As with the previous exercise, we will use a sample for a nRF Connect SDK cloud library, and learn how it can be used for FOTA. Specifically, we will learn how to use AWS to do FOTA over Wi-Fi for a nRF7002DK. The exercise code is based on the AWS IoT Sample. Since the AWS IoT library in the nRF Connect SDK does have automatic FOTA support, we will not need to implement much in our application to handle the FOTA.
The goal of the FOTA procedure is to transfer the l9_e7/zephyr.signed.bin file from the cloud to the mcuboot_secondary memory partition in the nRF7002 DK. After that is done, MCUboot will swap the image as normal.
Exercise steps
Open the code base of the exercise by navigating to Create a new application in the nRF Connect for VS Code extension, select Copy a sample, and search for Lesson 9 – Exercise 7.
Alternatively, in the GitHub repository for this course, go to the base code for this exercise, found in l9/l9_e7
1. Configure the Wi-Fi credentials.
First, we have to connect the nRF7002 DK to the Wi-Fi. Please fill out the SSID and password of your local Wi-Fi access point.
Add the following code snippet to the prj.conf file.
# STEP 1 - Configure the Wi-Fi credentials
CONFIG_WIFI_CREDENTIALS_STATIC_SSID="<your_network_SSID>"
CONFIG_WIFI_CREDENTIALS_STATIC_PASSWORD="<your_network_password>" 1.1 Build the project and flash it to the nRF7002 DK (nrf7002dk/nrf5340/cpuapp/ns).
You should see the following log when the device has connected to the Wi-Fi.
*** Booting nRF Connect SDK ***
*** Using Zephyr OS ***
[00:00:00.214,538] <inf> aws_iot_sample: The AWS IoT sample started, version: v1.0.0
[00:00:00.214,538] <inf> aws_iot_sample: Bringing network interface up and connecting to the network
[00:00:00.216,949] <inf> wifi_supplicant: wpa_supplicant initialized
[00:00:08.871,582] <inf> wifi_mgmt_ext: Connection requested
[00:00:13.119,873] <inf> aws_iot_sample: Network connectivity established
[00:00:18.119,964] <inf> aws_iot_sample: Connecting to AWS IoT
[00:00:18.209,411] <err> mqtt_helper: getaddrinfo() failed, error -5
[00:00:18.209,442] <err> aws_iot: mqtt_helper_connect, error: 5
[00:00:18.209,442] <err> aws_iot_sample: aws_iot_connect, error: 5
[00:00:18.209,442] <err> aws_iot_sample: Fatal error! Rebooting the device.
Note
The getaddrinfo error is because we have the wrong address for the AWS cloud IoT server. To get the correct address, we must first set up an AWS IoT Hub.
2. Set up an AWS IoT Hub.
Althought there are a few ways to setup AWS IoT system we will use AWS-web page interface for make exercise simple.
- Using the
aws iotcommand line tool - Using the AWS web-page interface
You can find more information about AWS IoT library and AWS cloud system itself on AWS IoT: Setup and configuration
2.1 First, create an account at https://aws.amazon.com/.
3. Getting AWS IoT domain address.
3.1 Log into https://aws.amazon.com/ and search for “IoT Core”.
Go to this page, it will look like this:
3.2 In the left menu, scroll down and select Domain Configurations (1).
Copy the Domain name (2) and paste it to CONFIG_AWS_IOT_BROKER_HOST_NAME. Next, build and flash the application again.
Now, we should no longer get the address error, but see that we get error -22 from MQTT
*** Booting nRF Connect SDK ***
*** Using Zephyr OS ***
[00:00:00.216,522] <inf> aws_iot_sample: The AWS IoT sample started, version: v1.0.0
[00:00:00.216,552] <inf> aws_iot_sample: Bringing network interface up and connecting to the network
[00:00:00.218,933] <inf> wifi_supplicant: wpa_supplicant initialized
[00:00:08.774,597] <inf> wifi_mgmt_ext: Connection requested
[00:00:13.025,573] <inf> aws_iot_sample: Network connectivity established
[00:00:18.025,665] <inf> aws_iot_sample: Connecting to AWS IoT
[00:00:25.932,891] <err> mqtt_helper: mqtt_connect, error: -22
[00:00:25.932,922] <err> aws_iot: mqtt_helper_connect, error: -22
[00:00:25.932,922] <err> aws_iot_sample: aws_iot_connect, error: -22
[00:00:25.932,922] <err> aws_iot_sample: Fatal error! Rebooting the device.This error is because we have not yet set up the Thing and its certificates.
4. Add an IoT Device (Thing) to AWS and generate certificates for it.
4.1 We will still stay on the IoT Core page. In the left-hand menu, select All Devices -> Things (1). Then select Create Things (2).
Select Create single Thing, then next. On the next page, enter a name. For example, academy_thing.
We do not need any of the optional configurations for this exercise. For this exercise, we select Unnamed shadow for the Device Shadow. Click next again. On the next page, Auto-generate a new certificate (recommended) is already selected by default. We also want this, so just click next once more.
The next page will be for selecting a policy, but we have no policy for our Thing yet. Click Create Policy to open a new tab to create a policy. In the new tab, choose a policy name, for example, academy_policy. Below, for the Policy Document select JSON. Remove the default JSON text from the box.
Important
This policy example is only intended for development environments. Make sure to update this to a more restrictive policy before you go into production. For more information, refer to the example policies listed in AWS IoT Core policy examples and Security best practices in AWS IoT Core.
Then copy the JSON example policy and insert it to the page (you can find more information at AWS IoT setup: 3. Creating a policy).
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "iot:*",
"Resource": "*"
}
]
}Then, Click Create.
Go back to the Select Policy page we were at, and now the new policy should be visible. Select the policy, for example academy_policy. Then click Create thing . This will open a window where we can download keys and certificates from. Make sure to download these. We should download 4 files: Device certificate (XXXX-certificate.pem.crt), Public key file, Private key file and RSA 2048 bit key: Amazon Root CA 1. We choose CA1 as we will use RSA2048 for HTTPS. After we have checked that the files were successfully downloaded, click done. We now should be able to see the new Thing in our list of Things:
4.2 Add AWS Thing name to the prj.conf file
Now that we have created a name for the Thing, we can configure it to the project:
# STEP 4.2 - Add AWS Thing name
CONFIG_AWS_IOT_CLIENT_ID_STATIC="academy_thing"Next up, we will add the certificates to our application. In our certs folder, we have three cert files that need to be set: ca-cert.pem, client-cert.pem and private-key.pem. These match our downloaded certs as such:
ca-cert.pem< – >AmazonRootCA1.pemclient-cert.pem< – >XXXX-certificate.pem.crtprivate-key.pem< – >XXXX-private.pem.key
Then copy the content into the corresponding certificate files, replacing the dummy certs.
With the Thing name configured and the certificates set, build and flash with erase board option the nRF7002 DK. We should now see the following logs:
*** Booting nRF Connect SDK ***
[00:00:00.236,022] <inf> aws_iot_sample: AWS IoT sample started, version: v1.0.0
[00:00:00.236,022] <inf> aws_iot_sample: Bringing network interface up and connecting to the network
[00:00:07.829,193] <inf> aws_iot_sample: Network connectivity established
[00:00:12.829,284] <inf> aws_iot_sample: Connecting to AWS IoT
[00:00:12.829,315] <inf> aws_iot_sample: Next connection retry in 30 seconds
[00:00:12.829,376] <inf> aws_iot_sample: AWS_IOT_EVT_CONNECTING
[00:00:16.560,211] <inf> aws_iot_sample: AWS_IOT_EVT_CONNECTED
[00:00:16.560,241] <inf> aws_iot_sample: Confirming image
[00:00:16.562,255] <inf> aws_iot_sample: Publishing message: {"state":{"reported":{"uptime":16562,"app_version":"v1.0.0"}}} to AWS IoT shadow
[00:00:16.716,949] <inf> aws_iot_sample: AWS_IOT_EVT_READY
[00:00:16.762,329] <inf> aws_iot_sample: AWS_IOT_EVT_PUBACK, message ID: 20926
[00:00:16.836,425] <inf> aws_iot_sample: AWS_IOT_EVT_DATA_RECEIVED
[00:00:16.836,547] <inf> aws_iot_sample: Received message: "{"state":{"desired":{"welcome":"aws-iot"},"reported":{"welcome":"aws-iot","uptime":16562,"app_version":"v1.0.0"}},"metadata":{"desired":{"welcome":{"timestamp":1700036251}},"reported":{"welcome":{"timestamp":1700036251},"uptime":{"timestamp":1700044246},"app_version":{"timestamp":1700044246}}},"version":51,"timestamp":1700044246}" on topic: "$aws/things/academy_thing/shadow/get/accepted"Note
This exercise can also be performed on the nRF91 Series, using the cellular network instead of Wi-Fi.
In that case, certificate provisioning would be different since the nRF91 Series devices stores certificates in its modem. You should use AWS IoT Sample for the instructions.
5. Perform FOTA with AWS IoT Core.
Now that we have successfully connected the nRF7002 DK to AWS IoT Core, we can do FOTA with it.
For these steps, our documentation instructs on how to use the GUI.
5.1 To enable AWS FOTA in the application, set the following configurations in prj.conf file
# STEP 5.1 - Enable AWS FOTA
CONFIG_AWS_FOTA=y
CONFIG_AWS_FOTA_DOWNLOAD_SECURITY_TAG=201The tag is set to 201, because the project is configured with CONFIG_MQTT_HELPER_SEC_TAG=201, so we use the same certs for FOTA.
Note
CONFIG_AWS_FOTA_DOWNLOAD_SECURITY_SEC_TAG and CONFIG_MQTT_HELPER_SEC_TAG are identification numbers for our set of keys (we can have more than one set). These could be random numbers as long as they are the same for both attributes.
5.2 Build and flash the application again.
5.3 Change something in src/main.c, for example a print statement. We do this so we can see something change when we update the device. MCUboot will not swap if the firmware update is identical, either.
Also inrement the AWS IoT sample version:
# STEP 5.3 - Increment App version
CONFIG_AWS_IOT_SAMPLE_APP_VERSION="v1.0.1"5.4 Build the application again, but do not flash it to the board.
5.5 Follow the steps documented in AWS FOTA: Creating a FOTA job. After clicking Submit, we can observe in the logs that the FOTA has started downloading.
When the download is complete, the sample will automatically tag the mcuboot_secondary as “test” and restart the nRF7002 DK. Then the new image will swap into mcuboot_primary and boot the new application, which will be confirmed as well.
The solution for this exercise can be found in the GitHub repository in l9/l9_e7_sol.
