Skip to content

Commit

Permalink
platform: add tls cryptoauthlib option to use secure elements
Browse files Browse the repository at this point in the history
  • Loading branch information
joelguittet committed Oct 30, 2023
1 parent eb5cf42 commit efbbb3d
Show file tree
Hide file tree
Showing 9 changed files with 435 additions and 2 deletions.
4 changes: 4 additions & 0 deletions .github/workflows/build_tests.sh
Original file line number Diff line number Diff line change
Expand Up @@ -37,12 +37,16 @@ cmake .. -G "Unix Makefiles" -DCONFIG_MENDER_PLATFORM_LOG_TYPE="esp-idf" -DCONFI
make -j$(nproc)
cmake .. -G "Unix Makefiles" -DCONFIG_MENDER_PLATFORM_LOG_TYPE="esp-idf" -DCONFIG_MENDER_PLATFORM_NET_TYPE="esp-idf" -DCONFIG_MENDER_PLATFORM_OTA_TYPE="esp-idf" -DCONFIG_MENDER_PLATFORM_RTOS_TYPE="freertos" -DCONFIG_MENDER_PLATFORM_STORAGE_TYPE="esp-idf/nvs" -DCONFIG_MENDER_PLATFORM_TLS_TYPE="generic/mbedtls" -DCONFIG_MENDER_CLIENT_ADD_ON_CONFIGURE=ON -DCONFIG_MENDER_CLIENT_CONFIGURE_STORAGE=OFF -DCONFIG_MENDER_CLIENT_ADD_ON_INVENTORY=ON -DCONFIG_MENDER_CLIENT_ADD_ON_TROUBLESHOOT=ON
make -j$(nproc)
cmake .. -G "Unix Makefiles" -DCONFIG_MENDER_PLATFORM_LOG_TYPE="esp-idf" -DCONFIG_MENDER_PLATFORM_NET_TYPE="esp-idf" -DCONFIG_MENDER_PLATFORM_OTA_TYPE="esp-idf" -DCONFIG_MENDER_PLATFORM_RTOS_TYPE="freertos" -DCONFIG_MENDER_PLATFORM_STORAGE_TYPE="esp-idf/nvs" -DCONFIG_MENDER_PLATFORM_TLS_TYPE="generic/cryptoauthlib" -DCONFIG_MENDER_CLIENT_ADD_ON_CONFIGURE=ON -DCONFIG_MENDER_CLIENT_CONFIGURE_STORAGE=ON -DCONFIG_MENDER_CLIENT_ADD_ON_INVENTORY=ON -DCONFIG_MENDER_CLIENT_ADD_ON_TROUBLESHOOT=ON
make -j$(nproc)

# Build Zephyr use case
cmake .. -G "Unix Makefiles" -DCONFIG_MENDER_PLATFORM_LOG_TYPE="zephyr" -DCONFIG_MENDER_PLATFORM_NET_TYPE="zephyr" -DCONFIG_MENDER_PLATFORM_OTA_TYPE="zephyr" -DCONFIG_MENDER_PLATFORM_RTOS_TYPE="zephyr" -DCONFIG_MENDER_PLATFORM_STORAGE_TYPE="zephyr/nvs" -DCONFIG_MENDER_PLATFORM_TLS_TYPE="generic/mbedtls" -DCONFIG_MENDER_CLIENT_ADD_ON_CONFIGURE=ON -DCONFIG_MENDER_CLIENT_CONFIGURE_STORAGE=ON -DCONFIG_MENDER_CLIENT_ADD_ON_INVENTORY=ON -DCONFIG_MENDER_CLIENT_ADD_ON_TROUBLESHOOT=ON
make -j$(nproc)
cmake .. -G "Unix Makefiles" -DCONFIG_MENDER_PLATFORM_LOG_TYPE="zephyr" -DCONFIG_MENDER_PLATFORM_NET_TYPE="zephyr" -DCONFIG_MENDER_PLATFORM_OTA_TYPE="zephyr" -DCONFIG_MENDER_PLATFORM_RTOS_TYPE="zephyr" -DCONFIG_MENDER_PLATFORM_STORAGE_TYPE="zephyr/nvs" -DCONFIG_MENDER_PLATFORM_TLS_TYPE="generic/mbedtls" -DCONFIG_MENDER_CLIENT_ADD_ON_CONFIGURE=ON -DCONFIG_MENDER_CLIENT_CONFIGURE_STORAGE=OFF -DCONFIG_MENDER_CLIENT_ADD_ON_INVENTORY=ON -DCONFIG_MENDER_CLIENT_ADD_ON_TROUBLESHOOT=ON
make -j$(nproc)
cmake .. -G "Unix Makefiles" -DCONFIG_MENDER_PLATFORM_LOG_TYPE="zephyr" -DCONFIG_MENDER_PLATFORM_NET_TYPE="zephyr" -DCONFIG_MENDER_PLATFORM_OTA_TYPE="zephyr" -DCONFIG_MENDER_PLATFORM_RTOS_TYPE="zephyr" -DCONFIG_MENDER_PLATFORM_STORAGE_TYPE="zephyr/nvs" -DCONFIG_MENDER_PLATFORM_TLS_TYPE="generic/cryptoauthlib" -DCONFIG_MENDER_CLIENT_ADD_ON_CONFIGURE=ON -DCONFIG_MENDER_CLIENT_CONFIGURE_STORAGE=ON -DCONFIG_MENDER_CLIENT_ADD_ON_INVENTORY=ON -DCONFIG_MENDER_CLIENT_ADD_ON_TROUBLESHOOT=ON
make -j$(nproc)

# Build Posix use case
cmake .. -G "Unix Makefiles" -DCONFIG_MENDER_PLATFORM_LOG_TYPE="posix" -DCONFIG_MENDER_PLATFORM_NET_TYPE="generic/curl" -DCONFIG_MENDER_PLATFORM_OTA_TYPE="posix" -DCONFIG_MENDER_PLATFORM_RTOS_TYPE="posix" -DCONFIG_MENDER_PLATFORM_STORAGE_TYPE="posix" -DCONFIG_MENDER_PLATFORM_TLS_TYPE="generic/mbedtls" -DCONFIG_MENDER_CLIENT_ADD_ON_CONFIGURE=ON -DCONFIG_MENDER_CLIENT_CONFIGURE_STORAGE=ON -DCONFIG_MENDER_CLIENT_ADD_ON_INVENTORY=ON -DCONFIG_MENDER_CLIENT_ADD_ON_TROUBLESHOOT=ON
Expand Down
1 change: 1 addition & 0 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
build
tests/build
tests/mocks/cjson/cjson
tests/mocks/cryptoauthlib/cryptoauthlib
tests/mocks/freertos/freertos
tests/mocks/mbedtls/mbedtls
3 changes: 1 addition & 2 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ Additionally, a TCP/IP interface is required because communications are done usi

And finally, 4kB of storage should be reserved to save client private and public keys used for authentication with mender server, plus OTA ID and artifact name to be deployed when an update is done (this is used internally to perform OTA report to the server).

From the source code perspective, the dependencies of the core part of the library are limited to [cJSON](https://github.com/DaveGamble/cJSON). The platform source files may depends of external libraries or Hardware Abstraction Layers: [esp-idf](https://github.com/espressif/esp-idf), [mbedTLS](https://github.com/Mbed-TLS/mbedtls/), ...
From the source code perspective, the dependencies of the core part of the library are limited to [cJSON](https://github.com/DaveGamble/cJSON). The platform source files may depends of external libraries or Hardware Abstraction Layers: [esp-idf](https://github.com/espressif/esp-idf), [mbedTLS](https://github.com/Mbed-TLS/mbedtls), [cryptoauthlib](https://github.com/MicrochipTech/cryptoauthlib), ...

Additionally, building the Device Troubleshoot add-on requires [msgpack-c](https://github.com/msgpack/msgpack-c) to perform encoding and decoding of messages. On the ESP-IDF platform, this also constraints to download [esp_websocket_client](https://components.espressif.com/components/espressif/esp_websocket_client), which is compatible with ESP-IDF v5.0 and later only.

Expand Down Expand Up @@ -145,7 +145,6 @@ The following features are currently in the pipeline. Please note that I haven't
* Support update of [modules](https://docs.mender.io/artifact-creation/create-a-custom-update-module) to perform other kind of updates that could be specific to one project: files, images, etc.
* Integration of other nice to have Mender features: Device Troubleshoot sending and receiving files, ...
* Support new boards and prove it is cross-platform and that it is able to work on small MCU too: STM32F7, ATSAMD51...
* Integration of ATECC608B secure element to perform TLS authentication.
* Support other RTOS (particularly Azure RTOS) and bare metal platforms.
* ...

Expand Down
3 changes: 3 additions & 0 deletions esp-idf/Kconfig
Original file line number Diff line number Diff line change
Expand Up @@ -240,13 +240,16 @@ menu "Mender Platform Options (ADVANCED)"

config MENDER_PLATFORM_TLS_TYPE_MBEDTLS
bool "mbedtls"
config MENDER_PLATFORM_TLS_TYPE_CRYPTOAUTHLIB
bool "cryptoauthlib"
config MENDER_PLATFORM_TLS_TYPE_WEAK
bool "weak"
endchoice

config MENDER_PLATFORM_TLS_TYPE
string "Mender platform TLS implementation type"
default "generic/mbedtls" if MENDER_PLATFORM_TLS_TYPE_MBEDTLS
default "generic/cryptoauthlib" if MENDER_PLATFORM_TLS_TYPE_CRYPTOAUTHLIB
default "generic/weak" if MENDER_PLATFORM_TLS_TYPE_WEAK

endmenu
Expand Down
Loading

0 comments on commit efbbb3d

Please sign in to comment.