pictureFrame-firmware

football2801/pictureFrame-firmware

Fork 0

Commit Graph

Author	SHA1	Message	Date
football2801	27d01057e4	feat(operation): verify X-Image-Sha256 before painting the panel Pairs with the server-side header. After streaming the response body to LittleFS, hash the file with mbedtls/sha256 (hardware-accelerated on ESP32-S3) and compare against the server's claim. On mismatch: - Don't update NVS_KEY_IMG_ID, so the next poll reports the old id and the server sends 200 again with fresh bytes (natural retry, no extra HTTP round-trip in this cycle). - Don't draw — panel keeps whatever was up before, no garbage on the e-ink. - Raise NVS_KEY_ERR_BORDER so the next healthy 304 paints a clean recovery frame with the sync-fail border. Verification is skipped when the header is absent, so the firmware stays compatible with any server that hasn't deployed the matching header yet. mbedtls compiles into a native-test no-op stub (returns empty hex), so existing native tests don't need a SHA implementation. Two new tests: FW-17a (mismatch path) and FW-17b (missing header backward compat). Mock String now has equalsIgnoreCase so the new comparison compiles in native-test. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-06 19:43:02 -04:00
football2801	87af8cb030	fix: harden firmware NVS persistence, WDT, and 304 epd_sleep Three bugs fixed: - NVS img_id now written before epd_init/draw; new draw_needed flag in NVS survives power-loss mid-refresh so next boot re-draws from LittleFS instead of showing stale content - epd_sleep() now only called when display was initialized this cycle, preventing a 60 s wait_busy() timeout on every 304 poll - esp_task_wdt_reset() added to wait_busy() loop so the ~20 s 6-color refresh no longer triggers the task watchdog Also extracts normal_operation into operation.h template and adds a native PlatformIO test suite (16 tests) covering the full response matrix. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-06 12:09:37 -04:00

Author

SHA1

Message

Date

football2801

27d01057e4

feat(operation): verify X-Image-Sha256 before painting the panel

Pairs with the server-side header. After streaming the response body to
LittleFS, hash the file with mbedtls/sha256 (hardware-accelerated on
ESP32-S3) and compare against the server's claim. On mismatch:

- Don't update NVS_KEY_IMG_ID, so the next poll reports the old id and
  the server sends 200 again with fresh bytes (natural retry, no extra
  HTTP round-trip in this cycle).
- Don't draw — panel keeps whatever was up before, no garbage on the
  e-ink.
- Raise NVS_KEY_ERR_BORDER so the next healthy 304 paints a clean
  recovery frame with the sync-fail border.

Verification is skipped when the header is absent, so the firmware
stays compatible with any server that hasn't deployed the matching
header yet. mbedtls compiles into a native-test no-op stub (returns
empty hex), so existing native tests don't need a SHA implementation.

Two new tests: FW-17a (mismatch path) and FW-17b (missing header
backward compat). Mock String now has equalsIgnoreCase so the new
comparison compiles in native-test.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-05-06 19:43:02 -04:00

football2801

87af8cb030

fix: harden firmware NVS persistence, WDT, and 304 epd_sleep

Three bugs fixed:
- NVS img_id now written before epd_init/draw; new draw_needed flag in NVS
  survives power-loss mid-refresh so next boot re-draws from LittleFS instead
  of showing stale content
- epd_sleep() now only called when display was initialized this cycle,
  preventing a 60 s wait_busy() timeout on every 304 poll
- esp_task_wdt_reset() added to wait_busy() loop so the ~20 s 6-color
  refresh no longer triggers the task watchdog

Also extracts normal_operation into operation.h template and adds
a native PlatformIO test suite (16 tests) covering the full response matrix.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-05-06 12:09:37 -04:00

2 Commits