diff --git a/CHANGELOG.md b/CHANGELOG.md index 6b1127c9..1c51b098 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,19 @@ ## Changelog for Izuma Device Management Client +### Release 4.13.1 (16.02.2023) + +- Improved error logging for certificate enrollment misconfiguration. +- Fixed a failure in FOTA for developer flow in PSA mode. The mechanism of going through a storage reset if the compiled credential file differs from the stored credentials did not work well with PSA. + Read a certificate instead of a private key that we can't read in PSA mode. +- Only synchronous DNS is currently supported. + - [Linux] Change the default DNS to synchronous, by setting `PAL_DNS_API_VERSION` flag to 0. + - [Zephyr] Change the default DNS to synchronous, by setting `DNS API` selection to `POSIX`. + **Note: For Linux devices with version >= 4.11.0, or Zephyr device with version >= 4.9.0 you should override the default DNS setting to synchronous in the application level.** + +#### Known issues + +- [Linux/Zephyr] Asynchronous DNS does not work well, and the device fails to reconnect to the cloud if some of the pods are restarted. In such a scenario, the device needs to be restarted. + ### Release 4.13.0 (21.11.2022) - Izuma branding changes. @@ -15,7 +29,13 @@ * If a socket error is encountered, the next try will be done with the original CoaP port `5684`. * After 2nd failure, we alternate back to the custom port. * NOTE! Only port 443 can be used as an alternative customer port with Izuma Networks. + +#### Known issues +- [Linux/Zephyr] Asynchronous DNS does not work well, and the device fails to reconnect to the cloud if some of the pods are restarted. In such a scenario, the device needs to be restarted. + To address this issue, the default DNS settings should be overridden to synchronous DNS in the application level: + - For Linux devices, set the `PAL_DNS_API_VERSION` flag to 0. + - For Zephyr devices, set the `DNS API` selection to POSIX. ### Release 4.12.0 (01.03.2022) @@ -24,9 +44,23 @@ - Introduce a new `LWM2M_COMPLIANT` flag that enables connection to any LwM2M compliant bootstrap and device management services. Disabled by default. - Introduce a new `DISABLE_SERVER_CERT_VERIFY` flag that disables the server certificate verification during the TLS handshake. Disabled by default. +#### Known issues + +- [Linux/Zephyr] Asynchronous DNS does not work well, and the device fails to reconnect to the cloud if some of the pods are restarted. In such a scenario, the device needs to be restarted. + To address this issue, the default DNS settings should be overridden to synchronous DNS in the application level: + - For Linux devices, set the `PAL_DNS_API_VERSION` flag to 0. + - For Zephyr devices, set the `DNS API` selection to POSIX. + ### Release 4.11.2 (01.12.2021) -Fixed a potential dead-lock situation in sn_nsdl.c CoAP tracing when tracing is enabled but trace-level is set below INFO. This fixes a regression introduced in 4.11.0 release. +- Fixed a potential dead-lock situation in sn_nsdl.c CoAP tracing when tracing is enabled but trace-level is set below INFO. This fixes a regression introduced in 4.11.0 release. + +#### Known issues + +- [Linux/Zephyr] Asynchronous DNS does not work well, and the device fails to reconnect to the cloud if some of the pods are restarted. In such a scenario, the device needs to be restarted. + To address this issue, the default DNS settings should be overridden to synchronous DNS in the application level: + - For Linux devices, set the `PAL_DNS_API_VERSION` flag to 0. + - For Zephyr devices, set the `DNS API` selection to POSIX. ### Release 4.11.1 (11.10.2021) @@ -35,6 +69,13 @@ Fixed a potential dead-lock situation in sn_nsdl.c CoAP tracing when tracing is - [Remote logging] Fixed internal flash configuration to perform a full storage erase before using it. - Fixed compiler warnings. +#### Known issues + +- [Linux/Zephyr] Asynchronous DNS does not work well, and the device fails to reconnect to the cloud if some of the pods are restarted. In such a scenario, the device needs to be restarted. + To address this issue, the default DNS settings should be overridden to synchronous DNS in the application level: + - For Linux devices, set the `PAL_DNS_API_VERSION` flag to 0. + - For Zephyr devices, set the `DNS API` selection to POSIX. + ### Release 4.11.0 (17.09.2021) ### Device Management Client @@ -78,6 +119,13 @@ Fixed a potential dead-lock situation in sn_nsdl.c CoAP tracing when tracing is [Linux] Enabled `PAL_DNS_API_VERSION` 3 by default for Linux configurations. +#### Known issues + +- [Linux/Zephyr] Asynchronous DNS does not work well, and the device fails to reconnect to the cloud if some of the pods are restarted. In such a scenario, the device needs to be restarted. + To address this issue, the default DNS settings should be overridden to synchronous DNS in the application level: + - For Linux devices, set the `PAL_DNS_API_VERSION` flag to 0. + - For Zephyr devices, set the `DNS API` selection to POSIX. + ### Release 4.10.0 (07.07.2021) ### Device Management Client @@ -124,6 +172,11 @@ Fixed a potential dead-lock situation in sn_nsdl.c CoAP tracing when tracing is - Of a component image on an Mbed OS devices. - Fix: Removed the candidate image file from its original path in Linux after FOTA completion. +#### Known issues + +- [Zephyr] Asynchronous DNS does not work well. The device fails to reconnect to the cloud if some of the pods are restarted. In such a scenario, the device needs to be restarted. + To address this issue, the default DNS settings should be overridden to synchronous DNS in the application level by setting the DNS API selection to POSIX in the application's configuration settings. + ### Release 4.9.1 (17.06.2021) ### Device Management Client @@ -132,6 +185,11 @@ Fixed a potential dead-lock situation in sn_nsdl.c CoAP tracing when tracing is ### Platform Adaptation Layer (PAL) - [Zephyr] Fixed a memory leak on DNS handling. +#### Known issues + +- [Zephyr] Asynchronous DNS does not work well. The device fails to reconnect to the cloud if some of the pods are restarted. In such a scenario, the device needs to be restarted. + To address this issue, the default DNS settings should be overridden to synchronous DNS in the application level by setting the DNS API selection to POSIX in the application's configuration settings. + ### Release 4.9.0 (21.05.2021) ### Device Management Client @@ -168,6 +226,11 @@ Fixed a potential dead-lock situation in sn_nsdl.c CoAP tracing when tracing is - Added new PAL_DNS_API_VERSION 3. It's an asynchronous DNS API that can return multiple DNS results. - This feature is currently implemented only for Linux platform and is disabled by default. You can enable it by defining PAL_DNS_API_VERSION=3. In future releases, this feature will be enabled by default for Linux. +#### Known issues + +- [Zephyr] Asynchronous DNS does not work well. The device fails to reconnect to the cloud if some of the pods are restarted. In such a scenario, the device needs to be restarted. + To address this issue, the default DNS settings should be overridden to synchronous DNS in the application level by setting the DNS API selection to POSIX in the application's configuration settings. + ### Release 4.8.0 (19.04.2021) #### Device Management Client diff --git a/README.md b/README.md index 92ad16ab..cb5d7a75 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,7 @@ # Device Management Client -This repository contains Izuma Device Management Client: a library that connects devices to Izuma Device Management service and to Mbed-enabled cloud services from our partners. +This repository contains Pelion Device Management Client: a library that connects devices to Pelion Device Management service and to Mbed-enabled cloud services from our partners. -The documentation is hosted [here](https://developer.izumanetworks.com/docs/device-management/current/welcome/index.html). +The documentation is hosted [here](https://www.pelion.com/docs/device-management/current/welcome/index.html). You can report concerns about the documentation or this SW as issues to [this GitHub repository](https://github.com/PelionIoT/mbed-cloud-client/issues). diff --git a/factory-configurator-client/factory-configurator-client/source/fcc_dev_flow.c b/factory-configurator-client/factory-configurator-client/source/fcc_dev_flow.c index 15b51dd6..2207c9f7 100644 --- a/factory-configurator-client/factory-configurator-client/source/fcc_dev_flow.c +++ b/factory-configurator-client/factory-configurator-client/source/fcc_dev_flow.c @@ -21,12 +21,12 @@ #include "fcc_utils.h" #include "cs_der_keys_and_csrs.h" -typedef struct fcc_deloveper_mode_item_params { +typedef struct fcc_developer_mode_item_params { const char *item_name; kcm_item_type_e item_kcm_type; const uint8_t *item_data; const uint32_t item_data_size; -} fcc_deloveper_mode_item_params_s; +} fcc_developer_mode_item_params_s; //bootstrap endpoint name extern const char MBED_CLOUD_DEV_BOOTSTRAP_ENDPOINT_NAME[]; @@ -69,7 +69,7 @@ fcc_status_e fcc_developer_flow(void) #else static const uint32_t is_bootstrap_mode = 1; #endif - const fcc_deloveper_mode_item_params_s fcc_deloveper_mode_item_params_table[] = { + const fcc_developer_mode_item_params_s fcc_developer_mode_item_params_table[] = { //param name //param kcm type //param data //param data_size //Device general info @@ -110,8 +110,8 @@ fcc_status_e fcc_developer_flow(void) { NULL, KCM_LAST_ITEM, NULL, 0}, }; - const fcc_deloveper_mode_item_params_s* mandatory_items_iter = &fcc_deloveper_mode_item_params_table[0]; - uint8_t kcm_item_buffer[KCM_EC_SECP256R1_MAX_PRIV_KEY_DER_SIZE]; + const fcc_developer_mode_item_params_s* mandatory_items_iter = &fcc_developer_mode_item_params_table[0]; + uint8_t kcm_item_buffer[1024]; size_t act_kcm_item_buffer_size; @@ -129,18 +129,22 @@ fcc_status_e fcc_developer_flow(void) // item already exists - this means that storage already contains developer mode prov items. SA_PV_LOG_INFO("Developer mode prov items already exist on the storage."); - // Read the BS device private key and check if it's equal to the pre-compiled key. - kcm_item_get_data((const uint8_t*)g_fcc_bootstrap_device_private_key_name, - strlen(g_fcc_bootstrap_device_private_key_name), - KCM_PRIVATE_KEY_ITEM, - kcm_item_buffer, - sizeof(kcm_item_buffer), - &act_kcm_item_buffer_size); - - if (act_kcm_item_buffer_size == MBED_CLOUD_DEV_BOOTSTRAP_DEVICE_PRIVATE_KEY_SIZE) { - // The size of the stored key is equal to the compiled key - if (memcmp(kcm_item_buffer, MBED_CLOUD_DEV_BOOTSTRAP_DEVICE_PRIVATE_KEY, MBED_CLOUD_DEV_BOOTSTRAP_DEVICE_PRIVATE_KEY_SIZE) == 0) { - // The content of the keys are equal + // Read the BS device certificate and check if it's equal to the pre-compiled cert. + // We can't check private key since it won't work for PSA + kcm_status = kcm_item_get_data((const uint8_t*)g_fcc_bootstrap_device_certificate_name, + strlen(g_fcc_bootstrap_device_certificate_name), + KCM_CERTIFICATE_ITEM, + kcm_item_buffer, + sizeof(kcm_item_buffer), + &act_kcm_item_buffer_size); + + SA_PV_ERR_RECOVERABLE_RETURN_IF((kcm_status != KCM_STATUS_SUCCESS), fcc_convert_kcm_to_fcc_status(kcm_status), "Get of the BS cert failed %d", kcm_status); + + + if (act_kcm_item_buffer_size == MBED_CLOUD_DEV_BOOTSTRAP_DEVICE_CERTIFICATE_SIZE ) { + // The size of the stored cert is equal to the compiled cert + if (memcmp(kcm_item_buffer, MBED_CLOUD_DEV_BOOTSTRAP_DEVICE_CERTIFICATE, MBED_CLOUD_DEV_BOOTSTRAP_DEVICE_CERTIFICATE_SIZE) == 0) { + // The content of the certs are equal // No need to override the items, just exit the function with "an item exists" status. SA_PV_LOG_INFO("The stored items are equal to the compiled items."); return FCC_STATUS_KCM_FILE_EXIST_ERROR; diff --git a/mbed-client-pal/Configs/pal_config/Linux/Linux_default.h b/mbed-client-pal/Configs/pal_config/Linux/Linux_default.h index ad6a5a2b..92bc5c2d 100644 --- a/mbed-client-pal/Configs/pal_config/Linux/Linux_default.h +++ b/mbed-client-pal/Configs/pal_config/Linux/Linux_default.h @@ -184,10 +184,6 @@ #define PAL_NET_DNS_SUPPORT 1 #endif -#if (PAL_NET_DNS_SUPPORT == 1) && !(defined(PAL_DNS_API_VERSION)) -#define PAL_DNS_API_VERSION 3 //!< asyncronous DNS API that can return multiple DNS results. -#endif - // Define this to use static memory buffer for mbedtls, instead of standard mbedtls memory system (default is using heap). //#undef PAL_USE_STATIC_MEMBUF_FOR_MBEDTLS diff --git a/mbed-client/mbed-client/m2mversion.h b/mbed-client/mbed-client/m2mversion.h index b1fdc760..d67eaff3 100644 --- a/mbed-client/mbed-client/m2mversion.h +++ b/mbed-client/mbed-client/m2mversion.h @@ -30,6 +30,6 @@ /** PDMC_PATCH_VERSION * Pelion Device Management Client patch version */ -#define PDMC_PATCH_VERSION 0 +#define PDMC_PATCH_VERSION 1 #endif // M2MVERSION_H diff --git a/mbed-client/source/m2mnsdlinterface.cpp b/mbed-client/source/m2mnsdlinterface.cpp index ff6b2361..e77eec3f 100644 --- a/mbed-client/source/m2mnsdlinterface.cpp +++ b/mbed-client/source/m2mnsdlinterface.cpp @@ -2719,13 +2719,16 @@ bool M2MNsdlInterface::validate_security_object() return false; } break; -#ifndef MBED_CLIENT_DISABLE_EST_FEATURE case M2MSecurity::EST: +#ifndef MBED_CLIENT_DISABLE_EST_FEATURE // Only server public key should be populated for lwm2m, client keys will be generated if (!is_bs_server && (!server_key_size || chain_size || pkey_size)) { return false; } break; +#else + tr_error("M2MNsdlInterface - EST mode activated - EST feature is NOT configured in!"); + return false; #endif case M2MSecurity::NoSecurity: if (!is_bs_server) { @@ -2734,6 +2737,7 @@ bool M2MNsdlInterface::validate_security_object() break; default: // Security mode not supported + tr_error("M2MNsdlInterface - Unknown security mode - not supported.!"); return false; } } diff --git a/zephyr/Kconfig.pal b/zephyr/Kconfig.pal index fe0eafb5..25b612bf 100644 --- a/zephyr/Kconfig.pal +++ b/zephyr/Kconfig.pal @@ -52,7 +52,7 @@ config IZUMA_PAL_USE_APPLICATION_NETWORK_CALLBACK choice prompt "DNS API" - default IZUMA_PAL_USE_DNS_API_RESOLVE + default IZUMA_PAL_USE_DNS_API_POSIX help Select DNS API used by network abstraction implementation. @@ -66,6 +66,7 @@ choice bool "DNS Resolve" depends on DNS_RESOLVER help + NOTE! Do not use this feature right now. Issues with reconnecting. Use DNS Resolve's dns_get_addr_info. This call is asynchronous and maps to Izuma's DNS version 3.