Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feature: firmware with dynamic key rotation #9

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

feature: firmware with dynamic key rotation #9

wants to merge 2 commits into from

Conversation

xudongzheng
Copy link

@xudongzheng xudongzheng commented Jan 11, 2025
edited
Loading

This has been tested with nRF52840 and S140v6. I don't have anything else available at the moment.

This is currently a draft since some refactoring is needed. I'm proposing the following

  • Move common advertising-related code to lib/findmy
    • Does firmware need its own go.mod file? With it being a separate module, it seems a bit more difficult to use lib/findmy.
  • Split firmware into firmware/static and firmware/rotation

There is an accompanying Python lookup script based on FindMy.py for this key rotation algorithm. However that needs to be cleaned up a bit first.

@xudongzheng xudongzheng marked this pull request as draft January 11, 2025 03:01
@deadprogram
Copy link
Member

it seems a bit more difficult to use lib/findmy

Yes, I have corrected that in the most recent commits. Sorry about having to reorganize things a bit.

@deadprogram
Copy link
Member

Interesting that you chose to use the Flash+littleFS option vs. using go:embed.

That certainly makes it easier to update the device keys remotely.

I was originally thinking to copy the adv keys to separate files in a directory, that would then be embedded into the executable at compile time.

@xudongzheng
Copy link
Author

Thanks for the refactoring work.

Are you suggesting using go:embed to embed multiple static keys rather than 1 static key? That could be a good option for platforms with limited resources such as nRF51. I don't currently have the hardware though I do have a nRF51822 beacon on the way. It wouldn't surprise me if the key derivation fails there due to limited flash/RAM.

I've seen several firmware that do multiple static keys. I haven't had a chance to try macless-haystack yet, perhaps that's a builtin feature there?

@xudongzheng xudongzheng marked this pull request as ready for review January 11, 2025 14:49
@deadprogram
Copy link
Member

Are you suggesting using go:embed to embed multiple static keys rather than 1 static key?

Exactly.

I haven't had a chance to try macless-haystack yet, perhaps that's a builtin feature there?

Yes, that is is correct. By populating this field in the JSON https://github.com/hybridgroup/go-haystack/blob/main/cmd/haystack/save.go#L42 apparently any of those keys will be associated with that device by macless-haystack.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@xudongzheng @deadprogram