Dev Call Aug 22, 2022

Development Team
1

Remote ID

Issues & Pull requests

**Copter **

Plane

2

Attendee count (max): 25

UTC1100 - Remote ID update

  • 4.2.3 Plane stable is out with RemoteID in it
    • Vendors will need to build with special board ID to meet minimum requirements
  • Quite likely that once declarations of compliances etc are evaluated we’ll need signed firmware
    • There’s a PR
    • We’ll probably need a branch to support it
    • For US vendors they can start with the minimal level of tamper resistance we have in 4.2.3
      • Needs a one-line patch in the Plane final
        • Randy should include it
  • [9:03 AM] Peter Hall: IMHO we should not volunteer for more security features than they require.
  • [9:03 AM] Peter Hall: IE, see if what we have gets through first.
  • Steve is actively working on QGC plugin
  • https://github.com/ArduPilot/MissionPlanner/pull/2926
  • New firmware for the dongles which should fix bluetooth on older phones
  • Gluing USB ports would probably be enough to pass tamper protection requirements
    • But signed bootloaders would allow for updates to fix bugs
      • Sometime in next few days
    • FAA is reasonably clear that signed firmware will be a requirement on the dongles
    • Someone needs to go through the process to determine if the firmware signing is required
    • At least three signing keys in bootloader
    • Scripts will by default add ArduPilot signing keys
      • Randy, Peter and tridge would each have keys initially
      • We’ll end up with a subfolder for signed firmwares with OpenDroneID enabled
        • Some users will be confused
          • We had OpenDroneID firmwares on the server for a little while because people were using them without understanding their utility
    • Some sort of tickbox indicating if OpenDroneID is required
      • Probably only a subset of boards initially
  • Indian regulations are rapidly changing but would seem to require it
  • We need to merge this “just in case”
    • If the option isn’t enabled it will be zero-bytes
    • Bootloader requiring signed firmware is what triggers
  • ArduPilot vendors will probably want to add their own signing keys
    • Will have to learn how to build their own firmwares
      • At least one of their own signing keys
      • So if they need to get something out there they can get stuff out there
    • 9:19 AM] Peter Hall: I suspect we will soon see shipping with none of the AP keys.
    • Should we be running in with our maximum options?
      • Each vendor will be treated separately
    • Risk analysis indicating we’re tamper resistance
  • They’re not saying the thing has to be so secure a hw engineer with debugging tools can’t get in there
  • “Resist”?
    • BetaFlight might?
  • CubePilot have been using Sid’s branch in India
    • End up with a situation where only the vendor can update
  • Minimise impact on end users….
  • FAA doesn’t require flight controllers have secure bootloader
    • Companies that sell complete systems will be affected
  • Default will be to include AP keys by default
  • How hard we lock this down depends a lot on how hard people poke the system to find problems with it
    • We can make it arbitrarily hard to do break in
      • But it hurts users every time we do
  • If you buy a drone from a US vendor who has chosen to use a locked bootloader, and have set fuse bits
    • End users won’t be able to build and load their own firwmare
    • They could replace the flight controller with their own flight controller
      • They become vendor and they become compliant
        • They become a home builder and would have to follow the home building rules
  • Backports are coming
  • Why merge?
    • Need to give vendors the choice
    • Need to have people testing this now
    • Pilot’s responsibility to maintain continued compliance
      • Might not be vendors issue
    • Upsides
      • Secure upsides for data paths?
  • [9:43 AM] Peter Hall: What happens when the idiot posts how to bypass the signing?
  • [9:44 AM] rmackay9: @Peter Hall hopefully that involves breaking the autopilot open and isn’t considered easy enough
  • 9:45 AM] Charlie Johnson: I second what Jeff said. Many other larger companies have “cracked” firmware version out there. The need to protect against aircraft that don’t follow the rules still exists.
  • What happens if a key leaks?
    • Every vendor would need to update their bootloaders
  • [9:50 AM] rmackay9: if we release a new bootloader let’s remember to update the id so we know that it’s the new bootloader
  • FAA knows stuff isn’t perfect
  • Stop village idiots doing village idiots thing was the original thing
  • Devs should not be affected unless it’s a problem in your jurisdiction
    • Tridge would really like assistance on getting this stuff in
  • MissionPlanner interface is looking good
    • PR open
    • See Discord for plugins you can install
    • Position Compliance?
      • Could become a problem
      • Maybe we’ll need a path via a signed phone app?
  • FAA is more concerned by operator position rather than vehicle position
  • Bluetooth input on module could be coming
    • Required range from phone could be an issue
    • Bt5 lr required?
  • Exemptions?
  • Advocacy
    • A lot of chatter about getting an extension on the timeline
      • Letter-writing campaign
      • “Several letters” received
        • Administrative details to provide an extension being looked at
        • Update mid-this-week hopefully

UTC1209 - AP_BattMonitor: move read_block up to SMBus base class by hendjoshsr71 · Pull Request #20692 · ArduPilot/ardupilot · GitHub

  • Plea for testing
  • pre-Battery info PR cleanup
    • Should we merge this so close to the beta?
  • Randy will try to test this

UTC1211 - Plane: Quadplane: add option to refuse change to FW mode at low altitude by IamPete1 · Pull Request #21289 · ArduPilot/ardupilot · GitHub

  • Option to deny Low-altitude-fbwa
  • Don’t allow fbwa from quadplane at low altitudes
  • Use the modereasons to make this more nuanced?
  • Need exception handling stuff in here
  • Allow reload of script using pcall?
  • Prearm so that if a script has failed you can’t arm?
  • Pcall shouldn’t happen rapidly - should be rate-limited
  • Parameters?
    • Some sort of binding which does the boilerplate stuff we’re copying around?
      • Add table, add parameter, create parameter object then init it then assert it
    • “Requires” required

UTC1211 - gitignore: add defaults.parm by hendjoshsr71 · Pull Request #21300 · ArduPilot/ardupilot · GitHub

  • Add defaults.parm to .gitignore
  • Pattern is wrong?
  • Where’s the file coming from?

UTC1220 - AP_Periph: can_printf() to send longer strings using multiple packets by magicrub · Pull Request #21335 · ArduPilot/ardupilot · GitHub

  • Ability to send longer strings using can_printf
  • Can_printf considered harmful
  • A normal AP_Periph board shouldn’t be doing can_printf
  • This could go in as an option
    • Off by default, on via hwdef

UTC1230 - add mavlink battery support by panky0 · Pull Request #21399 · ArduPilot/ardupilot · GitHub

  • Mavlink-connected battery
  • Redundant autopilot system
  • 2 batteries and 2 autopilots
  • Companion board looking after multiple autopilots
  • Routing loop issues?
  • Cc is faking source id to be coming from the flight controller to come from
  • Peter will help with the autotests

UTC1243 - add mavlink battery support by panky0 · Pull Request #21399 · ArduPilot/ardupilot · GitHub

  • Fix BRD_IO_ENABLE=0
  • Merged

UTC1246 - Added aileron mixing example for VTOL yaw by tridge · Pull Request #21472 · ArduPilot/ardupilot · GitHub

  • Added aileron mixing example for vtol yaw
  • Desired comes from the pilot usually
  • Target is what gets passed into the next layer of the controller
  • This is the rate that gets passed into the PIDs
  • Matched get_rpy_srate
  • Should be target rate

UTC1246 - Plane update

  • 4.2.3 is out
    • People have started to fly it
    • Hopefully last 4.2 release for Plane
    • 4.2.3 has OpenDroneID stuff
    • 4.1 and 4.0 backports of RemoteID will probably need to do parallel releases
    • Quadplane landing overshoot fixes notable inclusion
    • More to do yet…
  • 4.3 betas soon

UTC1246 - Copter and Rover

  • 4.2.3rc3 is out there
  • Same as Plane with 1 additional fix
    • Climb-away issue on auto takeoff with terrain-following and don’t have the terrain
      • While going above rangefinder range
  • Rover also went out
    • Balancebot user has tested…
  • Copter 4.3 beta testing starting at end of month
    • Only critical item is Leonard’s takeoff change
    • Pixhawk6x issues

UTC1246 - Add ARM/MOTOR_EMERGENCY_STOP Aux Switch by Hwurzburg · Pull Request #21478 · ArduPilot/ardupilot · GitHub

  • Add arm/mnotor emergency stop aux switch
  • High position requests arm
  • Low position it does emergency stop
  • Mid position does neither
    • So you can switch to mid position and if it spins the props you’re still armed
  • 5 seconds in Estop will almost certainly have vehicle disarmed

UTC0007 - Tools: SITL copter param file for wind speed estimation by rmackay9 · Pull Request #21482 · ArduPilot/ardupilot · GitHub

  • Parameter file to make it easier to do wind estimation in STIL
  • Merged

UTC0009 - GPS: fixed DroneCAN GPS without vertical velocity by tridge · Pull Request #21502 · ArduPilot/ardupilot · GitHub

  • Fake GPS vertical velocity
  • Allows NMEA GPS data (without vertical velocity) to come in via dronecan
    • Bad idea, but you can do it
      • Fly-aways etc etc if you have high vibes / z-accel-bias

UTC0020 - support positions

  • Please contact tridge or other member of (James or MdB) if you are interested

UTC0020 - close