[Visit https://www.nuvoton.com/iot_startup for more IoT solutions]
The post shows OTA (Over-the-air firmware update) with AWS IoT on Nuvoton’s Mbed Enabled boards. Supported boards are
- NuMaker-IoT-M487, use Wi-Fi, store firmware to SPI Flash on board
- NuMaker-PFM-M487, use Ethernet, store firmware to SPI Flash on board
- NuMaker-M2354, use Wi-Fi, store firmware to MicroSD card
NuMaker-IoT-M487 is the board used in the demonstration. Before we start, let's take a look at the memory allocation and simply describes the flow.
APROM is internal flash memory of M487, SPI flash is an external SPI flash on board.
While staring OTA, the new firmware will download from cloud and store to SPI flash.
When the new firmware is downloaded, reset the device, the loader checks for new firmware, and then copies the new firmware to the internal APROM.
Before try it, you need two accounts
- An AWS account to use AWS IoT, IAM, and S3 services. AWS website
- An Mbed account to use Mbed Studio or other Mbed tools. Mbed website
- Run Mbed Studio
- Log in your Mbed account if it asks.
- Click File
- Click Import Program
- Fill example URL https://github.com/OpenNuvoton/NuMaker-mbed-AWS-IoT-CSDK-OTA-example to URL
- Click Add Program
- Active program is “numaker-mbed-aws-iot-csdk-ota-example”
- Target is “NuMaker-IoT-M487”. If not, you can select it on the pull down menu.
- The default connection of the example for NuMaker-IoT-M487 board is Wi-Fi
- Click mbed_app.json
- Scroll down to the configuration for NuMaker-IoT-M487 board
- Replace the SSID to your SSID and PASSWORD to your password.
Now, we have to configure it on AWS
- Log in AWS console
- If your device doesn’t have a thing, you have to create one.
- To create a thing, enter IoT Core service
- Click All Devices
- Click Things
- Click Create things
- Select Create single thing
- Click Next
- Fill Thing name. You can assign the name, here assume “MY-IOT-OTA-Device”
- No change to other options, click Next
- Select Auto-generate a new certificate (recommended)
- Click Next
- So far, no need to attach policy. Click Next
- Click each Download to download these Keys and CA files.
- Device certificate
- Public key file
- Private key file
- RSA 2048 bit key: Amazon Root CA 1
- ECC 256 bit key: Amazon Root CA 3
- Click Setting to get AWS_IOT_ENDPOINT
- The steps of official URL is here
- Do steps in
- Prerequisites for OTA updates using MQTT to create a my-ota-polcy000 for device
- Create an Amazon S3 bucket to store to store you update to create a my-ota-bucket001 bucket
- Create an OTA update service role to create my-ota-role001 role
- Create an OTA user policy to create a OTA account with OTA permission
- Create a code-signing certificate to create ecdsasigner.crt and ecdsasigner.key files
- Grant access to code signing for AWS IoT to create a policy to grant code sign access to OTA account
Let's back to Mbed Studio
- In Mbed Studio, click configs
- Click aws_config.h
- Fill the thing setting just created in previous steps.
- Fill the AWS_IOT_ENDPOINT
- Scroll down to assign a unique name for CLIENT_IDENTIFIER.
- Scroll down to fill THING_NAME, it is “MY-IOT-OTA-Device”.
- Click aws_credentials.c
- Fill these array
- AmazonRootCA1.pem to aws_rootCACrt[]
- XXXX-certificate.pem.crt.txt to aws_deviceCrt[]
- XXXX-public.pem.key to aws_devicePubKey[]
- XXXX-private.pem.key to aws_devicePvtKey[]
- ecdsasigner.crt to aws_codeVerCrt[]
- Each line begins with a “, and end with \n”
- Click hammer to build code
- After build finish, add _V1.0.0.bin to image firmware.
- Image file is numaker-mbed-aws-iot-csdk-ota-example.bin in C:\Users\YOUR-ACCOUNT\Mbed Programs\numaker-mbed-aws-iot-csdk-ota-example\BUILD\NUMAKER_IOT_M487\ARMC6 folder
- Rename it to numaker-mbed-aws-iot-csdk-ota-example_V1.0.0.bin
- Run NuMicro ICP Programming Tool
- Select M480 series, connect to board.
- Bootloader_LDROM.bin and Bootloader_Cloner.bin are in C:\Users\YOUR-ACCOUNT\Mbed Programs\numaker-mbed-aws-iot-csdk-ota-example\boorloader folder
- Flash Boorloader_LDROM.bin to LDROM only.
- Flash numaker-mbed-aws-iot-csdk-ota-example_V1.0.0.bin to APROM only and offset is 0x0.
- Flash Bootloader_Cloner.bin to APROM only and offset is 0x72000
- Now the device has v1.0.0 firmware
Let's go to AWS to schedule the OTA job
- Click Remote actions
- Click Jobs
- Click Create job
- Select Create a FreeRTOS OTA update job
- Click Next
- Assign a Job name, “My-OTA-Job”
- Click Next
- Click pull down menu to select MY-IOT-OTA-Device on Devices to update
- Select MQTT
- then scroll down…
- Select Sign a new file for me
- Click Create new profile
- Assign a Profile name, “My_OTA_Profile”
- Select any one of SHA256 & ECDSA platform to Device hardware platform, for example, ESP32-DevKitC.
- Select Import new code signing certificate
- Click Choose file to upload ecdsasigner.crt to Certificate body
- Click Choose file to upload ecdsasigner.key to Certificate private key
- Click Import
- Fill “Code_Verify_Key” to Path name of code signing certificate on device
- Click Create
- Make sure My_OTA_Profile has selected.
- Select Upload a new file
- Click Choose file, then select numaker-mbed-aws-iot-csdk-ota-example_V1.0.1.bin file.
- Click Browser S3
- Click to select my-ota-bucket001
- Click Choose
- Path name of file on device is not used. You can fill the “numaker-mbed-aws-iot-csdk-ota-example_V1.0.1.bin”
- Select my-ota-role001 to Role
- Click Next
- Select (snapshot) to Job run type
- Click Create job
Now, you can see the OTA starts to work.
- Run terminal tool on PC then open COM port of NuMaker-IoT-M487 board
- Power on the board to see the output on console and view the OTA messages.
Finally, here are a few Q&A for the OTA
- Can use larger size of SPI Flash?
- Yes, but the SPI Flash has to be supported by Mbed OS’s “SFDP” to utilize the driver and API without modifying code.
- Define “NVT_OTA_WITHOUT_BACKUP_BANK” macro in mbed_app.json
- Firmware in APROM copy to rollback firmware area of SPI flash
- Then update new firmware in SPI Flash to APROM
- No!