mirror of
https://github.com/imjasonh/esp32
synced 2026-07-08 08:25:02 +00:00
Implements provisioning-plan.md. The OTA-distributed firmware no longer contains any secrets or per-device config — those live in NVS and are written via USB by `make provision` from a (gitignored) `provisioning.toml`. Same firmware bytes can run on any device. Firmware changes: - src/main.rs reads wifi/ssid + wifi/pass from NVS namespace `wifi`. Strict-inert (sit-and-log) when missing; no compile-time fallback. WIFI_SSID/WIFI_PASS env! macros gone. - src/trust.rs becomes a `TrustConfig::load(nvs)` loader. Identities come from NVS namespace `trust`, key `identities` (JSON-encoded array). Sigstore root + intermediate PEMs come from `trust/fulcio_root` and `trust/fulcio_inter` blobs. include_str! gone. - src/sig.rs and src/ota.rs thread &TrustConfig through verify_bundle and the OTA loop instead of reading global consts. - build.rs no longer tracks WIFI_* env changes. New tool: - tools/provision/ host-side cargo crate. Reads provisioning.toml, emits an NVS CSV, shells out to ESP-IDF's nvs_partition_gen.py to produce a binary NVS image, optionally `espflash write-bin`'s it. Make targets: - `make provision` — build NVS image + flash it. - `make bootstrap` — flash-all + provision (new device setup). - `make build` no longer requires wifi.env. - wifi.env removed from prereqs / WIFI_ENV variable removed. Workflows: - ci.yml: drops the placeholder wifi.env step, adds a `build provision` job alongside the firmware + publisher jobs. - publish.yml: drops WIFI_SSID/WIFI_PASS secret reads. Only secret needed is the auto-injected GITHUB_TOKEN. Docs: - README updated to use `make bootstrap` + `make provision` flow. Project layout moved to a new repo-local CLAUDE.md. - provisioning.toml.example committed as the template the user copies. - wifi.env.example removed (no longer used). Migration: existing devices need `make bootstrap` over USB. The new firmware has no embedded creds; OTAing to it without provisioning would just sit in strict-inert. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
29 lines
1.2 KiB
Text
29 lines
1.2 KiB
Text
# Provisioning config for `make provision`. Copy to `provisioning.toml`
|
|
# (gitignored) and fill in your values, then `make provision` to write
|
|
# everything to the device's NVS partition over USB.
|
|
|
|
[wifi]
|
|
ssid = "your-wifi-ssid"
|
|
pass = "your-wifi-password"
|
|
|
|
[trust]
|
|
# Bundled Sigstore Fulcio root + intermediate CA PEMs. These come from
|
|
# https://github.com/sigstore/root-signing/tree/main/targets and need to
|
|
# be re-fetched + re-provisioned if Sigstore rotates them (rare).
|
|
fulcio_root_pem = "trust/fulcio_root.pem"
|
|
fulcio_intermediate_pem = "trust/fulcio_intermediate.pem"
|
|
|
|
# Allowlist of (identity, issuer) pairs the OTA verifier accepts as
|
|
# signers of incoming firmware. Identity is the SAN value in the Fulcio
|
|
# leaf cert — an rfc822Name (email) for OIDC issuers like Google, or a
|
|
# URI for workflow-based issuers like GitHub Actions.
|
|
|
|
# Manual `make publish` from a developer machine.
|
|
[[trust.identities]]
|
|
identity = "imjasonh@gmail.com"
|
|
issuer = "https://accounts.google.com"
|
|
|
|
# Automated publishes from the GHA workflow on push to main.
|
|
[[trust.identities]]
|
|
identity = "https://github.com/imjasonh/esp32/.github/workflows/publish.yml@refs/heads/main"
|
|
issuer = "https://token.actions.githubusercontent.com"
|