osdp_build_ctx() was returning fixed NULL and the subsequent code did
not check if ctx was NULL due to osdp_build_ctx() failures. Fix both
these issues.
Signed-off-by: Siddharth Chandrasekaran <siddharth@embedjournal.com>
Coverity spots that null pointer is passing to flash_img_buffered_write.
This patch fixes the problem.
Signed-off-by: NavinSankar Velliangiri <navin@linumiz.com>
Coverity spots that memory allocated for addr was leaking, but the
code was also leaking the socket file descriptor in the error path.
This patch fixes both problems.
Fixes#28172
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
CP/PD mode selection is the most frequently looked-for/changed key in
Kconfig. Making that as the first entry for ease of use.
Signed-off-by: Siddharth Chandrasekaran <siddharth@embedjournal.com>
OSDP subsys was doing a `select SERIAL` in its Kconfig. But this has
other unintended side effects. Change this to
`imply SERIAL_SUPPORT_INTERRUPT`.
Signed-off-by: Siddharth Chandrasekaran <siddharth@embedjournal.com>
Add a generic host command handler framework that allows users to
declare new host command handlers with the HOST_COMMAND_HANDLER macro
at build time. The framework will handle incoming messages from the
host command peripheral device and forwards the incoming data to the
appropriate host command handler, which is looked up by id.
The framework will also send the response from the handler back to the
host command peripheral device. The device handles sending the data on
the physical bus.
This type of host command communication is typically done on an embedded
controller for a notebook or computer. The host would be the main
application processor (aka AP, CPU, SoC).
Signed-off-by: Jett Rink <jettrink@google.com>
Currently updatehub trust on MCUboot to test a new image. The process
is executed on next boot after a validate the downloaded image. To
have a more reliable system, is recommended run the SHA-256 algorithm
to attest that firmware was properly stored on the flash memory. This
implements the use of flash_img_check to achieve that, and as a
consequence, add a new level of trust that avoids an useless reboot
on the system.
Updatehub uses two SHA-256 verification. One is used to check the
data stream at download. The second one, realise the verification
reading from flash. Users have the possibility to chose only one
option or keep both verifications. However, it is adviced keep
always both verifications enabled to get consistent reports on
back end.
Signed-off-by: Gerson Fernando Budke <gerson.budke@ossystems.com.br>
Currently SHA-256 uses a temporary hash digest to calc final sha sum.
This moves temporary variable from local scope to updatehub context.
The motivation is to use the hash digest on future flash validation.
Signed-off-by: Gerson Fernando Budke <gerson.budke@ossystems.com.br>
Some of the names used in `struct osdp_cmd` where directly as in the
specification. Initially it appealed to keep them like that but with
time, a little more consistent naming of members helps if you haven't
read the specification document very recently.
Signed-off-by: Siddharth Chandrasekaran <siddharth@embedjournal.com>
Add a OSDP CP mode sample that sends out a periocic command to a
connected PD. It also demosnstrates key press and card read callback
registration.
Signed-off-by: Siddharth Chandrasekaran <siddharth@embedjournal.com>
Following the PD mode implementation (9a91b4ad), this patch adds support
for CP mode of operation in OSDP.
Signed-off-by: Siddharth Chandrasekaran <siddharth@embedjournal.com>
Some PD init sequence and other methods are useful in CP mode as well.
This patch refactors those methods to osdp_*(), moves them to common
source files and and exposes them from osdp_common.h.
Signed-off-by: Siddharth Chandrasekaran <siddharth@embedjournal.com>
The smp_shell_rx_byte has been renamed to smp_shell_rx_bytes and now
accepts data buffer pointer and its size as parameters. Return value
has been changed to size_t and represents number of bytes processed from
the given buffer.
The change has been done to more efficiently serve most common scenario
when the function is called in loop to process buffer, byte by byte.
Previously such operation required passing each byte separately,
with the change the function will work directly on source buffer
reducing number of calls and byte copy operations.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
SERIAL_HAS_DRIVER and UART_INTERRUPT_DRIVEN should be selected by the
driver. If something needs is should dependson these options.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
TEST_RANDOM_GENERATOR should not be used in subsystems because it does
not generate truly random numbers. This is indented to be used only
for tests purpose.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
Now that device_api attribute is unmodified at runtime, as well as all
the other attributes, it is possible to switch all device driver
instance to be constant.
A coccinelle rule is used for this:
@r_const_dev_1
disable optional_qualifier
@
@@
-struct device *
+const struct device *
@r_const_dev_2
disable optional_qualifier
@
@@
-struct device * const
+const struct device *
Fixes#27399
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
The commit fixes the problem where the SMP over shell responses have
been sent with use of k_str_out(), which is configured to use console
UART directly. This caused problem when user decided to attach
shell to a different UART then the one that has been used by
the console driver, because the SMP responses would still be sent
to the console UART rather than the shell UART.
The updated code uses, for shell SMP responses, the UART that has been
selected for the shell.
Fixes#26939
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
There are several references to objects[1] at updatehub_probe function.
The structures are decoded from json, and have a maximum length of 2.
However, if the returned json only has a single element in this array,
this objects[1] value will be uninitialized. Because the structure
contains pointers, these will be uninitialized, causing the code to
reference uninitialized memory as pointers.
Add zeroing memory before passing it to the JSON API and do check if
objects_len field is two.
Fixes#27718.
Signed-off-by: Gerson Fernando Budke <gerson.budke@ossystems.com.br>
-Wimplicit-fallthrough=2 requires a fallthrough comment or a compiler
to tells gcc that this happens intentionally.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
So far SMP shell transport was initialized in APPLICATION run level, but
shell over UART was initialized in POST_KERNEL. This could end up in
situation when received frames were scheduled for further processing in
SMP layer, when it was not initialized yet.
Export smp_shell_init() function declaration and call it before shell is
initialized with all its receive data handlers. This prevents situation
when data is scheduled for processing in SMP layer, when that one is not
ready yet.
Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Open Supervised Device Protocol (OSDP) describes the communication
protocol for interfacing one or more Peripheral Devices (PD) to a
Control Panel (CP). The PDs are slave devices that waits for commands
from a CP. The communication happens over a RS485 multi-drop connection
with specification for a secure channel communication.
This patch adds initial support for OSDP in PD mode without secure
channel.
Signed-off-by: Siddharth Chandrasekaran <siddharth@embedjournal.com>
For some reason, MCUMgr used to consist of two separate Kconfig
files, likely due to the fact that the author's original intention was
to split the "management" and "mcumgr-specific" options in order to
integrate additional libraries. In practice this never worked out, so
coalesce them into a single file.
Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no>
Value of this member was never assigned, so it was always 0. Remove it
to simplify code a little bit.
Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Zephyr introduced subsys/mgmt folder for MCU management. Move UpdateHub
to this newly and dedicated space.
Signed-off-by: Gerson Fernando Budke <gerson.budke@ossystems.com.br>
In order to be able to add more entries under 'subsys/mgmt', move the
current contents of it, which relate exclusively to MCUMgr, to its own
folder.
Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no>
Missing close of socket may cause resource leak, in form of orphaned
socket descriptor, when bind fails.
Coverity CID: 210072
Fixes#26991
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
Select MPU_ALLOW_FLASH_WRITE when ARM_MPU is enabled, not CPU_HAS_MPU.
MPU_ALLOW_FLASH_WRITE is only defined as a symbol when ARM_MPU is
enabled. ARM_MPU is only defined when CPU_HAS_MPU is defined, so the
CPU_HAS_MPU dependency can be dropped.
This fixes a build error when MCUMGR_CMD_IMG_MGMT is enabled but
ARM_MPU is not.
Signed-off-by: Jordan Yates <jordan.yates@data61.csiro.au>
The commit reduces default MCUMGR buffer size and introduces changes to
mcumgr that fix problem with mcumgr not being able to download file off
the Zephyr running device.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
This PR provides changes that are required after replacing Tinycbor
with copy of source code from mynewt-core.
The Tinycbor has been replaced with mynewt-core version to reduce
maintenance effort; by replacing it the Zephy specific changes have been
reduced to small patch over mynewt codebase.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
The new version of mcumgr adds a few new Kconfig values, so
this commit adds them on Zephyr side.
This commit also updates west.yml so it points to the latest
changes on mcumgr's repo.
Signed-off-by: Miguel Azevedo <miguellazev@gmail.com>
Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no>
zephyr_smp_write_at is supposed to write len bytes of data at
the offset of a given net_buf, overwriting existing data and extending
beyond current buffer length, if needed. Unfortunately condition
checking if written data would fit within the buffer size has been
incorrectly implemented, making write impossible, when there has been
less bytes of space left within buffer tailroom than required to write
len bytes of data, even if len bytes written starting at given offset
would not cross the buffer boundary.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
I think people might be reading differences into 'if' and 'depends on'
that aren't there, like maybe 'if' being needed to "hide" a symbol,
while 'depends on' just adds a dependency.
There are no differences between 'if' and 'depends on'. 'if' is just a
shorthand for 'depends on'. They work the same when it comes to creating
implicit menus too.
The way symbols get "hidden" is through their dependencies not being
satisfied ('if'/'depends on' get copied up as a dependency on the
prompt).
Since 'if' and 'depends on' are the same, an 'if' with just a single
symbol in it can be replaced with a 'depends on'. IMO, it's best to
avoid 'if' there as a style choice too, because it confuses people into
thinking there's deep Kconfig magic going on that requires 'if'.
Going for 'depends on' can also remove some nested 'if's, which
generates nicer symbol information and docs, because nested 'if's really
are so simple/dumb that they just add the dependencies from both 'if's
to all symbols within.
Replace a bunch of single-symbol 'if's with 'depends on' to despam the
Kconfig files a bit and make it clearer how things work. Also do some
other minor related dependency refactoring.
The replacement isn't complete. Will fix up the rest later. Splitting it
a bit to make it more manageable.
(Everything above is true for choices, menus, and comments as well.)
Detected by tweaking the Kconfiglib parsing code. It's impossible to
detect after parsing, because 'if' turns into 'depends on'.
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
The build infrastructure should not be adding the drivers subdirectory
to the include path. Fix the legacy uses that depended on that
addition.
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
This commit introduces a new Kconfig symbol MCUMGR_SMP_BT_AUTHEN.
When selected it configures the Bluetooth mcumgr transport to require
an authenticated connection.
If the Bluetooth mcumgr transport is selected then this new symbol is
selected by default. Bluetooth SMP is also selected to ensure Zephyr
is configured with Bluetooth security features enabled to provide
Bluetooth authentication APIs to the user's app. Users can choose to
disable this level of security for the Bluetooth mcumgr transport if
they do not require it.
Fixes#16482
Signed-off-by: Nick Ward <nix.ward@gmail.com>
Use this short header style in all Kconfig files:
# <description>
# <copyright>
# <license>
...
Also change all <description>s from
# Kconfig[.extension] - Foo-related options
to just
# Foo-related options
It's clear enough that it's about Kconfig.
The <description> cleanup was done with this command, along with some
manual cleanup (big letter at the start, etc.)
git ls-files '*Kconfig*' | \
xargs sed -i -E '1 s/#\s*Kconfig[\w.-]*\s*-\s*/# /'
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
Clean up space errors and use a consistent style throughout the Kconfig
files. This makes reading the Kconfig files more distraction-free, helps
with grepping, and encourages the same style getting copied around
everywhere (meaning another pass hopefully won't be needed).
Go for the most common style:
- Indent properties with a single tab, including for choices.
Properties on choices work exactly the same syntactically as
properties on symbols, so not sure how the no-indentation thing
happened.
- Indent help texts with a tab followed by two spaces
- Put a space between 'config' and the symbol name, not a tab. This
also helps when grepping for definitions.
- Do '# A comment' instead of '#A comment'
I tweaked Kconfiglib a bit to find most of the stuff.
Some help texts were reflowed to 79 columns with 'gq' in Vim as well,
though not all, because I was afraid I'd accidentally mess up
formatting.
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
This adds support to set different permissions to CCCD so security can
be checked when enabling notification which conforms to:
BLUETOOTH CORE SPECIFICATION Version 5.1 | Vol 3, Part G page 2360:
'3.3.3.3 Client Characteristic Configuration
Authentication and authorization may be required by the server to
write the configuration descriptor.'
In addition to that also ensure that notification are not re-enabled
until the proper security level is reached to conform to the following
statement:
'10.3.1.1 Handling of GATT indications and notifications
A client “requests” a server to send indications and notifications
by appropriately configuring the server via a Client Characteristic
Configuration Descriptor. Since the configuration is persistent
across a disconnection and reconnection, security requirements must
be checked against the configuration upon a reconnection before
sending indications or notifications. When a server reconnects to a
client to send an indication or notification for which security is
required, the server shall initiate or request encryption with the
client prior to sending an indication or notification. If the client
does not have an LTK indicating that the client has lost the bond,
enabling encryption will fail.'
Fixes#17983
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
This removes the necessity of registering the storage for CCC and make
it part of the declaration itself.
Fixes#18547
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
mcumgr is missing dependency on net_buf, which is used for SMP protocol
implementation. This causes build failure in case when only SMP over
shell is selected (CONFIG_MCUMGR_SMP_SHELL=y).
Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
base64_decode requires 'size_t *olen', but '*int' was passed
instead. This caused a -Wincompatible-pointer-types "note: expected
'size_t *' {aka 'long unsigned int *'} but argument is of type 'int *'"
warning in qemu_x86 build. Fix that by using correct variable type.
Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
move misc/byteorder.h to sys/byteorder.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
