diff --git a/Changelog.md b/Changelog.md index 04fc904..390845a 100644 --- a/Changelog.md +++ b/Changelog.md @@ -1,5 +1,9 @@ # Changelog +## 2.2.1 fixed support for ECDHE in TLS protocol +- even though these protocols were offered in the ClientHello, they were broken +- the supporting extensions were missing and the server never selected them + ## 2.2.0 more robust parsing of Location header and added ota_string - even long headers existing before the Location header will be parsable - ota_string sysparam added to pass configuration to user app diff --git a/Makefile b/Makefile index e59552e..2ef3ad5 100644 --- a/Makefile +++ b/Makefile @@ -43,6 +43,8 @@ EXTRA_WOLFSSL_CFLAGS = \ -DHAVE_ECC_SIGN \ -DHAVE_ECC_VERIFY \ -DHAVE_ECC_KEY_IMPORT \ + -DHAVE_ECC_DHE \ + -DHAVE_SUPPORTED_CURVES \ # -DDEBUG_WOLFSSL \ diff --git a/deploy.md b/deploy.md index 366faab..ea5b82a 100644 --- a/deploy.md +++ b/deploy.md @@ -10,30 +10,30 @@ cd life-cycle-manager - initial steps to be expanded #### These are the steps if not introducing a new key pair -- create/update the file versions1/latest-pre-release without new-line and setup 2.2.0 version folder +- create/update the file versions1/latest-pre-release without new-line and setup 2.2.1 version folder ``` -mkdir versions1/2.2.0v -echo -n 2.2.0 > versions1/2.2.0v/latest-pre-release -cp versions1/certs.sector versions1/certs.sector.sig versions1/2.2.0v -cp versions1/public*key* versions1/2.2.0v +mkdir versions1/2.2.1v +echo -n 2.2.1 > versions1/2.2.1v/latest-pre-release +cp versions1/certs.sector versions1/certs.sector.sig versions1/2.2.1v +cp versions1/public*key* versions1/2.2.1v ``` - set local.mk to the ota-main program ``` -make -j6 rebuild OTAVERSION=2.2.0 -mv firmware/otamain.bin versions1/2.2.0v +make -j6 rebuild OTAVERSION=2.2.1 +mv firmware/otamain.bin versions1/2.2.1v ``` - set local.mk back to ota-boot program ``` -make -j6 rebuild OTAVERSION=2.2.0 -mv firmware/otaboot.bin versions1/2.2.0v -make -j6 rebuild OTAVERSION=2.2.0 OTABETA=1 -cp firmware/otaboot.bin versions1/2.2.0v/otabootbeta.bin +make -j6 rebuild OTAVERSION=2.2.1 +mv firmware/otaboot.bin versions1/2.2.1v +make -j6 rebuild OTAVERSION=2.2.1 OTABETA=1 +cp firmware/otaboot.bin versions1/2.2.1v/otabootbeta.bin ``` - remove the older version files # - update Changelog -- commit this as version 2.2.0 -- set up a new github release 2.2.0 as a pre-release using the just commited master... +- commit this as version 2.2.1 +- set up a new github release 2.2.1 as a pre-release using the just commited master... - upload the certs and binaries to the pre-release assets on github # - erase the flash and upload the privatekey @@ -43,18 +43,18 @@ esptool.py -p /dev/cu.usbserial-* --baud 230400 write_flash 0xf9000 versions1-pr ``` - upload the ota-boot BETA program to the device that contains the private key ``` -make flash OTAVERSION=2.2.0 OTABETA=1 +make flash OTAVERSION=2.2.1 OTABETA=1 ``` - power cycle to prevent the bug for software reset after flash - setup wifi and select the ota-demo repo without pre-release checkbox - create the 2 signature files next to the bin file and upload to github one by one - verify the hashes on the computer ``` -openssl sha384 versions1/2.2.0v/otamain.bin -xxd versions1/2.2.0v/otamain.bin.sig +openssl sha384 versions1/2.2.1v/otamain.bin +xxd versions1/2.2.1v/otamain.bin.sig ``` -- upload the file versions1/2.2.0v/latest-pre-release to the 'latest release' assets on github +- upload the file versions1/2.2.1v/latest-pre-release to the 'latest release' assets on github #### Testing @@ -107,7 +107,7 @@ esptool.py -p /dev/cu.usbserial-* --baud 230400 write_flash 0xf9000 versionsN-1- ``` - collect public-1.key.sig and store it in the new version folder and copy it to versions1 ``` -cp versions1/2.2.0v/public-1.key.sig versions1 +cp versions1/2.2.1v/public-1.key.sig versions1 ``` - then flash the new private key ``` @@ -115,6 +115,6 @@ esptool.py -p /dev/cu.usbserial-* --baud 230400 write_flash 0xf9000 versions1-pr ``` - collect cert.sector.sig and store it in the new version folder and copy it to versions1 ``` -cp versions1/2.2.0v/certs.sector.sig versions1 +cp versions1/2.2.1v/certs.sector.sig versions1 ``` - continue with a normal deployment to create the 2 signature files next to the bin files diff --git a/versions1/2.2.0v/latest-pre-release b/versions1/2.2.0v/latest-pre-release deleted file mode 100644 index e3a4f19..0000000 --- a/versions1/2.2.0v/latest-pre-release +++ /dev/null @@ -1 +0,0 @@ -2.2.0 \ No newline at end of file diff --git a/versions1/2.2.0v/certs.sector b/versions1/2.2.1v/certs.sector similarity index 100% rename from versions1/2.2.0v/certs.sector rename to versions1/2.2.1v/certs.sector diff --git a/versions1/2.2.1v/latest-pre-release b/versions1/2.2.1v/latest-pre-release new file mode 100644 index 0000000..fae692e --- /dev/null +++ b/versions1/2.2.1v/latest-pre-release @@ -0,0 +1 @@ +2.2.1 \ No newline at end of file diff --git a/versions1/2.2.0v/otaboot.bin b/versions1/2.2.1v/otaboot.bin similarity index 62% rename from versions1/2.2.0v/otaboot.bin rename to versions1/2.2.1v/otaboot.bin index 8aa4649..775a862 100644 Binary files a/versions1/2.2.0v/otaboot.bin and b/versions1/2.2.1v/otaboot.bin differ diff --git a/versions1/2.2.0v/otabootbeta.bin b/versions1/2.2.1v/otabootbeta.bin similarity index 62% rename from versions1/2.2.0v/otabootbeta.bin rename to versions1/2.2.1v/otabootbeta.bin index 4755de7..d744607 100644 Binary files a/versions1/2.2.0v/otabootbeta.bin and b/versions1/2.2.1v/otabootbeta.bin differ diff --git a/versions1/2.2.0v/otamain.bin b/versions1/2.2.1v/otamain.bin similarity index 69% rename from versions1/2.2.0v/otamain.bin rename to versions1/2.2.1v/otamain.bin index 0ef5325..0d1efd5 100644 Binary files a/versions1/2.2.0v/otamain.bin and b/versions1/2.2.1v/otamain.bin differ