As with the previous exercise, we will use a sample for a nRF Connect SDK cloud library, and learn how it can be used for FOTA. Specifically, we will learn how to use AWS to do FOTA over Wi-Fi for a nRF7002DK. The exercise code is based on the AWS IoT Sample. Since the AWS IoT library in the nRF Connect SDK does have automatic FOTA support, we will not need to implement much in our application to handle the FOTA.
The goal of the FOTA procedure is to transfer the app_update.bin file from the cloud to the mcuboot_secondary memory partition in the nRF7002 DK. After that is done, MCUboot will swap the image as normal.
Exercise steps
Open the code base of the exercise by navigating to Create a new application in the nRF Connect for VS Code extension, select Copy a sample, and search for Lesson 9 – Exercise 7.
Alternatively, in the GitHub repository for this course, go to the base code for this exercise, found in l9/l9_e7 or l9/v2.5.x/l9_e7.
Note
There exists two code bases for this exercise, depending on which nRF Connect SDK version you are using.
nRF Connect SDK v2.6.x: l9/l9_e7.
nRF Connect SDK v2.5.x: l9/v2.5.x/l9_e7.
1. Configure the Wi-Fi credentials.
First, we have to connect the nRF7002 DK to the Wi-Fi. Please fill out the SSID and password of your local Wi-Fi access point.
Add the following code snippet to the boards/nrf7002dk_nrf5340_cpuapp.conf file.
CONFIG_WIFI_CREDENTIALS_STATIC_SSID="<your_network_SSID>"
CONFIG_WIFI_CREDENTIALS_STATIC_PASSWORD="<your_network_password>" 1.1 Build the project and flash it to the nRF7002 DK (nrf7002dk_nrf5340_cpuapp).
You should see the following log when the device has connected to the Wi-Fi.
Note
The getaddrinfo error is because we have the wrong address for the AWS cloud IoT server. To get the correct address, we must first set up an AWS IoT Hub.
*** Booting nRF Connect SDK ***
*** Using Zephyr OS ***
[00:00:00.214,538] <inf> aws_iot_sample: The AWS IoT sample started, version: v1.0.0
[00:00:00.214,538] <inf> aws_iot_sample: Bringing network interface up and connecting to the network
[00:00:00.216,949] <inf> wifi_supplicant: wpa_supplicant initialized
[00:00:08.871,582] <inf> wifi_mgmt_ext: Connection requested
[00:00:13.119,873] <inf> aws_iot_sample: Network connectivity established
[00:00:18.119,964] <inf> aws_iot_sample: Connecting to AWS IoT
[00:00:18.209,411] <err> mqtt_helper: getaddrinfo() failed, error -5
[00:00:18.209,442] <err> aws_iot: mqtt_helper_connect, error: 5
[00:00:18.209,442] <err> aws_iot_sample: aws_iot_connect, error: 5
[00:00:18.209,442] <err> aws_iot_sample: Fatal error! Rebooting the device.
2. Set up an AWS IoT Hub.
There are two ways to interact with AWS:
- Using the
aws iotcommand line tool - Using the AWS web-page interface
Our AWS IoT: Setup and configuration docs give instructions to aws iot. We will give steps on how to set up AWS IoT from the AWS web-page interface here.
2.1 First, create an account at https://aws.amazon.com/. For development, We suggest the same settings from our docs: For development purposes, the AWS managed policies AWSIoTConfigAccess and AWSIoTDataAccess provide sufficient permissions to manage AWS IoT. If you want to use AWS FOTA, the AmazonS3FullAccess policy can be used to obtain access to AWS S3.
3. Input the correct address for our device to connect to.
3.1 Log into https://aws.amazon.com/ and search for “IoT Core”.
Go to this page, it will look like this:
3.2 In the left menu, scroll down and select Domain Configurations (1). Copy the Domain name (2) and paste it to CONFIG_AWS_IOT_BROKER_HOST_NAME.
Now, we should no longer get the address error, but see that we get error -22 from MQTT:
*** Booting nRF Connect SDK ***
*** Using Zephyr OS ***
[00:00:00.216,522] <inf> aws_iot_sample: The AWS IoT sample started, version: v1.0.0
[00:00:00.216,552] <inf> aws_iot_sample: Bringing network interface up and connecting to the network
[00:00:00.218,933] <inf> wifi_supplicant: wpa_supplicant initialized
[00:00:08.774,597] <inf> wifi_mgmt_ext: Connection requested
[00:00:13.025,573] <inf> aws_iot_sample: Network connectivity established
[00:00:18.025,665] <inf> aws_iot_sample: Connecting to AWS IoT
[00:00:25.932,891] <err> mqtt_helper: mqtt_connect, error: -22
[00:00:25.932,922] <err> aws_iot: mqtt_helper_connect, error: -22
[00:00:25.932,922] <err> aws_iot_sample: aws_iot_connect, error: -22
[00:00:25.932,922] <err> aws_iot_sample: Fatal error! Rebooting the device.This error is because we have not yet set up the Thing and its certificates.
4. Add an IoT Device (Thing) to AWS and generate certificates for it.
4.1 We will still stay on the IoT Core page. In the left-hand menu, select All Devices -> Things (1). Then select Create Things (2).
Select Create single Thing, then next. On the next page, enter a name. For example, academy_thing. We do not need any of the optional configurations for this exercise. For this exercise, we select Unnamed shadow for the Device Shadow. Click next again. On the next page, Auto-generate a new certificate (recommended) is already selected by default. We also want this, so just click next once more.
The next page will be for selecting a policy, but we have no policy for our Thing yet. Click Create Policy to open a new tab to create a policy. In the new tab, choose a policy name, for example, academy_policy. Below, for the Policy Document select JSON. Remove the default JSON text from the box. Then copy the JSON from AWS IoT setup: 3. Creating a policy and insert it to the page.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "iot:*",
"Resource": "*"
}
]
}Then, Click Create.
Go back to the Select Policy page we were at, and now the new policy should be visible. Select the policy, for example academy_policy. Then clock Create thing . This will open a window where we can download keys and certificates from. Make sure to download these. We should download 4 files: Device certificate, Public key file, Private key file and RSA 2048 bit key: Amazon Root CA 1. We choose CA1 as we will use RSA2048 for HTTPS. After we have checked that the files were successfully downloaded, click done. We now should be able to see the new Thing in our list of Things:
4.2 Now that we have created a name for the Thing, we can configure it to the project:
CONFIG_AWS_IOT_CLIENT_ID_STATIC="academy_thing"Next up, we will add the certificates to our application. In our certs folder, we have three cert files that need to be set: ca-cert.pem, client-cert.pem and private-key.pem. These match our downloaded certs as such:
AmazonRootCA1.pem->ca-cert.pemXXXX-certificate.pem.crt->client-cert.pemXXXX-private.pem.key->private-key.pem
Move the downloaded certificates into the certs/ folder, and rename them to overwrite the dummy certificates.
With the Thing name configured and the certificates set, build and flash the nRF7002 DK. We should now see the following logs:
*** Booting nRF Connect SDK ***
[00:00:00.236,022] <inf> aws_iot_sample: AWS IoT sample started, version: v1.0.0
[00:00:00.236,022] <inf> aws_iot_sample: Bringing network interface up and connecting to the network
[00:00:07.829,193] <inf> aws_iot_sample: Network connectivity established
[00:00:12.829,284] <inf> aws_iot_sample: Connecting to AWS IoT
[00:00:12.829,315] <inf> aws_iot_sample: Next connection retry in 30 seconds
[00:00:12.829,376] <inf> aws_iot_sample: AWS_IOT_EVT_CONNECTING
[00:00:16.560,211] <inf> aws_iot_sample: AWS_IOT_EVT_CONNECTED
[00:00:16.560,241] <inf> aws_iot_sample: Confirming image
[00:00:16.562,255] <inf> aws_iot_sample: Publishing message: {"state":{"reported":{"uptime":16562,"app_version":"v1.0.0"}}} to AWS IoT shadow
[00:00:16.716,949] <inf> aws_iot_sample: AWS_IOT_EVT_READY
[00:00:16.762,329] <inf> aws_iot_sample: AWS_IOT_EVT_PUBACK, message ID: 20926
[00:00:16.836,425] <inf> aws_iot_sample: AWS_IOT_EVT_DATA_RECEIVED
[00:00:16.836,547] <inf> aws_iot_sample: Received message: "{"state":{"desired":{"welcome":"aws-iot"},"reported":{"welcome":"aws-iot","uptime":16562,"app_version":"v1.0.0"}},"metadata":{"desired":{"welcome":{"timestamp":1700036251}},"reported":{"welcome":{"timestamp":1700036251},"uptime":{"timestamp":1700044246},"app_version":{"timestamp":1700044246}}},"version":51,"timestamp":1700044246}" on topic: "$aws/things/academy_thing/shadow/get/accepted"5. Now that we have successfully connected the nRF7002 DK to AWS IoT Core, we can do FOTA with it.
For these steps, our documentation instructs on how to use the GUI.
5.1 To enable AWS FOTA in the application, set the following configurations in boards/nrf7002dk_nrf5340_cpuapp_ns.conf file
CONFIG_AWS_FOTA=y
CONFIG_FOTA_DOWNLOAD=y
CONFIG_DFU_TARGET=y
CONFIG_AWS_FOTA_DOWNLOAD_SECURITY_TAG=201
CONFIG_POSIX_MAX_FDS=24 The tag is set to 201, because the project is configured with CONFIG_MQTT_HELPER_SEC_TAG=201, so we use the same certs for FOTA.
5.2 Build and flash the application again.
5.3 Change something in src/main.c, for example a print statement. We do this so we can see something change when we update the device. MCUboot will not swap if the firmware update is identical, either.
5.4 Build the application again, but do not flash it to the board.
5.5 Follow the steps documented in AWS FOTA: Creating a FOTA job. After clicking Submit, we can observe in the logs that the FOTA has started downloading.
When the download is complete, the sample will automatically tag the mcuboot_secondary as “test” and restart the nRF7002 DK. Then the new image will swap into mcuboot_primary and boot the new application, which will be confirmed as well. This exercise ends now, but if you want, you can try to find the callback signaling that the FOTA is done, and see what it does.
The solution for this exercise can be found in the GitHub repository, l9/l9_e7_sol or l9/v2.5.x/l9_e7_sol.
