Device Management Client 4.8.0

Device Management Client example

• Updated to Mbed OS 6.8.0.
• Updated cURL to 7.75.0 in pal-platform.
• Updated parsec-se-driver to 0.4.0.
• Updated to Pelion end-to-end test library v0.2.10.
• Removed support for SXOS platform in the application.
• Consolidated the K64F ESP8266 configuration to wifi_esp8266_minimal.json.
• Removed K66F PSA.
• DISCO-L475VG-IOT01A target bootloader increased from 36kB to 38kB.
• Introduction of upgraded Update client:

  • The new features of the upgraded Update client:

    • Component update.
    • Resume after power failure.
    • Defer firmware update installation.
    • Candidate encryption on external storage.

  • Configured Mbed OS non-mesh and Linux targets to use the new upgraded Update client.

    Note: To use legacy Update client in your Mbed OS non mesh target, please refer to the configurations in PDMC example 4.7.1.

  • Legacy Update client is still used in Mbed OS mesh targets and SDK's targets (NXP, Renesas).

  • Upgraded update client bootloaders are located in prebuilt-bl folder. Legacy bootloaders are located in tools folder.

  • On the K64F, NUCLEO-F411RE and DISCO-L475VG-IOT01A targets, the update candidate is stored encrypted on the external storage encrypted.

  • Created a migration guide to migrate legacy Update client to the new Update client.

    Note: After you migrate to the new Update client, only the "Component update" feature is available. To use other features of the new Update client, reflash the device with the new configuration and new bootloader.

Factory Configurator Client example

• Updated to Mbed OS 6.8.0.
• Updated cURL to 7.75.0 in pal-platform.
• Updated parsec-se-driver to 0.4.0.
• Removed support for SXOS platform in the application.
• K66F PSA has been removed.
• DISCO_L475VG_IOT01A target bootloader was increased from 36kB to 38kB.
• Introduction of upgraded bootloader that is coming together with upgraded Update client.
  • Upgraded update client bootloaders are located in prebuilt-bl folder. Legacy bootloaders are located in tools folder.

Device Management Client

• Client internal timers were not using event IDs correctly. Previously, if two timers were running at the same time, cancel might have stopped the wrong timer.
• Added fallback timer for asynchronous DNS requests (PAL_DNS_API_VERSION = 2). The client waits 10 minutes for a response to DNS query before aborting the request and raising a DNS error event.
• Improved client bootstrap recovery handling.
• The client doesn't go to sleep if update register, unregistering or reconnecting is ongoing.
• Added LwM2M version as part of the registration message.
• Added API to get M2MServer instance.
• tinycbor: Removed the default usage of asserts in input validation. Instead of asserting, the library returns an error if an invalid cbor input is given. Introduced a new TINYCBOR_USE_ASSERT flag to save on code size. This saves approximately 200 bytes.
• Deprecated the MBED_CLIENT_USER_CONFIG_FILE macro. An application only needs to use MBED_CLOUD_CLIENT_USER_CONFIG_FILE.
• Allow Write-Attributes to GET resource.
• Parent resource of resource-instance also set observable flag. Now also parent resource can be observed.
• Added API m2mbase::set_confirmable(bool confirmable) to choose whether a notification is sent in a confirmable or nonconfirmable way. By default, the confirmable message type is used.
• M2MDevice now accepts PUT/POST requests and can also be observed.
• Fixed an issue that could cause a crash if there were a lot of network traffic during the pause() call.
• Do not report notification sending timeout to application. Notification sending can't fail once message has been because since they have own queue for resending.
• Removed deprecated notification delivery status APIs. Use M2MBase::set_message_delivery_status_cb, instead.
• Changed default content type from COAP_CONTENT_OMA_TLV_TYPE_OLD to COAP_CONTENT_OMA_TLV_TYPE.
• Deprecated kcm_ecdh_key_agreement() API for PSA configuration, due to psa_set_key_enrollment_algorithm() API deprecation in Mbed Crypto.

Device Management Update client

Add precursor hash check to delta updates. Delta updates generated against wrong original firmware now fail faster.

• Mesh update: Critical messages are now sent multiple times to improve success rate for Mesh campaigns.

  Note: Due to the multiple message sending, the minimum configurable activate delay is 60min. The border router enforces the minimum value by silently reverting to 60min delay, but longer delays remain unchanged.

• Fixed handling of duplicate messages during the failed bootstrap recovery phase. Client was failing internally with a NotAllowed error instead of proceeding to bootstrap.

Device Management Update client next generation (FOTA)

• Fixed a bug that prevented update running successfully after devices were provisioned in the production flow.
• Fixed Linux compilation with "Client URL" (CURL) dynamic linkage.
• Fixed update flow when the update candidate version is 0.0.10.
• Changed FOTA application interface APIs:
  • fota_app_on_install_authorization(uint32 token) -> fota_app_on_install_authorization() (removed token).
  • fota_app_on_download_authorization(uint32_t token, ...) -> fota_app_on_download_authorization(...) (removed token).
  • fota_app_authorize_update() -> fota_app_authorize() (reverted to the deprecated API).
  • fota_app_reject_update() -> fota_app_reject() (reverted to the deprecated API).
  • fota_app_defer_update() -> fota_app_defer() (reverted to the deprecated API).
• On Linux targets, all FOTA related files (candidate, header and so on) were moved to the the configuration directory (PAL/KVstore).
• Require defining MBED_CLOUD_CLIENT_FOTA_LINUX_SINGLE_MAIN_FILE in Linux MCCE, Testapp or any Linux app that has a single file update.

Platform Adaptation Layer (PAL)

• [Linux] Fix async sockets after reboot done with execv. After reboot with execv signal, the handler doesn't return, and signals might be blocked. Because the signal mask is inherited, you need to explicitly unblock SIGIO and SIGUSR1.
• Added a compile-time check to require the mandatory Mbed TLS flags are defined when the Connection ID feature (PAL_USE_SSL_SESSION_RESUME) is enabled.

Known issues

• The earlier revisions of LPCXpresso 546XX have a different QSPI chip than some of the later revisions. The application needs to specify the chip at compile time. Select the correct QSPI chip in the board configuration file (define_NXP_LPC54628.txt). This depends on the board revision.
• [PAL tests] PAL file system and PAL update tests currently support external SD card storage. Support for other storage types will be added in future releases.
• [PAL tests] PAL TLS test (TCPHandshakeWhileCertVerify_threads) is not working on Mbed OS 5.13.0.
• Atmel secure element is not configured properly in the Device Management Client example.
  
  To enable the feature, add "mbed-cloud-client.secure-element-support" : 1 to the configs-psa/eth_v4_with_se_atmel.json file. This will be fixed in next release.

Mbed OS

We recommend you read the Mbed OS release notes for known issues and their latest status.

• PSA is in preview level and as such not ready for production yet.
  • You can't update the precompiled PSA binary through firmware update. You can only update the application itself.
  • K64F:
    • You can use the board in PSA mode (without real hardware PSA implementation).
    • The configuration file that allows this is placed under the configs-psa folder in the example.
    • The PSA mode adds RAM consumption (static +3.5KB) and flash/ROM consumption (+18.5KB).
    • Arm and partners are optimizing the solution in future releases.

Linux

• Firmware update installation of very large images on Raspberry Pi3B or Pi3B+ may result in a mmc0 timeout failure. This is a generic Raspberry Pi3 issue. See RPI issue #2392.
• Firmware update from one Linux distribution version to another does not work. For example, firmware update from Yocto distribution Morty to Rocko is not currently possible because of Linux version-dependent files (device tree) in the BOOT partition. Therefore, you must update within one major version of a distribution.
• glibc versions 2.23 and 2.24 have a bug in thread creation. It can cause random crashes with Linux.
  • If possible, update glibc to version 2.25 (or later). See sourceware issue 20116 for details.
  • We have implemented a workaround for this issue to decrease its likelihood. This issue may still occur under certain circumstances.
• The Device Management Client application must run as root to have access rights to perform the firmware update.
  • This is not the most secure way to handle this issue, so a more secure implementation will come later.
• Yocto distribution has only been tested in developer certificate mode.
• Yocto distribution used does not yet support Raspberry Pi4.

Device Management Client Third Party IP report

Device Management Client uses some third-party IP (TPIP) components. This table lists the TPIP and sources:

NXP SDK

Additional TPIP for NXP SDK:

Keil SDK

Renesas SDK

Additional TPIP for Renesas SDK (FSP):

Secure Device Access (SDA)

If you enable Secure Device Access (SDA), you will use some additional TPIP:

Mbed OS

You also get more TPIP with the Mbed OS release itself. See its LICENSE.md for details.