The digital signature also verifies integrity. If the file is corrupted somehow, the signature will not match the script.
What benefits does this process have over changing parameters using the dashboard?
We’ve had lots of troubles with SmartDashboard. Shuffleboard seems better (we used it at competition as part of this system), but still isn’t perfect. We also don’t use the command-based paradigm, so a lot of the automagic of the dashboards just doesn’t work.
This also lets us have multiple computers going - we can have the drivers driving on the driver station, one programmer on the main robot code/watching the riolog, and another few programmers working on auto modes.
Is it possible to string together complex series of actions and make decisions? Could you activate WPILib Commands, or make decisions based on Game-specific data string?
Again, very nice system.
Thanks! We’re pretty pleased with how it turned out.
I don’t agree. The team doesn’t control the roboRIO unless they somehow lock it up right after each match, since we can’t change the default passwords inconsequentially (found that one out the hard way). For the same reasons, you don’t control the radio.
You also don’t control the laptop. Since we’ve already established that the roboRIO credentials (including root) are public and unchangeable, there’s no way to prove to the roboRIO that you’re special and privileged by some OS mechanism. So any laptop will do just fine for a malicious actor who’s trying to SSH in and knows what they’re doing. The only way to prove that you’re special and privileged is via an asymmetrical cryptosystem, and the simplest way to do that is to generate digital signatures for your scripts.
To nickbrickmaster’s point, something to correct for latent corruption (i.e. the file is corrupted after the transfer) is also interesting and may bring more benefit than the signed transfer. Something like a Reed-Solomon encoded file and hash could be interesting to explore.
The signatures are not checked during the transfer. They are checked just previous to when the scripts are parsed and cast into Invocables. As mentioned above, corruption would cause the signature verification to fail.