Is it possible to remove or restrict the setting of MPC_THR_HOVER?

MPC_THR_HOVER is responsible for setting the hovering thrust of the UAV. When the parameter MPC_USE_HTE is false, the copter will use MPC_USE_HTE as the setpoint of hover thrust.
However, during the SITL testing, I found that setting MPC_THR_HOVER to an unreasonable value (e.g. 0.12, the minimum value of MPC_THR_HOVER) will lead to a crash.

  1. Since we have the hover thrust estimator, is it possible to remove MPC_THR_HOVER?
  2. If we cannot remove MPC_THR_HOVER, is it possible to introduce some safety measures to fix this flaw? For example, we can prohibit the user from changing this parameter during the flight or take some means to reject unreasonable values.

I would argue that it’s somewhat expected that bad things can happen if “unreasonable” param values are applied during flight.

  1. Can we remove it? Probably not because it might still be useful for some users where the estimator doesn’t work as intended.
  2. We could limit the range of accepted values here. Maybe 0.2 or 0.3 would be safer but I’m sure other users will complain because their over powered airframes need low values like that… :smirk:.

@bresch opinions?

Thank you for your reply.
I now understand the meaning of MPC_THR_HOVER. However, if a malicious user modifies this parameter during flight it could lead to the crash of the copter. Is it possible to dynamically adjust the value of MPC_THR_HOVER to prevent the copter from crashing (e.g. detect a small value of MPC_THR_HOVER and then increase the value slightly by the flight control to keep the aircraft flying)?

There are many parameters that a “malicious user” can change to bring down a drone. That’s not something that can be fixed one off like that. To prevent malicious users you need access control and/or you need to lock down most parameters.

1 Like