Skip to content

Add runtime warning if the MCU firmware is out of date, based on a hash of the firmware sources #768

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
kageurufu wants to merge 5 commits into
base: main
Choose a base branch
from
Open

Add runtime warning if the MCU firmware is out of date, based on a hash of the firmware sources #768

kageurufu wants to merge 5 commits into from

Conversation

@kageurufu
Copy link
Member

@kageurufu kageurufu commented Oct 28, 2025

Fixes to the MCU firmware currently do not trigger the "firmware out of date" error. That error only compares the MCU API dictionaries.

This generates a hash of the firmware sources, includes that in the MCU firmware build, and then compares against the current firmware at runtime.

I also added [danger_options] warn_on_mismatched_firmware_sources: False as an option to disable this check.

Checklist

  • pr title makes sense
  • added a test case if possible
  • if new feature, added to the readme
  • ci is happy and green

dalegaard
dalegaard requested changes Oct 30, 2025
View reviewed changes
Laikulo
Laikulo reviewed Dec 29, 2025
View reviewed changes
klippy/mcu.py
)
elif (
get_danger_options().warn_on_mismatched_firmware_sources
and sources_hash
Copy link
Contributor

@Laikulo Laikulo Dec 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

msgproto will give back "unknown" if there is no source hash in the firmware (either pre this change, or non-klipper MCUs using the Anchor/Windlass implementation). This means that this will always alert for such MCUs.

Laikulo
Laikulo reviewed Dec 29, 2025
View reviewed changes
klippy/util.py
return git_info


def get_firmware_hash():
Copy link
Contributor

@Laikulo Laikulo Dec 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Consider prefixing the hash with a leader string indicating the version of the hash being used, to allow for changes to either the algo, or the way that it is fed in the future. (See how crypt(5) works for an example of this)

Laikulo
Laikulo reviewed Dec 29, 2025
View reviewed changes
klippy/util.py
last_modified = max(file.stat().st_mtime for file in source_files)
if hash_cache.is_file() and hash_cache.stat().st_mtime >= last_modified:
return hash_cache.read_text()
hash = hashlib.blake2b(digest_size=16, usedforsecurity=False)
Copy link
Contributor

@Laikulo Laikulo Dec 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

usedforsecurity is py3.9, which is not present in Debian bullseye or derivatives, which are still pretty common in live deployments. Consider wrapping until that leaves LTS (2026-08-31)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dalegaard dalegaard dalegaard requested changes

+1 more reviewer

@Laikulo Laikulo Laikulo left review comments

Reviewers whose approvals may not affect merge requirements

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@kageurufu @dalegaard @Laikulo