1.9.5 Fix bootflags when uploading rboot

Changelog.md

@@ -0,0 +1,10 @@
+# Changelog
+
+## 1.9.5 Fix bootflags when uploading rboot
+- The uploading of a bootloader to sector 0 should replicate the flags1 and flags2 values of the previous bootloader.
+Else it will break the access to the flash in case it is not compatible.
+- esp-open-rtos used has been updated from  [esp-open-rtos#a721fb0](https://github.com/SuperHouse/esp-open-rtos/commit/a721fb0bc7867ef421cd81fb89d486ed2a67ee9e) 
+to [esp-open-rtos#bc97988](https://github.com/SuperHouse/esp-open-rtos/commit/bc979883c27ea57e948daa813e2bca752ebd39e1)  
+- change the verification of the signature of otamain.bin prior to downloading this file instead of afterwards
+
+## 1.9.4 and before will be updated in the future

README.md

@@ -212,7 +212,7 @@ We verify if there is an update of this OTA repo itself? If so, we use ota-boot
 OTA-main(1) updates User app➔0
 checksum OK?
 ```
-Using the baseURL info and the version as stored in sector1, the latest binary is found and downloaded if needed. If the checksum does not work out, we return to the OTA app start point considering we cannot run the old code anymore.
+Using the baseURL info and the version as stored in sysparam area, the latest binary is found and downloaded if needed. If the checksum does not work out, we return to the OTA app start point considering we cannot run the old code anymore.
 But normally we boot the new code and the mission is done.
 
 Note that switching from boot=slot1 to boot=slot0 does not require a reflash

deploy.md

@@ -10,29 +10,29 @@ cd life-cycle-manager
 - initial steps to be expanded
 
 #### These are the steps if not introducing a new key pair
-- create/update the file versions1/latest-pre-release without new-line and setup 1.9.4 version folder
+- create/update the file versions1/latest-pre-release without new-line and setup 1.9.5 version folder
 ```
-mkdir versions1/1.9.4v
-echo -n 1.9.4 > versions1/1.9.4v/latest-pre-release
-cp versions1/certs.sector* versions1/1.9.4v
-cp versions1/public*key*   versions1/1.9.4v
+mkdir versions1/1.9.5v
+echo -n 1.9.5 > versions1/1.9.5v/latest-pre-release
+cp versions1/certs.sector* versions1/1.9.5v
+cp versions1/public*key*   versions1/1.9.5v
 ```
 - set local.mk to the ota-main program
 ```
-make -j6 rebuild OTAVERSION=1.9.4
-mv firmware/otamain.bin versions1/1.9.4v
+make -j6 rebuild OTAVERSION=1.9.5
+mv firmware/otamain.bin versions1/1.9.5v
 ```
 - set local.mk back to ota-boot program
 ```
-make -j6 rebuild OTAVERSION=1.9.4
-mv firmware/otaboot.bin versions1/1.9.4v
-make -j6 rebuild OTAVERSION=1.9.4 OTABETA=1
-cp firmware/otaboot.bin versions1/1.9.4v/otabootbeta.bin
+make -j6 rebuild OTAVERSION=1.9.5
+mv firmware/otaboot.bin versions1/1.9.5v
+make -j6 rebuild OTAVERSION=1.9.5 OTABETA=1
+cp firmware/otaboot.bin versions1/1.9.5v/otabootbeta.bin
 ```
 - remove the older version files
 #
-- commit this as version 1.9.4  
-- set up a new github release 1.9.4 as a pre-release using the just commited master...  
+- commit this as version 1.9.5  
+- set up a new github release 1.9.5 as a pre-release using the just commited master...  
 - upload the certs and binaries to the pre-release assets on github  
 #
 - erase the flash and upload the privatekey
@@ -42,18 +42,18 @@ esptool.py -p /dev/cu.usbserial-* --baud 230400 write_flash 0xf9000 versions1-pr
 ```
 - upload the ota-boot BETA program to the device that contains the private key
 ```
-make flash OTAVERSION=1.9.4 OTABETA=1
+make flash OTAVERSION=1.9.5 OTABETA=1
 ```
 - power cycle to prevent the bug for software reset after flash  
 - setup wifi and select the ota-demo repo without pre-release checkbox  
 - create the 2 signature files next to the bin file and upload to github one by one  
 - verify the hashes on the computer  
 ```
-openssl sha384 versions1/1.9.4v/otamain.bin
-xxd versions1/1.9.4v/otamain.bin.sig
+openssl sha384 versions1/1.9.5v/otamain.bin
+xxd versions1/1.9.5v/otamain.bin.sig
 ```
 
-- upload the file versions1/1.9.4v/latest-pre-release to the 'latest release' assets on github
+- upload the file versions1/1.9.5v/latest-pre-release to the 'latest release' assets on github
 
 #### Testing
 
@@ -106,14 +106,14 @@ esptool.py -p /dev/cu.usbserial-* --baud 230400 write_flash 0xf9000 versionsN-1-
 ```
 - collect public-1.key.sig and store it in the new version folder and copy it to versions1
 ```
-cp  versions1/1.9.4v/public-1.key.sig versions1
+cp  versions1/1.9.5v/public-1.key.sig versions1
 ```
 - then flash the new private key
 ```
 esptool.py -p /dev/cu.usbserial-* --baud 230400 write_flash 0xf9000 versions1-privatekey.der
 ```
 - collect cert.sector.sig and store it in the new version folder and copy it to versions1 
 ```
-cp  versions1/1.9.4v/certs.sector.sig versions1
+cp  versions1/1.9.5v/certs.sector.sig versions1
 ```
 - continue with a normal deployment to create the 2 signature files next to the bin files

main.c

@@ -40,7 +40,6 @@ void ota_task(void *arg) {
 
     ota_init();
 
-    UDPLGP("active_cert_sector: 0x%05x\n",active_cert_sector);
     file_size=ota_get_pubkey(active_cert_sector);
 
 #ifdef OTABOOT    
@@ -148,6 +147,7 @@ void ota_task(void *arg) {
                         continue; //loop and try again later
                     }
                 } else { //we have a signature, maybe also the main file?
+                    if (ota_verify_signature(&signature)) continue; //signature file is not signed by our key, ABORT
                     if (ota_verify_hash(BOOT1SECTOR,&signature)) { //not yet downloaded
                         file_size=ota_get_file(OTAREPO,ota_version,MAINFILE,BOOT1SECTOR);
                         if (file_size<=0) continue; //try again later
@@ -158,7 +158,7 @@ void ota_task(void *arg) {
                 //when switching to LCM we need to introduce the latest public key as used by LCM
                 //ota_get_file(LCMREPO,lcm_version,CERTFILE,backup_cert_sector);
                 //ota_get_pubkey(backup_cert_sector);
-                if (ota_verify_signature(&signature)) continue; //this should never happen
+                //if (ota_verify_signature(&signature)) continue; //this should never happen
                 ota_temp_boot(); //launches the ota software in bootsector 1
 #endif
             } else {  //running ota-main software now

ota.c

@@ -192,7 +192,7 @@ void  ota_init() {
     }
 
     //time support
-    char *servers[] = {SNTP_SERVERS};
+    const char *servers[] = {SNTP_SERVERS};
 	sntp_set_update_delay(24*60*60000); //SNTP will request an update every 24 hour
 	//const struct timezone tz = {1*60, 0}; //Set GMT+1 zone, daylight savings off
 	//sntp_initialize(&tz);
@@ -539,11 +539,14 @@ void  ota_set_verify(int onoff) {
 void  ota_copy_bootloader(int sector, int size, char * version) {
     UDPLGP("--- ota_copy_bootloader\n");
     byte buffer[SECTORSIZE];
+    byte fourbyte[4];
     char versionbuff[MAXVERSIONLEN];
 
     memset(versionbuff,0xff,MAXVERSIONLEN);
     strcpy(versionbuff,version);
     spiflash_read(sector, buffer, size);
+    spiflash_read(0, fourbyte, 4); //transfer the flash setting flags from previous boot sector...
+    buffer[2]=fourbyte[2]; buffer[3]=fourbyte[3];
     spiflash_erase_sector(0);
     spiflash_write(0, buffer, size);
     //version is stored as a string in last MAXVERSIONLEN bytes of sector
@@ -1001,7 +1004,7 @@ int  ota_emergency(char * *ota_srvr) {
         if (sysparam_get_string("ota_srvr", &value)== SYSPARAM_OK) *ota_srvr=value; else return 0;
         sysparam_set_string("ota_srvr","");
         sysparam_set_data("lcm_beta", NULL,0,0);
-        UDPLGP("YES: backing up from http://%s" BOOTFILE "\n",*ota_srvr);
+        UDPLGP("YES: backing up from http://%s\n",*ota_srvr);
         return 1;
     } else return 0;
 }

versions1/1.9.5v/latest-pre-release

@@ -0,0 +1 @@
+1.9.5