Command-line tutorial for Renesas SDK with Pelion Device Management
This tutorial shows how to securely connect and update a Renesas EK-RA6M3
device to Device Management built with Renesas SDK over an IP connection.
This tutorial uses Linux PC (64-bit Ubuntu/XUbuntu OS desktop environment) for compilation and Windows 10 for programming the target board.
- Prerequisites.
- Configuring Device Management Client.
- Compiling and flashing Device Management Client.
- Updating the firmware.
Prerequisites
To use this tutorial, you need:
-
Segger J-Flash LITE tool recommended for erasing and programming.
-
Secure boot example v1.1.0 from Renesas.
- The Secure boot example contains its own Python requirements file in
./r01an5347eu0110-ra-arm-secure-boot-solution-ra6m3/SecureBoot_Package/scripts/dependency/requirements.txt
.
- The Secure boot example contains its own Python requirements file in
-
Configure MACRO for the compiler, for example:
export ARMGCC_DIR=/usr/local/gcc-arm-none-eabi-9-2019-q4-major
-
An access key (with
Administrators
group privileges) for your Device Management account.
For all other requirements, see the tools and account section. See also the Mbed CLI instructions.
Configuring Device Management Client
-
Open a terminal, and import the example repository to a convenient location in your development environment:
mbed import https://github.com/PelionIoT/mbed-cloud-client-example
-
Download a developer certificate from Device Management Portal.
-
Copy the
mbed_cloud_dev_credentials.c
file to the root folder of the example application. -
Create update-related configuration and credentials using the
manifest-tool
python package:- Upgrade to
manifest-tool
version 2.1.1 or higher:pip install --upgrade manifest-tool
- Initialize the developer environment:
manifest-dev-tool init --access-key <Device Management access key>
- Upgrade to
-
Deploy the remaining dependencies and configuration:
python pal-platform/pal-platform.py deploy --target Renesas_EK_RA6M3 generate
Note: There is a known issue in the deployment of
CMSIS_5
package. Ifpal-platform
fails withreturned non-zero exit status 128
error, try disabling Git-LFS smudge filter by defining the environmental variableGIT_LFS_SKIP_SMUDGE=1
.
Compiling and programming Device Management Client
-
Run CMake and Make to compile the application:
cd __Renesas_EK_RA6M3 cmake -G "Unix Makefiles" -DCMAKE_BUILD_TYPE=Release -DCMAKE_TOOLCHAIN_FILE=./../pal-platform/SDK/Renesas_EK_RA6M3/ARMGCC.cmake -DEXTERNAL_DEFINE_FILE=./../define_Renesas_EK_RA6M3_update.txt -DUPDATE_LINKING=1 make mbedCloudClientExample.elf cd ..
-
Combine the image with Renesas SecureBoot:
- Obtain the Secure boot example from Renesas, and unpack the program package. Your work area should look like:
my_apps/mbed-cloud-client-example my_apps/r01an5347eu0110-ra-arm-secure-boot-solution-ra6m3
- Go to the
mbed-cloud-client-example
folder for execution of theimgtool.py
.
imgtool.py
andflash_layout.h
are part of the Secure boot example.imgtool.py
has been tested with cryptography==2.8.0.
python ../r01an5347eu0110-ra-arm-secure-boot-solution-ra6m3/SecureBoot_Package/scripts/image_creation/imgtool.py sign --layout ../flash_layout/flash_layout.h --align 8 --header-size 0x400 __Renesas_EK_RA6M3/Release/mbedCloudClientExample.bin mbedCloudClientExample_signed.bin -k ../r01an5347eu0110-ra-arm-secure-boot-solution-ra6m3/SecureBoot_Package/scripts/image_creation/Signing_Key/signingkey.pem
__Renesas_EK_RA6M3/Release/mbedCloudClientExample.bin
is the output image from make.mbedCloudClientExample_signed.bin
is the output created byimgtool.py
.
-
Collect the images needed for programming:
The secure bootloader binary is in
./SecureBoot_Package/scripts/downloader/BL2_download/Secureboot_EK_RA6M3.bin
in ther01an5347eu0110-ra-arm-secure-boot-solution-ra6m3
folder.You need these two files for programming:
Secureboot_EK_RA6M3.bin mbedCloudClientExample_signed.bin
We recommend you use Segger J-Flash Lite application for erasing and flashing.
-
Program with the J-Flash Lite GUI application:
In the Segger J-Flash Lite:
- Target device should be auto-detected to be
R7FA6M3AH
. - Click the
Erase Chip
button to erase the flash. - Program the
Secureboot_EK_RA6M3.bin
. - Program the
mbedCloudClientExample_signed.bin
at address0x10000
.
- Target device should be auto-detected to be
-
Flash with J-Link command-line tools:
Note: Perform the flashing operations with Windows GUI tools as the command-line tools in both Windows and Linux are not reliable with this target.
-
Open in one terminal window:
JLink -device R7FA6M3AH -AutoConnect 1 -if SWD -speed auto
-
Execute in JlinkExe command-line window:
Note the address for the application image.
erase loadfile Secureboot_EK_RA6M3.bin loadfile mbedCloudClientExample_signed.bin 0x10000
-
Starting the application and viewing the console logs
-
Open the JLink debugger in one terminal window:
JLink -device R7FA6M3AH -AutoConnect 1 -if SWD -speed auto
-
Start JLinkRTTViewer in a another terminal window to access device logs:
JLinkRTTViewer -d R7FA6M3AH -ct sess -a
When the client has successfully connected, the terminal shows:
Client registered
Endpoint Name: <Endpoint name>
Device ID: <Device ID>
To verify the connection with Device Management Portal:
- Log in to Device Management Portal.
- Select Device directory from the menu on the left.
- When your device is listed on the Devices page, it is connected and available.
Your device is now connected and ready for firmware update. For development devices, the Endpoint name and Device ID are identical.
Updating the firmware
To update the firmware on your device, run:
manifest-dev-tool update-v1 \
--payload-path mbedCloudClientExample_signed.bin \
--device-id <Device ID>
--wait-for-completion
Note: The update image also must be signed the same way as the original programmed image.
During the update flow, the client tracing log shows:
Firmware download requested
Authorization granted
...
Downloading: 100 %
Download completed
Firmware install requested
Authorization granted
After this, the device reboots automatically and registers to Device Management.
Debugging
If you encounter this issue with J-Link commands:
****** Error: SC32 (connect): Failed to authenticate debugger via IDCODE. Incorrect IDCODE?
Power down the device for a few minutes.