Add teensy_secure support

[ssilverman]

trafficstars

This is a first attempt.

Some notes:

1. I'm not quite sure how to use the .hex file name and not the .ehex file name if teensy_secure fails to encrypt. While it still works because the teensy_secure program, when told to upload a '.ehex' file, will find the '.hex' file, I don't like how it still says Uploading .pio/build/teensy41/firmware.ehex.
2. I haven't tested this on Windows or Linux.

Inspiration for this PR found here:

1. #93
2. @GoobyCorp's fork: https://github.com/GoobyCorp/platform-teensy

Resolves #93

[ssilverman]

I just added the ability to use a custom key via the custom_secure_key option.

[Satnet]

May be a stupid question but I'm not all the good with Github. Does this "custom_secure_key" work in the ordinary PlatformIO? And how do I use it? I'd like to link my .key file and have .EHEX be made automatically. Thanks!

[ssilverman]

This PR works well for me to do automatic EHEX uploads and creation. I chose the name because it's my understanding that any custom PlatformIO options need to be prefixed with "custom_". To make the change yourself, just put the changes in that builder/main.py file. (On a Mac, the full path is ~/.platformio/platforms/teensy/builder/main.py.)

[ssilverman]

I realized I didn't completely answer your question. To use it with a key in a specific location, add a custom_secure_key line to your platformio.ini file that points to your key. For example:

custom_secure_key = ~/my/key/location

Alternatively, if you don't add that property, the behaviour should be the same as the Arduino IDE with Teensyduino. It will use the key from the default location. In other words, "do nothing" is a valid option.

[david-res]

@ssilverman Is this implemented in the latest teensy pio package?

[ssilverman]

@ssilverman Is this implemented in the latest teensy pio package?

I’m unclear what you’re asking?

[david-res]

@ssilverman Is this implemented in the latest teensy pio package?

I’m unclear what you’re asking?

Does the latest release of Teensy for PlatformIO contain the ability to generate and flash an ehex?

[ssilverman]

It should. I'm able to use it. Have you tried it?

[Satnet]

It should. I'm able to use it. Have you tried it?

I have tried it on Windows. It doesn't work. I have just updated PIO, and i've tried to write the folder path and the direct key.pem file. There's no EHEX being created. Only HEX.

[ssilverman]

I have tried it on Windows. It doesn't work. I have just updated PIO, and i've tried to write the folder path and the direct key.pem file. There's no EHEX being created. Only HEX.

Have you first generated a key? You’ll need to do that with the latest 1.8.x Teensyduino IDE.

[Satnet]

I have tried it on Windows. It doesn't work. I have just updated PIO, and i've tried to write the folder path and the direct key.pem file. There's no EHEX being created. Only HEX.

Have you first generated a key? You’ll need to do that with the latest 1.8.x Teensyduino IDE.

I've gotten it to do it's thing, but I'm using a TeensyMM, so had to add that into main.py, now the problem is this:

Encrypting .pio\build\stable\firmware.ehex
This board does not support code encryption

I've searched for the text "This board does not support code encryption" but can't find it anywhere. From what I can see in this fork, all you changed is main.py. TeensyMM does support EHEX, been using it many times in Arduino IDE.

[ssilverman]

You need to use a lockable version and follow the instructions here: https://www.pjrc.com/teensy/td_code_security.html

Here’s the lockable version: https://www.sparkfun.com/products/18771

[Satnet]

You need to use a lockable version and follow the instructions here: https://www.pjrc.com/teensy/td_code_security.html

Fully aware of this. The board I use is a fully custom board which is lockable. It's been used with Arduino IDE EHEX already. I'm not using a Teensy 4, I'm using the MicroMod which does support it, please add it to your branch. Thanks! :)

[ssilverman]

You need to use a lockable version and follow the instructions here: https://www.pjrc.com/teensy/td_code_security.html

Fully aware of this. The board I use is a fully custom board which is lockable. It's been used with Arduino IDE EHEX already. I'm not using a Teensy 4, I'm using the MicroMod which does support it, please add it to your branch. Thanks! :)

I’m happy to test that it works with a TeensyMM if you’re willing to send me one (plus a carrier board). I don’t own one myself.

Did you set custom_secure_key to the full path of your key.pem?

[PaulStoffregen]

I’m happy to test that it works with a TeensyMM if you’re willing to send me one (plus a carrier board). I don’t own one myself.

I'll send you one. Please email me directly.

[Satnet]

You need to use a lockable version and follow the instructions here: https://www.pjrc.com/teensy/td_code_security.html

Fully aware of this. The board I use is a fully custom board which is lockable. It's been used with Arduino IDE EHEX already. I'm not using a Teensy 4, I'm using the MicroMod which does support it, please add it to your branch. Thanks! :)

I’m happy to test that it works with a TeensyMM if you’re willing to send me one (plus a carrier board). I don’t own one myself.

Did you set custom_secure_key to the full path of your key.pem?

The Teensy MM is specified as "teensymm" in the platform.ini. In your main.py file there's no support for that. However, I did add such support. The "This board does not support code encryption" is most likely coming from some other place. And thus the EHEX is never created. I also want to underline that this happens regardless of "Build" or "Upload". You seem to think that the non-support messages comes when I upload, that's not the case.

If the only way is to send you that stuff, then I will do that. But let's try to find out where that non-support messages comes from. I've used google to try to find a file with that inside of it, no luck. Perhaps coming from the compiler?

I got this to work by simply specifying "board = teensy41" instead of "board = teensymm".

[ssilverman]

The Teensy MM is specified as "teensymm" in the platform.ini. In your main.py file there's no support for that.

This was the reminder I needed. Thanks for that.

[Satnet]

The Teensy MM is specified as "teensymm" in the platform.ini. In your main.py file there's no support for that.

This was the reminder I needed. Thanks for that.

You don't need a MM to test this. Just use "board = teensymm" in the platform.ini and then Build, you'll get the non-support message.

[ssilverman]

The Teensy MM is specified as "teensymm" in the platform.ini. In your main.py file there's no support for that.

This was the reminder I needed. Thanks for that.

It turns out that my main.py modifications do include TeensyMM support because its build_core is still "teensy4". I'm still looking because I see the error you mention.

[Satnet]

The Teensy MM is specified as "teensymm" in the platform.ini. In your main.py file there's no support for that.

This was the reminder I needed. Thanks for that.

It turns out that my main.py modifications do include TeensyMM support because its build_core is still "teensy4". I'm still looking because I see the error you mention.

Did you test “board = teensymm”? If you do that, you’ll get the same issues as me.

Using teensy41 does work, it’s not correct and teensyloader won’t upload it to the Micromod board because it’s wrong.

[ssilverman]

I just pushed a fix.

[Satnet]

I just pushed a fix.

Wonderful news. I’ll test this tomorrow when I’m by the computer. Big thanks!

[Satnet]

I just tested. Perhaps a little bug was introduced. It doesn't find the key.pem file. Note that it's the exact same path as yesterday. The key file is there. Also note that there's a space in the error text "key .pem" perhaps there's a space somewhere.

Encrypting .pio\build\stable\firmware.ehex with key at ~C:\Users\MrFringe\Documents\Arduino\key.pem
No key .pem file found, skipping .ehex encryption

[ssilverman]

What does your custom_secure_key value look like? I don’t think Windows paths can start with a ‘~’ character before the drive.

[Satnet]

The same as yesterday when it worked with Teensy4. I’ve changed nothing in the ini file since yesterday. I just updated with your main.py file.

custom_secure_key = ~C:\Users\MrFringe\Documents\Arduino\key.pem

[ssilverman]

I don’t think Windows paths can start with a ‘~’ character before the drive.

[Satnet]

I don’t think Windows paths can start with a ‘~’ character before the drive.

It worked yesterday, alltho not with teensymm but with teensy4.

[ssilverman]

Did you try it without the ‘~’? It appeared to work yesterday because it didn’t actually do anything with the key; the board name was wrong before my fix.

[Satnet]

Good news! Flashed the device and the EHEX runs fine. Good work ssilverman! Big thanks, I'm sure this will help others as well.

Just for the formality of it. The correct way to specify the path on Windows is: custom_secure_key = C:\Users\MrFringe\Documents\Arduino\key.pem

[ssilverman]

Was just wondering about getting this PR in? The notes:

1. I'm not quite sure how to use the .hex file name and not the .ehex file name if teensy_secure fails to encrypt. While it still works because the teensy_secure program, when told to upload a '.ehex' file, will find the '.hex' file, I don't like how it still says Uploading .pio/build/teensy41/firmware.ehex.
2. I think the property name "custom_secure_key" could use a different name. The only reason I used the "custom_" prefix is that PlatformIO says to use it for "custom properties". If you suggest an alternative, I'll change the PR to reflect that.

One points 1 and 2 are resolved, I think this PR would be ready, but I could use some help with them.

@ivankravets should this be merged into develop or master?