Skip to content

Add keys generate command #1695

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 5 commits into from
Closed

Add keys generate command #1695

wants to merge 5 commits into from
+779 −13

Conversation

umbynos
Copy link
Contributor

@umbynos umbynos commented Mar 24, 2022

Please check if the PR fulfills these requirements

  • The PR has no duplicates (please search among the Pull Requests
    before creating one)
  • The PR follows
    our contributing guidelines
  • Tests for the changes have been added (for bug fixes / features)
  • Docs have been added / updated (for bug fixes / features)
  • UPGRADING.md has been updated with a migration guide (for breaking changes)
  • What kind of change does this PR introduce?

feature

  • What is the current behavior?
  • What is the new behavior?

add keys generate command to generate the encryption keys required for secure boot

  • Other information:

See how to contribute

Sorry, something went wrong.

umbynos and others added 4 commits March 24, 2022 10:17
@umbynos
refactor TempFileCreationFailedError to be FileCreationFailedError

Unverified

This commit is not signed, but one or more authors requires that any commit attributed to them is signed.
Learn about vigilant mode
f014be1
@umbynos
add keys generate command to generate the encryption keys required …

Unverified

This commit is not signed, but one or more authors requires that any commit attributed to them is signed.
Learn about vigilant mode
ea0ce60 
…for secure boot
@umbynos
print output in json

Unverified

This commit is not signed, but one or more authors requires that any commit attributed to them is signed.
Learn about vigilant mode
1c34618
@umbynos
add tests

Unverified

This commit is not signed, but one or more authors requires that any commit attributed to them is signed.
Learn about vigilant mode
1c6c318
@umbynos umbynos requested review from cmaglie, ubidefeo and per1234 March 24, 2022 10:13
@umbynos umbynos self-assigned this Mar 24, 2022
@umbynos umbynos added type: enhancement Proposed improvement topic: code Related to content of the project itself labels Mar 24, 2022
per1234
per1234 requested changes Mar 24, 2022
View reviewed changes
arduino/errors.go
type TempFileCreationFailedError struct {
Cause error
// FileCreationFailedError is returned if a temp file could not be created
type FileCreationFailedError struct {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As this is an exported object, this will be a breaking change and so the standard procedure should be followed to communicate that to the users.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I did not though about it, but you are right

@umbynos @per1234
Apply suggestions from code review

Unverified

This commit is not signed, but one or more authors requires that any commit attributed to them is signed.
Learn about vigilant mode
0ff01b7 
Co-authored-by: per1234 <accounts@perglass.com>
@umbynos umbynos force-pushed the umbynos/keys_generate_command branch from e55e6ac to 0ff01b7 Compare March 25, 2022 15:16
@umbynos
Copy link
Contributor Author

umbynos commented Mar 29, 2022

In the end, we decided to keep it simple and do not add key generation to the arduino-cli. We decided instead to write a guide on how to do it using imgtool (along with download links to it).

This was a difficult decision, but the reasons in favor of the guide were multiple:

  • Feature Creep
  • The CLI should be a tool able to interact with sketches/libraries/cores. Key generation has little to do with it for now, since the only board to support it is the Portenta H7
  • There are already tools able to generate security keys. For example imgtool is already available, we built it and use it to sign and encrypt binaries, we could use it even for key generation, extraction...
  • It would not make sense to reimplement imgtool in Golang to basically do what it already does: generate PEM keys, extract pub/priv keys, and encode the key in a C header file
  • The procedure for uploading the keys to the board’s flash cannot be made fully automatic and still requires some manual steps. Thus, it does not make sense to replace the imgtool procedure.
  • Adding such code in the cli means also maintaining it, and at the moment we do not have the capacity to do that. Even implementing another tool to do that would result in the same issue.

Things could change in the future. If/When there will be other boards supporting secure-boot maybe this topic will be faced again. But we would have users with clear requirements, and we could better develop this

@umbynos umbynos closed this Mar 29, 2022
@per1234 per1234 added the conclusion: declined Will not be worked on label Mar 30, 2022
@umbynos umbynos deleted the umbynos/keys_generate_command branch April 11, 2022 13:58
@umbynos
Copy link
Contributor Author

umbynos commented Apr 11, 2022

Guide here arduino/docs-content#129

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@per1234 per1234

@cmaglie cmaglie

@ubidefeo ubidefeo

Assignees

@umbynos umbynos

Labels
conclusion: declined Will not be worked on topic: code Related to content of the project itself type: enhancement Proposed improvement
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@umbynos @per1234