Drop AES network key from Wired Detector role#45
Merged
Conversation
The AES-128 BATEAR_NET_KEY only secures the LoRa link between Detector and Gateway. The Wired Detector publishes directly over Ethernet/MQTT and never reads s_keys.app_key, so requiring users to enter / store the key for that role was pure cognitive overhead. Firmware: - Kconfig: BATEAR_NET_KEY now `depends on DETECTOR || GATEWAY`. Wired builds no longer carry CONFIG_BATEAR_NET_KEY at all. - pin_config.h: gate the BATEAR_NET_KEY hex-array macro on the Kconfig symbol so wired builds compile with the symbol absent. - lorawan_provision.c: skip the BATEAR_NET_KEY fallback for wired builds (memset s_keys.app_key = 0); replace the AppKey log line with "(not used in this role)" instead of dumping zeros. Also gate the LoRa freq/sync_word log on its Kconfig symbols. - config_console.c: gate `set net_key` and the `show` net_key/app_key output on LoRa roles only; refresh the file-header key list to include the wired-role keys. - sdkconfig.wired_detector: drop the now-unused CONFIG_BATEAR_NET_KEY line; default config covers Ethernet, MQTT, and the REST API only. Web Flasher: - index.html: wrap the Network Key section in #networkKeySection and hide it whenever the active tab is Wired Detector. Status pill and FAQ now state explicitly that wired does not consume the AES key. - nvs_gen.js: refactor generateWiredNvsImage(deviceId, wiredCfg) — the wired NVS image now omits dev_eui and app_key blobs and only carries lora_cfg/device_id (u8) plus the wired_cfg strings actually used by the firmware. Docs: - docs/configuration.md: drop CONFIG_BATEAR_NET_KEY from the wired example config, refactor the serial-console key matrix so net_key sits under "Detector and gateway only", and clarify the parameter reference + NVS fallback table. - CLAUDE.md: clarify that BATEAR_NET_KEY is LoRa-only. Verified locally with `idf.py build` for all three roles (detector, gateway, wired_detector) on ESP-IDF 6.x. Made-with: Cursor
Two issues surface from #ifdef CONFIG_BATEAR_NET_KEY guards added in the previous commit: - config_console.c:158: with the printf wrapped in #ifdef, cppcheck now sweeps the "defined" configuration too. It can't see the sdkconfig string value and treats CONFIG_BATEAR_NET_KEY as int, tripping invalidPrintfArgType_s. Add an inline cppcheck-suppress. - config_console.c:365: in the all-roles-undefined permutation that cppcheck inspects, every `if (strcmp(key, ...))` block is gated out and `value` is never read. Add `(void)value;` so the assignment is trivially used. Made-with: Cursor
Firmware Size Report
idf.py size detailsDetector: |
1 similar comment
Firmware Size Report
idf.py size detailsDetector: |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The AES-128 BATEAR_NET_KEY only secures the LoRa link between Detector and Gateway. The Wired Detector publishes directly over Ethernet/MQTT and never reads s_keys.app_key, so requiring users to enter / store the key for that role was pure cognitive overhead.
Firmware:
depends on DETECTOR || GATEWAY. Wired builds no longer carry CONFIG_BATEAR_NET_KEY at all.set net_keyand theshownet_key/app_key output on LoRa roles only; refresh the file-header key list to include the wired-role keys.Web Flasher:
Docs:
Verified locally with
idf.py buildfor all three roles (detector, gateway, wired_detector) on ESP-IDF 6.x.Made-with: Cursor