Feat/mesh beacon#938
Closed
NomDeTom wants to merge 28 commits into
Closed
Conversation
Agent-Logs-Url: https://github.com/meshtastic/protobufs/sessions/df6c83e6-b057-425c-8533-f83df8ed0c75 Co-authored-by: thebentern <9000580+thebentern@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
2.8: Refactor NodeInfoLite structure and add legacy support for migration
* Add initial protobufs for XEdDSA * Add nodeinfo bool has_xeddsa_signed * Remove optional tag from xeddsa sig field * Add missed comment marker * Apply buf format to mesh.proto Agent-Logs-Url: https://github.com/meshtastic/protobufs/sessions/f6082d6b-c47b-42a3-bda3-e269d0b63226 Co-authored-by: thebentern <9000580+thebentern@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: thebentern <9000580+thebentern@users.noreply.github.com>
Per-boot cap on how long a single auto-unlocked session can hold the device's encrypted storage open, in seconds. 0 = unlimited (current behavior, suitable for unattended infrastructure nodes). When non-zero, the firmware arms an uptime timer at unlock. On expiry the device revokes per-connection auth, re-engages screen redaction, and reboots without deleting the token; next boot auto-unlocks via the boot-count TTL (decrementing boots_remaining) and arms a fresh session. Total exposure ceiling = boots_remaining * max_session_seconds. Uses CPU uptime (millis), not wall-clock time, so the cap is immune to GPS spoofing, RTC backup-battery removal, and Faraday cage isolation — none of those move the uptime counter. The only way to reset the session clock is a reboot, which costs a boot from the HMAC-bound on-flash counter. Companion firmware change: meshtastic/firmware PR #10349.
Address review feedback: the formula 'boots_remaining * max_session_seconds' is ambiguous because boots_remaining=0 in the request means 'use firmware default' (TOKEN_DEFAULT_BOOTS), not literally zero boots. A client that sends only max_session_seconds and leaves boots_remaining=0 cannot compute the ceiling from the raw request fields. Document that the formula uses the resolved (post-default) boot count, and call out the sentinel explicitly.
The initial passphrase-unlocked session counts toward total exposure too, since boots_remaining is the count of *subsequent* token-driven auto-unlocks (not total sessions). Ceiling is (resolved_boot_count + 1) * max_session_seconds.
…n exhaustion The firmware was updated to decrement the on-flash boot count at each session expiry without rebooting (while budget remains), and only hard-lock + reboot when the boot count reaches zero. Mesh routing continues across session boundaries; per-connection auth is revoked and the screen lock re-engages at each roll so clients must re-auth to see content. The exposure ceiling is unchanged — the boot count still ticks down monotonically once per session boundary. Companion firmware change: meshtastic/firmware PR #10349 (commit d2b47e4ca).
…ession-cap Add LockdownAuth.max_session_seconds for uptime-bounded sessions
Add ITU Region 1 and Region 2/3 Amateur Radio 70cm regions
Master backmerge
Stop combining ITU 2 and 3. They will need VERY different default slotOverrides (default freq). In effect, this means each ham band we support will need 3 "regions", ITU1, ITU2, ITU3. This will allow us to better support hams around the world without stirring anger.
develop: Update 70cm ham regions, split by ITU
8 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
supports meshtastic/firmware#10618