Add an example #5
Conversation
|
Hi Linus I have a working HTTP OTA update that would make a good example, do you think it would be worthwhile to add it? Additionally, I have built an extension that performs a checksum of the update using ShA256. I have called this |
| @@ -1,5 +1,6 @@ | |||
| [build] | |||
| # Uncomment the relevant target for your chip here (ESP32, ESP32-S2, ESP32-S3 or ESP32-C3) | |||
| # you may need to change the toolchain in `rust-toolc | |||
There was a problem hiding this comment.
meant to be rust toolchain, xtensa chips need a custom toolchain afaik
There was a problem hiding this comment.
Seems like an unfinished sentence then?
| /.embuild | ||
| /.devcontainer |
There was a problem hiding this comment.
You ignore the devcontainer folder here. But this PR also commits devcontainer definitions. I think you might want to remove the devcontainer files from this PR and keep it ignored?
|
Thank you for wanting to contribute! I have not read the entire PR yet. I left some comments on some things I think might have been commited by mistake as a first iteration. Will read more of it soon!
Having both signature verification (chip will only trust firmware signed by trusted parties) and integrity verification is something I really want in general. I have not yet coded this up for myself. And I have not decided if it belongs in this crate or outside. If it's put inside the crate then it becomes very opinionated as to what checksum algorithm and/or signature method it uses. But yeah, sha256 is universally a pretty solid choice, so it might be good! As long as we keep it behind an opt-in feature flag and the dependency it pulls in is sane and fairly small. |
| Build: | ||
| ``` | ||
| RUSTFLAGS="-C strip=symbols -C debuginfo=0" cargo build --example beta --release | ||
| espflash save-image --chip <mcu_target> ./target/<mcu_target>/release/examples/beta ./beta.bin |
There was a problem hiding this comment.
This PR commits the beta.bin file. I'm guessing that's a mistake, since these instructions build it? I don't think we should carry around built binaries in the repository.
There was a problem hiding this comment.
Agreed, will amend
|
|
||
| Build: | ||
| ``` | ||
| RUSTFLAGS="-C strip=symbols -C debuginfo=0" cargo build --example beta --release |
There was a problem hiding this comment.
Does the stripping etc really need to be done here? It significantly complicates the example instructions. Is it required to fit on some specific type of chip? Otherwise I think simple instructions is more valuable.
There was a problem hiding this comment.
Doesn't need to happen, but it is an important aspect of OTA updates in my experience. We should mention it in the docs if not as part of the example, but it does greatly speed up the flashing.
|
|
||
| ## ota_from_flash | ||
|
|
||
| The app contains the update in it's flash memory at compile time. The `beta.bin` image in the ESP32 app image format must be available at compile time. |
|
|
||
| ## partitions_factory.csv | ||
|
|
||
| The default partition table shipped with the ESP32. _Not suitable for OTA._ |
There was a problem hiding this comment.
Why is this partition table included, since it's not used?
There was a problem hiding this comment.
I included it as a reference. Dodgy things might happen if a user doesn't re-write their original partition table.
For example, if you flash OTA alpha and OTA beta into partition slot ota1 and ota2 respectively. In this case, OTA alpha loads, writes OTA beta into the ota2 slot and selects that as the boot partition.
When a user wants to flash a non-ota app into what they expect to be the factory partition, the ota2 slot could still be selected as the boot partition, and the factory partition never opens :-(
There was a problem hiding this comment.
I don't think it's the responsibility of this repository to track the default partition table. If there are potential caveats (which are currently not even mentioned) I think it's far better to describe how to get out of the bad situation, and link to an online resource with the default partition table. Then we don't have to maintain it here
| for app_chunk in NEW_APP.chunks(4096) { | ||
| if let Err(err) = ota.write(app_chunk) { | ||
| error!("Failed to write chunk"); | ||
| break; |
There was a problem hiding this comment.
This will just exit the for loop and go directly to ota.finalize(). Here we know the update failed already, and I don't think it's the best course of action to try and finalize the update. I think it's better in general (and teach the readers) to exit with an error here. Only run the finalize code if all write calls succeeded.
| match ota.finalize() { | ||
| Err(x) => { | ||
| error!("Failed to validate image."); | ||
| () |
There was a problem hiding this comment.
Returning unit is automatically implied when you don't return anything else. I believe this is superfluous here.
Hmm.. I thought about this again. How is it implemented? I don't want this crate to be locked to a specific format in how the images are transferred to the chip, neither be biased on the transport method. |
I agree that it is tough to be opionated regarding checksum algorithm. The ESP32 has CRC hardware support built in, for example. I think it would be a good idea to create a trait as the public interface, that we implement for SHA256 as a start, and allow future contributors to extend as desired.
My implementation is an extension of This is not locked into the specific format or transport method, but does require the user to also transfer the expected checksum over a side channel. |
| @@ -1,5 +1,6 @@ | |||
| [build] | |||
| # Uncomment the relevant target for your chip here (ESP32, ESP32-S2, ESP32-S3 or ESP32-C3) | |||
| # you may need to change the toolchain in `rust-toolc | |||
There was a problem hiding this comment.
Seems like an unfinished sentence then?
| @@ -0,0 +1,66 @@ | |||
| ARG VARIANT=bookworm-slim | |||
| Build: | ||
| ``` | ||
| RUSTFLAGS="-C strip=symbols -C debuginfo=0" cargo build --example beta --release | ||
| espflash save-image --chip <mcu_target> ./target/<mcu_target>/release/examples/beta ./beta.bin |
|
|
||
| ## partitions_factory.csv | ||
|
|
||
| The default partition table shipped with the ESP32. _Not suitable for OTA._ |
There was a problem hiding this comment.
I don't think it's the responsibility of this repository to track the default partition table. If there are potential caveats (which are currently not even mentioned) I think it's far better to describe how to get out of the bad situation, and link to an online resource with the default partition table. Then we don't have to maintain it here
Add an example that updates an OTA enabled app using another app encoded in the flash memory.