When waiting for data from CP, the data timeout check must happen before
no-data check. If not, a partial packet may endlessly hold PD in
"wait-for-data" state, while the PD keeps reporting status as online
till another packet is received.
Fix this my moving no-data check below the timeout check.
Signed-off-by: Siddharth Chandrasekaran <siddharth@embedjournal.com>
All OSDP packets must start with a mark byte (0xFF) followed by a Start
of Message byte (0x53). Skip all bytes received until such a sequence is
seen to to avoid waking up the refresh thread needlessly.
Also, refactor osdp_uart_isr() to reduce number of local variables.
Fixes: #28168 Coverity-ID: 214218
Signed-off-by: Siddharth Chandrasekaran <siddharth@embedjournal.com>
Minimize number of exported methods by unifying all osdp_cp_send_cmd_*()
as osdp_cp_send_command().
Signed-off-by: Siddharth Chandrasekaran <siddharth@embedjournal.com>
OSDP secure channel require a truly random number generator
source. Make this dependency explicit.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
This patch adds Secure Channel capabilities to osdp Control Panel and
Peripheral Device modes.
Signed-off-by: Siddharth Chandrasekaran <siddharth@embedjournal.com>
With only single RX buffer there is a high chance that such buffer will
not be processed before new bytes come in over UART. This is why it is
good to have at least two buffers, one which can be processed by SMP
layer, while another is being filled with new incoming bytes.
Add Kconfig option which allows to configure multiple buffers filled
with received UART SMP fragments. Use default value of 2, so we can
safely process already received frame in thread, while new fragment
comes in concurrently.
Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
So far there was a simple char array used as buffer, with additional
variable representing number of bytes already written into it. After
full frame was written, a boolean flag was simply set to notify thread
about being ready to be processed. There was however no mechanism
implemented to prevent new incoming bytes from overwriting such buffer
before (or during) being processed.
Use net_buf to store temporary frame. Define dedicated net_buf_pool,
from which such buffer will be allocated and freed after being
processed. This will prevent from reusing the same buffer before having
it fully processed (and returning once again to available buffer pool)
in shell thread.
Define also fifo that will store buffers that are ready to be
processed. This will be the mechanism for notifying thread about new
UART SMP fragments.
net_buf pool and k_fifo are used on purpose, keeping in mind their
additional overhead (mostly in RAM/ROM usage). This makes the code ready
for increasing number of buffers if needed. In this commit however we
stick with only 1 buffer, to keep minimal changes in processing flow.
Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Replace all calls to the assert macro that comes from libc by calls to
__ASSERT_NO_MSG(). This is usefull as the former might be different
depending on the libc used and the later can be customized to reduce
flash footprint.
Signed-off-by: Xavier Chapron <xavier.chapron@stimio.fr>
osdp_build_ctx() was returning fixed NULL and the subsequent code did
not check if ctx was NULL due to osdp_build_ctx() failures. Fix both
these issues.
Signed-off-by: Siddharth Chandrasekaran <siddharth@embedjournal.com>
Coverity spots that null pointer is passing to flash_img_buffered_write.
This patch fixes the problem.
Signed-off-by: NavinSankar Velliangiri <navin@linumiz.com>
Coverity spots that memory allocated for addr was leaking, but the
code was also leaking the socket file descriptor in the error path.
This patch fixes both problems.
Fixes#28172
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
CP/PD mode selection is the most frequently looked-for/changed key in
Kconfig. Making that as the first entry for ease of use.
Signed-off-by: Siddharth Chandrasekaran <siddharth@embedjournal.com>
OSDP subsys was doing a `select SERIAL` in its Kconfig. But this has
other unintended side effects. Change this to
`imply SERIAL_SUPPORT_INTERRUPT`.
Signed-off-by: Siddharth Chandrasekaran <siddharth@embedjournal.com>
Add a generic host command handler framework that allows users to
declare new host command handlers with the HOST_COMMAND_HANDLER macro
at build time. The framework will handle incoming messages from the
host command peripheral device and forwards the incoming data to the
appropriate host command handler, which is looked up by id.
The framework will also send the response from the handler back to the
host command peripheral device. The device handles sending the data on
the physical bus.
This type of host command communication is typically done on an embedded
controller for a notebook or computer. The host would be the main
application processor (aka AP, CPU, SoC).
Signed-off-by: Jett Rink <jettrink@google.com>
Currently updatehub trust on MCUboot to test a new image. The process
is executed on next boot after a validate the downloaded image. To
have a more reliable system, is recommended run the SHA-256 algorithm
to attest that firmware was properly stored on the flash memory. This
implements the use of flash_img_check to achieve that, and as a
consequence, add a new level of trust that avoids an useless reboot
on the system.
Updatehub uses two SHA-256 verification. One is used to check the
data stream at download. The second one, realise the verification
reading from flash. Users have the possibility to chose only one
option or keep both verifications. However, it is adviced keep
always both verifications enabled to get consistent reports on
back end.
Signed-off-by: Gerson Fernando Budke <gerson.budke@ossystems.com.br>
Currently SHA-256 uses a temporary hash digest to calc final sha sum.
This moves temporary variable from local scope to updatehub context.
The motivation is to use the hash digest on future flash validation.
Signed-off-by: Gerson Fernando Budke <gerson.budke@ossystems.com.br>
Some of the names used in `struct osdp_cmd` where directly as in the
specification. Initially it appealed to keep them like that but with
time, a little more consistent naming of members helps if you haven't
read the specification document very recently.
Signed-off-by: Siddharth Chandrasekaran <siddharth@embedjournal.com>
Add a OSDP CP mode sample that sends out a periocic command to a
connected PD. It also demosnstrates key press and card read callback
registration.
Signed-off-by: Siddharth Chandrasekaran <siddharth@embedjournal.com>
Following the PD mode implementation (9a91b4ad), this patch adds support
for CP mode of operation in OSDP.
Signed-off-by: Siddharth Chandrasekaran <siddharth@embedjournal.com>
Some PD init sequence and other methods are useful in CP mode as well.
This patch refactors those methods to osdp_*(), moves them to common
source files and and exposes them from osdp_common.h.
Signed-off-by: Siddharth Chandrasekaran <siddharth@embedjournal.com>
The smp_shell_rx_byte has been renamed to smp_shell_rx_bytes and now
accepts data buffer pointer and its size as parameters. Return value
has been changed to size_t and represents number of bytes processed from
the given buffer.
The change has been done to more efficiently serve most common scenario
when the function is called in loop to process buffer, byte by byte.
Previously such operation required passing each byte separately,
with the change the function will work directly on source buffer
reducing number of calls and byte copy operations.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
SERIAL_HAS_DRIVER and UART_INTERRUPT_DRIVEN should be selected by the
driver. If something needs is should dependson these options.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
TEST_RANDOM_GENERATOR should not be used in subsystems because it does
not generate truly random numbers. This is indented to be used only
for tests purpose.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
Now that device_api attribute is unmodified at runtime, as well as all
the other attributes, it is possible to switch all device driver
instance to be constant.
A coccinelle rule is used for this:
@r_const_dev_1
disable optional_qualifier
@
@@
-struct device *
+const struct device *
@r_const_dev_2
disable optional_qualifier
@
@@
-struct device * const
+const struct device *
Fixes#27399
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
The commit fixes the problem where the SMP over shell responses have
been sent with use of k_str_out(), which is configured to use console
UART directly. This caused problem when user decided to attach
shell to a different UART then the one that has been used by
the console driver, because the SMP responses would still be sent
to the console UART rather than the shell UART.
The updated code uses, for shell SMP responses, the UART that has been
selected for the shell.
Fixes#26939
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
There are several references to objects[1] at updatehub_probe function.
The structures are decoded from json, and have a maximum length of 2.
However, if the returned json only has a single element in this array,
this objects[1] value will be uninitialized. Because the structure
contains pointers, these will be uninitialized, causing the code to
reference uninitialized memory as pointers.
Add zeroing memory before passing it to the JSON API and do check if
objects_len field is two.
Fixes#27718.
Signed-off-by: Gerson Fernando Budke <gerson.budke@ossystems.com.br>
-Wimplicit-fallthrough=2 requires a fallthrough comment or a compiler
to tells gcc that this happens intentionally.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
So far SMP shell transport was initialized in APPLICATION run level, but
shell over UART was initialized in POST_KERNEL. This could end up in
situation when received frames were scheduled for further processing in
SMP layer, when it was not initialized yet.
Export smp_shell_init() function declaration and call it before shell is
initialized with all its receive data handlers. This prevents situation
when data is scheduled for processing in SMP layer, when that one is not
ready yet.
Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Open Supervised Device Protocol (OSDP) describes the communication
protocol for interfacing one or more Peripheral Devices (PD) to a
Control Panel (CP). The PDs are slave devices that waits for commands
from a CP. The communication happens over a RS485 multi-drop connection
with specification for a secure channel communication.
This patch adds initial support for OSDP in PD mode without secure
channel.
Signed-off-by: Siddharth Chandrasekaran <siddharth@embedjournal.com>
For some reason, MCUMgr used to consist of two separate Kconfig
files, likely due to the fact that the author's original intention was
to split the "management" and "mcumgr-specific" options in order to
integrate additional libraries. In practice this never worked out, so
coalesce them into a single file.
Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no>
Value of this member was never assigned, so it was always 0. Remove it
to simplify code a little bit.
Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Zephyr introduced subsys/mgmt folder for MCU management. Move UpdateHub
to this newly and dedicated space.
Signed-off-by: Gerson Fernando Budke <gerson.budke@ossystems.com.br>
In order to be able to add more entries under 'subsys/mgmt', move the
current contents of it, which relate exclusively to MCUMgr, to its own
folder.
Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no>
Missing close of socket may cause resource leak, in form of orphaned
socket descriptor, when bind fails.
Coverity CID: 210072
Fixes#26991
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
Select MPU_ALLOW_FLASH_WRITE when ARM_MPU is enabled, not CPU_HAS_MPU.
MPU_ALLOW_FLASH_WRITE is only defined as a symbol when ARM_MPU is
enabled. ARM_MPU is only defined when CPU_HAS_MPU is defined, so the
CPU_HAS_MPU dependency can be dropped.
This fixes a build error when MCUMGR_CMD_IMG_MGMT is enabled but
ARM_MPU is not.
Signed-off-by: Jordan Yates <jordan.yates@data61.csiro.au>
The commit reduces default MCUMGR buffer size and introduces changes to
mcumgr that fix problem with mcumgr not being able to download file off
the Zephyr running device.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
