Enabling MAVLink 2.0 and Packet Signing

I’m having trouble enabling MAVLink 2.0 Packet Signing in Mission Planner. I’ve searched for guides and to see whether it was implemented in Mission Planner and found commits on GitHub suggesting that it is, but haven’t found a guide or instructions on how to enable it.

Exploring the code a bit I notice that ‘Stats…’ link next to CONNECT that has a dialog with options for selecting MAVLink 2.0 and Signing and see that it changes the console output, but it doesn’t seem to actually enable Signing on the Pixhawk 2 I’ve connected to Mission Planner.

I’ve also found the ‘signing’ dialog from the ‘Testing Screen’ and added AuthKeys, but that also doesn’t seem to enable Packet Signing.

  1. Is Packet Signing Enabled in Mission Planner?
  2. Do I have to enable it on the Pixhawk 2 in Mission Planner or is there an external tool to configure for MAVLink 2.0 and Signing?
  3. How to I add AuthKeys to the Pixhawk 2 / Mission Planner?
  4. This seems like the correct place to ask this, if it isn’t, where should I be asking / looking?
1 Like

I think you must be the first person to ever really ask this

make sure serial?_protocol is set to mavlink2 for that port.

then use the testing screen signing option to create a key and save, while connected click use.

once this is done, the mavlink2 and signing options will tick themselves in the stats screen.

1 Like

Thanks for the reply Michael. Based on the scarce search results I suspected I might be in the minority, but I don’t mind being a guinea pig. :slight_smile:

So we’ve been trying to beef up security on our UAVs, so we’ve enabled AES 128 on our RFD900x and are looking to turn on packet signing for the Radio Link.

I tried your steps and seemed to run into Signing failures so I’ll summarize our setup and my steps.

Overview:
USB on Serial0 with RFD900x on Serial 2.

Goal:
Connect via USB / Serial0 at the office and configure Serial2 for Mavlink2 + AuthKey, then go to the field and connect via RFD900x / Serial2 w/packet signing enabled.

Testing:

  1. This is the scenario we prefer.
    Connected via USB / Serial0, Set Serial0 for Mavlink1 and Serial2 for Mavlink2.
    Went into ‘Testing Screen->signing’, created a key, saved, and clicked Use.
    Tried Connecting via RFD900x / Serial2 and got errors:
    “Packet failed signature but passed crc”

  2. This setup isn’t ideal as we don’t want to be sending authkeys over the air, but I just wanted to test this setup.
    Reset from test 1.
    Connected via USB / Serial0, Set Serial0 for Mavlink1 and Serial 2 for Mavlink2.
    Connected via RFD900x / Serial 2, connection worked.
    Went into ‘Testing Screen->signing’, created a key, saved, and clicked Use.
    “Packet failed signature but passed crc”

I tried the above two tests with various other configurations and resets between the various steps and without RFD900x AES128 enabled to no avail.

Any suggestions or tests I can try?

“Packet failed signature but passed crc” - given that message, it sounds like there is an existing signing key already been uploaded to the autopilot.
new signing keys wont be accepted until this key is removed, or it becomes valid. you can have more than one key in the signing screen and MP will attempt to find the correct one. ie its an invalid packet as far as both ends are concerned.

for setting the signing key I would use usb, not lossy radios. This is just to ensure it goes smoothly.

so

  1. connect via usb
  2. confirm mavlink 2 is enabled
  3. clear any existing uploaded keys “Disable signing”
  4. click use

after that it should be working.

1 Like

Thanks for the help. It’s all up and working now.

There are definitely rough edges about this implementation that could use some sanding. Do you know if anyone is working on this feature? Not sure how my time is going to be allocated / how much free time I’ll have, but I may have some time to work on this (the Mission Planner dialogs in particular).

I’ve followed the steps then closed MissionPlanner and deleted authkeys.xml file in MissionPlanner directory in Documents, and confirmed through testing screen there are no keys.
Then tried to connect to the pixhawk and it successfully connected!! I could even write and read mission points.
So what is the whole point of this?
What is the expected behavior?

where you connected via usb? usb has a bypass for signing

Yeah, Got it. It only affects telemetry.

But actually on telemetry without signing I could “read” the UAV status and gets much info but couldn’t execute/write commands.
Is that the expected behavior?

yes, it is signing, not encryption

Does signing affect MavLink telemetry on other serial ports?

I recently installed a 900x and enabled encryption and signing. Telemetry to Mission Planner works but now the MinimOSD displays all zeros, except for flight mode which is displayed correctly. The 900x is on Serial1 and the MinimOSD is on Serial5. I also have a PingRX on Serial4 and Craft & Theory telemetry on Serial2. If I set Serial1 back to Mavlink 1 the MinimOSD works again. C&T telemetry works with both settings.

Copter 3.5.4 and MP 1.3.56. Thanks,

the OSD most likerly doesnt support mavlink2.

if you are running 900x’s then you don’t need signing anyway, as you have hardware level aes encryption.

I did a little more testing; it is signing that breaks the MinimOSD. With Serial 1 (900x) as Mavlink 2 and Serial 5 (OSD) as Mavlink 1 things work OK. As soon as I turn on signing the OSD shows zeros except for flight mode. I’m using a 3DR MinimOSD v1.1.

I’ll just turn off signing. As you say, encryption should be enough.

In case anyone else finds this thread, the serialX_PROTOCOL setting is in the Full Parameter Tree in MissionPlanner.

Also, per the MavLink guide on Mavlink2/Mavlink1 negotiation, it appears ArduPilot does it’s own thing via the parameter above instead of following the “handshake” described in the link.

1 Like