Pelion Edge 2.3.0 - April 2021
New features
This release adds features to the Linux microPlatform (LmP) OS, which supports NXP's i.MX8 development platform i.MX 8M Mini EVK and AVNet's Xilinx MPSoC Starter kit UltraZed-EG IOCC. This release:
- [TPM] Introduces Secure Pelion Edge with the Trusted Platform Module (TPM) v2.0:
- [meta-parsec] Leverages Platfrom Abstraction for Security (Parsec) to interface with TPM and adds a new meta layer to build
parsec
service 0.6.0. - [swtpm]
meta-parsec
layer also brings in IBM's software TPMswtpm
package. If your hardware supports physical TPM, we recommend you comment out this package from theconsole-image-lmp.bb
file. - [parsec-se-driver] Adds a recipe to build Parsec Secure Element driver 0.4.0, which is a dependency of Edge Core and mbed-fcce package when compiled with
MBED_EDGE_CORE_CONFIG_PARSEC_TPM_SE_SUPPORT=ON
. - Adds
meta-rust
,meta-clang
andmeta-security/meta-tpm
, which are prerequisites to build Parsec and related packages. - [parsec-tool] Adds a recipe to build Parsec Tool, a command-line utility to debug and cross-validate the working of Parsec service and TPM.
- [meta-parsec] Leverages Platfrom Abstraction for Security (Parsec) to interface with TPM and adds a new meta layer to build
- [edge-core] Updates Edge Core to 0.16.1.
- Reduces the default log level to WARN.
- Adds
mbed_cloud_client_user_config.h
, so you can set the values for your use case. This overwrites the default config options set by Edge Core. The default lifetime value is set to 1800s (30min). - Explicitly defines HTTP_PROXY and HTTPS_PROXY environment variables.
- [edge-examples] Updates examples to 0.16.0.
- [mbed-fcce] Upgrades factory-configurator-client-example to v4.7.1.
- Renames the package name from
mbed-fcc
tombed-fcce
. - Explicitly defines HTTP_PROXY and HTTPS_PROXY environment variables.
- Renames the package name from
- [verified-logging] By default, the gateway is configured with persistent journal logging for LMP UltraZed-EG IOCC and i.MX 8M Mini EVK. To disable persistent logging, set flag
VOLATILE_LOG_DIR = "no"
inlocal.conf
, and update theStorage
in recipes-core/systemd/systemd-conf/journald.conf. Note: If you disable persistent logging, the FSS feature won't work. - Updates
identity-tool
,kubelet
andinfo-tool
package source file protocol from SSH to HTTPS.
Bug fixes
- [pt-example] Pelion Edge 2.2 used protocol translator example 0.13.0, which wasn't compatible with Edge Core 0.15.0. We fixed this by upgrading the example to version 0.16.0.
- In Pelion Edge 2.2, using the i.MX 8M Mini EVK in production mode with firmware update enabled failed with a FOTA_ASSERT after the reboot. This has been fixed.
Known issues
- The Pelion Device Management portal is not correctly updated after a firmware campaign in some instances.
- [maestro] The FeatureMgmt config resource is initialized with a maximum 3.8KB of file content. The remaining file content is truncated during initialization. This is most likely due to the limitation of the gorilla/websocket library but needs further investigation. However, you can still push a file size of a maximum of 64KB through cloud service APIs.
- [pt-example]
cpu-temperature
device reports random values because the default CPU temperature file is not the same on Yocto and LmP. - [info] The
info
command must be run withsudo
on LMP-based boards (UltraZed-EG IOCC and i.MX 8M Mini EVK). - [info] The
info
command on the UltraZed-EG IOCC attempts to read the CPU temperature when the temperature file does not exist. This results in a cat error message. - The LmP build enables software TPM and Parsec stacks by default in all configurations, including developer certificate configurations. However, because it won't be used or set up in those configurations, the logs show some TPM-related errors - those logs can be ignored.
- The LmP updates don't accept firmware updates with numbers 10 and 100. By default, the tenth update you perform is version 0.0.10, which fails. To work around this problem, avoid software version numbers with 10 and 100:
- For example, you can go from 0.0.9 to 0.0.11 by editing the
MAIN
component version information in a file called~/Pelion_Edge_Credentials/.manifest-dev-tool$ cat update.version.yaml
. ChangeMAIN: 0.0.10
toMAIN: 0.0.11
.
- For example, you can go from 0.0.9 to 0.0.11 by editing the
AVNET ZU3EG
- If you enable kernel configurations CPU_IDLE and PREEMPT, the LmP release including PetaLinux 2020.2 does not work in a stable manner. Our default configuration has those disabled. If you have any issues with those configurations, please contact Xilinx support.
- You cannot do firmware update from Edge 2.2 to Edge 2.3 on the AVNET ZU3EG board due to LmP v79 release FPGA-support changes. The changes have interdepencies between the BOOT image and kernel image and as in the current update you can only update ther kernel image it fails to boot up correctly with the Edge 2.2 based BOOT image (as it does not supply the required updated device tree/FPGA files etc.). So, update to Edge 2.3 image must be done with manual flashing on ZU3EG targets.
- You can program the Ethernet MAC address to the EEPROM on the board. Please see the Xilinx support documentation on how to do this with the
i2c
commands.
Limitations
- There is a maximum size limit to the full registration message, which limits the number of devices Edge can host:
- Maximum registration message size is 64KB.
- Hosted devices with five typical Resources consume ~280B (the exact size depends, for example, on the length of resource paths). This limits the maximum number to 270 devices.
- The more Resources you have, the fewer devices can be supported.
- The Pelion Edge device Resources are also included in the same registration message.
- Test the limits with your configuration, and set guidance accordingly.
- Devices behind Pelion Edge don't support auto-observation.
- Pelion Device Management Client enabled devices must first boostrap to the Pelion Device Management cloud before connecting to Pelion Edge.
- No moving devices are supported (such as the device moving from Pelion Edge to another edge device.)
- LmP's base partition table is set above 10GB to support three upgrade images in OSTree. Therefore, we only support SD card installation (compared to supporting onboard EMMC or NAND) for the i.MX 8M Mini EVK and the UltraZed-EG IOCC.
- Software TPM is not designed to be resilient against power failures. Instead of disconnecting the power supply to the gateway, always perform a graceful shutdown of the edge device when using software TPM. To resolve this, follow the troubleshooting section of our documentation about using Pelion Edge with TPM.
Important note
While provisioning your gateway, please use vendor-id=42fa7b48-1a65-43aa-890f-8c704daade54
to unlock the rich node features, such as gateway logs and gateway terminal in the Pelion web portal.