This exercise is not yet supported in nRF Connect SDK v2.7.0 or v2.8.0. The support is ongoing.
Apologies for any inconvenience.
As with the previous exercise, we will use a sample for a nRF Connect SDK cloud library, and learn how it can be used for FOTA. Specifically, we will learn how to use AWS to do FOTA over Wi-Fi for a nRF7002DK. The exercise code is based on the AWS IoT Sample. Since the AWS IoT library in the nRF Connect SDK does have automatic FOTA support, we will not need to implement much in our application to handle the FOTA.
The goal of the FOTA procedure is to transfer the app_update.bin
file from the cloud to the mcuboot_secondary
memory partition in the nRF7002 DK. After that is done, MCUboot will swap the image as normal.
Open the code base of the exercise by navigating to Create a new application in the nRF Connect for VS Code extension, select Copy a sample, and search for Lesson 8 – Exercise 5.
Alternatively, in the GitHub repository for this course, go to the base code for this exercise, found in l8/l8_e5
or l8/v2.5.x/l8_e5
.
There exists two code bases for this exercise.
nRF Connect SDK v2.6.x: l8/l8_e5
.
nRF Connect SDK v2.5.x: l8/v2.5.x/l8_e5
.
1. Configure the Wi-Fi credentials.
First, we have to connect the nRF7002 DK to the Wi-Fi. Please fill out the SSID and password of your local Wi-Fi access point.
Add the following code snippet to the boards/nrf7002dk_nrf5340_cpuapp.conf
file.
CONFIG_WIFI_CREDENTIALS_STATIC_SSID="<your_network_SSID>"
CONFIG_WIFI_CREDENTIALS_STATIC_PASSWORD="<your_network_password>"
Kconfig1.1 Build the project and flash it to the nRF7002 DK (nrf7002dk_nrf5340_cpuapp
).
You should see the following log when the device has connected to the Wi-Fi.
The getaddrinfo
error is because we have the wrong address for the AWS cloud IoT server. To get the correct address, we must first set up an AWS IoT Hub.
*** Booting nRF Connect SDK 2.6.1-3758bcbfa5cd ***
[00:00:00.236,358] <inf> aws_iot_sample: AWS IoT sample started, version: v1.0.0
[00:00:00.236,389] <inf> aws_iot_sample: Bringing network interface up and connecting to the network
[00:00:07.835,998] <inf> aws_iot_sample: Network connectivity established
[00:00:12.836,090] <inf> aws_iot_sample: Connecting to AWS IoT
[00:00:12.836,120] <inf> aws_iot_sample: Next connection retry in 30 seconds
[00:00:12.836,181] <inf> aws_iot_sample: AWS_IOT_EVT_CONNECTING
[00:00:12.875,244] <err> aws_iot: getaddrinfo, error -5
[00:00:12.875,244] <err> aws_iot: client_broker_init, error: -10
Terminal2. Set up an AWS IoT Hub.
There are two ways to interact with AWS:
aws iot
command line toolOur AWS IoT: Setup and configuration docs give instructions to aws iot
. We will give steps on how to set up AWS IoT from the AWS web-page interface here.
2.1 First, create an account at https://aws.amazon.com/. For development, We suggest the same settings from our docs: For development purposes, the AWS managed policies AWSIoTConfigAccess
and AWSIoTDataAccess
provide sufficient permissions to manage AWS IoT. If you want to use AWS FOTA, the AmazonS3FullAccess
policy can be used to obtain access to AWS S3.
3. Input the correct address for our device to connect to.
3.1 Log into https://aws.amazon.com/ and search for “IoT Core”.
Go to this page, it will look like this:
3.2 In the left menu, scroll down and select Settings
(1). Copy the Endpoint
address (2) and paste it to CONFIG_AWS_IOT_BROKER_HOST_NAME
.
Now, we should no longer get the address error, but see that we get error -22 from MQTT:
*** Booting nRF Connect SDK 2.6.1-3758bcbfa5cd ***
[00:00:00.235,443] <inf> aws_iot_sample: AWS IoT sample started, version: v1.0.0
[00:00:00.235,473] <inf> aws_iot_sample: Bringing network interface up and connecting to the network
[00:00:07.827,484] <inf> aws_iot_sample: Network connectivity established
[00:00:12.827,606] <inf> aws_iot_sample: Connecting to AWS IoT
[00:00:12.827,667] <inf> aws_iot_sample: Next connection retry in 30 seconds
[00:00:12.827,697] <inf> aws_iot_sample: AWS_IOT_EVT_CONNECTING
[00:00:12.910,980] <err> aws_iot: mqtt_connect, error: -22
TerminalThis error is because we have not yet set up the Thing and its certificates.
4. Add an IoT Device (Thing) to AWS and generate certificates for it.
4.1 We will still stay on the IoT Core page. In the left-hand menu, select All Devices
-> Things
(1). Then select Create Things
(2).
Select Create single Thing
, then next
. On the next page, enter a name. For example, academy_thing. We do not need any of the optional configurations for this exercise. For this exercise, we select Unnamed shadow
for the Device Shadow
. Click next
again. On the next page, Auto-generate a new certificate (recommended)
is already selected by default. We also want this, so just click next
once more.
The next page will be for selecting a policy, but we have no policy for our Thing yet. Click Create Policy to open a new tab to create a policy. In the new tab, choose a policy name, for example, academy_policy. Below, for the Policy Document select JSON
. Remove the default JSON text from the box. Then copy the JSON from AWS IoT setup: 3. Creating a policy and insert it to the page.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "iot:*",
"Resource": "*"
}
]
}
Then, Click Create
.
Go back to the Select Policy page we were at, and now the new policy should be visible. Select the policy, for example academy_policy. Then clock Create thing
. This will open a window where we can download keys and certificates from. Make sure to download these. We should download 4 files: Device certificate
, Public key file
, Private key file
and RSA 2048 bit key: Amazon Root CA 1
. We choose CA1 as we will use RSA2048 for HTTPS. After we have checked that the files were successfully downloaded, clock done
. We now should be able to see the new Thing in our list of Things:
4.2 Now that we have created a name for the Thing, we can configure it to the project:
CONFIG_AWS_IOT_CLIENT_ID_STATIC="academy_thing"
KconfigNext up, we will add the certificates to our application. In our certs folder, we have three cert files that need to be set: ca-cert.pem, client-cert.pem and private-key.pem. These match our downloaded certs as such:
ca-cert.pem
< – > AmazonRootCA1.pem
client-cert.pem
< – > XXXX-certificate.pem.crt
private-key.pem
< – > XXXX-private.pem.key
Unfortunately, we can not simply copy the files, as the downloaded certs are missing the quotes and newline symbols needed for our certs. See ca-cert.pem
for an example.
So first, we manually add quotes and newline symbols to the downloaded files. For example, if the file is
-----BEGIN CERTIFICATE-----
MIIDQTCCAimgAwIBAgITBmyfz5m/jAo54vB4ikPmljZbyjANBgkqhkiG9w0BAQsF
ADA5MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6
b24gUm9vdCBDQSAxMB4XDTE1MDUyNjAwMDAwMFoXDTM4MDExNzAwMDAwMFowOTEL
-----END CERTIFICATE-----
We will convert it to:
"-----BEGIN CERTIFICATE-----\n"
"MIIDQTCCAimgAwIBAgITBmyfz5m/jAo54vB4ikPmljZbyjANBgkqhkiG9w0BAQsF\n"
"ADA5MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6\n"
"b24gUm9vdCBDQSAxMB4XDTE1MDUyNjAwMDAwMFoXDTM4MDExNzAwMDAwMFowOTEL\n"
"-----END CERTIFICATE-----\n"
Then copy the content into the corresponding certificate files, replacing the dummy certs.
With the Thing name configured and the certificates set, build and flash the nRF7002 DK. We should now see the following logs:
*** Booting nRF Connect SDK 2.6.1-3758bcbfa5cd ***
[00:00:00.236,022] <inf> aws_iot_sample: AWS IoT sample started, version: v1.0.0
[00:00:00.236,022] <inf> aws_iot_sample: Bringing network interface up and connecting to the network
[00:00:07.829,193] <inf> aws_iot_sample: Network connectivity established
[00:00:12.829,284] <inf> aws_iot_sample: Connecting to AWS IoT
[00:00:12.829,315] <inf> aws_iot_sample: Next connection retry in 30 seconds
[00:00:12.829,376] <inf> aws_iot_sample: AWS_IOT_EVT_CONNECTING
[00:00:16.560,211] <inf> aws_iot_sample: AWS_IOT_EVT_CONNECTED
[00:00:16.560,241] <inf> aws_iot_sample: Confirming image
[00:00:16.562,255] <inf> aws_iot_sample: Publishing message: {"state":{"reported":{"uptime":16562,"app_version":"v1.0.0"}}} to AWS IoT shadow
[00:00:16.716,949] <inf> aws_iot_sample: AWS_IOT_EVT_READY
[00:00:16.762,329] <inf> aws_iot_sample: AWS_IOT_EVT_PUBACK, message ID: 20926
[00:00:16.836,425] <inf> aws_iot_sample: AWS_IOT_EVT_DATA_RECEIVED
[00:00:16.836,547] <inf> aws_iot_sample: Received message: "{"state":{"desired":{"welcome":"aws-iot"},"reported":{"welcome":"aws-iot","uptime":16562,"app_version":"v1.0.0"}},"metadata":{"desired":{"welcome":{"timestamp":1700036251}},"reported":{"welcome":{"timestamp":1700036251},"uptime":{"timestamp":1700044246},"app_version":{"timestamp":1700044246}}},"version":51,"timestamp":1700044246}" on topic: "$aws/things/academy_thing/shadow/get/accepted"
TerminalThe certificate provisioning would be different for the nRF91 Series devices, as it stores certificates in its modem.
5. Now that we have successfully connected the nRF7002 DK to AWS IoT Core, we can do FOTA with it.
For these steps, our documentation instructs on how to use the GUI.
5.1 To enable AWS FOTA in the application, set the following configurations in the boards/nrf7002dk_nrf5340_cpuapp_ns.conf
file
CONFIG_AWS_FOTA=y
CONFIG_FOTA_DOWNLOAD=y
CONFIG_DFU_TARGET=y
CONFIG_AWS_FOTA_DOWNLOAD_SECURITY_TAG=201
CONFIG_POSIX_MAX_FDS=24
KconfigThe tag is set to 201, because the project is configured with CONFIG_MQTT_HELPER_SEC_TAG=201
, so we use the same certs for FOTA.
5.2 Build and flash the application again.
5.3 Change something in src/main.c
, for example a print statement. We do this so we can see something change when we update the device. MCUboot will not swap if the firmware update is identical, either.
5.4 Build the application again, but do not flash it to the board.
5.5 Follow the steps documented in AWS FOTA: Creating a FOTA job. After clicking Submit
, we can observe in the logs that the FOTA has started downloading.
When the download is complete, the sample will automatically tag the mcuboot_secondary
as “test” and restart the nRF7002 DK. Then the new image will swap into mcuboot_primary
and boot the new application, which will be confirmed as well. This exercise ends now, but if you want, you can try to find the callback signaling that the FOTA is done, and see what it does.
The solution for this exercise can be found in the GitHub repository, l8/l8_e5_sol
or l8/v2.5.x/l8_e5_sol
.