Skip to content

Commit

Permalink
mbed-cloud-client 4.13.1
Browse files Browse the repository at this point in the history
  • Loading branch information
jenia81 committed Feb 16, 2023
1 parent c6e135b commit e5866ca
Show file tree
Hide file tree
Showing 7 changed files with 95 additions and 27 deletions.
65 changes: 64 additions & 1 deletion CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,19 @@
## Changelog for Izuma Device Management Client

### Release 4.13.1 (16.02.2023)

- Improved error logging for certificate enrollment misconfiguration.
- Fixed a failure in FOTA for developer flow in PSA mode. The mechanism of going through a storage reset if the compiled credential file differs from the stored credentials did not work well with PSA.
Read a certificate instead of a private key that we can't read in PSA mode.
- Only synchronous DNS is currently supported.
- [Linux] Change the default DNS to synchronous, by setting `PAL_DNS_API_VERSION` flag to 0.
- [Zephyr] Change the default DNS to synchronous, by setting `DNS API` selection to `POSIX`.
**Note: For Linux devices with version >= 4.11.0, or Zephyr device with version >= 4.9.0 you should override the default DNS setting to synchronous in the application level.**

#### Known issues

- [Linux/Zephyr] Asynchronous DNS does not work well, and the device fails to reconnect to the cloud if some of the pods are restarted. In such a scenario, the device needs to be restarted.

### Release 4.13.0 (21.11.2022)

- Izuma branding changes.
Expand All @@ -15,7 +29,13 @@
* If a socket error is encountered, the next try will be done with the original CoaP port `5684`.
* After 2nd failure, we alternate back to the custom port.
* NOTE! Only port 443 can be used as an alternative customer port with Izuma Networks.

#### Known issues

- [Linux/Zephyr] Asynchronous DNS does not work well, and the device fails to reconnect to the cloud if some of the pods are restarted. In such a scenario, the device needs to be restarted.
To address this issue, the default DNS settings should be overridden to synchronous DNS in the application level:
- For Linux devices, set the `PAL_DNS_API_VERSION` flag to 0.
- For Zephyr devices, set the `DNS API` selection to POSIX.

### Release 4.12.0 (01.03.2022)

Expand All @@ -24,9 +44,23 @@
- Introduce a new `LWM2M_COMPLIANT` flag that enables connection to any LwM2M compliant bootstrap and device management services. Disabled by default.
- Introduce a new `DISABLE_SERVER_CERT_VERIFY` flag that disables the server certificate verification during the TLS handshake. Disabled by default.

#### Known issues

- [Linux/Zephyr] Asynchronous DNS does not work well, and the device fails to reconnect to the cloud if some of the pods are restarted. In such a scenario, the device needs to be restarted.
To address this issue, the default DNS settings should be overridden to synchronous DNS in the application level:
- For Linux devices, set the `PAL_DNS_API_VERSION` flag to 0.
- For Zephyr devices, set the `DNS API` selection to POSIX.

### Release 4.11.2 (01.12.2021)

Fixed a potential dead-lock situation in sn_nsdl.c CoAP tracing when tracing is enabled but trace-level is set below INFO. This fixes a regression introduced in 4.11.0 release.
- Fixed a potential dead-lock situation in sn_nsdl.c CoAP tracing when tracing is enabled but trace-level is set below INFO. This fixes a regression introduced in 4.11.0 release.

#### Known issues

- [Linux/Zephyr] Asynchronous DNS does not work well, and the device fails to reconnect to the cloud if some of the pods are restarted. In such a scenario, the device needs to be restarted.
To address this issue, the default DNS settings should be overridden to synchronous DNS in the application level:
- For Linux devices, set the `PAL_DNS_API_VERSION` flag to 0.
- For Zephyr devices, set the `DNS API` selection to POSIX.

### Release 4.11.1 (11.10.2021)

Expand All @@ -35,6 +69,13 @@ Fixed a potential dead-lock situation in sn_nsdl.c CoAP tracing when tracing is
- [Remote logging] Fixed internal flash configuration to perform a full storage erase before using it.
- Fixed compiler warnings.

#### Known issues

- [Linux/Zephyr] Asynchronous DNS does not work well, and the device fails to reconnect to the cloud if some of the pods are restarted. In such a scenario, the device needs to be restarted.
To address this issue, the default DNS settings should be overridden to synchronous DNS in the application level:
- For Linux devices, set the `PAL_DNS_API_VERSION` flag to 0.
- For Zephyr devices, set the `DNS API` selection to POSIX.

### Release 4.11.0 (17.09.2021)

### Device Management Client
Expand Down Expand Up @@ -78,6 +119,13 @@ Fixed a potential dead-lock situation in sn_nsdl.c CoAP tracing when tracing is

[Linux] Enabled `PAL_DNS_API_VERSION` 3 by default for Linux configurations.

#### Known issues

- [Linux/Zephyr] Asynchronous DNS does not work well, and the device fails to reconnect to the cloud if some of the pods are restarted. In such a scenario, the device needs to be restarted.
To address this issue, the default DNS settings should be overridden to synchronous DNS in the application level:
- For Linux devices, set the `PAL_DNS_API_VERSION` flag to 0.
- For Zephyr devices, set the `DNS API` selection to POSIX.

### Release 4.10.0 (07.07.2021)

### Device Management Client
Expand Down Expand Up @@ -124,6 +172,11 @@ Fixed a potential dead-lock situation in sn_nsdl.c CoAP tracing when tracing is
- Of a component image on an Mbed OS devices.
- Fix: Removed the candidate image file from its original path in Linux after FOTA completion.

#### Known issues

- [Zephyr] Asynchronous DNS does not work well. The device fails to reconnect to the cloud if some of the pods are restarted. In such a scenario, the device needs to be restarted.
To address this issue, the default DNS settings should be overridden to synchronous DNS in the application level by setting the DNS API selection to POSIX in the application's configuration settings.

### Release 4.9.1 (17.06.2021)

### Device Management Client
Expand All @@ -132,6 +185,11 @@ Fixed a potential dead-lock situation in sn_nsdl.c CoAP tracing when tracing is
### Platform Adaptation Layer (PAL)
- [Zephyr] Fixed a memory leak on DNS handling.

#### Known issues

- [Zephyr] Asynchronous DNS does not work well. The device fails to reconnect to the cloud if some of the pods are restarted. In such a scenario, the device needs to be restarted.
To address this issue, the default DNS settings should be overridden to synchronous DNS in the application level by setting the DNS API selection to POSIX in the application's configuration settings.

### Release 4.9.0 (21.05.2021)

### Device Management Client
Expand Down Expand Up @@ -168,6 +226,11 @@ Fixed a potential dead-lock situation in sn_nsdl.c CoAP tracing when tracing is
- Added new PAL_DNS_API_VERSION 3. It's an asynchronous DNS API that can return multiple DNS results.
- This feature is currently implemented only for Linux platform and is disabled by default. You can enable it by defining PAL_DNS_API_VERSION=3. In future releases, this feature will be enabled by default for Linux.

#### Known issues

- [Zephyr] Asynchronous DNS does not work well. The device fails to reconnect to the cloud if some of the pods are restarted. In such a scenario, the device needs to be restarted.
To address this issue, the default DNS settings should be overridden to synchronous DNS in the application level by setting the DNS API selection to POSIX in the application's configuration settings.

### Release 4.8.0 (19.04.2021)

#### Device Management Client
Expand Down
4 changes: 2 additions & 2 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
# Device Management Client
This repository contains Izuma Device Management Client: a library that connects devices to Izuma Device Management service and to Mbed-enabled cloud services from our partners.
This repository contains Pelion Device Management Client: a library that connects devices to Pelion Device Management service and to Mbed-enabled cloud services from our partners.

The documentation is hosted [here](https://developer.izumanetworks.com/docs/device-management/current/welcome/index.html).
The documentation is hosted [here](https://www.pelion.com/docs/device-management/current/welcome/index.html).

You can report concerns about the documentation or this SW as issues to [this GitHub repository](https://github.com/PelionIoT/mbed-cloud-client/issues).

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -21,12 +21,12 @@
#include "fcc_utils.h"
#include "cs_der_keys_and_csrs.h"

typedef struct fcc_deloveper_mode_item_params {
typedef struct fcc_developer_mode_item_params {
const char *item_name;
kcm_item_type_e item_kcm_type;
const uint8_t *item_data;
const uint32_t item_data_size;
} fcc_deloveper_mode_item_params_s;
} fcc_developer_mode_item_params_s;

//bootstrap endpoint name
extern const char MBED_CLOUD_DEV_BOOTSTRAP_ENDPOINT_NAME[];
Expand Down Expand Up @@ -69,7 +69,7 @@ fcc_status_e fcc_developer_flow(void)
#else
static const uint32_t is_bootstrap_mode = 1;
#endif
const fcc_deloveper_mode_item_params_s fcc_deloveper_mode_item_params_table[] = {
const fcc_developer_mode_item_params_s fcc_developer_mode_item_params_table[] = {

//param name //param kcm type //param data //param data_size
//Device general info
Expand Down Expand Up @@ -110,8 +110,8 @@ fcc_status_e fcc_developer_flow(void)
{ NULL, KCM_LAST_ITEM, NULL, 0},
};

const fcc_deloveper_mode_item_params_s* mandatory_items_iter = &fcc_deloveper_mode_item_params_table[0];
uint8_t kcm_item_buffer[KCM_EC_SECP256R1_MAX_PRIV_KEY_DER_SIZE];
const fcc_developer_mode_item_params_s* mandatory_items_iter = &fcc_developer_mode_item_params_table[0];
uint8_t kcm_item_buffer[1024];
size_t act_kcm_item_buffer_size;


Expand All @@ -129,18 +129,22 @@ fcc_status_e fcc_developer_flow(void)
// item already exists - this means that storage already contains developer mode prov items.
SA_PV_LOG_INFO("Developer mode prov items already exist on the storage.");

// Read the BS device private key and check if it's equal to the pre-compiled key.
kcm_item_get_data((const uint8_t*)g_fcc_bootstrap_device_private_key_name,
strlen(g_fcc_bootstrap_device_private_key_name),
KCM_PRIVATE_KEY_ITEM,
kcm_item_buffer,
sizeof(kcm_item_buffer),
&act_kcm_item_buffer_size);

if (act_kcm_item_buffer_size == MBED_CLOUD_DEV_BOOTSTRAP_DEVICE_PRIVATE_KEY_SIZE) {
// The size of the stored key is equal to the compiled key
if (memcmp(kcm_item_buffer, MBED_CLOUD_DEV_BOOTSTRAP_DEVICE_PRIVATE_KEY, MBED_CLOUD_DEV_BOOTSTRAP_DEVICE_PRIVATE_KEY_SIZE) == 0) {
// The content of the keys are equal
// Read the BS device certificate and check if it's equal to the pre-compiled cert.
// We can't check private key since it won't work for PSA
kcm_status = kcm_item_get_data((const uint8_t*)g_fcc_bootstrap_device_certificate_name,
strlen(g_fcc_bootstrap_device_certificate_name),
KCM_CERTIFICATE_ITEM,
kcm_item_buffer,
sizeof(kcm_item_buffer),
&act_kcm_item_buffer_size);

SA_PV_ERR_RECOVERABLE_RETURN_IF((kcm_status != KCM_STATUS_SUCCESS), fcc_convert_kcm_to_fcc_status(kcm_status), "Get of the BS cert failed %d", kcm_status);


if (act_kcm_item_buffer_size == MBED_CLOUD_DEV_BOOTSTRAP_DEVICE_CERTIFICATE_SIZE ) {
// The size of the stored cert is equal to the compiled cert
if (memcmp(kcm_item_buffer, MBED_CLOUD_DEV_BOOTSTRAP_DEVICE_CERTIFICATE, MBED_CLOUD_DEV_BOOTSTRAP_DEVICE_CERTIFICATE_SIZE) == 0) {
// The content of the certs are equal
// No need to override the items, just exit the function with "an item exists" status.
SA_PV_LOG_INFO("The stored items are equal to the compiled items.");
return FCC_STATUS_KCM_FILE_EXIST_ERROR;
Expand Down
4 changes: 0 additions & 4 deletions mbed-client-pal/Configs/pal_config/Linux/Linux_default.h
Original file line number Diff line number Diff line change
Expand Up @@ -184,10 +184,6 @@
#define PAL_NET_DNS_SUPPORT 1
#endif

#if (PAL_NET_DNS_SUPPORT == 1) && !(defined(PAL_DNS_API_VERSION))
#define PAL_DNS_API_VERSION 3 //!< asyncronous DNS API that can return multiple DNS results.
#endif

// Define this to use static memory buffer for mbedtls, instead of standard mbedtls memory system (default is using heap).
//#undef PAL_USE_STATIC_MEMBUF_FOR_MBEDTLS

Expand Down
2 changes: 1 addition & 1 deletion mbed-client/mbed-client/m2mversion.h
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,6 @@
/** PDMC_PATCH_VERSION
* Pelion Device Management Client patch version
*/
#define PDMC_PATCH_VERSION 0
#define PDMC_PATCH_VERSION 1

#endif // M2MVERSION_H
6 changes: 5 additions & 1 deletion mbed-client/source/m2mnsdlinterface.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -2719,13 +2719,16 @@ bool M2MNsdlInterface::validate_security_object()
return false;
}
break;
#ifndef MBED_CLIENT_DISABLE_EST_FEATURE
case M2MSecurity::EST:
#ifndef MBED_CLIENT_DISABLE_EST_FEATURE
// Only server public key should be populated for lwm2m, client keys will be generated
if (!is_bs_server && (!server_key_size || chain_size || pkey_size)) {
return false;
}
break;
#else
tr_error("M2MNsdlInterface - EST mode activated - EST feature is NOT configured in!");
return false;
#endif
case M2MSecurity::NoSecurity:
if (!is_bs_server) {
Expand All @@ -2734,6 +2737,7 @@ bool M2MNsdlInterface::validate_security_object()
break;
default:
// Security mode not supported
tr_error("M2MNsdlInterface - Unknown security mode - not supported.!");
return false;
}
}
Expand Down
3 changes: 2 additions & 1 deletion zephyr/Kconfig.pal
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,7 @@ config IZUMA_PAL_USE_APPLICATION_NETWORK_CALLBACK

choice
prompt "DNS API"
default IZUMA_PAL_USE_DNS_API_RESOLVE
default IZUMA_PAL_USE_DNS_API_POSIX
help
Select DNS API used by network abstraction implementation.

Expand All @@ -66,6 +66,7 @@ choice
bool "DNS Resolve"
depends on DNS_RESOLVER
help
NOTE! Do not use this feature right now. Issues with reconnecting.
Use DNS Resolve's dns_get_addr_info. This call is asynchronous and maps
to Izuma's DNS version 3.

Expand Down

0 comments on commit e5866ca

Please sign in to comment.