Is ‘platform.txt’ file contained in packages subfolder used in some sort of way?
recipe.hooks.sketch.prebuild.pattern="{runtime.tools.python3.path}/python3" -I ```
"{runtime.tools.signing}" --mode header --publickey "{build.source.path}/public.key" --out "{build.path}/core/Updater_Signing.h"
something I need for signed OTA
platform.txt goes completely unused. All build logic is implemented in Python.
What platform is this for? ESP32, RP2040?
esp8266 now but later I’ll need it for ESP32
Not implemented for esp8266, not implemented for esp32.
opened 12:35AM - 24 Feb 19 UTC
feature
Hello,
I have a problem with binary signing which is related with secure OTA u… pdate in new version of esp8266Arduino core <https://arduino-esp8266.readthedocs.io/en/latest/ota_updates/readme.html>
Basically, to sign binaries, two activities are essential:
1. invoke tool signing.py with appropiate flags before whole build process: it dynamically build header which is placed in core headers directory based on finding public RSA key in main source code directory
2. invoke the same tool with other flags in order to sign produced binary with RSA private key.
As far as I tried to do this activites by write proper scripts in Python and bind them to PIO in pre/post hooks mechanism, I have no success in this matter (my functions are invoked by PIO in wrong places and I didn't found tutorial good enough for my basic Python experience to programatically obtain correct directories). In the end, I have hardcoded my directories and that forces me to run Python before build to generate headers, build project in PIO and run Python again to sign binary. By using Arduino IDE, it is very easy activity, because of implementing this mechanism in default build sequence. Is it possible to do the same in PIO?
opened 10:43AM - 21 Mar 20 UTC
feature
Now only ESP-IDF support secure boot and flash encryption: https://esp32.com/vie… wtopic.php?t=10029
Please add support for it in platformio
You can write custom scripts to post-sign the binary though.
I was aware of first request pending, not the 2nd. I can sign binary but it will not be used by updater core code because of “ARDUINO_SIGNING” not is defined
Oh but for that you can add build_flags = -DARDUINO_SIGNING to the platformio.ini to turn on that macro globally.
maxgerhardt:
-DARDUINO_SIGNING
honestly I just saw now I have it already present…mmm I’ll dig a little more on that.
Ok, now I see. It’s already define in core as 0, compiler generare a redefinition warning, and “core” value is used
At the end I got the magic:Enabling binary signing