Commit a62570e2 authored by Jacob Priddy's avatar Jacob Priddy 👌

Add image verification as well as application rollback support

parent 0a0d5354
Pipeline #9679 passed with stages
in 1 minute and 23 seconds
......@@ -4,3 +4,4 @@ build/
cmake-build*
sdkconfig.old
.idea
*.pem
......@@ -24,7 +24,7 @@ build_esp32_application:
- /opt/esp/entrypoint.sh bash
- idf.py build
# - echo "$SIGNING_KEY" | base64 -d -w 0 > decoded.pem
# - espsecure.py sign_data --keyfile decoded.pem build/door-controller.bin
# - espsecure.py sign_data --keyfile decoded.pem --version 1 build/door-controller.bin
artifacts:
paths:
- build/door-controller.bin
......
#!/bin/bash
# Build and sign application
idf.py build
# sign partition table
espsecure.py sign_data --keyfile "$1" --version 1 /project/build/partition_table/partition-table.bin
# sign application
espsecure.py sign_data --keyfile "$1" --version 1 /project/build/door-controller.bin
# Erase entire flash contents, flash the device, and start a terminal to determine if it is working
idf.py erase_flash flash monitor
......@@ -7,4 +7,4 @@ file(GLOB_RECURSE FILES ${APP_SRC}/*.c ${CONNECTOR_SRC}/*.c)
idf_component_register(SRCS ${FILES} "main.c"
INCLUDE_DIRS ${INCLUDE_DIR}
EMBED_TXTFILES "doorcode_root_cert.pem")
EMBED_TXTFILES "doorcode_root_cert.cert")
......@@ -75,7 +75,7 @@ static esp_err_t http_event_handler(esp_http_client_event_t* evt)
return ESP_OK;
}
extern const char door_root_cert_pem_start[] asm("_binary_doorcode_root_cert_pem_start");
extern const char door_root_cert_start[] asm("_binary_doorcode_root_cert_cert_start");
static esp_http_client_config_t http_base_config;
......@@ -84,7 +84,7 @@ static void door_http_fill_config(esp_http_client_config_t* config)
config->host = API_HOST;
config->port = API_PORT;
config->timeout_ms = API_TIMEOUT_MS;
config->cert_pem = door_root_cert_pem_start;
config->cert_pem = door_root_cert_start;
#ifdef API_USE_SSL
config->transport_type = HTTP_TRANSPORT_OVER_SSL;
#ifdef API_NO_NAME_VERIFY
......
......@@ -55,7 +55,8 @@ CONFIG_BOOTLOADER_VDDSDIO_BOOST_1_9V=y
CONFIG_BOOTLOADER_WDT_ENABLE=y
# CONFIG_BOOTLOADER_WDT_DISABLE_IN_USER_CODE is not set
CONFIG_BOOTLOADER_WDT_TIME_MS=9000
# CONFIG_BOOTLOADER_APP_ROLLBACK_ENABLE is not set
CONFIG_BOOTLOADER_APP_ROLLBACK_ENABLE=y
# CONFIG_BOOTLOADER_APP_ANTI_ROLLBACK is not set
# CONFIG_BOOTLOADER_SKIP_VALIDATE_IN_DEEP_SLEEP is not set
CONFIG_BOOTLOADER_RESERVE_RTC_SIZE=0
# CONFIG_BOOTLOADER_CUSTOM_RESERVE_RTC is not set
......@@ -991,7 +992,8 @@ CONFIG_LOG_BOOTLOADER_LEVEL_INFO=y
# CONFIG_LOG_BOOTLOADER_LEVEL_DEBUG is not set
# CONFIG_LOG_BOOTLOADER_LEVEL_VERBOSE is not set
CONFIG_LOG_BOOTLOADER_LEVEL=3
# CONFIG_APP_ROLLBACK_ENABLE is not set
CONFIG_APP_ROLLBACK_ENABLE=y
# CONFIG_APP_ANTI_ROLLBACK is not set
# CONFIG_FLASH_ENCRYPTION_ENABLED is not set
# CONFIG_FLASHMODE_QIO is not set
# CONFIG_FLASHMODE_QOUT is not set
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment