Mistake on this page? Email us

Device Management Client 4.6.0

New features

Added support for Parsec, the Trusted Platform Module for Linux.

Device Management Client example

  • Changed the default transport mode of Wi-SUN to UDP.
  • The mesh heap size in the Wi-SUN configuration is increased from 32kB to 64kB.
  • Updated Mbed TLS to 2.22.0 in pal-platform.
  • Added support for Parsec. To compile the Device Management Client example application with Parsec, set the PARSEC_TPM_SE_SUPPORT CMake flag ON and use the define_linux_psa.txt configuration. In this configuration, the secure connection with Pelion is established using the device bootstrap private key that was generated on the Trusted Platform Module (TPM).

Factory Configurator Client example

  • Updated Mbed TLS to 2.22.0 in pal-platform.
  • Added support for Parsec. To compile FCCE with Parsec, set the PARSEC_TPM_SE_SUPPORT CMake flag to ON and use the linux-psa-config.cmake configuration file. In this configuration, the device bootstrap private key is generated on the Trusted Platform Module (TPM) during factory provisioning.

Secure Device Access Client example

  • Updated Mbed TLS to 2.22.0 in pal-platform.

Device Management Client

  • Removed the upper limit (900 seconds before expiration) for calculating the registration update timer expiration. Now, the timer uses 75% of the lifetime.
  • Changed the notification handler to send a notification only when crossing the "less than" or "greater than" notification threshold values.
  • Added support for the Parsec open-source initiative. It provides a platform-agnostic interface for calling the secure storage and operation services of a Trusted Platform Module (TPM) on Linux.
  • Optimized application reconnection handling.
    • Previously, the reconnection timer seed was randomized between 10 and 100 seconds. Now, the base value is platform-specific and you can control it using the PAL_DEFAULT_RTT_ESTIMATE macro (estimated round-trip time for the network).
      • Mbed OS defaults to 10 seconds.
      • NXP and Renesas SDKs default to 5 seconds.
      • Linux defaults to 3 seconds.
    • You can now optimize the client recovery behaviour based on the expected network performance (latency and bandwidth).
  • Added handling for MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE during handshake. This allows the client to recover and fall back to bootstrap if the LwM2M credentials are invalid.
  • Fixed a segmentation failure caused by a POST operation with payload to an unregistered LwM2M resource.
  • Improved handling of timeouts during network and TLS/DTLS operations to avoid unnessary fallbacks to re-bootstrapping.

Platform Adaptation Layer (PAL)

  • PAL SST APIs were removed. The new adaptation layer for Secure Storage is KVStore APIs.
  • Deprecated the MBED_CLIENT_RECONNECTION_INTERVAL macro. An application that needs to control the CoAP retransmission intervals should now define PAL_DEFAULT_RTT_ESTIMATE.
  • Deprecated the MBED_CONF_MBED_CLIENT_DTLS_PEER_MAX_TIMEOUT macro. An application that needs to control the DTLS intervals should now define PAL_DEFAULT_RTT_ESTIMATE.
  • Linux: Fixed handling of PIPE errors during socket handling that resulted in unwanted application termination instead of raising an error. Now, PIPE errors result in SSL handshake errors.

Known issues

  • The earlier revisions of LPCXpresso 546XX have different QSPI chip than some of the later revisions. The application needs to specify the chip at compile-time. Select the correct QSPI chip in the board configuration file (define_NXP_LPC54628.txt). This depends on the board revision.
  • DISCO_L475VG_IOT01A production and update flow is broken due to RoT not being initialized correctly.
    • Developer flow works correctly with hard-coded RoT. However, that is not suitable for production.
    • We are working on a fix, but for any urgent needs please contact us for a workaround.
  • [Mbed OS] The current version of the Atmel secure element driver does not support IAR compiler.
  • [PAL tests] PAL filesystem and PAL update tests currently support external SD card storage. Support for other storage types will be added in future releases.
  • [PAL tests] PAL TLS test (TCPHandshakeWhileCertVerify_threads) is not working on Mbed OS 5.13.0.
  • Client resource size is limited to 64KiB. For example, large binary objects (opaque resources) cannot exceed 64KiB.
    • Upload large pictures or other large binary objects to a different hosting service and use the LwM2M resources for passing the URI for that type of objects.
    • Alternatively, you can split a large object into chunks, and expose the chunks through multiple opaque resource instances.
  • [Mbed OS] Neither firmware update nor production flow is currently working with Nucleo F303RE. This is most likely due to issues in SPI flash.
  • [Mbed OS] The device may stall at certificate renewal when compiling with the PSA configuration.
  • [Mbed OS] Nucleo F429ZI may hardfault with debug profile. The device may also halt at runtime.

Mbed OS

We recommend that you read the Mbed OS release notes for known issues and their latest status.

  • PSA is in preview level and as such not ready for production yet.
    • You cannot update the pre-compiled PSA binary through firmware update. You can only update the application itself.
    • NXP LPC55S69:
      • The board has only 640KB flash. PSA takes 192KB out of it.
      • You can use the Client example (with firmware update and bootloader) with release profile due to the flash size limitation.
      • Only ARMC6 is supported for compilation.
    • K64F:
      • You can use the board in PSA mode (without real hardware PSA implementation).
      • The configuration file that allows this is placed under the configs-psa folder in the example.
      • The PSA mode adds RAM consumption (static +3.5KB) and flash/ROM consumption (+18.5KB).
      • Arm and partners are optimizing the solution in future releases.

Linux

  • Firmware update installation of very large images on Raspberry Pi3B or Pi3B+ may result in a mmc0 timeout failure. This is a generic Raspberry Pi3 issue. See RPI issue #2392.
  • Firmware update from one Linux distribution version to another does not work. For example, firmware update from Yocto distribution Morty to Rocko is not currently possible, as there are Linux version-dependent files (device tree) in the BOOT partition. Therefore, you must update within one major version of a distribution.
  • glibc versions 2.23 and 2.24 have a bug in thread creation. It can cause random crashes with Linux.
    • If possible, update glibc to version 2.25 (or later). See sourceware issue 20116 for details.
    • We have implemented a workaround for this issue to decrease its likelihood. This issue may still occur under certain circumstances.
  • The Device Management Client application must run as root to have access rights to perform the firmware update.
    • This is not the most secure way to handle this issue, so a more secure implementation will come later.
  • Yocto distribution has only been tested in developer certificate mode.
  • Yocto distribution used does not yet support Raspberry Pi4.

Device Management Client Third Party IP report

Device Management Client uses some third-party IP (TPIP) components. This table lists the TPIP and sources:

Original License Description
bsdfiff BSD 2 clause Diff algorithm used for delta update image generation.
LZ4 BSD 2 clause (lz4.c and lz4.h under /lib in LZ4) Compression algorithm used for compressing delta update images.
TinyCBOR MIT Factory configurator client (FCC) uses TinyCBOR, which is a constrained node implementation of CBOR in C, with slight modifications. The code is at mbed-cloud-client/tinycbor and in a standalone repository in GitHub.
Unity MIT Platform Adaptation Layer (PAL) tests use Unity framework from ThrowTheSwitch. The code is at mbed-cloud-client/mbed-client-pal/Test/Unity.

NXP SDK

Additional TPIP for NXP SDK:

Original License Description
Amazon FreeRTOS kernel v10.2 MIT FreeRTOS kernel from Amazon.
lwIP Modified BSD Lightweight IP stack.
Platform support files [BSD-3 Clause] Platform specific files in `platform/NXP´
LPC54608J512 Linker script [BSD-3 Clause] Linker script for GNU C.
LPC54xxx generated configuration files [BSD-3 Clause] Board-support specific generated files in pal-platform/SDK/LPCXpresso54628/generated
LPC54xxx board support software Copyright NXP Board support software for LPC5400-series - we do not provide this, you must download this via MCUXpresso SDK Builder yourself.
MIMXRT106XXX Linker script [BSD-3 Clause] Linker script for GNU C.
EVK-MIMXRT1060 generated configuration files [BSD-3 Clause] Board-support specific generated files in pal-platform/SDK/EVK-MIMXRT1060/generated
EVK-MIMXRT1060 board support software Copyright NXP Board support software for EVK-MIMXRT1060 - we do not provide this, you must download this via MCUXpresso SDK Builder yourself.

Keil SDK

Original License Description
Platform support files [BSD-3 Clause] Platform specific files in `platform/KEIL´
Platform adaptation layer files MIT Platform adaptation layer files in Source/Port/Reference-Impl/OS_Specific/RTX_MW

Renesas SDK

Additional TPIP for Renesas SDK (FSP):

Original License Description
Amazon FreeRTOS kernel v10.3 MIT FreeRTOS kernel from Amazon.
Renesas Flexible software Package (FSP) v1.0.0 Copyright (c) Renesas Board support package for RA6M3 boards. Running pal-platform.py will git clone this repository to your work area under pal-platform/SDK/Renesas_EK_RA6M3/fsp.
Renesas e2studio generated configuration files Copyright (c) Renesas Renesas e2studio generates a number of files, available in pal-platform/SDK/Renesas_EK_RA6M3/e2studio_gen.
lwIP Modified BSD Lightweight IP stack.
Platform support files [BSD-3 Clause] Platform specific files in `platform/Renesas_EK_RA6M3´
Platform adaptation layer files MIT Platform adaptation layer files in Source/Port/Reference-Impl/OS_Specific/Renesas_EK_RA6M3

Secure Device Access (SDA)

If you enable Secure Device Access (SDA), you will use some additional TPIP:

Original License Description
cose-c BSD-3 clause IETF Concise Binary Object Representation (CBOR) Encoded Message Syntax (COSE), a copy of this library is located under mbed-cloud-client/tree/master/secure-device-access-client/cose-c.

Mbed-OS

You also get more TPIP with the Mbed OS release itself. See their LICENSE.md for details.