Client files for Qb2 Firmware 2.6.5 (30.01.2025)

Author: bf-jomess

doc/antora.yml

@@ -1,4 +1,4 @@
-display_version: v2.5
+display_version: v2.6
 name: Qb2
 nav:
 - modules/ROOT/nav.adoc
@@ -9,4 +9,4 @@ nav:
 - modules/developer/nav.adoc
 - modules/service_and_maintenance/nav.adoc
 title: Qb2
-version: v2.5
+version: v2.6

doc/modules/protocol/pages/blickfeld/system/config/network.adoc

@@ -36,6 +36,10 @@ link-local prefix is FE80::/10 and is used to create a link-local IPv6 address o
 .2+| *wireless* | optional xref:blickfeld/system/config/network.adoc#_blickfeld_system_config_Network_Wireless[Wireless] | - | - 
 3+| If the field is set, the device switches from the Ethernet to the WiFi interface.
 
+.2+| *authentication* | optional xref:blickfeld/system/config/network.adoc#_blickfeld_system_config_Network_Authentication[Authentication] | - | - 
+3+| Authentication configuration for joining a network. 
+If this field is set the device starts to communicate with a authentication server (e.g. RADIUS).
+
 |===
 
 [#_blickfeld_system_config_Network_Static]
@@ -135,3 +139,97 @@ This mechanism is applied as the password is never returned via the GetConfig AP
 
 |===
 
+[#_blickfeld_system_config_Network_Authentication]
+== Authentication
+
+Authentication for networks 
+ 
+Interface to netplan & networkd, see https://netplan.readthedocs.io/en/latest/netplan-yaml/#authentication.
+
+.Available fields in blickfeld.system.config.Network.Authentication
+|===
+| Field | Type | Default | Unit
+
+.2+| *key_management* | xref:blickfeld/system/config/network.adoc#_blickfeld_system_config_Network_Authentication_KeyManagement[KeyManagement] | - | - 
+3+| Selected key management
+
+.2+| *password* | string| - | - 
+3+| Password in plain text corresponding the the account identity or username
+
+.2+| *eap_method* | xref:blickfeld/system/config/network.adoc#_blickfeld_system_config_Network_Authentication_EapMethod[EapMethod] | - | - 
+3+| Selected preferred EAP method
+
+.2+| *identity* | string| - | - 
+3+| The account identity or username
+
+.2+| *anonymous_identity* | string| - | - 
+3+| anonymous-identity (advanced configuration)
+
+.2+| *ca_certificate* | xref:blickfeld/secure/config/certificate.adoc[secure.config.Certificate] | - | - 
+3+| The RADIUS-server ca-certificate 
+ 
+For EAP-methods TLS, TTLS and PEAP this certificate is loaded and validated 
+against the certificate presented from the server side. 
+ 
+The expected format is a x509, PEM in binary encoding.
+
+.2+| *client_certificate* | xref:blickfeld/secure/config/certificate.adoc[secure.config.Certificate] | - | - 
+3+| The Client-certificate 
+ 
+The certificate to be used by the client during authentication when EAP-TLS is selected.
+
+.2+| *client_key* | xref:blickfeld/secure/config/private_key.adoc[secure.config.PrivateKey] | - | - 
+3+| The client-key 
+ 
+Client key for the configured client certificate.
+
+.2+| *client_key_password* | string| - | - 
+3+| The client-key password 
+ 
+Password to use the configured client key (if encrypted).
+
+.2+| *phase2_auth* | string| - | - 
+3+| phase2-auth (advanced configuration)
+
+|===
+
+[#_blickfeld_system_config_Network_Authentication_KeyManagement]
+=== Key Management
+
+Key management 
+ 
+[NOTE] 
+Only 802.1X for wired network is supported (see https://en.wikipedia.org/wiki/IEEE_802.1X).
+
+.Available values for blickfeld.system.config.Network.Authentication.KeyManagement enum
+[cols='25h,5,~']
+|===
+| Name | Value | Description
+
+| KEY_MANAGEMENT_UNSPECIFIED ^| 0 | default (no key management)
+| KEY_MANAGEMENT_PSK ^| 1 | PSK (WPA with pre-shared key, common for home Wi-Fi).
+| KEY_MANAGEMENT_EAP ^| 2 | EAP (WPA with EAP, common for enterprise Wi-F).
+| KEY_MANAGEMENT_EAPSHA256 ^| 3 | EAP-SHA256 (used with WPA3-Enterprise).
+| KEY_MANAGEMENT_EAPSUITEB192 ^| 4 | EAP-SUITE-B-192 (used with WPA3-Enterprise).
+| KEY_MANAGEMENT_SAE ^| 5 | SAE (used by WPA3)
+| KEY_MANAGEMENT_IEEE8021X ^| 6 | 802.1X (used primarily for wired Ethernet connections).
+|===
+
+[#_blickfeld_system_config_Network_Authentication_EapMethod]
+=== Eap Method
+
+The Extensible Authentication Protocol (EAP) method to use.
+
+.Available values for blickfeld.system.config.Network.Authentication.EapMethod enum
+[cols='25h,5,~']
+|===
+| Name | Value | Description
+
+| EAP_METHOD_UNSPECIFIED ^| 0 | default (unset) - Let the RADIUS server propose a EAP method
+| EAP_METHOD_TLS ^| 1 | Prefer TLS
+| EAP_METHOD_PEAP ^| 2 | Prefer protected EAP (recommended)
+| EAP_METHOD_LEAP ^| 3 | Prefer lightweight EAP
+| EAP_METHOD_PWD ^| 4 | Prefer EAP password
+| EAP_METHOD_TTLS ^| 5 | Prefer tunneled TLS (recommended)
+|===
+

doc/modules/protocol/pages/blickfeld/system/config/time_synchronization.adoc

@@ -12,6 +12,13 @@ The system time is used to fill timestamps in generated output data e.g. point c
 .2+| *ntp* | xref:blickfeld/system/config/time_synchronization.adoc#_blickfeld_system_config_TimeSynchronization_Ntp[Ntp] | - | - 
 3+| Configuration for NTP time synchronization
 
+.2+| *time_zone* | optional string| - | - 
+3+| Configure time zone of device. 
+ 
+Use ListTimeZones to retrieve the available time zones. 
+ 
+Default: UTC
+
 |===
 
 [#_blickfeld_system_config_TimeSynchronization_Ntp]

doc/modules/protocol/pages/blickfeld/system/data/health.adoc

@@ -39,6 +39,9 @@ Status message for time synchronization
 .2+| *current_system_timestamp* | uint64| - | ns 
 3+| Current timestamp
 
+.2+| *current_time_zone* | string| - | - 
+3+| Current time zone
+
 .2+| *ntp* | xref:blickfeld/system/data/health.adoc#_blickfeld_system_data_Health_TimeSynchronization_Ntp[Ntp] | - | - 
 3+| Status for NTP time synchronization
 

doc/modules/protocol/pages/blickfeld/system/services/time_synchronization.adoc

@@ -10,6 +10,7 @@ This service provides methods to configure the time synchronization of the devic
 
 | *xref:#Set[]* | xref:blickfeld/system/services/time_synchronization.adoc#_blickfeld_system_services_TimeSynchronizationSetRequest[TimeSynchronizationSetRequest]| https://protobuf.dev/reference/protobuf/google.protobuf/#empty[google.protobuf.Empty]
 | *xref:#Get[]* | https://protobuf.dev/reference/protobuf/google.protobuf/#empty[google.protobuf.Empty]| xref:blickfeld/system/services/time_synchronization.adoc#_blickfeld_system_services_TimeSynchronizationGetResponse[TimeSynchronizationGetResponse]
+| *xref:#ListTimeZones[]* | https://protobuf.dev/reference/protobuf/google.protobuf/#empty[google.protobuf.Empty]| xref:blickfeld/system/services/time_synchronization.adoc#_blickfeld_system_services_TimeSynchronizationListTimeZonesResponse[TimeSynchronizationListTimeZonesResponse]
 |===
 [#Set]
 == Set
@@ -49,3 +50,20 @@ Response which is sent as answer for a GetConfig call
 
 |===
 
+[#ListTimeZones]
+== ListTimeZones
+
+List available time zones
+
+[#_blickfeld_system_services_TimeSynchronizationListTimeZonesResponse]
+=== Response
+
+Response for ListTimeZones request
+
+.Available fields in blickfeld.system.services.TimeSynchronizationListTimeZonesResponse
+|===
+| Field | Type | Default | Unit
+
+| *time_zones* | repeated string| - | - 
+|===
+

protocol/blickfeld/system/config/network.proto

@@ -1,6 +1,8 @@
 syntax = "proto2";
 
 import "blickfeld/base/options.proto";
+import "blickfeld/secure/config/certificate.proto";
+import "blickfeld/secure/config/private_key.proto";
 package blickfeld.system.config;
 
 option (.blickfeld.base.access_control_file) = {
@@ -66,6 +68,77 @@ message Network {
     // This mechanism is applied as the password is never returned via the GetConfig API.
     optional string password = 2;
   }
+  // Authentication for networks
+  // 
+  // Interface to netplan & networkd, see https://netplan.readthedocs.io/en/latest/netplan-yaml/#authentication.
+  message Authentication {
+    // Key management
+    // 
+    // [NOTE]
+    // Only 802.1X for wired network is supported (see https://en.wikipedia.org/wiki/IEEE_802.1X).
+    enum KeyManagement {
+      // default (no key management)
+      KEY_MANAGEMENT_UNSPECIFIED = 0;
+      // PSK (WPA with pre-shared key, common for home Wi-Fi).
+      KEY_MANAGEMENT_PSK = 1;
+      // EAP (WPA with EAP, common for enterprise Wi-F).
+      KEY_MANAGEMENT_EAP = 2;
+      // EAP-SHA256 (used with WPA3-Enterprise).
+      KEY_MANAGEMENT_EAPSHA256 = 3;
+      // EAP-SUITE-B-192 (used with WPA3-Enterprise).
+      KEY_MANAGEMENT_EAPSUITEB192 = 4;
+      // SAE (used by WPA3)
+      KEY_MANAGEMENT_SAE = 5;
+      // 802.1X (used primarily for wired Ethernet connections).
+      KEY_MANAGEMENT_IEEE8021X = 6;
+    }
+    // The Extensible Authentication Protocol (EAP) method to use.
+    enum EapMethod {
+      // default (unset) - Let the RADIUS server propose a EAP method
+      EAP_METHOD_UNSPECIFIED = 0;
+      // Prefer TLS
+      EAP_METHOD_TLS = 1;
+      // Prefer protected EAP (recommended)
+      EAP_METHOD_PEAP = 2;
+      // Prefer lightweight EAP
+      EAP_METHOD_LEAP = 3;
+      // Prefer EAP password
+      EAP_METHOD_PWD = 4;
+      // Prefer tunneled TLS (recommended)
+      EAP_METHOD_TTLS = 5;
+    }
+    // Selected key management
+    optional .blickfeld.system.config.Network.Authentication.KeyManagement key_management = 1;
+    // Password in plain text corresponding the the account identity or username
+    optional string password = 2;
+    // Selected preferred EAP method
+    optional .blickfeld.system.config.Network.Authentication.EapMethod eap_method = 3;
+    // The account identity or username
+    optional string identity = 4;
+    // anonymous-identity (advanced configuration)
+    optional string anonymous_identity = 5;
+    // The RADIUS-server ca-certificate
+    // 
+    // For EAP-methods TLS, TTLS and PEAP this certificate is loaded and validated
+    // against the certificate presented from the server side.
+    // 
+    // The expected format is a x509, PEM in binary encoding.
+    optional .blickfeld.secure.config.Certificate ca_certificate = 6;
+    // The Client-certificate
+    // 
+    // The certificate to be used by the client during authentication when EAP-TLS is selected.
+    optional .blickfeld.secure.config.Certificate client_certificate = 7;
+    // The client-key
+    // 
+    // Client key for the configured client certificate.
+    optional .blickfeld.secure.config.PrivateKey client_key = 8;
+    // The client-key password
+    // 
+    // Password to use the configured client key (if encrypted).
+    optional string client_key_password = 9;
+    // phase2-auth (advanced configuration)
+    optional string phase2_auth = 10;
+  }
   // *
   // Specifies the persistent system-wide hostname which should be assigned to the network device
   optional string hostname = 1;
@@ -85,5 +158,8 @@ message Network {
   optional bool link_local = 4 [default = false];
   // If the field is set, the device switches from the Ethernet to the WiFi interface.
   optional .blickfeld.system.config.Network.Wireless wireless = 5 [(.blickfeld.base.optional) = true];
+  // Authentication configuration for joining a network.
+  // If this field is set the device starts to communicate with a authentication server (e.g. RADIUS).
+  optional .blickfeld.system.config.Network.Authentication authentication = 6 [(.blickfeld.base.optional) = true];
 }
 

protocol/blickfeld/system/config/time_synchronization.proto

@@ -22,5 +22,11 @@ message TimeSynchronization {
     // Configuration for NTP time synchronization
     .blickfeld.system.config.TimeSynchronization.Ntp ntp = 1;
   }
+  // Configure time zone of device.
+  // 
+  // Use ListTimeZones to retrieve the available time zones.
+  // 
+  // Default: UTC
+  string time_zone = 2 [(.blickfeld.base.optional) = true];
 }
 

protocol/blickfeld/system/data/health.proto

@@ -34,6 +34,8 @@ message Health {
     string state_reason = 2;
     // Current timestamp
     uint64 current_system_timestamp = 3 [(.blickfeld.base.unit) = "ns"];
+    // Current time zone
+    string current_time_zone = 5;
     // Current time synchronization status
     oneof type {
       // Status for NTP time synchronization

protocol/blickfeld/system/services/time_synchronization.proto

@@ -21,6 +21,11 @@ message TimeSynchronizationGetResponse {
   .blickfeld.system.config.TimeSynchronization config = 1;
 }
 
+// Response for ListTimeZones request
+message TimeSynchronizationListTimeZonesResponse {
+  repeated string time_zones = 1;
+}
+
 // This service provides methods to configure the time synchronization of the device.
 service TimeSynchronization {
   option (.blickfeld.base.access_control_service) = {
@@ -37,5 +42,11 @@ service TimeSynchronization {
       read_only: true
     };
   }
+  // List available time zones
+  rpc ListTimeZones(.google.protobuf.Empty) returns (.blickfeld.system.services.TimeSynchronizationListTimeZonesResponse) {
+    option (.blickfeld.base.access_control_method) = {
+      read_only: true
+    };
+  }
 }