mirror of
https://github.com/micropython/micropython.git
synced 2025-09-09 11:20:48 +02:00
321b30ca56
This commit enables support for DTLS, i.e. TLS over datagram transport protocols like UDP. While support for DTLS is absent in CPython, it is worth supporting it in MicroPython because it is the basis of the ubiquitous CoAP protocol, used in many IoT projects. To select DTLS, a new set of "protocols" are added to SSLContext: - ssl.PROTOCOL_DTLS_CLIENT - ssl.PROTOCOL_DTLS_SERVER If one of these is set, the library assumes that the underlying socket is a datagram-like socket (i.e. UDP or similar). Our own timer callbacks are implemented because the out of the box implementation relies on `gettimeofday()`. This new DTLS feature is enabled on all ports that use mbedTLS. This commit is an update to a previous PR #10062. Addresses issue #5270 which requested DTLS support. Signed-off-by: Keenan Johnson <keenan.johnson@gmail.com>
144 lines
4.4 KiB
Plaintext
144 lines
4.4 KiB
Plaintext
# MicroPython on ESP32, ESP IDF configuration
|
|
# The following options override the defaults
|
|
|
|
CONFIG_IDF_FIRMWARE_CHIP_ID=0x0000
|
|
|
|
# Compiler options: use -O2 and disable assertions to improve performance
|
|
CONFIG_COMPILER_OPTIMIZATION_PERF=y
|
|
CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_DISABLE=y
|
|
|
|
# Application manager
|
|
CONFIG_APP_EXCLUDE_PROJECT_VER_VAR=y
|
|
CONFIG_APP_EXCLUDE_PROJECT_NAME_VAR=y
|
|
|
|
# Bootloader config
|
|
CONFIG_BOOTLOADER_LOG_LEVEL_WARN=y
|
|
CONFIG_BOOTLOADER_SKIP_VALIDATE_IN_DEEP_SLEEP=y
|
|
CONFIG_BOOTLOADER_APP_ROLLBACK_ENABLE=y
|
|
|
|
# Change default log level to "ERROR" (instead of "INFO")
|
|
CONFIG_LOG_DEFAULT_LEVEL_ERROR=y
|
|
|
|
# Set the maximum included log level higher than the default,
|
|
# so esp.osdebug() can enable more logging at runtime.
|
|
#
|
|
# To increase the max log verbosity to Debug or Verbose instead, comment
|
|
# CONFIG_LOG_MAXIMUM_LEVEL_INFO=y and uncomment one of the other settings.
|
|
#
|
|
# If not needed, the next line can be commented entirely to save binary size.
|
|
CONFIG_LOG_MAXIMUM_LEVEL_INFO=y
|
|
#CONFIG_LOG_MAXIMUM_LEVEL_DEBUG=y
|
|
#CONFIG_LOG_MAXIMUM_LEVEL_VERBOSE=y
|
|
|
|
# Main XTAL Config
|
|
# Only on: ESP32
|
|
CONFIG_XTAL_FREQ_AUTO=y
|
|
|
|
# ESP System Settings
|
|
# Only on: ESP32, ESP32S3
|
|
CONFIG_ESP_TASK_WDT_CHECK_IDLE_TASK_CPU0=n
|
|
CONFIG_ESP_TASK_WDT_CHECK_IDLE_TASK_CPU1=n
|
|
|
|
# Power Management
|
|
CONFIG_PM_ENABLE=y
|
|
|
|
# Memory protection
|
|
# This is required to allow allocating IRAM
|
|
CONFIG_ESP_SYSTEM_MEMPROT_FEATURE=n
|
|
|
|
# FreeRTOS
|
|
CONFIG_FREERTOS_THREAD_LOCAL_STORAGE_POINTERS=2
|
|
CONFIG_FREERTOS_SUPPORT_STATIC_ALLOCATION=y
|
|
CONFIG_FREERTOS_ENABLE_STATIC_TASK_CLEAN_UP=n
|
|
CONFIG_FREERTOS_TASK_PRE_DELETION_HOOK=y
|
|
|
|
# UDP
|
|
CONFIG_LWIP_PPP_SUPPORT=y
|
|
CONFIG_LWIP_PPP_PAP_SUPPORT=y
|
|
CONFIG_LWIP_PPP_CHAP_SUPPORT=y
|
|
|
|
# SSL
|
|
# Use 4kiB output buffer instead of default 16kiB
|
|
CONFIG_MBEDTLS_ASYMMETRIC_CONTENT_LEN=y
|
|
CONFIG_MBEDTLS_HAVE_TIME_DATE=y
|
|
CONFIG_MBEDTLS_PLATFORM_TIME_ALT=y
|
|
CONFIG_MBEDTLS_HAVE_TIME=y
|
|
|
|
# Enable DTLS
|
|
CONFIG_MBEDTLS_SSL_PROTO_DTLS=y
|
|
|
|
# Disable ALPN support as it's not implemented in MicroPython
|
|
CONFIG_MBEDTLS_SSL_ALPN=n
|
|
|
|
# Disable slow or unused EC curves
|
|
CONFIG_MBEDTLS_ECP_DP_BP256R1_ENABLED=n
|
|
CONFIG_MBEDTLS_ECP_DP_BP384R1_ENABLED=n
|
|
CONFIG_MBEDTLS_ECP_DP_BP512R1_ENABLED=n
|
|
CONFIG_MBEDTLS_ECP_DP_CURVE25519_ENABLED=n
|
|
|
|
# Disable certificate bundle as it's not implemented in MicroPython
|
|
CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=n
|
|
CONFIG_MBEDTLS_CERTIFICATE_BUNDLE_DEFAULT_FULL=n
|
|
|
|
# Allow mbedTLS to allocate from PSRAM or internal memory
|
|
#
|
|
# (The ESP-IDF default is internal-only, partly for physical security to prevent
|
|
# possible information leakage from unencrypted PSRAM contents on the original
|
|
# ESP32 - no PSRAM encryption on that chip. MicroPython doesn't support flash
|
|
# encryption and is already storing the Python heap in PSRAM so this isn't a
|
|
# significant factor in overall physical security.)
|
|
CONFIG_MBEDTLS_DEFAULT_MEM_ALLOC=y
|
|
|
|
# ULP coprocessor support
|
|
# Only on: ESP32, ESP32S2, ESP32S3
|
|
CONFIG_ULP_COPROC_ENABLED=y
|
|
CONFIG_ULP_COPROC_TYPE_FSM=y
|
|
CONFIG_ULP_COPROC_RESERVE_MEM=2040
|
|
|
|
# For cmake build
|
|
CONFIG_ESPTOOLPY_FLASHSIZE_4MB=y
|
|
CONFIG_PARTITION_TABLE_CUSTOM=y
|
|
CONFIG_PARTITION_TABLE_CUSTOM_FILENAME="partitions-4MiB.csv"
|
|
|
|
# To reduce iRAM usage
|
|
CONFIG_ESP32_WIFI_IRAM_OPT=n
|
|
CONFIG_ESP32_WIFI_RX_IRAM_OPT=n
|
|
CONFIG_SPI_MASTER_ISR_IN_IRAM=n
|
|
CONFIG_SPI_SLAVE_ISR_IN_IRAM=n
|
|
CONFIG_ESP_EVENT_POST_FROM_IRAM_ISR=n
|
|
CONFIG_PERIPH_CTRL_FUNC_IN_IRAM=n
|
|
|
|
# Legacy ADC Calibration Configuration
|
|
# Only on: ESP32
|
|
CONFIG_ADC_CAL_EFUSE_TP_ENABLE=y
|
|
CONFIG_ADC_CAL_EFUSE_VREF_ENABLE=y
|
|
CONFIG_ADC_CAL_LUT_ENABLE=y
|
|
|
|
# UART Configuration
|
|
CONFIG_UART_ISR_IN_IRAM=y
|
|
|
|
# IDF 5 deprecated
|
|
CONFIG_ADC_SUPPRESS_DEPRECATE_WARN=y
|
|
CONFIG_RMT_SUPPRESS_DEPRECATE_WARN=y
|
|
|
|
CONFIG_ETH_USE_SPI_ETHERNET=y
|
|
CONFIG_ETH_SPI_ETHERNET_W5500=y
|
|
CONFIG_ETH_SPI_ETHERNET_KSZ8851SNL=y
|
|
CONFIG_ETH_SPI_ETHERNET_DM9051=y
|
|
|
|
# Using newlib "nano" formatting saves size on SoCs where "nano" formatting
|
|
# functions are in ROM. Note some newer chips (c2,c6) have "full" newlib
|
|
# formatting in ROM instead and should override this, check
|
|
# ESP_ROM_HAS_NEWLIB_NANO_FORMAT.
|
|
CONFIG_NEWLIB_NANO_FORMAT=y
|
|
|
|
# IRAM/DRAM split protection is a memory protection feature on some parts
|
|
# that support SOC_CPU_IDRAM_SPLIT_USING_PMP, eg. C2, C5, C6, H2
|
|
# Due to limitations in the PMP system this feature breaks native emitters
|
|
# so is disabled by default.
|
|
CONFIG_ESP_SYSTEM_PMP_IDRAM_SPLIT=n
|
|
|
|
# Further limit total sockets in TIME-WAIT when there are many short-lived
|
|
# connections.
|
|
CONFIG_LWIP_MAX_ACTIVE_TCP=12
|