simulation: lwm2m_client: add OTA #65
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Some modules have been missing when I tested several things. The easiest way is to just import all modules. The download time is reasonable, so there are no major disadvantages. Signed-off-by: Jonas Remmert <[email protected]>
The download server for OTA updates could be different from the regular server. The ota update does not send a complete URL, but only a path. The host of the url is fixed in firmware. This is a security feature to make sure the clients can never download firmware from another than the specified server domain. Signed-off-by: Jonas Remmert <[email protected]>
jonas-rem
force-pushed
the
WIP/jonas-rem/lwm2m_client_ota
branch
from
904ee1e
to
449ac52
Compare
jonas-rem
changed the title
- Add support for TLS Encryption (via Let's Enrypt Root CA) - Server has to support TLS_RSA_WITH_AES_128_GCM_SHA256 - Future versions will move to self-signed certificates - Add support for WIFI (if client supports) - Implement http Download client - Move to lwm2m update client functions (instead of registering lwm2m paths) Signed-off-by: Jonas Remmert <[email protected]>
Add TLS support via Kconfig option as a default. TLS is currently only used for OTA updates, not yet for LwM2M. Signed-off-by: Jonas Remmert <[email protected]>
jonas-rem
force-pushed
the
WIP/jonas-rem/lwm2m_client_ota
branch
from
a4e4bcb
to
4a0059c
Compare
Kappuccino111
approved these changes
Aug 4, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Use together with #62 for testing.
Limitation:
flownexus uses a Let's Encrypt Certificate. It does not support the (weak) TLS_RSA_WITH_AES_128_GCM_SHA256 cipher which is used in the Zephyr samples. Enabling Eliptic curve ciphers in Zephyr resulted in a rejection of the flownexus certificate during the download of OTA images. For those reasons testing is currently only possible locally.
Future Fix:
Future versions of flownexus will use self-signed certificates for OTA updates (static webserver) and Lwm2m. The dashboard will continue to use Let's Encrypt Certificates.
*Features:
- Server has to support TLS_RSA_WITH_AES_128_GCM_SHA256
- Future versions will move to self-signed certificates