Mistake on this page? Email us

Device Management Client 4.10.0

Important note on testing before upgrading:

Before upgrading deployed devices to a new version of Device Management Client, you must test that you can:

  • Perform a firmware-over-the-air update of a device with the new firmware image.
  • Perform an additional firmware-over-the-air update on the device with the new firmware image to check that you can update the new firmware image.

Device Management Client example

  • Configured the NXP_LPC54628 target to use the new upgraded Update client.

  • Updated mesh configuration in mesh_wisun.json based on the new Update client implementation.

  • Introduced new bootloaders for devices that use candidate image encryption.

    Replaced FOTA_USE_DEVICE_KEY with FOTA_USE_ENCRYPTED_ONE_TIME_FW_KEY as the default value for MBED_CLOUD_CLIENT_FOTA_KEY_ENCRYPTION due to a security vulnerability found in FOTA_USE_DEVICE_KEY.

    This is a breaking change for Mbed OS devices that use bootloaders from PDMC 4.8.0 or 4.9.0.

    If you are upgrading to Device Management Client 4.10.0 but using the bootloader from a previous release, you must explicitly define FOTA_USE_DEVICE_KEY. We highly recommend using the bootloader from Device Management Client 4.10.0, which fixes a security vulnerability found in the bootloader from the 4.8.0/4.9.0 releases.

  • Updated to Mbed OS 6.12.0.

Factory Configurator Client example

  • Updated to Mbed OS 6.12.0.

Device Management Client

  • Updated Mbed CoAP to v5.1.11.

  • Improved handling of "Bad requests" during bootstrapping. Now the client handles the recovery internally without reporting fatal certificate errors to the upper level.

    Previously these errors resulted in factory resets because they were handled as fatal storage failures.

  • Fixed duplication of sent notifications, which sometimes happened if the application called set_value()in the MbedCloudClient::on_registered()callback.

  • Added sleep state for MbedCloudClient::on_status_changed().

    This makes MbedCloudClient::set_queue_sleep_handler(callback_handler handler) redundant. It's marked as deprecated.

  • Added support for LwM2M Discover.

  • Allowed the application to control the maximum reconnection timeout using the MBED_CONF_MBED_CLIENT_MAX_RECONNECT_TIMEOUT flag.

    This flag ensures that the reconnection time doesn't go above the set maximum value. The default value is 4hrs, and the lowest acceptable value is 5min.

Device Management Update Client

  • Added support for updating device firmware with a server-encrypted update image.
    • Enabled by the new MBED_CLOUD_CLIENT_FOTA_ENCRYPTION_SUPPORT macro.
    • Limitation: Not supported when MBED_CLOUD_CLIENT_FOTA_CANDIDATE_BLOCK_SIZE is not 1024.
  • Changes to implementation of update candidate image encryption:
    • Added a new FOTA_USE_ENCRYPTED_ONE_TIME_FW_KEY option to the MBED_CLOUD_CLIENT_FOTA_KEY_ENCRYPTION macro.
    • Replaced FOTA_USE_DEVICE_KEY with FOTA_USE_ENCRYPTED_ONE_TIME_FW_KEY as the default value for MBED_CLOUD_CLIENT_FOTA_KEY_ENCRYPTION following a security vulnerability found in FOTA_USE_DEVICE_KEY.
    • Deprecated the FOTA_USE_DEVICE_KEY option, which will be removed in a future version.
  • Changed fota_app_defer() behavior so that candidate image download or install resumes only after the device application explicitly calls fota_app_resume(). When the device reboots, the client invokes the download or install callbacks to request the device application’s approval to continue the download or installation.
  • Added support for calling fota_app_reject() after fota_app_defer().
  • Added the fota_app_postpone_reboot() API. Calling this API postpones device reboot, which is required to complete the FOTA process, until the device application explicitly initiates reboot.
  • Fix: Resuming download from the last successfully downloaded fragment was not previously supported on devices with an SD card, like the K64F.
  • Fix: Support for resuming installation after an unexpected interruption (for example, power loss):
    • Of the main or component image on Linux.
    • Of a component image on an Mbed OS devices.
  • Fix: Removed the candidate image file from its original path in Linux after FOTA completion.

Known issues

  • The earlier revisions of LPCXpresso 546XX have a different QSPI chip than some of the later revisions. The application needs to specify the chip at compile time. Select the correct QSPI chip in the board configuration file (define_NXP_LPC54628.txt). This depends on the board revision.
  • [PAL tests] PAL file system and PAL update tests currently support external SD card storage. Future releases will add support for other storage types.
  • [PAL tests] PAL TLS test (TCPHandshakeWhileCertVerify_threads) isn't working on Mbed OS 5.13.0.
  • Mesh update may have stability issues in larger networks. The issue will be resolved in a future release.

Mbed OS

We recommend you read the Mbed OS release notes for known issues and their latest status.

  • PSA is in preview level and as such isn't ready for production yet.
    • You can't update the precompiled PSA binary through firmware update. You can only update the application, itself.
    • K64F:
      • You can use the board in PSA mode (without real hardware PSA implementation).
      • The configuration file that allows this is placed under the configs-psa folder in the example.
      • The PSA mode adds RAM consumption (static +3.5KB) and flash/ROM consumption (+18.5KB).
      • Arm and Partners are optimizing the solution in future releases.

Linux

  • Firmware update installation of very large images on Raspberry Pi3B or Pi3B+ may result in a mmc0 timeout failure. This is a generic Raspberry Pi3 issue. See RPI issue #2392.
  • Firmware update from one Linux distribution version to another doesn't work. For example, firmware update from Yocto distribution Morty to Rocko is not currently possible because of Linux version-dependent files (device tree) in the BOOT partition. Therefore, you must update within one major version of a distribution.
  • glibc versions 2.23 and 2.24 have a bug in thread creation. It can cause random crashes with Linux.
    • If possible, update glibc to version 2.25 (or later). See sourceware issue 20116 for details.
    • We have implemented a workaround for this issue to decrease its likelihood. This issue may still occur under certain circumstances.
  • The Device Management Client application must run as root to have access rights to perform the firmware update. A more secure implementation will come later.
  • Yocto distribution has only been tested in developer certificate mode.
  • The Yocto distribution used doesn't yet support Raspberry Pi4.

Device Management Client Third Party IP report

Device Management Client uses some third-party IP (TPIP) components. This table lists the TPIP and sources:

Original License Description
bsdfiff BSD 2 Clause Diff algorithm used for delta update image generation.
LZ4 BSD 2 Clause (lz4.c and lz4.h under /lib in LZ4) Compression algorithm used for compressing delta update images.
TinyCBOR MIT Factory configurator client (FCC) uses TinyCBOR, which is a constrained node implementation of CBOR in C, with slight modifications. The code is at mbed-cloud-client/tinycbor and in a standalone repository in GitHub.
Unity MIT Platform Adaptation Layer (PAL) tests use Unity framework from ThrowTheSwitch. The code is at mbed-cloud-client/mbed-client-pal/Test/Unity.

NXP SDK

Additional TPIP for NXP SDK:

Original License Description
Amazon FreeRTOS kernel v10.2 MIT FreeRTOS kernel from Amazon.
lwIP Modified BSD Lightweight IP stack.
Platform support files BSD 3 Clause Platform specific files in platform/NXP.
LPC54608J512 Linker script BSD 3 Clause Linker script for GNU C.
LPC54xxx generated configuration files BSD 3 Clause Board-support specific generated files in pal-platform/SDK/LPCXpresso54628/generated.
LPC54xxx board support software Copyright NXP Board support software for LPC5400-series - we don't provide this; you must download this with MCUXpresso SDK Builder yourself.
MIMXRT106XXX Linker script BSD 3 Clause Linker script for GNU C.
EVK-MIMXRT1060 generated configuration files BSD 3 Clause Board-support specific generated files in pal-platform/SDK/EVK-MIMXRT1060/generated.
EVK-MIMXRT1060 board support software Copyright NXP Board support software for EVK-MIMXRT1060 - we don't provide this; you must download this with MCUXpresso SDK Builder yourself.

Keil SDK

Original License Description
Platform support files BSD 3 Clause Platform-specific files in platform/KEIL.
Platform adaptation layer files MIT Platform adaptation layer files in Source/Port/Reference-Impl/OS_Specific/RTX_MW.

Renesas SDK

Additional TPIP for Renesas SDK (FSP):

Original License Description
Amazon FreeRTOS kernel v10.3 MIT FreeRTOS kernel from Amazon.
Renesas Flexible Software Package (FSP) v1.0.0 Copyright (c) Renesas Board support package for RA6M3 boards. Running pal-platform.py will git clone this repository to your work area under pal-platform/SDK/Renesas_EK_RA6M3/fsp.
Renesas e2studio generated configuration files Copyright (c) Renesas Renesas e2studio generates a number of files, available in pal-platform/SDK/Renesas_EK_RA6M3/e2studio_gen.
lwIP Modified BSD Lightweight IP stack.
Platform support files BSD 3 Clause Platform specific files in platform/Renesas_EK_RA6M3.
Platform adaptation layer files MIT Platform adaptation layer files in Source/Port/Reference-Impl/OS_Specific/Renesas_EK_RA6M3.

Secure Device Access (SDA)

If you enable Secure Device Access (SDA), you will use some additional TPIP:

Original License Description
cose-c BSD 3 Clause IETF Concise Binary Object Representation (CBOR) Encoded Message Syntax (COSE) - a copy of this library is located under mbed-cloud-client/tree/master/secure-device-access-client/cose-c.

Mbed OS

You also get more TPIP with the Mbed OS release, itself. See its LICENSE.md file for details.