How to run OTA update application on linux

[Hemanth826-dev]

Hi Sir/Madam,

I'm new to this domain, and i want to run the ota updates on linux. I tried to schedule a FreeRTOS OTA Updatejob for running the demo application in the sdk on linux. I first changed the application version from 0.9.2 to 0.9.3 and built it and uploaded the binary file in s3 bucket, then changed it back to 0.9.2 and built the application and ran it. The application was able to recieve the update job and download the binary file, but it was not able to restart the new application and it gave this error.

[INFO] [OTA] [ota.c:2632] Received final block of the update. [INFO] [DEMO] [ota_demo_core_mqtt.c:1598] Received: 54 Queued: 54 Processed: 50 Dropped: 0 [ERROR] [OTA] [ota_pal_posix.c:164] Failed to load cert from either file or predefined string. [ERROR] [OTA] [ota_pal_posix.c:323] File signature check failed at EXTRACT pkey from signer certificate. [ERROR] [OTA] [ota_pal_posix.c:515] Failed to pass sig-sha256-ecdsa signature verification: -419430400. [ERROR] [OTA] [ota.c:2659] Failed to close the OTA file: Error=(OtaPalBadSignerCert:0x000000) [ERROR] [OTA] [ota.c:1227] Failed to ingest data block, rejecting image: ingestDataBlock returned error: OtaErr_t=-3 [INFO] [DEMO] [ota_demo_core_mqtt.c:1598] Received: 54 Queued: 54 Processed: 53 Dropped: 0 [INFO] [DEMO] [ota_demo_core_mqtt.c:1598] Received: 54 Queued: 54 Processed: 53 Dropped: 0 [INFO] [DEMO] [ota_demo_core_mqtt.c:1598] Received: 54 Queued: 54 Processed: 53 Dropped: 0 [INFO] [DEMO] [ota_demo_core_mqtt.c:1598] Received: 54 Queued: 54 Processed: 53 Dropped: 0 [INFO] [DEMO] [ota_demo_core_mqtt.c:1598] Received: 54 Queued: 54 Processed: 53 Dropped: 0 [INFO] [DEMO] [ota_demo_core_mqtt.c:1598] Received: 54 Queued: 54 Processed: 53 Dropped: 0

can you please suggest me the proper steps to do this and can you please suggest me if there is any documentation related to OTA updates on linux.

Thankyou, Hemanth

[n9wxu]

It appears that the signing certificates are not installed in the demo application. Make sure that the certificate used to sign the uploaded image are also referenced in the demo either by copying the certificate into the source code (highly discouraged in production) or by referencing the file to load. https://docs.aws.amazon.com/freertos/latest/userguide/ota-code-sign-cert-win.html https://docs.aws.amazon.com/freertos/latest/userguide/dev-guide-ota-security.html

[Hemanth826-dev]

Could you please tell me where i should install the certificate in application, since i didn't find it in both the config files demo_config.h and ota_config.h.

[tianmc1]

Hi @Hemanth826-dev , There are two ways to install the certificate. One way is predefining the certificate as a string in the firmware. The certificate can be put in ota_pal_posix.c. The other way is storing the certificate as a file and supplying the certificate file path when creating the OTA job. When creating a FreeRTOS OTA update job from AWS Console, there is a "Path name of code signing certificate on device" field that can be used to supply the certificate file path.

Please let us know if this works.

[Hemanth826-dev]

Hi @tianmc1 , I tried the above solution which you provided for me and it worked fine with signature validation but i had problem in restarting the application. I was not able to run the downloaded binary file also. This is the error i got

[INFO] [DEMO] [ota_demo_core_mqtt.c:625] Received OtaJobEventActivate callback from OTA Agent. [ERROR] [OTA] [ota.c:3282] Failed to activate new image: activateNewImage returned error: Manual reset required: OtaPalStatus_t=OtaPalSuccess [ERROR] [DEMO] [ota_demo_core_mqtt.c:635] New image activation failed. [INFO] [OTA] [ota.c:2838] Current State=[WaitingForFileBlock], Event=[ReceivedFileBlock], New state=[WaitingForFileBlock] [INFO] [OTA] [ota.c:1293] Closing file: file index=0 [INFO] [MQTT] [core_mqtt.c:886] Packet received. ReceivedBytes=82. [INFO] [MQTT] [core_mqtt.c:1047] De-serialized incoming PUBLISH packet: DeserializerResult=MQTTSuccess. [INFO] [MQTT] [core_mqtt.c:1060] State record updated. New state=MQTTPublishDone. [INFO] [DEMO] [mqtt_subscription_manager.c:91] Invoking subscription callback of matching topic filter: TopicFilter=$aws/things/+/jobs/#, TopicName=$aws/things/for_ota/jobs/AFR_OTA-example/update/accepted [INFO] [DEMO] [ota_demo_core_mqtt.c:773] Received job message $aws/things/for_ota/jobs/AFR_OTA-example/update/accepted{"timestamp":1645689180}or�accrdyaf size 24.

[INFO] [DEMO] [ota_demo_core_mqtt.c:1427] UNSUBSCRIBE topic $aws/things/for_ota/streams/AFR_OTA-4a5d6f8f-4600-48a9-9d64-14fa9fc64cc2/data/cbor to broker.

[INFO] [OTA] [ota_mqtt.c:444] Unsubscribed to MQTT topic: $aws/things/for_ota/streams/AFR_OTA-4a5d6f8f-4600-48a9-9d64-14fa9fc64cc2/data/cbor [INFO] [OTA] [ota.c:2838] Current State=[WaitingForJob], Event=[CloseFile], New state=[WaitingForJob] [INFO] [OTA] [ota.c:1328] OTA Agent is shutting down. [INFO] [DEMO] [ota_demo_core_mqtt.c:1427] UNSUBSCRIBE topic $aws/things/for_ota/jobs/notify-next to broker.

[INFO] [OTA] [ota_mqtt.c:501] Unsubscribed to MQTT topic: $aws/things/for_ota/jobs/notify-next [INFO] [DEMO] [ota_demo_core_mqtt.c:1427] UNSUBSCRIBE topic $aws/things/for_ota/streams//data/cbor to broker.

[INFO] [OTA] [ota_mqtt.c:444] Unsubscribed to MQTT topic: $aws/things/for_ota/streams//data/cbor [INFO] [DEMO] [ota_demo_core_mqtt.c:1427] UNSUBSCRIBE topic $aws/things/for_ota/streams//data/cbor to broker.

[INFO] [OTA] [ota_mqtt.c:444] Unsubscribed to MQTT topic: $aws/things/for_ota/streams//data/cbor [INFO] [OTA] [ota.c:2838] Current State=[Stopped], Event=[Shutdown], New state=[Stopped] [INFO] [DEMO] [ota_demo_core_mqtt.c:1470] OTA Agent stopped. [INFO] [DEMO] [ota_demo_core_mqtt.c:1598] Received: 0 Queued: 0 Processed: 0 Dropped: 0 [INFO] [DEMO] [ota_demo_core_mqtt.c:1166] Disconnecting the MQTT connection with a140ax8j255ia-ats.iot.us-east-1.amazonaws.com. [INFO] [MQTT] [core_mqtt.c:2151] Disconnected from the broker. [ERROR] [DEMO] [ota_demo_core_mqtt.c:1790] Exiting demo in 2 sec [ERROR] [DEMO] [ota_demo_core_mqtt.c:1790] Exiting demo in 1 sec [ERROR] [DEMO] [ota_demo_core_mqtt.c:1790] Exiting demo in 0 sec

can you please help me out with this.

Thankyou, Hemanth

[tianmc1]

When running OTA on a real embedded device, the activation step would reset the device to boot into the newly downloaded image. This is not feasible on the POSIX port, so the "activateNewImage returned error: Manual reset required" error message is expected in this case. What error did you encounter when you run the downloaded binary?

[Hemanth826-dev]

Hi @tianmc1

The downloaded binary file did not have the executable permission, so i was not able to execute. After changing the permissions manually i was able to run the downloaded binary file. Thankyou for your help.

Thankyou, Hemanth