This PR addresses some issues regarding connectivity caused by improper provisioning steps.
When flashing a new firmware, the device can be in two states:
The keys in tfm_storage have been provisioned already
No keys provisioned in the tfm_storage
When flashing a new firmware and bundling a SIM profile template, we are also overwriting the NVS file system that contains some of the SIM profile information. Flashing does not erase the tfm_storage partition so previous keys may still be present.
We want to provision when the profile template has not been provisioned (so it contains still default values). If we provision when there are already provisioned keys in the tfm_storage, with the current implementation we will get errors because the keys exist already. They also may be inconsistent with the current profile being checked/provisioned. To fix this, during provisioning step, always delete KI, KIC, KID and import the new ones that are guaranteed to be compatible with the new profile. This change introduces a coupling between the nvs_storage part of the profile and the tfm_storage part.
This change is working under the assumption that the default (unprovisioned) IMSI when flashing a "fresh" template is always: [0x08, 0x09, 0x10, 0x10, 0x00, 0x00, 0x00, 0x00, 0x10] (@peterbornerup please correct me if this assumption is wrong).
Other minor changes:
Add missed Zephyr asserts
Fix samples not connecting to server 1.2.3.4:4321 when using TCP
Make main function signature Zephyr compliant (return void to int)
With these changes the samples can now attach correctly to the network and connect successfully to the server.
This PR addresses some issues regarding connectivity caused by improper provisioning steps.
When flashing a new firmware, the device can be in two states:
tfm_storagehave been provisioned alreadytfm_storageWhen flashing a new firmware and bundling a SIM profile template, we are also overwriting the NVS file system that contains some of the SIM profile information. Flashing does not erase the
tfm_storagepartition so previous keys may still be present. We want to provision when the profile template has not been provisioned (so it contains still default values). If we provision when there are already provisioned keys in thetfm_storage, with the current implementation we will get errors because the keys exist already. They also may be inconsistent with the current profile being checked/provisioned. To fix this, during provisioning step, always delete KI, KIC, KID and import the new ones that are guaranteed to be compatible with the new profile. This change introduces a coupling between thenvs_storagepart of the profile and thetfm_storagepart. This change is working under the assumption that the default (unprovisioned) IMSI when flashing a "fresh" template is always:[0x08, 0x09, 0x10, 0x10, 0x00, 0x00, 0x00, 0x00, 0x10](@peterbornerup please correct me if this assumption is wrong).Other minor changes:
1.2.3.4:4321when using TCPmainfunction signature Zephyr compliant (returnvoidtoint)With these changes the samples can now attach correctly to the network and connect successfully to the server.