ?= $(EPOCH)
+
+# Recipe to generate dummy payload
+SUIT_NATIVE_PAYLOAD ?= "AABBCCDD"
+SUIT_NATIVE_PAYLOAD_BIN ?= $(BINDIR_APP).$(APP_VER).bin
+$(SUIT_NATIVE_PAYLOAD_BIN):
+       echo $(SUIT_NATIVE_PAYLOAD) > $@
+
+# Only a single RAM secotor is being updated, so change accordingly
+SUIT_MANIFEST_PAYLOADS ?= $(SUIT_NATIVE_PAYLOAD_BIN)
+SUIT_MANIFEST_SLOTFILES ?= $(SUIT_NATIVE_PAYLOAD_BIN):0:ram:0
+# Make sure it is built
+BUILD_FILES += $(SUIT_NATIVE_PAYLOAD_BIN)
+
+#
+SUIT_COAP_SERVER ?= [2001:db8::1]
+SUIT_CLIENT ?= [2001:db8::2]
diff --git a/examples/suit_update/main.c b/examples/suit_update/main.c
index 58dbd650be..e87fd00fa4 100644
--- a/examples/suit_update/main.c
+++ b/examples/suit_update/main.c
@@ -190,6 +190,10 @@ int main(void)
     cmd_print_riotboot_hdr(0, NULL);
 #endif

+    ipv6_addr_t addr;
+    const char addr_str[] = "2001:db8::2";
+    ipv6_addr_from_str(&addr, addr_str);
+    gnrc_netif_ipv6_addr_add(gnrc_netif_iter(NULL), &addr, 64, 0);
     /* start suit coap updater thread */
     suit_coap_run();
$ sudo ip tuntap add tap0 mode tap user $USER
$ sudo ip link set tap0 up
$ sudo ip address add 2001:db8::1/64 dev tap0
$ BOARD=native make -C examples/suit_update flash term`
$ BOARD=native make -C examples/suit_update/ suit/publish
$ BOARD=native make -C examples/suit_update/ suit/notify
main(): This is RIOT! (Version: 2021.10-devel-282-g0caae-pr_suit_override_manifest_payloads)
RIOT SUIT update example application
suit_coap: started.
Starting the shell
> suit: received URL: "coap://[2001:db8::1]/fw/native/suit_update-riot.suit_signed.latest.bin"
suit_coap: trigger received
suit_coap: downloading "coap://[2001:db8::1]/fw/native/suit_update-riot.suit_signed.latest.bin"
suit_coap: got manifest with size 305
suit: verifying manifest signature
suit: validated manifest version
)Retrieved sequence number: 0
Manifest seq_no: 1629729120, highest available: 0
suit: validated sequence number
)Formatted component name: .ram.0
validating vendor ID
Comparing 547d0d74-6d3a-5a92-9662-4881afd9407b to 547d0d74-6d3a-5a92-9662-4881afd9407b from manifest
validating vendor ID: OK
validating class id
Comparing bcc90984-fe7d-562b-b4c9-a24f26a3a9cd to bcc90984-fe7d-562b-b4c9-a24f26a3a9cd from manifest
validating class id: OK
SUIT policy check OK.
Formatted component name: .ram.0
Fetching firmware |█████████████████████████| 100%
Finalizing payload store
Verifying image digest
Starting digest verification against image
Install correct payload
Verifying image digest
Starting digest verification against image
Install correct payload
  • examples/suit_update still passes
> riotboot-hdr
Image magic_number: 0x544f4952
Image Version: 0x6130abad
Image start address: 0x00002400
Header chksum: 0x77c2ce7f

> ifconfig
ifconfig
Iface  4  HWaddr: 5E:0D:18:57:DA:F3
          L2-PDU:1500  MTU:1500  HL:64  RTR
          Source address length: 6
          Link type: wired
          inet6 addr: fe80::5c0d:18ff:fe57:daf3  scope: link  VAL
pinging node...
PING fe80::5c0d:18ff:fe57:daf3%riot0(fe80::5c0d:18ff:fe57:daf3%riot0) 56 data bytes

--- fe80::5c0d:18ff:fe57:daf3%riot0 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 42.611/42.611/42.611/0.000 ms
pinging node succeeded.
suit
          inet6 addr: fe80::2  scope: link  VAL
          inet6 group: ff02::2
          inet6 group: ff02::1
          inet6 group: ff02::1:ff57:daf3
          inet6 group: ff02::1:ff00:2

> suit
Usage: suit <manifest url>
> make[1]: warning: jobserver unavailable: using -j1.  Add '+' to parent make rule.
compiling /home/francisco/workspace/RIOT2/dist/tools/riotboot_gen_hdr/bin/genhdr...
make: Nothing to be done for 'all'.
creating /home/francisco/workspace/RIOT2/examples/suit_update/bin/nrf52840-mdk/suit_files/slot0.1630579630.riot.bin...
creating /home/francisco/workspace/RIOT2/examples/suit_update/bin/nrf52840-mdk/suit_files/slot1.1630579630.riot.bin...
/home/francisco/workspace/RIOT2/dist/tools/suit/gen_manifest.py \
  --urlroot coap://[fd00:dead:beef::1]/fw/nrf52840-mdk/suit_update \
  --seqnr 1630579630 \
  --uuid-vendor "riot-os.org" \
  --uuid-class nrf52840-mdk \
  -o /home/francisco/workspace/RIOT2/examples/suit_update/bin/nrf52840-mdk/suit_files/riot.suit.1630579630.bin.tmp \
  /home/francisco/workspace/RIOT2/examples/suit_update/bin/nrf52840-mdk/suit_files/slot0.1630579630.riot.bin:0x2000 /home/francisco/workspace/RIOT2/examples/suit_update/bin/nrf52840-mdk/suit_files/slot1.1630579630.riot.bin:528384
/home/francisco/workspace/RIOT2/dist/tools/suit/suit-manifest-generator/bin/suit-tool create -f suit -i /home/francisco/workspace/RIOT2/examples/suit_update/bin/nrf52840-mdk/suit_files/riot.suit.1630579630.bin.tmp -o /home/francisco/workspace/RIOT2/examples/suit_update/bin/nrf52840-mdk/suit_files/riot.suit.1630579630.bin
create done. Serializing
rm -f /home/francisco/workspace/RIOT2/examples/suit_update/bin/nrf52840-mdk/suit_files/riot.suit.1630579630.bin.tmp
/home/francisco/workspace/RIOT2/dist/tools/suit/suit-manifest-generator/bin/suit-tool sign -k /home/francisco/workspace/RIOT2/keys/invalid_keys.pem -m /home/francisco/workspace/RIOT2/examples/suit_update/bin/nrf52840-mdk/suit_files/riot.suit.1630579630.bin -o /home/francisco/workspace/RIOT2/examples/suit_update/bin/nrf52840-mdk/suit_files/riot.suit_signed.1630579630.bin
published "/home/francisco/workspace/RIOT2/examples/suit_update/bin/nrf52840-mdk/suit_files/riot.suit.1630579630.bin"
       as "coap://[fd00:dead:beef::1]/fw/nrf52840-mdk/suit_update/riot.suit.1630579630.bin"
published "/home/francisco/workspace/RIOT2/examples/suit_update/bin/nrf52840-mdk/suit_files/riot.suit.latest.bin"
       as "coap://[fd00:dead:beef::1]/fw/nrf52840-mdk/suit_update/riot.suit.latest.bin"
published "/home/francisco/workspace/RIOT2/examples/suit_update/bin/nrf52840-mdk/suit_files/riot.suit_signed.1630579630.bin"
       as "coap://[fd00:dead:beef::1]/fw/nrf52840-mdk/suit_update/riot.suit_signed.1630579630.bin"
published "/home/francisco/workspace/RIOT2/examples/suit_update/bin/nrf52840-mdk/suit_files/riot.suit_signed.latest.bin"
       as "coap://[fd00:dead:beef::1]/fw/nrf52840-mdk/suit_update/riot.suit_signed.latest.bin"
published "/home/francisco/workspace/RIOT2/examples/suit_update/bin/nrf52840-mdk/suit_files/slot0.1630579630.riot.bin"
       as "coap://[fd00:dead:beef::1]/fw/nrf52840-mdk/suit_update/slot0.1630579630.riot.bin"
published "/home/francisco/workspace/RIOT2/examples/suit_update/bin/nrf52840-mdk/suit_files/slot1.1630579630.riot.bin"
       as "coap://[fd00:dead:beef::1]/fw/nrf52840-mdk/suit_update/slot1.1630579630.riot.bin"
make[1]: warning: jobserver unavailable: using -j1.  Add '+' to parent make rule.
aiocoap-client -m POST "coap://[fe80::5c0d:18ff:fe57:daf3%riot0]/suit/trigger" \
        --payload "coap://[fd00:dead:beef::1]/fw/nrf52840-mdk/suit_update/riot.suit_signed.1630579630.bin" && \
        echo "Triggered [fe80::5c0d:18ff:fe57:daf3%riot0] to update."
Triggered [fe80::5c0d:18ff:fe57:daf3%riot0] to update.
suit: received URL: "coap://[fd00:dead:beef::1]/fw/nrf52840-mdk/suit_update/riot.suit_signed.1630579630.bin"
suit_coap: trigger received
suit_coap: downloading "coap://[fd00:dead:beef::1]/fw/nrf52840-mdk/suit_update/riot.suit_signed.1630579630.bin"
suit_coap: got manifest with size 509
suit: verifying manifest signature
Unable to validate signature: -2
make[1]: warning: jobserver unavailable: using -j1.  Add '+' to parent make rule.
compiling /home/francisco/workspace/RIOT2/dist/tools/riotboot_gen_hdr/bin/genhdr...
make: Nothing to be done for 'all'.
creating /home/francisco/workspace/RIOT2/examples/suit_update/bin/nrf52840-mdk/suit_files/slot0.1630579628.riot.bin...
creating /home/francisco/workspace/RIOT2/examples/suit_update/bin/nrf52840-mdk/suit_files/slot1.1630579628.riot.bin...
/home/francisco/workspace/RIOT2/dist/tools/suit/gen_manifest.py \
  --urlroot coap://[fd00:dead:beef::1]/fw/nrf52840-mdk/suit_update \
  --seqnr 1630579628 \
  --uuid-vendor "riot-os.org" \
  --uuid-class nrf52840-mdk \
  -o /home/francisco/workspace/RIOT2/examples/suit_update/bin/nrf52840-mdk/suit_files/riot.suit.1630579628.bin.tmp \
  /home/francisco/workspace/RIOT2/examples/suit_update/bin/nrf52840-mdk/suit_files/slot0.1630579628.riot.bin:0x2000 /home/francisco/workspace/RIOT2/examples/suit_update/bin/nrf52840-mdk/suit_files/slot1.1630579628.riot.bin:528384
/home/francisco/workspace/RIOT2/dist/tools/suit/suit-manifest-generator/bin/suit-tool create -f suit -i /home/francisco/workspace/RIOT2/examples/suit_update/bin/nrf52840-mdk/suit_files/riot.suit.1630579628.bin.tmp -o /home/francisco/workspace/RIOT2/examples/suit_update/bin/nrf52840-mdk/suit_files/riot.suit.1630579628.bin
create done. Serializing
rm -f /home/francisco/workspace/RIOT2/examples/suit_update/bin/nrf52840-mdk/suit_files/riot.suit.1630579628.bin.tmp
/home/francisco/workspace/RIOT2/dist/tools/suit/suit-manifest-generator/bin/suit-tool sign -k /home/francisco/workspace/RIOT2/keys/default.pem -m /home/francisco/workspace/RIOT2/examples/suit_update/bin/nrf52840-mdk/suit_files/riot.suit.1630579628.bin -o /home/francisco/workspace/RIOT2/examples/suit_update/bin/nrf52840-mdk/suit_files/riot.suit_signed.1630579628.bin
published "/home/francisco/workspace/RIOT2/examples/suit_update/bin/nrf52840-mdk/suit_files/riot.suit.1630579628.bin"
       as "coap://[fd00:dead:beef::1]/fw/nrf52840-mdk/suit_update/riot.suit.1630579628.bin"
published "/home/francisco/workspace/RIOT2/examples/suit_update/bin/nrf52840-mdk/suit_files/riot.suit.latest.bin"
       as "coap://[fd00:dead:beef::1]/fw/nrf52840-mdk/suit_update/riot.suit.latest.bin"
published "/home/francisco/workspace/RIOT2/examples/suit_update/bin/nrf52840-mdk/suit_files/riot.suit_signed.1630579628.bin"
       as "coap://[fd00:dead:beef::1]/fw/nrf52840-mdk/suit_update/riot.suit_signed.1630579628.bin"
published "/home/francisco/workspace/RIOT2/examples/suit_update/bin/nrf52840-mdk/suit_files/riot.suit_signed.latest.bin"
       as "coap://[fd00:dead:beef::1]/fw/nrf52840-mdk/suit_update/riot.suit_signed.latest.bin"
published "/home/francisco/workspace/RIOT2/examples/suit_update/bin/nrf52840-mdk/suit_files/slot0.1630579628.riot.bin"
       as "coap://[fd00:dead:beef::1]/fw/nrf52840-mdk/suit_update/slot0.1630579628.riot.bin"
published "/home/francisco/workspace/RIOT2/examples/suit_update/bin/nrf52840-mdk/suit_files/slot1.1630579628.riot.bin"
       as "coap://[fd00:dead:beef::1]/fw/nrf52840-mdk/suit_update/slot1.1630579628.riot.bin"
make[1]: warning: jobserver unavailable: using -j1.  Add '+' to parent make rule.
aiocoap-client -m POST "coap://[fe80::5c0d:18ff:fe57:daf3%riot0]/suit/trigger" \
        --payload "coap://[fd00:dead:beef::1]/fw/nrf52840-mdk/suit_update/riot.suit_signed.1630579628.bin" && \
        echo "Triggered [fe80::5c0d:18ff:fe57:daf3%riot0] to update."
Triggered [fe80::5c0d:18ff:fe57:daf3%riot0] to update.
suit_parse() failed. res=-6
suit: received URL: "coap://[fd00:dead:beef::1]/fw/nrf52840-mdk/suit_update/riot.suit_signed.1630579628.bin"
suit_coap: trigger received
suit_coap: downloading "coap://[fd00:dead:beef::1]/fw/nrf52840-mdk/suit_update/riot.suit_signed.1630579628.bin"
suit_coap: got manifest with size 509
suit: verifying manifest signature
suit: validated manifest version
)riotboot_hdr_validate: riotboot_hdr magic number invalid
Manifest seq_no: 1630579628, highest available: 1630579629
seq_nr <= running image
make[1]: warning: jobserver unavailable: using -j1.  Add '+' to parent make rule.
compiling /home/francisco/workspace/RIOT2/dist/tools/riotboot_gen_hdr/bin/genhdr...
make: Nothing to be done for 'all'.
creating /home/francisco/workspace/RIOT2/examples/suit_update/bin/nrf52840-mdk/suit_files/slot0.1630579630.riot.bin...
creating /home/francisco/workspace/RIOT2/examples/suit_update/bin/nrf52840-mdk/suit_files/slot1.1630579630.riot.bin...
/home/francisco/workspace/RIOT2/dist/tools/suit/gen_manifest.py \
  --urlroot coap://[fd00:dead:beef::1]/fw/nrf52840-mdk/suit_update \
  --seqnr 1630579630 \
  --uuid-vendor "riot-os.org" \
  --uuid-class nrf52840-mdk \
  -o /home/francisco/workspace/RIOT2/examples/suit_update/bin/nrf52840-mdk/suit_files/riot.suit.1630579630.bin.tmp \
  /home/francisco/workspace/RIOT2/examples/suit_update/bin/nrf52840-mdk/suit_files/slot0.1630579630.riot.bin:0x2000 /home/francisco/workspace/RIOT2/examples/suit_update/bin/nrf52840-mdk/suit_files/slot1.1630579630.riot.bin:528384
/home/francisco/workspace/RIOT2/dist/tools/suit/suit-manifest-generator/bin/suit-tool create -f suit -i /home/francisco/workspace/RIOT2/examples/suit_update/bin/nrf52840-mdk/suit_files/riot.suit.1630579630.bin.tmp -o /home/francisco/workspace/RIOT2/examples/suit_update/bin/nrf52840-mdk/suit_files/riot.suit.1630579630.bin
create done. Serializing
rm -f /home/francisco/workspace/RIOT2/examples/suit_update/bin/nrf52840-mdk/suit_files/riot.suit.1630579630.bin.tmp
/home/francisco/workspace/RIOT2/dist/tools/suit/suit-manifest-generator/bin/suit-tool sign -k /home/francisco/workspace/RIOT2/keys/default.pem -m /home/francisco/workspace/RIOT2/examples/suit_update/bin/nrf52840-mdk/suit_files/riot.suit.1630579630.bin -o /home/francisco/workspace/RIOT2/examples/suit_update/bin/nrf52840-mdk/suit_files/riot.suit_signed.1630579630.bin
published "/home/francisco/workspace/RIOT2/examples/suit_update/bin/nrf52840-mdk/suit_files/riot.suit.1630579630.bin"
       as "coap://[fd00:dead:beef::1]/fw/nrf52840-mdk/suit_update/riot.suit.1630579630.bin"
published "/home/francisco/workspace/RIOT2/examples/suit_update/bin/nrf52840-mdk/suit_files/riot.suit.latest.bin"
       as "coap://[fd00:dead:beef::1]/fw/nrf52840-mdk/suit_update/riot.suit.latest.bin"
published "/home/francisco/workspace/RIOT2/examples/suit_update/bin/nrf52840-mdk/suit_files/riot.suit_signed.1630579630.bin"
       as "coap://[fd00:dead:beef::1]/fw/nrf52840-mdk/suit_update/riot.suit_signed.1630579630.bin"
published "/home/francisco/workspace/RIOT2/examples/suit_update/bin/nrf52840-mdk/suit_files/riot.suit_signed.latest.bin"
       as "coap://[fd00:dead:beef::1]/fw/nrf52840-mdk/suit_update/riot.suit_signed.latest.bin"
published "/home/francisco/workspace/RIOT2/examples/suit_update/bin/nrf52840-mdk/suit_files/slot0.1630579630.riot.bin"
       as "coap://[fd00:dead:beef::1]/fw/nrf52840-mdk/suit_update/slot0.1630579630.riot.bin"
published "/home/francisco/workspace/RIOT2/examples/suit_update/bin/nrf52840-mdk/suit_files/slot1.1630579630.riot.bin"
       as "coap://[fd00:dead:beef::1]/fw/nrf52840-mdk/suit_update/slot1.1630579630.riot.bin"
make[1]: warning: jobserver unavailable: using -j1.  Add '+' to parent make rule.
aiocoap-client -m POST "coap://[fe80::5c0d:18ff:fe57:daf3%riot0]/suit/trigger" \
        --payload "coap://[fd00:dead:beef::1]/fw/nrf52840-mdk/suit_update/riot.suit_signed.1630579630.bin" && \
        echo "Triggered [fe80::5c0d:18ff:fe57:daf3%riot0] to update."
Triggered [fe80::5c0d:18ff:fe57:daf3%riot0] to update.
)suit_parse() failed. res=-5
suit: received URL: "coap://[fd00:dead:beef::1]/fw/nrf52840-mdk/suit_update/riot.suit_signed.1630579630.bin"
suit_coap: trigger received
suit_coap: downloading "coap://[fd00:dead:beef::1]/fw/nrf52840-mdk/suit_update/riot.suit_signed.1630579630.bin"
suit_coap: got manifest with size 509
suit: verifying manifest signature
suit: validated manifest version
)riotboot_hdr_validate: riotboot_hdr magic number invalid
Manifest seq_no: 1630579630, highest available: 1630579629
suit: validated sequence number
)Formatted component name:
Comparing manifest offset 2000 with other slot offset
Comparing manifest offset 81000 with other slot offset
validating vendor ID
Comparing 547d0d74-6d3a-5a92-9662-4881afd9407b to 547d0d74-6d3a-5a92-9662-4881afd9407b from manifest
validating vendor ID: OK
validating class id
Comparing 48f08ace-5a26-548b-8bec-23396ac6bd23 to 48f08ace-5a26-548b-8bec-23396ac6bd23 from manifest
validating class id: OK
Comparing manifest offset 2000 with other slot offset
Comparing manifest offset 81000 with other slot offset
SUIT policy check OK.
Formatted component name:
riotboot_flashwrite: initializing update to target slot 1
Fetching firmware |█████████████████████████| 100%
Finalizing payload store
Verifying image digest
Starting digest verification against image
Install correct payload
Verifying image digest
Starting digest verification against image
Install correct payload
Image magic_number: 0x544f4952
Image Version: 0x6130abae
Image start address: 0x00081400
Header chksum: 0x57cebe88

suit_coap: rebooting...


----> ethos: hello received
Failed to send flush request: Operation not permitted
gnrc_uhcpc: Using 4 as border interface and 0 as wireless interface.
gnrc_uhcpc: only one interface found, skipping setup.
main(): This is RIOT! (Version: 2021.10-devel-283-gb31e44-pr_suit_override_manifest_payloads)
RIOT SUIT update example application
Running from slot 1
Image magic_number: 0x544f4952
Image Version: 0x6130abae
Image start address: 0x00081400
Header chksum: 0x57cebe88

suit_coap: started.
current-slot
Starting the shell
>
>
> current-slot
Running from slot 1
> ifconfig
ifconfig
Iface  4  HWaddr: 5E:0D:18:57:DA:F3
          L2-PDU:1500  MTU:1500  HL:64  RTR
          Source address length: 6
          Link type: wired
          inet6 addr: fe80::5c0d:18ff:fe57:daf3  scope: link  VAL
pinging node...
PING fe80::5c0d:18ff:fe57:daf3%riot0(fe80::5c0d:18ff:fe57:daf3%riot0) 56 data bytes

--- fe80::5c0d:18ff:fe57:daf3%riot0 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 43.137/43.137/43.137/0.000 ms
pinging node succeeded.
make[1]: warning: jobserver unavailable: using -j1.  Add '+' to parent make rule.
compiling /home/francisco/workspace/RIOT2/dist/tools/riotboot_gen_hdr/bin/genhdr...
make: Nothing to be done for 'all'.
creating /home/francisco/workspace/RIOT2/examples/suit_update/bin/nrf52840-mdk/suit_files/slot0.1630579631.riot.bin...
creating /home/francisco/workspace/RIOT2/examples/suit_update/bin/nrf52840-mdk/suit_files/slot1.1630579631.riot.bin...
/home/francisco/workspace/RIOT2/dist/tools/suit/gen_manifest.py \
  --urlroot coap://[fd00:dead:beef::1]/fw/nrf52840-mdk/suit_update \
  --seqnr 1630579631 \
  --uuid-vendor "riot-os.org" \
  --uuid-class nrf52840-mdk \
  -o /home/francisco/workspace/RIOT2/examples/suit_update/bin/nrf52840-mdk/suit_files/riot.suit.1630579631.bin.tmp \
  /home/francisco/workspace/RIOT2/examples/suit_update/bin/nrf52840-mdk/suit_files/slot0.1630579631.riot.bin:0x2000 /home/francisco/workspace/RIOT2/examples/suit_update/bin/nrf52840-mdk/suit_files/slot1.1630579631.riot.bin:528384
/home/francisco/workspace/RIOT2/dist/tools/suit/suit-manifest-generator/bin/suit-tool create -f suit -i /home/francisco/workspace/RIOT2/examples/suit_update/bin/nrf52840-mdk/suit_files/riot.suit.1630579631.bin.tmp -o /home/francisco/workspace/RIOT2/examples/suit_update/bin/nrf52840-mdk/suit_files/riot.suit.1630579631.bin
create done. Serializing
rm -f /home/francisco/workspace/RIOT2/examples/suit_update/bin/nrf52840-mdk/suit_files/riot.suit.1630579631.bin.tmp
/home/francisco/workspace/RIOT2/dist/tools/suit/suit-manifest-generator/bin/suit-tool sign -k /home/francisco/workspace/RIOT2/keys/default.pem -m /home/francisco/workspace/RIOT2/examples/suit_update/bin/nrf52840-mdk/suit_files/riot.suit.1630579631.bin -o /home/francisco/workspace/RIOT2/examples/suit_update/bin/nrf52840-mdk/suit_files/riot.suit_signed.1630579631.bin
published "/home/francisco/workspace/RIOT2/examples/suit_update/bin/nrf52840-mdk/suit_files/riot.suit.1630579631.bin"
       as "coap://[fd00:dead:beef::1]/fw/nrf52840-mdk/suit_update/riot.suit.1630579631.bin"
published "/home/francisco/workspace/RIOT2/examples/suit_update/bin/nrf52840-mdk/suit_files/riot.suit.latest.bin"
       as "coap://[fd00:dead:beef::1]/fw/nrf52840-mdk/suit_update/riot.suit.latest.bin"
published "/home/francisco/workspace/RIOT2/examples/suit_update/bin/nrf52840-mdk/suit_files/riot.suit_signed.1630579631.bin"
       as "coap://[fd00:dead:beef::1]/fw/nrf52840-mdk/suit_update/riot.suit_signed.1630579631.bin"
published "/home/francisco/workspace/RIOT2/examples/suit_update/bin/nrf52840-mdk/suit_files/riot.suit_signed.latest.bin"
       as "coap://[fd00:dead:beef::1]/fw/nrf52840-mdk/suit_update/riot.suit_signed.latest.bin"
published "/home/francisco/workspace/RIOT2/examples/suit_update/bin/nrf52840-mdk/suit_files/slot0.1630579631.riot.bin"
       as "coap://[fd00:dead:beef::1]/fw/nrf52840-mdk/suit_update/slot0.1630579631.riot.bin"
published "/home/francisco/workspace/RIOT2/examples/suit_update/bin/nrf52840-mdk/suit_files/slot1.1630579631.riot.bin"
       as "coap://[fd00:dead:beef::1]/fw/nrf52840-mdk/suit_update/slot1.1630579631.riot.bin"
make[1]: warning: jobserver unavailable: using -j1.  Add '+' to parent make rule.
aiocoap-client -m POST "coap://[fe80::5c0d:18ff:fe57:daf3%riot0]/suit/trigger" \
        --payload "coap://[fd00:dead:beef::1]/fw/nrf52840-mdk/suit_update/riot.suit_signed.1630579631.bin" && \
        echo "Triggered [fe80::5c0d:18ff:fe57:daf3%riot0] to update."
Triggered [fe80::5c0d:18ff:fe57:daf3%riot0] to update.
          inet6 addr: fe80::2  scope: link  VAL
          inet6 group: ff02::2
          inet6 group: ff02::1
          inet6 group: ff02::1:ff57:daf3
          inet6 group: ff02::1:ff00:2

> suit: received URL: "coap://[fd00:dead:beef::1]/fw/nrf52840-mdk/suit_update/riot.suit_signed.1630579631.bin"
suit_coap: trigger received
suit_coap: downloading "coap://[fd00:dead:beef::1]/fw/nrf52840-mdk/suit_update/riot.suit_signed.1630579631.bin"
suit_coap: got manifest with size 509
suit: verifying manifest signature
suit: validated manifest version
)Manifest seq_no: 1630579631, highest available: 1630579630
suit: validated sequence number
)Formatted component name:
Comparing manifest offset 2000 with other slot offset
validating vendor ID
Comparing 547d0d74-6d3a-5a92-9662-4881afd9407b to 547d0d74-6d3a-5a92-9662-4881afd9407b from manifest
validating vendor ID: OK
validating class id
Comparing 48f08ace-5a26-548b-8bec-23396ac6bd23 to 48f08ace-5a26-548b-8bec-23396ac6bd23 from manifest
validating class id: OK
Comparing manifest offset 2000 with other slot offset
SUIT policy check OK.
Formatted component name:
riotboot_flashwrite: initializing update to target slot 0
Fetching firmware |█████████████████████████| 100%
Finalizing payload store
Verifying image digest
Starting digest verification against image
Install correct payload
Verifying image digest
Starting digest verification against image
Install correct payload
Image magic_number: 0x544f4952
Image Version: 0x6130abaf
Image start address: 0x00002400
Header chksum: 0x77cace81

suit_coap: rebooting...


----> ethos: hello received
Failed to send flush request: Operation not permitted
gnrc_uhcpc: Using 4 as border interface and 0 as wireless interface.
gnrc_uhcpc: only one interface found, skipping setup.
main(): This is RIOT! (Version: 2021.10-devel-283-gb31e44-pr_suit_override_manifest_payloads)
RIOT SUIT update example application
Running from slot 0
Image magic_number: 0x544f4952
Image Version: 0x6130abaf
Image start address: 0x00002400
Header chksum: 0x77cace81

suit_coap: started.
current-slot
Starting the shell
>
>
> current-slot
Running from slot 0
> ifconfig
ifconfig
Iface  4  HWaddr: 5E:0D:18:57:DA:F3
          L2-PDU:1500  MTU:1500  HL:64  RTR
          Source address length: 6
          Link type: wired
          inet6 addr: fe80::5c0d:18ff:fe57:daf3  scope: link  VAL
pinging node...
PING fe80::5c0d:18ff:fe57:daf3%riot0(fe80::5c0d:18ff:fe57:daf3%riot0) 56 data bytes

--- fe80::5c0d:18ff:fe57:daf3%riot0 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 42.981/42.981/42.981/0.000 ms
pinging node succeeded.
TEST PASSED
  • tests/riotboot still passes

  • tests/riotboot_flashwrite still passses.

_flashwrite_handler(): received data: offset=54592 len=64 blockwise=1 more=1
_flashwrite_handler(): received data: offset=54656 len=64 blockwise=1 more=1
_flashwrite_handler(): received data: offset=54720 len=64 blockwise=1 more=1
_flashwrite_handler(): received data: offset=54784 len=64 blockwise=1 more=1
_flashwrite_handler(): received data: offset=54848 len=64 blockwise=1 more=1
_flashwrite_handler(): received data: offset=54912 len=64 blockwise=1 more=1
_flashwrite_handler(): received data: offset=54976 len=64 blockwise=1 more=1
_flashwrite_handler(): received data: offset=55040 len=64 blockwise=1 more=1
_flashwrite_handler(): received data: offset=55104 len=64 blockwise=1 more=1
_flashwrite_handler(): received data: offset=55168 len=64 blockwise=1 more=1
_flashwrite_handler(): received data: offset=55232 len=64 blockwise=1 more=1
_flashwrite_handler(): received data: offset=55296 len=64 blockwise=1 more=1
_flashwrite_handler(): received data: offset=55360 len=64 blockwise=1 more=1
_flashwrite_handler(): received data: offset=55424 len=64 blockwise=1 more=1
_flashwrite_handler(): received data: offset=55488 len=64 blockwise=1 more=1
_flashwrite_handler(): received data: offset=55552 len=64 blockwise=1 more=1
_flashwrite_handler(): received data: offset=55616 len=64 blockwise=1 more=1
_flashwrite_handler(): received data: offset=55680 len=64 blockwise=1 more=1
_flashwrite_handler(): received data: offset=55744 len=64 blockwise=1 more=1
_flashwrite_handler(): received data: offset=55808 len=64 blockwise=1 more=1
_flashwrite_handler(): received data: offset=55872 len=64 blockwise=1 more=1
_flashwrite_handler(): received data: offset=55936 len=64 blockwise=1 more=1
_flashwrite_handler(): received data: offset=56000 len=64 blockwise=1 more=1
_flashwrite_handler(): received data: offset=56064 len=64 blockwise=1 more=1
_flashwrite_handler(): received data: offset=56128 len=64 blockwise=1 more=1
_flashwrite_handler(): received data: offset=56192 len=64 blockwise=1 more=1
_flashwrite_handler(): received data: offset=56256 len=64 blockwise=1 more=1
_flashwrite_handler(): received data: offset=56320 len=64 blockwise=1 more=1
_flashwrite_handler(): received data: offset=56384 len=64 blockwise=1 more=1
_flashwrite_handler(): received data: offset=56448 len=64 blockwise=1 more=1
_flashwrite_handler(): received data: offset=56512 len=64 blockwise=1 more=1
_flashwrite_handler(): received data: offset=56576 len=64 blockwise=1 more=1
_flashwrite_handler(): received data: offset=56640 len=64 blockwise=1 more=1
_flashwrite_handler(): received data: offset=56704 len=64 blockwise=1 more=1
_flashwrite_handler(): received data: offset=56768 len=64 blockwise=1 more=1
_flashwrite_handler(): received data: offset=56832 len=64 blockwise=1 more=1
_flashwrite_handler(): received data: offset=56896 len=64 blockwise=1 more=1
_flashwrite_handler(): received data: offset=56960 len=64 blockwise=1 more=1
_flashwrite_handler(): received data: offset=57024 len=64 blockwise=1 more=1
_flashwrite_handler(): received data: offset=57088 len=64 blockwise=1 more=1
_flashwrite_handler(): received data: offset=57152 len=64 blockwise=1 more=1
_flashwrite_handler(): received data: offset=57216 len=64 blockwise=1 more=1
_flashwrite_handler(): received data: offset=57280 len=64 blockwise=1 more=1
_flashwrite_handler(): received data: offset=57344 len=64 blockwise=1 more=1
_flashwrite_handler(): received data: offset=57408 len=64 blockwise=1 more=1
_flashwrite_handler(): received data: offset=57472 len=64 blockwise=1 more=1
_flashwrite_handler(): received data: offset=57536 len=64 blockwise=1 more=1
_flashwrite_handler(): received data: offset=57600 len=64 blockwise=1 more=1
_flashwrite_handler(): received data: offset=57664 len=64 blockwise=1 more=1
_flashwrite_handler(): received data: offset=57728 len=64 blockwise=1 more=1
_flashwrite_handler(): received data: offset=57792 len=64 blockwise=1 more=1
_flashwrite_handler(): received data: offset=57856 len=64 blockwise=1 more=1
_flashwrite_handler(): received data: offset=57920 len=64 blockwise=1 more=1
_flashwrite_handler(): received data: offset=57984 len=64 blockwise=1 more=1
_flashwrite_handler(): received data: offset=58048 len=64 blockwise=1 more=1
_flashwrite_handler(): received data: offset=58112 len=64 blockwise=1 more=1
_flashwrite_handler(): received data: offset=58176 len=64 blockwise=1 more=1
_flashwrite_handler(): received data: offset=58240 len=64 blockwise=1 more=1
_flashwrite_handler(): received data: offset=58304 len=64 blockwise=1 more=1
_flashwrite_handler(): received data: offset=58368 len=64 blockwise=1 more=1
_flashwrite_handler(): received data: offset=58432 len=64 blockwise=1 more=1
_flashwrite_handler(): received data: offset=58496 len=64 blockwise=1 more=1
_flashwrite_handler(): received data: offset=58560 len=64 blockwise=1 more=1
_flashwrite_handler(): received data: offset=58624 len=64 blockwise=1 more=1
_flashwrite_handler(): received data: offset=58688 len=64 blockwise=1 more=1
_flashwrite_handler(): received data: offset=58752 len=64 blockwise=1 more=1
_flashwrite_handler(): received data: offset=58816 len=64 blockwise=1 more=1
_flashwrite_handler(): received data: offset=58880 len=64 blockwise=1 more=1
_flashwrite_handler(): received data: offset=58944 len=64 blockwise=1 more=1
_flashwrite_handler(): received data: offset=59008 len=64 blockwise=1 more=1
_flashwrite_handler(): received data: offset=59072 len=64 blockwise=1 more=1
_flashwrite_handler(): received data: offset=59136 len=64 blockwise=1 more=1
_flashwrite_handler(): received data: offset=59200 len=64 blockwise=1 more=1
_flashwrite_handler(): received data: offset=59264 len=64 blockwise=1 more=1
_flashwrite_handler(): received data: offset=59328 len=64 blockwise=1 more=1
_flashwrite_handler(): received data: offset=59392 len=64 blockwise=1 more=1
_flashwrite_handler(): received data: offset=59456 len=64 blockwise=1 more=1
_flashwrite_handler(): received data: offset=59520 len=64 blockwise=1 more=1
_flashwrite_handler(): received data: offset=59584 len=64 blockwise=1 more=1
_flashwrite_handler(): received data: offset=59648 len=64 blockwise=1 more=1
_flashwrite_handler(): received data: offset=59712 len=64 blockwise=1 more=1
_flashwrite_handler(): received data: offset=59776 len=64 blockwise=1 more=1
_flashwrite_handler(): received data: offset=59840 len=64 blockwise=1 more=1
_flashwrite_handler(): received data: offset=59904 len=64 blockwise=1 more=1
_flashwrite_handler(): received data: offset=59968 len=64 blockwise=1 more=1
_flashwrite_handler(): received data: offset=60032 len=64 blockwise=1 more=1
_flashwrite_handler(): received data: offset=60096 len=64 blockwise=1 more=1
_flashwrite_handler(): received data: offset=60160 len=64 blockwise=1 more=1
_flashwrite_handler(): received data: offset=60224 len=64 blockwise=1 more=1
_flashwrite_handler(): received data: offset=60288 len=64 blockwise=1 more=1
_flashwrite_handler(): received data: offset=60352 len=64 blockwise=1 more=1
_flashwrite_handler(): received data: offset=60416 len=64 blockwise=1 more=1
_flashwrite_handler(): received data: offset=60480 len=64 blockwise=1 more=1
_flashwrite_handler(): received data: offset=60544 len=64 blockwise=1 more=1
_flashwrite_handler(): received data: offset=60608 len=64 blockwise=1 more=1
_flashwrite_handler(): received data: offset=60672 len=64 blockwise=1 more=1
_flashwrite_handler(): received data: offset=60736 len=64 blockwise=1 more=1
_flashwrite_handler(): received data: offset=60800 len=64 blockwise=1 more=1
_flashwrite_handler(): received data: offset=60864 len=64 blockwise=1 more=1
_flashwrite_handler(): received data: offset=60928 len=64 blockwise=1 more=1
_flashwrite_handler(): received data: offset=60992 len=64 blockwise=1 more=1
_flashwrite_handler(): received data: offset=61056 len=60 blockwise=1 more=0
_flashwrite_handler(): finish
WARNING:coap.blockwise-requester:Block1 option completely ignored by server, assuming it knows what it is doing.
reboot
reboot
----> ethos: hello received
Failed to send flush request: Operation not permitted
NETOPT_RX_END_IRQ not implemented by driver
gnrc_uhcpc: Using 4 as border interface and 0 as wireless interface.
gnrc_uhcpc: only one interface found, skipping setup.
main(): This is RIOT! (Version: 2021.10-devel-540-g4336a-pr_suit_override_manifest_payloads)
riotboot_flashwrite test application
Running from slot 0
Image magic_number: 0x544f4952
Image Version: 0x61434d94
Image start address: 0x00002400
Header chksum: 0xff957079

Starting the shell


> current-slot

>
> current-slot
Running from slot 0
> ifconfig
ifconfig
Iface  4  HWaddr: BE:F7:A4:54:63:F6
          L2-PDU:1500  MTU:1500  HL:64  Source address length: 6
          Link type: wired
          inet6 addr: fe80::bcf7:a4ff:fe54:63f6  scope: link  VAL
pinging node...
PING fe80::bcf7:a4ff:fe54:63f6%riot0(fe80::bcf7:a4ff:fe54:63f6%riot0) 56 data bytes

--- fe80::bcf7:a4ff:fe54:63f6%riot0 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 40.010/40.010/40.010/0.000 ms
pinging node succeeded.
riotboot-invalidate 0
reboot
          inet6 addr: fe80::2  scope: link  VAL
          inet6 group: ff02::1
          inet6 group: ff02::1:ff54:63f6
          inet6 group: ff02::1:ff00:2

> riotboot-invalidate 0
> reboot
----> ethos: hello received
Failed to send flush request: Operation not permitted
NETOPT_RX_END_IRQ not implemented by driver
gnrc_uhcpc: Using 4 as border interface and 0 as wireless interface.
gnrc_uhcpc: only one interface found, skipping setup.
main(): This is RIOT! (Version: 2021.10-devel-540-g4336a-pr_suit_override_manifest_payloads)
riotboot_flashwrite test application
Running from slot 1
Image magic_number: 0x544f4952
Image Version: 0x61434d93
Image start address: 0x00041400
Header chksum: 0xdf95607c

Starting the shell


> current-slot

>
> current-slot
Running from slot 1
TEST PASSED

@fjmolinas fjmolinas requested a review from bergzand August 23, 2021 14:36
@github-actions github-actions bot added the Area: build system Area: Build system label Aug 23, 2021
@fjmolinas fjmolinas force-pushed the pr_suit_override_manifest_payloads branch from 0caaeab to 0297840 Compare September 2, 2021 10:54
@fjmolinas fjmolinas requested a review from jia200x as a code owner September 2, 2021 10:54
@github-actions github-actions bot added Area: doc Area: Documentation Area: examples Area: Example Applications labels Sep 2, 2021
@fjmolinas fjmolinas added the Area: OTA Area: Over-the-air updates label Sep 2, 2021
@fjmolinas fjmolinas requested a review from kaspar030 September 2, 2021 10:54
@fjmolinas
Copy link
Contributor Author

I think @benpicco uses suit quite a lot as well, might have an input on this or might be breaking something for him with this.

makefiles/boot/riotboot.mk Outdated Show resolved Hide resolved
@github-actions github-actions bot added Area: tests Area: tests and testing framework and removed Area: OTA Area: Over-the-air updates labels Sep 16, 2021
@benpicco benpicco added CI: skip compile test If set, CI server will run only non-compile jobs, but no compile jobs or their dependent jobs and removed CI: skip compile test If set, CI server will run only non-compile jobs, but no compile jobs or their dependent jobs labels Sep 20, 2021
@benpicco benpicco added the CI: ready for build If set, CI server will compile all applications for all available boards for the labeled PR label Sep 20, 2021
@benpicco
Copy link
Contributor

Murdock does not like it

@fjmolinas fjmolinas removed the CI: ready for build If set, CI server will compile all applications for all available boards for the labeled PR label Sep 20, 2021
@fjmolinas
Copy link
Contributor Author

Murdock does not like it

Canceled build, I'll take a look, probably some make target ordering issue

@fjmolinas fjmolinas added the CI: ready for build If set, CI server will compile all applications for all available boards for the labeled PR label Sep 20, 2021
@github-actions github-actions bot added the Area: CI Area: Continuous Integration of RIOT components label Sep 20, 2021
.murdock Outdated Show resolved Hide resolved
@github-actions github-actions bot removed the Area: CI Area: Continuous Integration of RIOT components label Sep 21, 2021
@fjmolinas
Copy link
Contributor Author

Murdock should be happy now!

@fjmolinas fjmolinas force-pushed the pr_suit_override_manifest_payloads branch 2 times, most recently from d74c718 to d37eb3e Compare April 14, 2022 17:14
Copy link
Contributor

@benpicco benpicco left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This still looks like a welcome cleanup.
Was there anything missing here?

examples/suit_update/README.hardware.md Outdated Show resolved Hide resolved

#
export SLOT0_OFFSET SLOT0_LEN SLOT1_OFFSET SLOT1_LEN

# Mandatory APP_VER, set to epoch by default
EPOCH := $(shell date +%s)
EPOCH = $(call memoized,EPOCH,$(shell date +%s))
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What's the reasoning behind that change?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Avoiding a shell call if not used

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I can split

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's fine, I was just not familiar with call memoized

@fjmolinas fjmolinas force-pushed the pr_suit_override_manifest_payloads branch from d37eb3e to d820296 Compare April 21, 2022 09:01
@fjmolinas
Copy link
Contributor Author

I'm going to rebase because this currently needs the fixes in #17950 to properly test.

1 similar comment
@fjmolinas
Copy link
Contributor Author

I'm going to rebase because this currently needs the fixes in #17950 to properly test.

@fjmolinas
Copy link
Contributor Author

With #17950 the test passes:


----> ethos: hello received
Failed to send flush request: Operation not permitted
gnrc_uhcpc: Using 4 as border interface and 0 as wireless interface.
gnrc_uhcpc: only one interface found, skipping setup.
main(): This is RIOT! (Version: 2022.07-devel-136-g1200f-pr_suit_override_manifest_payloads)
RIOT SUIT update example application
Running from slot 0
Image magic_number: 0x544f4952
Image Version: 0x62611d94
current-slot
Image start address: 0x08001400
Header chksum: 0x2aef3997

suit_coap: started.
Starting the shell
>
>
> current-slot
Running from slot 0
> ifconfig
ifconfig
Iface  4  HWaddr: A6:AB:24:46:40:C4
          L2-PDU:1500  MTU:1500  HL:64  RTR
          Source address length: 6
          Link type: wired
          inet6 addr: fe80::a4ab:24ff:fe46:40c4  scope: link  VAL
pinging node...
PING fe80::a4ab:24ff:fe46:40c4%riot0(fe80::a4ab:24ff:fe46:40c4%riot0) 56 data bytes

--- fe80::a4ab:24ff:fe46:40c4%riot0 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 60.021/60.021/60.021/0.000 ms
pinging node succeeded.
TEST PASSED

1 similar comment
@fjmolinas
Copy link
Contributor Author

With #17950 the test passes:


----> ethos: hello received
Failed to send flush request: Operation not permitted
gnrc_uhcpc: Using 4 as border interface and 0 as wireless interface.
gnrc_uhcpc: only one interface found, skipping setup.
main(): This is RIOT! (Version: 2022.07-devel-136-g1200f-pr_suit_override_manifest_payloads)
RIOT SUIT update example application
Running from slot 0
Image magic_number: 0x544f4952
Image Version: 0x62611d94
current-slot
Image start address: 0x08001400
Header chksum: 0x2aef3997

suit_coap: started.
Starting the shell
>
>
> current-slot
Running from slot 0
> ifconfig
ifconfig
Iface  4  HWaddr: A6:AB:24:46:40:C4
          L2-PDU:1500  MTU:1500  HL:64  RTR
          Source address length: 6
          Link type: wired
          inet6 addr: fe80::a4ab:24ff:fe46:40c4  scope: link  VAL
pinging node...
PING fe80::a4ab:24ff:fe46:40c4%riot0(fe80::a4ab:24ff:fe46:40c4%riot0) 56 data bytes

--- fe80::a4ab:24ff:fe46:40c4%riot0 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 60.021/60.021/60.021/0.000 ms
pinging node succeeded.
TEST PASSED

@fjmolinas
Copy link
Contributor Author

I also updated the path to show it working on native:


main(): This is RIOT! (Version: 2022.07-devel-135-gf01df-pr_suit_override_manifest_payloads)
RIOT SUIT update example application
suit_coap: started.
Starting the shell
> suit: received URL: "coap://[2001:db8::1]/fw/suit_update/native/riot.suit.latest.bin"
suit_coap: trigger received
suit_coap: downloading "coap://[2001:db8::1]/fw/suit_update/native/riot.suit.latest.bin"
suit_coap: got manifest with size 317
suit: verifying manifest signature
suit: validated manifest version
)Retrieved sequence number: 0
Manifest seq_no: 1650532730, highest available: 0
suit: validated sequence number
)Formatted component name: .ram.0
validating vendor ID
Comparing 547d0d74-6d3a-5a92-9662-4881afd9407b to 547d0d74-6d3a-5a92-9662-4881afd9407b from manifest
validating vendor ID: OK
validating class id
Comparing bcc90984-fe7d-562b-b4c9-a24f26a3a9cd to bcc90984-fe7d-562b-b4c9-a24f26a3a9cd from manifest
validating class id: OK
SUIT policy check OK.
Formatted component name: .ram.0
Fetching firmware |█████████████████████████| 100%
Finalizing payload store
Verifying image digest
Starting digest verification against image
Install correct payload
Stored sequence number: 1650532730
Verifying image digest
Starting digest verification against image
Install correct payload

BOARD=native make -C examples/suit_update/ suit/publish suit/notify
echo "AABBCCDD" > /home/francisco/workspace/RIOT2/examples/suit_update/bin/native/suit_update.1650532730.bin
published "/home/francisco/workspace/RIOT2/examples/suit_update/bin/native/suit_files/riot.suit.1650532730.bin"
       as "coap://[2001:db8::1]/fw/suit_update/native/riot.suit.1650532730.bin"
published "/home/francisco/workspace/RIOT2/examples/suit_update/bin/native/suit_files/riot.suit.latest.bin"
       as "coap://[2001:db8::1]/fw/suit_update/native/riot.suit.latest.bin"
published "/home/francisco/workspace/RIOT2/examples/suit_update/bin/native/suit_update.1650532730.bin"
       as "coap://[2001:db8::1]/fw/suit_update/native/suit_update.1650532730.bin"
aiocoap-client -m POST "coap://[2001:db8::2]/suit/trigger" \
        --payload "coap://[2001:db8::1]/fw/suit_update/native/riot.suit.latest.bin" && \
        echo "Triggered [2001:db8::2] to update."
Triggered [2001:db8::2] to update.

1 similar comment
@fjmolinas
Copy link
Contributor Author

I also updated the path to show it working on native:


main(): This is RIOT! (Version: 2022.07-devel-135-gf01df-pr_suit_override_manifest_payloads)
RIOT SUIT update example application
suit_coap: started.
Starting the shell
> suit: received URL: "coap://[2001:db8::1]/fw/suit_update/native/riot.suit.latest.bin"
suit_coap: trigger received
suit_coap: downloading "coap://[2001:db8::1]/fw/suit_update/native/riot.suit.latest.bin"
suit_coap: got manifest with size 317
suit: verifying manifest signature
suit: validated manifest version
)Retrieved sequence number: 0
Manifest seq_no: 1650532730, highest available: 0
suit: validated sequence number
)Formatted component name: .ram.0
validating vendor ID
Comparing 547d0d74-6d3a-5a92-9662-4881afd9407b to 547d0d74-6d3a-5a92-9662-4881afd9407b from manifest
validating vendor ID: OK
validating class id
Comparing bcc90984-fe7d-562b-b4c9-a24f26a3a9cd to bcc90984-fe7d-562b-b4c9-a24f26a3a9cd from manifest
validating class id: OK
SUIT policy check OK.
Formatted component name: .ram.0
Fetching firmware |█████████████████████████| 100%
Finalizing payload store
Verifying image digest
Starting digest verification against image
Install correct payload
Stored sequence number: 1650532730
Verifying image digest
Starting digest verification against image
Install correct payload

BOARD=native make -C examples/suit_update/ suit/publish suit/notify
echo "AABBCCDD" > /home/francisco/workspace/RIOT2/examples/suit_update/bin/native/suit_update.1650532730.bin
published "/home/francisco/workspace/RIOT2/examples/suit_update/bin/native/suit_files/riot.suit.1650532730.bin"
       as "coap://[2001:db8::1]/fw/suit_update/native/riot.suit.1650532730.bin"
published "/home/francisco/workspace/RIOT2/examples/suit_update/bin/native/suit_files/riot.suit.latest.bin"
       as "coap://[2001:db8::1]/fw/suit_update/native/riot.suit.latest.bin"
published "/home/francisco/workspace/RIOT2/examples/suit_update/bin/native/suit_update.1650532730.bin"
       as "coap://[2001:db8::1]/fw/suit_update/native/suit_update.1650532730.bin"
aiocoap-client -m POST "coap://[2001:db8::2]/suit/trigger" \
        --payload "coap://[2001:db8::1]/fw/suit_update/native/riot.suit.latest.bin" && \
        echo "Triggered [2001:db8::2] to update."
Triggered [2001:db8::2] to update.

@fjmolinas
Copy link
Contributor Author

This still looks like a welcome cleanup. Was there anything missing here?

@benpicco IMO nothing is missing, would you mind if I squashed?

1 similar comment
@fjmolinas
Copy link
Contributor Author

This still looks like a welcome cleanup. Was there anything missing here?

@benpicco IMO nothing is missing, would you mind if I squashed?

@fjmolinas fjmolinas force-pushed the pr_suit_override_manifest_payloads branch from d820296 to f01df2c Compare April 21, 2022 09:23
@benpicco
Copy link
Contributor

Sure, please squash!

This adds:

* SUIT_MANIFEST_BASENAME: allow for non slotfiles payloads to have
different names that slotfiles payloads.
* SUIT_MANIFEST_PAYLOADS: firmware payloads to be published with the
manifest.
* SUIT_MANIFEST_SLOTFILES: firmware payloads referenced by the manifest
in the form 'filename:[offset]:[comp_name]' as expected by
gen_manifest.py.

With this the same recipes suit/publish suit/notify can be used with
non slotfiles payloads.
- rename riotboot files so that they are of the form: slot<n>.<version>.bin
- move all generated files under $(BINDIR)/riotboot_files (this can be
  overwritten.
- move all generated manifests under $(BINDIR)/suit_files (this can be
overwritten.
- rename signed manifests so that they are of the form:
<somename>.<version>.bin, where <somename> is by default riot.suit.

This avoids cluterring BINDIR while as well having a naming scheme that
allows custom names for manifests addresssing different types of
payloads.
APP_VER must also be defined for suit.inc.mk in case non-fw payloads
are used (e.g. no riotboot)

Use memoized so the shell call happens only if needed
@fjmolinas fjmolinas force-pushed the pr_suit_override_manifest_payloads branch from f01df2c to 76ee54e Compare April 21, 2022 09:39
@fjmolinas fjmolinas merged commit c5b3b96 into RIOT-OS:master Apr 21, 2022
@fjmolinas
Copy link
Contributor Author

Thanks for the review!

@fjmolinas fjmolinas deleted the pr_suit_override_manifest_payloads branch April 21, 2022 14:54
@chrysn chrysn added this to the Release 2022.07 milestone Aug 25, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Area: build system Area: Build system Area: doc Area: Documentation Area: examples Area: Example Applications Area: tests Area: tests and testing framework CI: ready for build If set, CI server will compile all applications for all available boards for the labeled PR
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants