Device Management Client 3.4.0

Features

• Device Management Client now includes Secure Device Access (SDA) library.
• Support for update priority.
• Support for certificate renewal with Platform Security Architecture (PSA).
• A new feature flag, MBED_CONF_MBED_CLIENT_ENABLE_OBSERVATION_PARAMETERS, controls the usage of LwM2M Write attributes for LwM2M resources. Disabling this feature will allow you to save RAM used by observation parameters per resource. Disabled by setting the flag to 0.
• A new API for creating M2MResource directly without first creating M2MObject and M2MObjectInstance.

Device Management Client example

• Added PSA configuration for K66F (configs-psa/eth_v4.json).
• Updated usage of new Update Authorization API, which enables update priority feature set_update_authorize_priority_handler instead of set_update_authorize_handler.
• Use set_message_delivery_status_cb to ensure that a POST trigger on the unregister resource (/5000/0/1) does not result in closing the network connection before client is able to send the final ACK to server.
• [Linux] Updated Mbed TLS to 2.18.1.
• [Mbed OS] Removed the legacy ESFS-SOTP configurations from the applications. Only KVstore is supported for client storage.

Factory Configurator Client example

• [Linux] Updated to Mbed TLS 2.18.1.
• [Mbed OS] Removed legacy ESFS-SOTP configurations from the applications. Client storage now supports only KVStore.

Secure Device Access Client example

• Initial public release of the Secure Device Access Client example application.
• Provides a reference implementation for using Secure Device Access.
• The full documentation and tutorial for this example is available on our documentation site.

Device Management Connect client

• Added the max-age option to be part of the notification message construction. This fixes the issue that the resource cache was not being updated due to value changes from notification messages.
• Added a Secure Device Access (SDA) client library.
• A new feature flag that enables SDA - MBED_CLOUD_CLIENT_ENABLE_SDA (disabled by default).
• A new feature flag, MBED_CONF_MBED_CLIENT_ENABLE_OBSERVATION_PARAMETERS, controls the usage of LwM2M Write attributes for LwM2M resources. Disabling this feature will allow you to save RAM used by observation parameters per resource. Disabled by setting the flag to 0.
• New API for managing update priority and rejecting optional firmware updates.
  • Added set_update_authorize_priority_handler().
  • Added update_reject().
  • New error enums for update authorization rejection, UpdateWarningAuthorizationRejected, UpdateWarningAuthorizationUnavailable.
• Support for certificate renewal with Platform Security Architecture (PSA).
• Extended MbedCloudClient() constructor to allow callback registration to client.
• A new API for creating M2MResource directly without first creating M2MObject and M2MObjectInstance.
• Bug fix: Requests sent from Device Management Client using the same URI and method were determined duplicates even if the context parameter was different.

Factory configurator client

• Replaced CBOR implementation library with tinycbor.
• Bug fix: Working with a file name length of KCM_MAX_FILENAME_SIZE in KCM APIs resulted in a KCM_STATUS_FILE_NAME_TOO_LONG error.

Secure Device Access client

• Initial Secure Device Access (SDA) release.
• SDA implements the ACE-OAuth standard, which specifies a framework for authenticating and authorizing in constrained IoT environments.
• The full SDA documentation is available on our documentation site.

Device Management Update client

• New update authorization API:
  • Deprecated ARM_UC_SetAuthorizeHandler() in favor of ARM_UC_SetAuthorizePriorityHandler().
  • Added ARM_UC_Reject() to the application authorization callback to deliver the rejection reason to the service.
  • Added a priority field to the manifest.
  • Propagated update priority from the manifest to the application authorization callback.
• Writing of the update candidate metadata is postponed to a later phase. The metadata is written when the download has completed and the client application has authorized the installation.

Platform Adaptation Layer (PAL)

• [Linux] Read the source entropy from the target machine system environment if available; otherwise, use the user default source entropy file path.
  • Read the entropy file name from the system environment entry ENTROPYSOURCE=<path-to-entropy-file-name>.
• [TLS] Fixed potential double free issue in pal_initTLS().
• [Tests] Do not try to execute filesystem tests if there is no filesystem.

Known issues

• [PAL tests] PAL filesystem and PAL update tests currently support external SD card storage. Support for other types of storage will be added in future releases.
• [PAL tests] PAL TLS test (TCPHandshakeWhileCertVerify_threads) is not working on Mbed OS 5.13.0.
• Client resource size is limited to 64 KiB. For example, large binary objects (opaque resources) cannot exceed 64 KiB.
  • For example large pictures (or other large binary objects) should be uploaded to a different hosting service and use the LwM2M resources for passing the URI for that type of objects.
  • Alternatively you could split the large object to chunks and expose them via multiple opaque resource instances.

Mbed OS

We recommend that you read the Mbed OS release notes for known issues and their latest status.

• PSA is in preview level and as such not ready for production yet.
  • You cannot update the pre-compiled PSA binary through firmware update. You can only update the application itself.
  • Cypress PSoC6:
    • Issues with storage. Random failures can occur in testing.
    • The native Wi-Fi driver is feature-rich and as such it is quite large (400 KB) and with PSA included (220 KB) there is not much space for the OS and application.
    • Client has been tested with ESP8266 (due to flash size) without flow control, because flow-control does not work with this board yet. ESP8266 without flow-control will not work reliably.
  • NXP LPC55S69:
    • The board has only 640 KB flash. PSA takes 192 KB out of it.
    • You can use the Client example (with firmware update and bootloader) with release profile due to the flash size limitation.
    • Only ARMC6 is supported for compilation.
  • K64F:
    • You can use the board in PSA mode (without real HW PSA implementation).
    • The configuration file that allows this is placed under configs-psa folder in the example.
    • The PSA mode adds RAM consumption (static +3.5 KB) and flash/ROM consumption (+18.5 KB).
    • Arm and partners are optimizing the solution in future releases.

Linux

• Firmware update installation of very large images on Raspberry Pi3B or Pi3B+ may result in a mmc0 timeout failure. This is a generic Raspberry Pi3 issue. See RPI issue #2392.
• Firmware update from one Linux distribution version to another does not work. For example, firmware update from Yocto distribution Morty to Rocko is not currently possible, as there are Linux version-dependent files (device tree) in the BOOT partition. Therefore, you must update within one major version of a distribution.
• glibc versions 2.23 and 2.24 have a bug in thread creation. It can cause random crashes with Linux.
  • If possible, update glibc to version 2.25 (or later). See sourceware issue 20116 for details.
  • We have implemented a workaround for this issue to decrease its likelihood. This issue may still occur under certain circumstances.
• The Device Management Client application must run as root to have access rights to perform the firmware update.
  • This is not the most secure way to handle this issue, so a more secure implementation will come later.
• Yocto distribution has only been tested in developer certificate mode.
• Yocto distribution used does not yet support Raspberry Pi4.

Device Management Client Third Party IP report

Device Management Client uses some open source third-party IP (TPIP). This table lists the TPIP and sources:

You also get more TPIP with the Mbed OS release itself, see their LICENSE.md for details.