I need to create a custom script that runs on ChibiOS for encrypting the log files created after log file write. Is there any existing mechanism to implemented for the same?
If not can someone guide me on creating a service script?
@tridge Can you please help me on this?
ArduCopter chibios #signing #flightlog
Welcome to the Ardupilot community.
Are you thinking of encrypting the log data before or after writing it to the SD card?
Hey @kd0aij Thanks for the reply.
We would prefer to have it before writing to the SD card.
Do you need signing (proving that the log was made on this particular machine) or encryption (preventing unauthorized reading of the logs)?
That means doing encryption in realtime; do any of the typical STM32 MCUs have hardware encryption modules?
Seems like a tall order for an already busy processor. I wonder if it’d be better to write a custom logger backend that streams to a UART or CAN, and then peripheral hardware could take care of the encryption and storage.
The idea is to have a root trust mechanism for the logs and prevent any fraudulent log injection. We need to implement this on the firmware itself.
@LupusTheCanine @kd0aij @Yuri_Rage
I’m suggesting a wired solution. I don’t know how that would be susceptible to malicious injection.
We cannot go for a wired solution now since there are some limitations for that.
There are limitations to adding a small peripheral device???
I don’t understand your use case at all. Good luck.
There are like some guidelines that we need to follow for certification. Adding peripheral device is not possible at this moment.
This type of vague language is a red flag that this is an attempt to get help doing things that violate the AP code of conduct. If you can’t explain yourself more clearly, it’s hard to provide assistance.
Sorry for that @Yuri_Rage .
“Flight Module should have a root of rust mechanism implemented which is used to sign the data generated inside the Flight Module.” This is the guideline in short that we need to implement.
There are 2 levels of compliance that we can follow of which we follow level 0 which doesn’t allow us to use any other peripheral device at the flight module.
Which is why we cannot add any peripheral device for encryption as you suggested.
Thank you for your valuable feedback.
@Sarath_M_Joy,
I think you have to show who and why is given such guidelines.
What is the application you want the Flight Module use for.
If you have such high guidelines you also must probably ensure that logging can’t be switched off and ensure that the Flight Module will not work if logging is not possible.
Also you ask in your first post for “encryption” but I think you only need “signing”
This is for the certification process for drones in India.
As I explained before the idea is to get a root trust mechanism enabled.
Is there a way we can encrypt the data after writing to SD card
Hmm. It requires signing, so don’t need to encrypt the whole log. Just get some inflight data, that is not easy to reproduce, like GPS position, ekf state and add periodically then add a log entry which contains them in a signed form. (of course you have to store your signing key in the firmware, and lock the whole FC down, so no external entity can get the key or change the script that do the logging.
I expect so, but then the FC wouldn’t necessarily need to be involved.
MAVLINK LOG backend via Serial to a Teensy 4.1
Teensy 4.1 is cheap, has it’s own sd card slot, cryptography support and fast processor…