harald/zeroclaw
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 3
zeroclaw/firmware/zeroclaw-esp32
History
argenis de la rosa ccc48824cf security(deps): remove vulnerable xmas-elf dependency via embuild (fixes #399) 
Removes the unused "elf" feature from the embuild dependency in
firmware/zeroclaw-esp32/Cargo.toml.

Vulnerability Details:
- Advisory: GHSA-9cc5-2pq7-hfj8
- Package: xmas-elf < 0.10.0
- Severity: Moderate (insufficient bounds checks in HashTable access)

Root Cause:
- The embuild dependency (version < 0.33) relies on xmas-elf ~0.9.1
- The "elf" feature was enabled but not actually used

Fix:
- Removed features = ["elf"] from embuild dependency
- The build.rs only uses embuild::espidf::sysenv, which doesn't require elf
- xmas-elf dependency is now completely eliminated from Cargo.lock

Verification:
- cargo build passes successfully
- grep "xmas-elf" firmware/zeroclaw-esp32/Cargo.lock confirms removal

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-17 05:01:13 -05:00
..
.cargo Ehu shubham shaw contribution --> Hardware support (#306) 2026-02-16 11:40:10 -05:00
src Ehu shubham shaw contribution --> Hardware support (#306) 2026-02-16 11:40:10 -05:00
build.rs Ehu shubham shaw contribution --> Hardware support (#306) 2026-02-16 11:40:10 -05:00
Cargo.lock security(deps): remove vulnerable xmas-elf dependency via embuild (fixes #399) 2026-02-17 05:01:13 -05:00
Cargo.toml security(deps): remove vulnerable xmas-elf dependency via embuild (fixes #399) 2026-02-17 05:01:13 -05:00
README.md Ehu shubham shaw contribution --> Hardware support (#306) 2026-02-16 11:40:10 -05:00

README.md

ZeroClaw ESP32 Firmware

Peripheral firmware for ESP32 — speaks the same JSON-over-serial protocol as the STM32 firmware. Flash this to your ESP32, then configure ZeroClaw on the host to connect via serial.

Protocol

  • Request (host → ESP32): {"id":"1","cmd":"gpio_write","args":{"pin":13,"value":1}}\n
  • Response (ESP32 → host): {"id":"1","ok":true,"result":"done"}\n

Commands: gpio_read, gpio_write.

Prerequisites

  1. ESP toolchain (espup):

    cargo install espup espflash
espup install
source ~/export-esp.sh   # or ~/export-esp.fish for Fish

  2. Target: ESP32-C3 (RISC-V) by default. Edit .cargo/config.toml for other targets (e.g. xtensa-esp32-espidf for original ESP32).

Build & Flash

cd firmware/zeroclaw-esp32
cargo build --release
espflash flash target/riscv32imc-esp-espidf/release/zeroclaw-esp32 --monitor

Host Config

Add to config.toml:

[peripherals]
enabled = true

[[peripherals.boards]]
board = "esp32"
transport = "serial"
path = "/dev/ttyUSB0"   # or /dev/ttyACM0, COM3, etc.
baud = 115200

Pin Mapping

Default GPIO 2 and 13 are configured for output. Edit src/main.rs to add more pins or change for your board. ESP32-C3 has different pin layout — adjust UART pins (gpio21/gpio20) if needed.

Edge-Native (Future)

Phase 6 also envisions ZeroClaw running on the ESP32 (WiFi + LLM). This firmware is the host-mediated serial peripheral; edge-native will be a separate crate.