Release notes
We recommend that you always use the latest versions of Factory Configurator Utility (FCU) and Device Management Client.
If you do not use the latest versions of FCU and Device Management Client, check the release notes for feature compatibility and bug fixes.
Device Management Client release notes
Please see Device Management Client release notes.
Factory Configurator Utility (FCU) release notes
UPGRADE NOTE:
To update an existing FCU installation, use pip install --upgrade <fcu-package>
.
Release 1.2.16 (Feb 1st 2021)
- Added ability to provision different custom properties per device by defining device-specific custom properties in separate YAML files. For more information, see Custom properties.
- Updated FCU to support Python 3.6-3.9. Discontinued support for Python 3.5.
Release 1.2.15 (Jun 18th 2019)
Bug fixes
- Environment variables used in
fcu.yml
were not resolved when using a new version of thePyYaml
python package with FCU. - Fixed broken links in documentation.
Release 1.2.14 (May 5th 2019)
Bug fixes
- FCU now returns an error when you provide an unknown parameter for a custom property of type
generated-certificate-key-pair
.
Release 1.2.13 (Apr 8th 2019)
Bug fixes
- Custom properties of different types can now share the same name. Note that custom properties of types
private-key
,public-key
, andcertificate
can still not have the same name as properties of typegenerated-certificate-key-pair
.
Release 1.2.12 (Mar 28th 2019)
New features
- You can configure multiple certificate authorities to sign custom-generated device certificates in the factory.
When you use a custom property of type
generated-certificate-key-pair
, you can configure an additional certificate authority that can sign device certificates.
Deprecation notes
- FCU/ft_demo setup no longer generates a
proof_of_possession.txt
file under thekeystore
folder. The use of thesignature
parameter is deprecated when you upload trusted certificates to Pelion Device Management.
Release 1.2.11 (Mar 3rd 2019)
New features
- X.509 authority key identifier (AKI) and subject key identifier (SKI) certificate extensions are now supported. These extensions are added to the FCU certificate upon setup. If the extensions exist in the FCU certificate, they are generated for the device certificates signed by FCU.
Release 1.2.10 (Feb 24th 2019)
Bug fixes
- Custom properties: name is now restricted to 100 characters and only supports the characters
A-Z, a-z, 0-9, . _ -
.
Release 1.2.9.613 (Sep 20th 2018)
Bug fixes
- Certificate chains: certificate chain depth of 2 is now enabled in case certificate is generated by FCU and
fcu.crt
file does not contain a certificate chain.
Release 1.2.9.582 (Aug 23rd 2018)
Bug fixes
- Updated FCU python requirements to support installation with Python 3.7.
Release 1.2.9 (Jul 3rd 2018)
New features
Certificate chains
Pelion Device Management and FCU now allow a more flexible PKI infrastructure with various options to configure your CA hierarchy.
-
DTLS certificate chain injection
If you use an intermediate CA for issuing device certificates, you can add a CA to Device Management that will be higher in the hierarchy than the intermediate CA.
To enable a TLS handshake, the device needs to store the chain of trust up to your trusted CA. You can do this by:- Providing a certificate chain for the device certificate (when bringing your own certificate).
- Updating the value of
device-certificate-chain-depth
in the FCU configuration file to the level that you want to store on the device. If FCU generates your device certificate, you need to configure the FCU certificate itself as an intermediate CA.
-
Custom certificate chains injection
You can now use certificate chains when provisioning your own custom certificates. You can add a certificate chain to the PEM certificate data or file pointer in the FCU configuration file (undercustom-properties
, items of typecertificate
). Each such item must define the depth of the chain to be stored on the device, by giving a value tochain-depth-on-device
. -
FCU as an intermediate CA
You can now set up FCU as an intermediate CA by following these steps:- In the FCU configuration file, set
setup-ca-as-intermediate
totrue
. - Set up FCU by using the Python APIs or the
ft_demo setup
command. This creates a private key and CSR file. - Sign the CSR with your own CA.
- Provide FCU with the file
fcu.crt
containing the certificate chain.
Note: When you use FCU as a certificate authority, iffcu.crt
is a certificate chain, you must specify adevice-certificate-chain-depth
value in the FCU configuration file.
- In the FCU configuration file, set
Certificate chains only work on devices running Device Management Client 1.4.0 or higher.
Release 1.2.8 (Mar 14th 2018)
New features
Entropy injection
A new configuration parameter entropy-generation-mode
introduced. Available options:
by_device
(default): FCU will not pass the entropy, as it is generated by the device.externally_supplied
: Entropy that you supply. FCU expects to find it underdevice_keys_location
(an API parameter).by_tool
: Entropy generated by FCU.
This feature requires the client version R1.3 or higher.
Disable factory flow
You can now control whether the factory flow can be applied again on the device.
Using FCU, you can provide the parameter factory_fcc_disable
when using the FactoryToolApi.prepare_device_configuration
API.
Using the Factory Tool demo, to disable the factory flow, add the parameter --factory-fcc-disable
to the inject
command.
This feature requires the client version R1.3 or higher.
Verify on device
You can now control whether or not to verify the configuration on the device side. To do that, enable/disable verify-on-device
in the FCU configuration file (default: true).
Release 1.2.7 (Feb 20th 2018)
New feature: Custom properties
Provisioning of user-defined properties is now available in the custom-properties
section of the FCU configuration file.
Release 1.2.6 (Feb 6th 2018)
New feature: First-to-claim
OEM customers can now use the First-to-claim feature by enabling first-to-claim
in the FCU configuration file, specifying bootstrap-server-uri-first-to-claim
.
Each device will be provided with an enrollment ID (enrollment-id
) that an account can use to claim the device.
This feature requires the client version R1.2.6 or higher.
Release 1.2.5 (Nov 5th 2017)
The certificate authority private key file name generated in the setup command is changed to fcu_private_key.pem
.
Release 1.2.4 (Oct 24th 2017)
Removed the following configuration file entries:
bootstrap-server-crl-file
lwm2m-server-crl-file
update-auth-crl-file
.
Release 1.2.3 (Oct 9th 2017)
Bug fix: Firmware updates require vendor-id
and class-id
in UUID format.
Added the vendor-id
and class-id
configuration parameters to support this.
They are required when update-auth-certificate-file
is used.
Release 1.2.2 (Sep 27th 2017)
- Bug fix: Devices generated in factory could not verify the online firmware update. As part of this fix, the following configuration file entries changes were applied:
- Changed:
firmware-integrity-certificate-file
was renamed toupdate-auth-certificate-file
. - Changed:
firmware-integrity-crl-file
was renamed toupdate-auth-crl-file
. - Removed: The configuration file entry
firmware-integrity-ca-certificate-file
.
- Changed:
Release 1.2.1 (Sep 4th 2017)
- Bug fix: Use the Python cryptography package version 2.0.3 to avoid conflicts with the pycparser package found in some Python installations.
- The factory tool now provides more informative logs. The default log level of the factory tool demo is info.
- Sensitive information was removed from the logs of both FCU and the factory tool demo.
Release 1.2.0.189 (Aug 6th 2017)
- The factory tool demo application
ft_demo
is no longer provided as a Windows executable binary due to US export control limitations. You can still execute the demo application using its sources. - The factory configurator utility (FCU) has improved user input validation. Old configurations that do not comply with the validation scheme will require manual migration.
- Logging:
- The
ft_demo
application no longer writes audit logs into a separate file. Instead, the FCU logs will include a line for each API execution, in the format:AUDIT: <operation name> completed <successfully/with errors/with warnings> [endpoint name] [account id]
. - The FCU logs are now written using the
fcu
logging module. - The
ft_demo
log file is now rolled over at 10MB. There is a maximum of five backups, for a total of six log files.
- The