Device Management Client 4.3.0

Features

• [Mbed OS] Support for Atmel (ATECC608A) Secure Element.
• Compatibility for Mbed OS 6.0.0-alpha-1.

Device Management Client example

• Made the button counter resource writable to allow resetting it.
• Mbed OS platform setup now uses the new SocketAddress-based APIs for IP address printing.
• Removed configs/eth_v4.json and configs/eth_v6.json. Dropping configuration for Ublox EVK Odin W2 Ethernet and explicit IPv6 Ethernet support. The rest of the configurations are in the root-level mbed_app.json.
• Removed duplicate configurations in configs/wifi.json. All configurations are already in mbed_app.json.
• Removed support for 6LoWPAN Mesh configurations. The application will focus on providing Wi-SUN Mesh support.
• Added support for Atmel secure element (ATECC608A) with K64F target board (configs-psa/eth_v4_with_se_atmel.json). Atmel SE holds pre-provisioned bootstrap key and certificate that Device Management Client uses for secure connection with Device Management.
• Wi-Fi driver ISM 43362 (.lib) updated to pull in the latest release from the master of the driver.
  • The SocketAddress-based get_ip_address() API will not work with older versions.

Factory Configuration Client example

• Added support for Atmel secure element (ATECC608A) with K64F target board (mbed_app_atmel_conf.json). Atmel SE holds pre-provisioned Bootstrap key and certificate that Device Management Client uses for secure connection with Device Management.
• Platform-application-specific code moved from mbed-cloud-client-common-platform folder to source\platform folder.

Device Management Client

• Updated Mbed CoAP to 5.1.3.
• Changed trace group so that all CoAP messages are visible in the [COAP] trace group.
• Fixed a double free error. In certain situations free was called twice for CoAP message payload.

Platform Adaptation Layer (PAL)

• Fixed PAL filesystem API to allow access to files larger than 2GB. This allows update of images up to 4GB.
• [Crypto] Made entropy seeding check more robust.
• [Mbed OS] Removed dependency on string-based network API.

Yocto changes

Cache size for rootfs changed to dynamic.

Known issues

• [Mbed OS] Current version of the Atmel secure element driver does not support IAR compiler.
  • cryptoauthlib #116
• [PAL tests] PAL filesystem and PAL update tests currently support external SD card storage. Support for other storage types will be added in future releases.
• [PAL tests] PAL TLS test (TCPHandshakeWhileCertVerify_threads) is not working on Mbed OS 5.13.0.
• Client resource size is limited to 64KiB. For example, large binary objects (opaque resources) cannot exceed 64KiB.
  • Upload large pictures or other large binary objects to a different hosting service and use the LwM2M resources for passing the URI for that type of objects.
  • Alternatively, you can split a large object into chunks, and expose the chunks through multiple opaque resource instances.
• [Mbed OS] Neither firmware update nor production flow is currently working with Nucleo F303RE. This is most likely due to issues in SPI flash.
• [Mbed OS] The device may stall at certificate renewal when compiling with the PSA configuration.
• [Mbed OS] Nucleo F429ZI may hardfault with debug profile. The device may also halt at runtime.
  • Mbed OS #12294
• [Mbed OS, CoAP library] We have a number of reported issues in the CoAP library. They have been fixed in CoAP library v5.1.3, although there is no Mbed OS release with the bug fixes, yet. To be able to use the vulnerabilities, an attacker needs to bypass or hijack the Device Management connection, so the risk is not imminent.
  • Mbed OS #11803
  • Mbed OS #11804

Mbed OS

We recommend that you read the Mbed OS release notes for known issues and their latest status.

• PSA is in preview level and as such not ready for production yet.
  • You cannot update the pre-compiled PSA binary through firmware update. You can only update the application itself.
  • NXP LPC55S69:
    • The board has only 640KB flash. PSA takes 192KB out of it.
    • You can use the Client example (with firmware update and bootloader) with release profile due to the flash size limitation.
    • Only ARMC6 is supported for compilation.
  • K64F:
    • You can use the board in PSA mode (without real HW PSA implementation).
    • The configuration file that allows this is placed under the configs-psa folder in the example.
    • The PSA mode adds RAM consumption (static +3.5KB) and flash/ROM consumption (+18.5KB).
    • Arm and partners are optimizing the solution in future releases.

Linux

• Firmware update installation of very large images on Raspberry Pi3B or Pi3B+ may result in a mmc0 timeout failure. This is a generic Raspberry Pi3 issue. See RPI issue #2392.
• Firmware update from one Linux distribution version to another does not work. For example, firmware update from Yocto distribution Morty to Rocko is not currently possible, as there are Linux version-dependent files (device tree) in the BOOT partition. Therefore, you must update within one major version of a distribution.
• glibc versions 2.23 and 2.24 have a bug in thread creation. It can cause random crashes with Linux.
  • If possible, update glibc to version 2.25 (or later). See sourceware issue 20116 for details.
  • We have implemented a workaround for this issue to decrease its likelihood. This issue may still occur under certain circumstances.
• The Device Management Client application must run as root to have access rights to perform the firmware update.
  • This is not the most secure way to handle this issue, so a more secure implementation will come later.
• Yocto distribution has only been tested in developer certificate mode.
• Yocto distribution used does not yet support Raspberry Pi4.

Device Management Client Third Party IP report

Device Management Client uses some open source third-party IP (TPIP). This table lists the TPIP and sources:

You also get more TPIP with the Mbed OS release itself, see their LICENSE.md for details.