[Visit https://www.nuvoton.com/iot_startup for more IoT solutions]
The post shows OTA (Over-the-air firmware update) with AWS IoT on Nuvoton’s Mbed Enabled boards. Supported boards are
- NuMaker-IoT-M487, use Wi-Fi, store firmware to SPI Flash on board
- NuMaker-PFM-M487, use Ethernet, store firmware to SPI Flash on board
- NuMaker-M2354, use Wi-Fi, store firmware to MicroSD card
NuMaker-IoT-M487 is the board used in the demonstration. Before we start, let's take a look at the memory allocation and simply describes the flow.
APROM is internal flash memory of M487, SPI flash is an external SPI flash on board.
- Picture1.png (10.46 KiB) Viewed 8884 times
While staring OTA, the new firmware will download from cloud and store to SPI flash.
- Picture2.png (13.56 KiB) Viewed 8884 times
When the new firmware is downloaded, reset the device, the loader checks for new firmware, and then copies the new firmware to the internal APROM.
- Picture3.png (13.46 KiB) Viewed 8884 times
Before try it, you need two accounts
- An AWS account to use AWS IoT, IAM, and S3 services. AWS website
- An Mbed account to use Mbed Studio or other Mbed tools. Mbed website
- Run Mbed Studio
- Log in your Mbed account if it asks.
- Click File
- Click Import Program
- Picture4.png (22.18 KiB) Viewed 8884 times
- Fill example URL https://github.com/OpenNuvoton/NuMaker- ... TA-example to URL
- Click Add Program
- Picture5.png (23.64 KiB) Viewed 8884 times
- Active program is “numaker-mbed-aws-iot-csdk-ota-example”
- Target is “NuMaker-IoT-M487”. If not, you can select it on the pull down menu.
- Picture6.png (18.46 KiB) Viewed 8884 times
- The default connection of the example for NuMaker-IoT-M487 board is Wi-Fi
- Click mbed_app.json
- Scroll down to the configuration for NuMaker-IoT-M487 board
- Replace the SSID to your SSID and PASSWORD to your password.
- Picture7.png (38.11 KiB) Viewed 8884 times
Now, we have to configure it on AWS
- Log in AWS console
- If your device doesn’t have a thing, you have to create one.
- To create a thing, enter IoT Core service
- Click All Devices
- Click Things
- Click Create things
- Picture8.png (21.38 KiB) Viewed 8884 times
- Select Create single thing
- Click Next
- Fill Thing name. You can assign the name, here assume “MY-IOT-OTA-Device”
- No change to other options, click Next
- Select Auto-generate a new certificate (recommended)
- Click Next
- So far, no need to attach policy. Click Next
- Picture9.png (28.21 KiB) Viewed 8884 times
- Click each Download to download these Keys and CA files.
- Device certificate
- Public key file
- Private key file
- RSA 2048 bit key: Amazon Root CA 1
- ECC 256 bit key: Amazon Root CA 3
- Picture10.png (22.49 KiB) Viewed 8884 times
- Click Setting to get AWS_IOT_ENDPOINT
- Picture11.png (26.82 KiB) Viewed 8884 times
- The steps of official URL is here
- Do steps in
- Prerequisites for OTA updates using MQTT to create a my-ota-polcy000 for device
- Create an Amazon S3 bucket to store to store you update to create a my-ota-bucket001 bucket
- Create an OTA update service role to create my-ota-role001 role
- Create an OTA user policy to create a OTA account with OTA permission
- Create a code-signing certificate to create ecdsasigner.crt and ecdsasigner.key files
- Grant access to code signing for AWS IoT to create a policy to grant code sign access to OTA account
- Picture12.png (22.84 KiB) Viewed 8884 times
Let's back to Mbed Studio
- In Mbed Studio, click configs
- Click aws_config.h
- Fill the thing setting just created in previous steps.
- Fill the AWS_IOT_ENDPOINT
- Scroll down to assign a unique name for CLIENT_IDENTIFIER.
- Scroll down to fill THING_NAME, it is “MY-IOT-OTA-Device”.
- Picture13.png (34.92 KiB) Viewed 8884 times
- Click aws_credentials.c
- Fill these array
- AmazonRootCA1.pem to aws_rootCACrt[]
- XXXX-certificate.pem.crt.txt to aws_deviceCrt[]
- XXXX-public.pem.key to aws_devicePubKey[]
- XXXX-private.pem.key to aws_devicePvtKey[]
- ecdsasigner.crt to aws_codeVerCrt[]
- Pay attention to the fill
- Each line begins with a “, and end with \n”
- Picture14.png (36.45 KiB) Viewed 8884 times
- Click hammer to build code
- After build finish, add _V1.0.0.bin to image firmware.
- Image file is numaker-mbed-aws-iot-csdk-ota-example.bin in C:\Users\YOUR-ACCOUNT\Mbed Programs\numaker-mbed-aws-iot-csdk-ota-example\BUILD\NUMAKER_IOT_M487\ARMC6 folder
- Rename it to numaker-mbed-aws-iot-csdk-ota-example_V1.0.0.bin
- Click aws_config.h
- Scroll down to APP_VERSION_BUILD
- Change APP_VERSION_BUILD from 0 to 1
- Click hammer to build code again
- Rename the image file as above to _V1.0.1
- Now you have both v1.0.0 and v1.0.1 images
- Picture15.png (36.38 KiB) Viewed 8884 times
- Run NuMicro ICP Programming Tool
- Select M480 series, connect to board.
- Bootloader_LDROM.bin and Bootloader_Cloner.bin are in C:\Users\YOUR-ACCOUNT\Mbed Programs\numaker-mbed-aws-iot-csdk-ota-example\boorloader folder
- Flash Boorloader_LDROM.bin to LDROM only.
- Flash numaker-mbed-aws-iot-csdk-ota-example_V1.0.0.bin to APROM only and offset is 0x0.
- Flash Bootloader_Cloner.bin to APROM only and offset is 0x72000
- Now the device has v1.0.0 firmware
- Picture16.png (23.37 KiB) Viewed 8884 times
Let's go to AWS to schedule the OTA job
- Click Remote actions
- Click Jobs
- Click Create job
- Select Create a FreeRTOS OTA update job
- Click Next
- Assign a Job name, “My-OTA-Job”
- Click Next
- Picture17.png (22.54 KiB) Viewed 8884 times
- Click pull down menu to select MY-IOT-OTA-Device on Devices to update
- Select MQTT
- then scroll down…
- Picture18.png (23.2 KiB) Viewed 8884 times
- Select Sign a new file for me
- Click Create new profile
- Picture19.png (25.9 KiB) Viewed 8884 times
- Assign a Profile name, “My_OTA_Profile”
- Select any one of SHA256 & ECDSA platform to Device hardware platform, for example, ESP32-DevKitC.
- Select Import new code signing certificate
- Click Choose file to upload ecdsasigner.crt to Certificate body
- Click Choose file to upload ecdsasigner.key to Certificate private key
- Picture20.png (17.27 KiB) Viewed 8884 times
- Click Import
- Fill “Code_Verify_Key” to Path name of code signing certificate on device
- Click Create
- Picture21.png (17.3 KiB) Viewed 8884 times
- Make sure My_OTA_Profile has selected.
- Select Upload a new file
- Click Choose file, then select numaker-mbed-aws-iot-csdk-ota-example_V1.0.1.bin file.
- Picture22.png (23.49 KiB) Viewed 8884 times
- Click Browser S3
- Click to select my-ota-bucket001
- Click Choose
- Path name of file on device is not used. You can fill the “numaker-mbed-aws-iot-csdk-ota-example_V1.0.1.bin”
- Select my-ota-role001 to Role
- Click Next
- Picture23.png (20.25 KiB) Viewed 8884 times
- Select (snapshot) to Job run type
- Click Create job
- Picture24.png (23.49 KiB) Viewed 8884 times
Now, you can see the OTA starts to work.
- Run terminal tool on PC then open COM port of NuMaker-IoT-M487 board
- Power on the board to see the output on console and view the OTA messages.
- Picture25.png (15.79 KiB) Viewed 8884 times
Finally, here are a few Q&A for the OTA
- Can use larger size of SPI Flash?
- Yes, but the SPI Flash has to be supported by Mbed OS’s “SFDP” to utilize the driver and API without modifying code.
- How to disable rollback feature?
- Define “NVT_OTA_WITHOUT_BACKUP_BANK” macro in mbed_app.json
- What is the OTA flow with rollback enabled?
- Firmware in APROM copy to rollback firmware area of SPI flash
- Then update new firmware in SPI Flash to APROM
- Does rollback support on NuMaker-M2354?
- No!