* Simple blinky demo working. Not tried full demo yet.
* Get the full demo running.
* Add Eclipse project to build the RISC-V_RV32_QEMU_VIRT_GCC gcc makefile.
* Add regtest tasks to the RISC-V_RV32_QEMU_VIRT_GCC demo.
* Update priority of the timer task.
* Adjust timer frequency and optimisation level before committing prior to rearranging the Eclipse project.
* Reorganise Eclipse project slightly.
* Add note to the RISC-V-Qemu-virt_GCC readme file about the updated version in RISC-V_RV32_QEMU_VIRT_GCC.
* Update headers in newly added source files so they pass the automated header check.
* Update lexicon to pass automated spell check.
Co-authored-by: none <>
* Update cellular sub-module pointer
* Add more log in cellular_setup.c to indicate error
* Adjust cellular transport timeout value for demo application
* Add default cellular module specific config in cellular_config.h
* Add hello world project for Vitis.
* Working hello world program.
* Remove the call to ps7_init().
* Demo moved from the XSDK project to Vitis is now compiling - not tried running yet though.
* Blink is printing out in blinky demo.
* Adjust the priorities of the demo tasks to enable them to run at once.
Update blocktim.c so it stores the line on which an error was detected in the error occurred variable rather than just setting the variable to true.
* Add launch configuration file.
Remove unused definitions from FreeRTOSConfig.h.
Edit the comments that describe what the demo does.
* Revert changes to blocktim.c, which should have been in a separate PR.
* Correct header comments in new files.
* Update headers for core checks.
* Third attempt at getting headers through the commit checks - copy headers from other files is not enough.
* Still trying to get core checks to pass.
* Update lexicon.txt
* Correct spelling in Cortex-A9 QEMU main.c.
Co-authored-by: none <>
* Rename the CORTEX_MPS2_QEMU_IAR directory to CORTEX_MPS2_QEMU_IAR_GCC
* Add makefile and startup.c.
* GCC build is working, but not yet running.
* Add eclipse project.
* Tidy up the linker file.
Add the debug launch file to the file system.
* Add printf-stdarg.c to the GCC build.
* Increase heap size for the GCC build.
* Copy IAR project files into a dedicated IAR build directory.
* Delete the IAR project from its original location now it is in its own build directory.
* Update headers to correct version number.
* Update lexicon.txt.
* Update core_checker.py.
* Change line endings in lexicon.txt.
* Increase the stack size of the task that prints out strings.
* Update linker script to build with older ld versions.
* Add links to the online documentation page for this demo.
* Fix line endings
Signed-off-by: Gaurav Aggarwal <aggarg@amazon.com>
* Remove linker and project files from header check
Eclipse project files have names .project and .cproject. Python splitext
will treat these as file names and not as extension and as a result, it
is not enough to just add these to ignored extension list. Instead, we
need to add them to ignored files list.
Signed-off-by: Gaurav Aggarwal <aggarg@amazon.com>
* Remove startup files from header check
Signed-off-by: Gaurav Aggarwal <aggarg@amazon.com>
Co-authored-by: RichardBarry <richardbarry.c@gmail.com>
Co-authored-by: none <>
Co-authored-by: Gaurav Aggarwal <aggarg@amazon.com>
* Add fleet provisioning and tinycbor submodules
* Copy demo files from FP in CSDK and the Defender Demo
* Modify FP demo files to function in FreeRTOS
* Update styling and formatting of demo files to match FreeRTOS conventions
Co-authored-by: Archit Gupta <71798289+archigup@users.noreply.github.com>
The previous "using_mbedtls_pkcs11.c" implementation requires using the device key and device certificate stored under the labels "pkcs11configLABEL_DEVICE_PRIVATE_KEY_FOR_TLS" and "pkcs11configLABEL_DEVICE_CERTIFICATE_FOR_TLS".
This commit updates the NetworkCredentials to include fields for pClientCertLabel and pPrivateKeyLabel, so other labels can be used with PKCS11. This matches the behavior seen in the CSDK.
This commit also updates the "pkcs11_mqtt_mutual_auth_demo" to set the newly-added NetworkCredentials fields.
* [Cellular] Add cellulr lib submodule and demo app
* [Cellular] Fix memory violation in transport layer and add using LoggingPrintf
* Update FreeRTOS Cellular Interface
* Change the mbedtls usage in FreeRTOS-Plus
* [Cellular] Fix missing spell
* [Cellular] Add manifest.yml
* Fix missing spell
* Update manifest.yml
* [Cellular] Add integration test
* Modify the demo log level to LOG_INFO
* Update cellular interface
* The modification of the folder structure for cellular library
* Rename the naming of demo
* Adjust the location of using_mbedtls and socket_wrapper
* Adjust project setting for relocating using_mbedtls and socket_wrapper
* Turn off PSM mode
* Add start marker for CI validation.
* The modification for mbedtls platform send/recv function for cellular
* Change the project file due to the changes of mbedtls platform send/recv function for cellular
* Fix missing newline and remove unused file
* Add missing configuration.
* Make cellular and freertos tcp plus use the same transport implementation
* Add comment for the macro MBEDTLS_SSL_SEND and MBEDTLS_SSL_RECV
* Make changes from the github comment.
This PR makes the following changes in the coreSNTP demo:
To suggest the most secure way of using SNTP communication, we are adding a documentation note about the Network Time Security in the SNTP demo.
Hygiene update of using the FreeRTOS/backoffAlgorithm utility library for calculating time polling period interval backoff when time requests are rejected by a time server.
Issue
There is a possible vulnerability of Denial of Service attack by keeping the UDP socket for the SNTP client task always open in the coreSNTP demo. The Denial of Service attack can occur from receiving multiple server response (duplicated or malicious) for a single SNTP time request sent by the client, and thereby, filing the socket network buffer response packets that affect future time requests.
Solution
This PR fixes this vulnerability by updating the demo to keep a UDP socket open only for the time period of waiting for server response, closing the socket on either receiving a server response or experiencing server timeout, and re-creating a UDP socket for the next polling try. This PR also adds another security functionality using a random port for UDP socket to protect against spoofing attacks from "off-network path" attackers.
* Fix code to match comment; idle prioriry task should not block to yield, as then it will hardly run at all (bug affects SMP tests)
* Add RP2040 Demo - can be used for 'main' or 'smp' branch of FreeRTOS_Kernel
* move to latest main/ of FreeRTOS-Kernel
* move RP2040 demos into Community-Supported
* Update whitespace issue
Co-authored-by: Gaurav-Aggarwal-AWS <33462878+aggarg@users.noreply.github.com>
* Add SMP to lexicon
Co-authored-by: Gaurav-Aggarwal-AWS <33462878+aggarg@users.noreply.github.com>
Update the coreSNTP submodule to the latest commit. Also, make updates to the coreSNTP demo for the new changes in the SNTP library which include the following:
1. Update to the type for packet size from size_t to uint16_t for parameters in the transport and authentication interfaces.
2. Change in the call to Sntp_SendTimeRequest API to pass the new blockTimeMs parameter added to the API.
3. Update to the clock-offfset type from int32_t to int64_t for representing information in milliseconds. To accommodate this update in the SntpSetTime_t interface, the mathematical model for representing system clock has been updated to store slew rate as milliseconds/second (instead of second/second). This change improves the accuracy of the WinSim demo time correction (because the milliseconds of time difference between server and client time is corrected over the entire polling interval which makes a significant difference!).
This PR also adds demo config macros for setting the block time values passed to the Sntp_SendTimeRequest and Sntp_ReceiveTimeResponse APIs.
Update the coreSNTP demo to showcase use of symmetric key algorithm of authentication scheme for securing SNTP communication between client and server.
The demo uses the AES-128-CMAC algorithm for the generating Message Authentication Code for the client on sending the SNTP time request to server as well as validating the server response received by verifying if the payload present authentication code can be generated. Use of an authentication mechanism in SNTP communication protects against server spoofing attacks as well as man-in-the-middle attacks of server response modification.
The demo uses corePKCS11 library for the AES-CMAC operations. Also, the demo adds functionality of generating random number, using corePKCS11, for sending as a parameter to the Sntp_SendTimeRequest API.
Note: For symmetric key based security mechanism to be protective against malicious, it is IMPORTANT to securely pre-share the symmetric key between client and server.
Add the FreeRTOS/coreSNTP library as a submodule (along with manifest.yaml file update) and add a demo project to showcase use of the coreSNTP library for having a SNTP client daemon in the system for periodically synchronizing system time with the internet to maintain Coordinated Univeral Time (UTC) in a device. This demo maintains UTC time of system in RAM, thereby, representing systems without a Real-Time Clock (RTC) module in the device.
Note: This demo shows use of coreSNTP library for SNTP communication with NTP/SNTP time servers in non-authenticated mode (i.e. without any security mechanism payload beyond the standard 48 bytes of NTP packet exchange between client-server).
* Added spell check
* All words
* Add a missing word
* Fix header checks
* Fix header checks v1
* Fix header check v2
* Updated freertos link in header
* Fixed afr link in the header
* Fix last of header checks
* Update the spell check script to check amazon licensed files only
* Fixed paths and added comments
* Try with modified repo
* Add inplace substitute option to sed
* Use official repo as the spell checker source
* Add vendor file to the ignored list
Co-authored-by: root <root@ip-172-31-5-28.us-west-2.compute.internal>
RichardBarry
chinglee-iot
Ravishankar Bhagavandas
johnrhen
tianmc1
andysun2015
Gaurav-Aggarwal-AWS
alfred gedeon
Archit Aggarwal
Graham Sanderson
Alfred Gedeon
Aniruddha Kanhere