bitbox-base icon indicating copy to clipboard operation
bitbox-base copied to clipboard
verified publisher icon digitalbitbox

hsm: add possibility to update HSM firmware from middleware

Open Tomasvrba opened this issue 6 years ago • 2 comments

This commit:

  • Adds the AvailableHSMVersion Redis key: hsm:firmware:version
  • Adds the HSMUpdateAvailable() method to the middleware which compares the version of the running HSM firmware and the AvailableHSMVersion Redis key
  • If a new version is available, the main() function executes the update via the hsm immediately after the middleware is started
  • The signed firmware file is assumed to be in /opt/shift/hsm/firmware-bitboxbase.signed.bin which is the default value of the hsmFirmwareFile flag
  • Together with the updateHSMFirmware, this can be used to force flash firmware from a custom location
  • If an update is successful, reboot back into the firmware via the middleware so that the middleware has access to the new hsmFirmware

Tomasvrba avatar Dec 12 '19 12:12 Tomasvrba

@Stadicus We will also need to set the AvailableHSMVersion Redis key on build. I'll leave that to you?

Tomasvrba avatar Dec 12 '19 12:12 Tomasvrba

@benma Could you please take another quick look over my changes which address your review?

Tomasvrba avatar Jan 06 '20 12:01 Tomasvrba