First of all, it’s not possible to set the rtc timer exactly to 1 millisecond! The internal 32.768 kHz oscillator isn’t divisible to exactly 1ms, but it’s sufficient for approximate counting instead of a delay.

First of all let´s take a look into the avr0 clock control in the family datasheet (DS40002015B) on page 83.

There we can see that it it possible to route the internal 32.768 kHz oscillator to the rtc. Before the timer can be switched on we need to think about the ticks to get an interrupt every ~1 ms. Let´s do some math:

Every $30.5176 \mu\text{s}$ increments $+1$. So now we can calculate the time shift to get to $1ms$.

There we see that the ticks are not an integer and the interrupts can´t occur exactly at $1ms$!

The best fit seems to be at $T_{INT,max}=~1,007 ms$ so the rtc overflow register (PER) should be set to $33$ ticks with a prescaler of 1.

void rtc_init(void)
{	
    RTC.INTCTRL = RTC_OVF_bm;
    RTC.CLKSEL = RTC_CLKSEL_INT32K_gc;

    // RTC Overflow
    while (RTC.STATUS & RTC_PERBUSY_bm);
    RTC.PER = 0x0021;   // 33 -> base16 -> 0x0021

    while (RTC.STATUS & RTC_CTRLABUSY_bm);
    RTC.CTRLA = RTC_PRESCALER_DIV1_gc | RTC_RTCEN_bm;
}

Let´s check if the generated time fit´s the calculated time. To do this we will start to toggle any available pin on an avr0 (in this case an ATTiny1604).

The initialization of the main system clock is not necessary, in cause of that we are not using any program code in while(1).

#include <avr/io.h>
#include <avr/interrupt.h> 

ISR(RTC_CNT_vect)
{
    PORTA.OUTTGL = PIN0_bm;
    RTC.INTFLAGS = RTC_OVF_bm;
}

int main(void)
{
    PORTA.DIRSET = PIN0_bm;

    rtc_init();
    sei();

    while(1)
    {

    }
}

Now we take a look at the generated signal with an Analog Discovery.

Generated signal with 0x0021 setup.

Generated signal with 0x0020 setup.

There we are. In this case the value 0x0021 seems to fit better than the value 0x0020. The drift with 0x0021 is a bit lower than with 0x0020 to $1ms$ and it seems to be better to have a positive instead of a negative timeshift.

Generating a systick with the rtc

To keep things cleaned up, just lets use some libraries for the initialization of rtc and the system clock.

git clone https://github.com/0x007E/hal-avr0-system.git ./hal/avr0
mv ./hal/avr0/hal-avr0-system ./hal/avr0/system

git clone https://github.com/0x007E/hal-avr0-rtc.git ./hal/avr0
mv ./hal/avr0/hal-avr0-rtc ./hal/avr0/rtc

Now we can just use this libraries to initialize the system clock to $20MHz$ and the rtc clock as previousely defined and add a software systick timer.

#include <avr/io.h>
#include <avr/interrupt.h>
#include <util/atomic.h>

#include "./hal/avr0/system/system.h"
#include "./hal/avr0/rtc/rtc.h"

volatile unsigned int systick;

// Called every ~1ms
ISR(RTC_CNT_vect)
{
    systick++;
    RTC.INTFLAGS = RTC_OVF_bm;
}

int main(void)
{
    system_init();
    rtc_init();
    sei();

    PORTA.DIRSET = PIN0_bm;
    unsigned int last_value = 0;

    while(1)
    {
        unsigned int temp = 0x00;

        ATOMIC_BLOCK(ATOMIC_RESTORESTATE)
        {
            temp = systick;
        }

        if((temp - last_value) >= 1000UL)
        {   
            PORTA.OUTTGL = PIN0_bm;
            last_value = temp;
        }
    }
}

The ATOMIC_BLOCK is necessary because the avr0 architecture works with 8 bits and the systick variable 16 bits. The calculation therefore needs two operations on the CPU. To prevent that the interrupt get´s executed while the value is written from systick to temp and changes the value during the comparison the block is required!

Everybody knows that programmers are lazy so there is still another library to do this stuff.

git clone https://github.com/0x007E/utlis-systick ./utils
mv ./utils/utils-systick ./utils/systick

#include <avr/io.h>
#include <avr/interrupt.h>
#include <util/atomic.h>

#include "./hal/avr0/system/system.h"
#include "./hal/avr0/rtc/rtc.h"
#include "./utils/systick/systick.h"

SYSTICK_Timer systick_timer;

void systick_timer_wait_ms(unsigned int ms)
{
    systick_timer_wait(ms);
}

// Called every ~1ms
ISR(RTC_CNT_vect)
{
    systick_tick();
    RTC.INTFLAGS = RTC_OVF_bm;
}

int main(void)
{
    system_init();
    rtc_init();
    sei();
	
    systick_init();

    PORTA.DIRSET = PIN0_bm;

    while(1)
    {
        PORTA.OUTTGL = PIN0_bm;
        systick_timer_wait_ms(250UL);

        // Or just non-blocking
        if (systick_timer_elapsed(&systick_timer))
        {
            PORTA.OUTTGL = PIN0_bm;
            ystick_timer_set(&systick_timer, 250UL);
        }
    }
}

Feel free to use this libraries in any case of your private or comercial projects!

Application

The application itself is a small graphical programming tool (using avr-dude) for a LED-Cube. The application can be found here.

Create a self-signed certificate for code signing

Certificat Authorities that are built with openssl (see here) needs to be exported as *.pfx. This is necessary because the self-signed certificate itself has to be built with powershell. Otherwise it does not work on building the application with github-actions.

It was not possible to find out why the generated self-signed pfx-certificate with openssl does not work on github-actions. The error message in the build pipeline does not print useful information.

openssl pkcs12 -export -out rootCA.pfx -inkey rootCA.key -in rootCA.crt

Now it is possible to create the necessary pfx-certificate for click-once deployment with powershell.

$rootCert = Import-PfxCertificate -FilePath ".\rootCA.pfx" -CertStoreLocation Cert:\CurrentUser\My -Password (ConvertTo-SecureString "A_VERY_SECRET_PASSWORD" -AsPlainText -Force)

$newCert = New-SelfSignedCertificate -Subject "CN=0x007e.github.io" `
  -CertStoreLocation Cert:\CurrentUser\My `
  -Signer $rootCert `
  -KeyExportPolicy Exportable `
  -KeyAlgorithm RSA `
  -KeyLength 2048 `
  -NotAfter (Get-Date).AddYears(10) `
  -HashAlgorithm SHA256 `
  -KeyUsage DigitalSignature, KeyEncipherment `
  -TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.3")

$pwd = ConvertTo-SecureString -String "A_VERY_VERY_SECRET_PASSWORD" -Force -AsPlainText
Export-PfxCertificate -Cert $newCert -FilePath "clickonce.pfx" -Password $pwd

To show the thumbprint of the certificate just write:

(Get-ChildItem Cert:\CurrentUser\My -DnsName "0x007e.github.io").Thumbprint

This thumbprint should be equal to the thumbprint in ClickOnceProfile.xml that is generated in the next steps!

Settings in VisualStudio

To Setup a ClickOnce application just click Build -> Publish Selection

Create a new profile and select Folder in Target section.

Select ClickOnce as sepcific target.

Choose a Folder where the application should be bulit into.

In the next step it is necessary to add a link/UNC-path or a media where the applications is accessible. In cause of releasing the application on github I added the link to my github-page where the application will be published to.

Modify settings to check for updates during startup and increase the version automatically.

Select the previously created self-signed certificate (clickonce.pfx).

The Thumbprint should be the same that gets printed on the powershell terminal after creating the certificate!

Select your preferred build settings and finish the configuration process.

To check if the configuration works run a local demo publish.

Now there should be a ClickOnceProfile.xml in the Properties sub-folder Publish-Profiles that looks like:

<?xml version="1.0" encoding="utf-8"?>
<!-- https://go.microsoft.com/fwlink/?LinkID=208121. -->
<Project>
  <PropertyGroup>
    <ApplicationRevision>3</ApplicationRevision>
    <ApplicationVersion>0.0.1.*</ApplicationVersion>
    <BootstrapperEnabled>True</BootstrapperEnabled>
    <Configuration>Release</Configuration>
    <CreateWebPageOnPublish>True</CreateWebPageOnPublish>
    <GenerateManifests>true</GenerateManifests>
    <Install>True</Install>
    <InstallFrom>Web</InstallFrom>
    <InstallUrl>https://0x007e.github.io/rcc_programmer/clickonce/</InstallUrl>
    <IsRevisionIncremented>True</IsRevisionIncremented>
    <IsWebBootstrapper>True</IsWebBootstrapper>
    <ManifestCertificateThumbprint>ABCDEF01234567890ABCDEF01234567890ABCDEF</ManifestCertificateThumbprint>
    <MapFileExtensions>True</MapFileExtensions>
    <OpenBrowserOnPublish>False</OpenBrowserOnPublish>
    <Platform>Any CPU</Platform>
    <PublishDir>bin\Release\net8.0-windows\win-x64\app.publish\</PublishDir>
    <PublishUrl>bin\clickonce\</PublishUrl>
    <PublishProtocol>ClickOnce</PublishProtocol>
    <PublishReadyToRun>True</PublishReadyToRun>
    <PublishSingleFile>True</PublishSingleFile>
    <RuntimeIdentifier>win-x64</RuntimeIdentifier>
    <SelfContained>True</SelfContained>
    <SignatureAlgorithm>sha256RSA</SignatureAlgorithm>
    <SignManifests>True</SignManifests>
    <SkipPublishVerification>false</SkipPublishVerification>
    <TargetFramework>net8.0-windows</TargetFramework>
    <UpdateEnabled>True</UpdateEnabled>
    <UpdateMode>Foreground</UpdateMode>
    <UpdateRequired>False</UpdateRequired>
    <WebPageFileName>Publish.html</WebPageFileName>
    <History>False|2025-10-27T19:21:58.8218812Z||;False|2025-10-27T20:07:20.5568226+01:00||;</History>
  </PropertyGroup>
</Project>

Prepare Github for publishing the application

The deploying repository in Github has to be prepared so that the certificate for signing the code can be used and the applications gets released into github pages. So if there isn´t already a repository it is necessary to create one and adapt the following settings.

Settings

Code and automation

To enable github-pages switch to settings in the application repository and enable github-pages in Pages section.

Now necessary permissions have to be activated in the Action -> General settings.

Set the permissions to Read and Write.

Security

Prepare the certificate as base64 string:

base64 ./clickonce.pfx > ./clickonce.pfx.base64

Select Actions In the Secrets and variable settings to add the self-signed certificate and the export password in the Secrets and the config (ClickOnceProfile.xml) in the Variables section.

Alright now we just have to setup the github-workflow (.github/workflows/release.yml) to deploy the application.

name: RCC_prog Release Pipeline

on:
  push:
    branches:
    - main
  pull_request:
    branches:
    - main

permissions:
  contents: write
  pages: write
  id-token: write

concurrency:
  group: "pages"
  cancel-in-progress: false

jobs:
  build-software:
    env:
      SOLUTION_FILE: ".\\RaGae.Projects.RCC.sln"
      PROJECT_PATH: ".\\Programmer"
      PROJECT_FILE: "Programmer.csproj"
      RUNTIME_IDENTIFIER: "win-x64"
      READY_TO_RUN: true
      DOTNET_VERSION: "8.0.415"
    runs-on: windows-latest
    steps:
      - uses: actions/checkout@v3
      - uses: actions/setup-dotnet@v3
        with:
          dotnet-version: "$"
      - uses: microsoft/setup-msbuild@v2
        with:
          msbuild-architecture: x64
      - name: Restore packages
        run: dotnet restore $ --runtime $ -p:PublishReadyToRun=$
      - name: Decode and save PFX certificate
        shell: pwsh
        run: |
          $pfxBase64 = '$'
          $bytes = [Convert]::FromBase64String($pfxBase64)
          [IO.File]::WriteAllBytes("./clickonce.pfx", $bytes)
      - name: Import PFX certificate to Cert Store
        shell: pwsh
        run: |
          $password = ConvertTo-SecureString -String '$' -AsPlainText -Force
          Import-PfxCertificate -FilePath ./clickonce.pfx -CertStoreLocation Cert:\CurrentUser\My -Password $password
          Get-ChildItem Cert:\CurrentUser\My | select Subject,Thumbprint,HasPrivateKey,Provider
      - name: Publish ClickOnce
        run: |
          msbuild $\$ /t:publish /p:Configuration=Release /p:PublishProfile=ClickOnceProfile /p:PublishDir=.\publish /p:RuntimeIdentifier=$ /p:PublishReadyToRun=$
      - name: Create ClickOnce OutputFolder
        run: |
          mkdir .\data\clickonce
          cp -r $\publish\* .\data\clickonce\
      
      - name: Upload files as artifact
        id: deployment
        uses: actions/upload-pages-artifact@v3
        with:
          path: .\data

  deploy-pages:
    environment:
      name: github-pages
      url: $
    runs-on: ubuntu-latest
    needs: build-software
    steps:
      - name: Deploy to GitHub Pages
        id: deployment
        uses: actions/deploy-pages@v4

If everything works and the deployment succeeds the clickonce application is published to the link defined in ClickOnceProfile.xml (in this case https://0x007e.github.io/rcc_programmer/clickonce/). If now an update is released in the folder by incrementing the ApplicationVersion

<ApplicationVersion>0.0.1.*</ApplicationVersion>

After every deploy all clients that are using an old version of the application will now be informed that a new version is on the market :sunglasses:!

Before the self-signed certificates can be generated, it is preferable to adapt the (openssl.cnf) that was created before here.

[ req ]
default_bits        = 2048
default_md          = sha256
default_keyfile     = rootCA.key
distinguished_name  = req_distinguished_name
x509_extensions     = v3_ca
req_extensions      = v3_req
string_mask         = utf8only

[ req_distinguished_name ]
countryName                     = Country Name (2 letter code)
countryName_default             = AT
countryName_min                 = 2
countryName_max                 = 2

stateOrProvinceName             = State or Province Name (full name)
stateOrProvinceName_default     = ...

localityName                    = Locality Name (eg, city)
localityName_default            = ...

organizationName                = Organization Name (eg, company)
organizationName_default        = ...

organizationalUnitName          = Organizational Unit Name (eg, section)
organizationalUnitName_default  = Department of Network and Data Science

commonName                      = Common Name (eg, YOUR name)
commonName_default              = subdomain.domain.local
commonName_max                  = 64

emailAddress                    = Email Address
emailAddress_default            = my@mail.at
emailAddress_max                = 64

[ v3_ca ]
subjectKeyIdentifier     = hash
authorityKeyIdentifier   = keyid:always,issuer:always
basicConstraints         = critical, CA:true, pathlen:0
keyUsage                 = critical, digitalSignature, cRLSign, keyCertSign

[ v3_req ]
subjectKeyIdentifier     = hash
basicConstraints         = critical, CA:false
keyUsage                 = digitalSignature, nonRepudiation, keyEncipherment
extendedKeyUsage         = serverAuth
subjectAltName           = @alternate_names

[ alternate_names ]
DNS.1       = subdomain1.domain.local
DNS.2       = subdomain2.domain.local

IP.1       = 10.0.0.1
IP.2       = 192.168.0.0

Now it is quite easy to generate a self-signed certificate. Just generate a key with your personal required strength.

openssl genrsa -out ./certs/aaa.domain.local.key 2048

Now a certificate signing request can be generated.

openssl req -config ./openssl.conf -new -key ./certs/aaa.domain.local.key -out ./certs/aaa.domain.local.csr

Verifiying the request before signing is optional

openssl req -text -noout -verify -in ./certs/aaa.domain.local.csr

After all sign the certificate with the rootCA. Mayge the validity in days should be adapted.

openssl x509 -req -extfile ./openssl.conf -extensions v3_req -in ./certs/aaa.domain.local.csr -CA rootCA.crt -CAkey rootCA.key -CAcreateserial -out ./certs/aaa.domain.local.crt -days 3650 -sha256

Everything done. Now it is possible to use the generated certificate inside webservers,FTP-servers and many more…

Before the CA can be generated, it is preferable to have a predefined configuration (openssl.cnf).

[ v3_ca ]
subjectKeyIdentifier     = hash
authorityKeyIdentifier   = keyid:always,issuer:always
basicConstraints         = critical, CA:true, pathlen:0
keyUsage                 = critical, digitalSignature, cRLSign, keyCertSign

Then a key for the CA should be generated and in advance the CA itself.

openssl genrsa -des3 -out rootCA.key 4096
openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 3650 -out rootCA.crt -config ./openssl.conf

To export the rootCA as pfx for Windows based systems:

openssl pkcs12 -export -out rootCA.pfx -inkey rootCA.key -in rootCA.crt

Thats the thing. Now there is a Root-CA that can be used for self-signing certificates. How to generate certificates can be found here.

The rootCA.crt can now be installed in the Windows/Linux Certificate Manager on every systeme the future self-signed certificates are getting used.

To activate the printf/scanf functionality for floating-point numbers the linker arguments need to be extended!

Settings can be done in Microchip Studio within the Project Properties:

In the submenu Linker -> General, check the box Use vprintf library.

The printf and/or scanf libraries must then be added to the Linker -> Libraries.

# -> for printf floating point operations
libprintf_flt

# -> for scanf floating point operations
libscanf_flt

In the Linker -> Miscellaneous the following flags have to be added:

# -> for printf floating point operations
-Wl,-u,vfprintf -lprintf_flt -lm

# -> for scanf floating point operations
-Wl,-u,vfscanf -lscanf_flt -lm

# -> for printf and scanf floating point operations
-Wl,-u,vfprintf -lprintf_flt -lm -Wl,-u,vfscanf -lscanf_flt -lm

To get things work, save the modifications and rebuild the project!

After all it should now be possible to work with printf/scanf:

printf("Please enter a floating-point number: ");

float number;

if(scanf("%f", &number) == 1)
{
    printf("\n\n\rThe result of %f * 5.23 equals: %f\n\n\r", number, (number * 5.23));
}

Welcome to my blog! This is the very first post where I’ll be sharing my passion for electronics, software development, network engineering, and computer science. Join me as I explore exciting projects, practical tips, and new ideas. I’m excited to start this journey and invite you to follow along!