Anjay-zephyr-client 22.12

Features
- Added provisioning script for `demo` examples
- Added nRF52840dk_nRF52840 with OpenThread support
- Added automatic handling of connection link state
- Added option for use of non-secure WiFi networks
- Added configuration for software-based security on nRF9160DK

Improvements
- Updated Zephyr to 3.2.0
- Updated sdk-nrf to 2.1.1
- Refactored network connection handling
- Firmware update success status can be now persisted across reboots until actual delivery

Bugfixes
- Fixed critical memory corruption bug in the factory provisioning app
- Fixed problem with push buttons IID

.gitignore

@@ -1,2 +1,3 @@
 build
 .vscode
+__pycache__

CHANGELOG.md

@@ -1,6 +1,23 @@
 # Changelog
 
-## yy.mm (Mon dd{st/nd/rd/th}, yyyy)
+## 22.12 (Dec 13th, 2022)
+
+### Features
+- Added provisioning script for `demo` examples
+- Added nRF52840dk_nRF52840 with OpenThread support
+- Added automatic handling of connection link state
+- Added option for use of non-secure WiFi networks
+- Added configuration for software-based security on nRF9160DK
+
+### Improvements
+- Updated Zephyr to 3.2.0
+- Updated sdk-nrf to 2.1.1
+- Refactored network connection handling
+- Firmware update success status can be now persisted across reboots until actual delivery
+
+### Bugfixes
+- Fixed critical memory corruption bug in the factory provisioning app
+- Fixed problem with push buttons IID
 
 ## 22.08.1 (Aug 31st, 2022)
 

README.md

@@ -138,7 +138,7 @@ LwM2M Server, please register at https://eu.iot.avsystem.cloud/. Then have
 a look at the example configuration to configure security credentials and other
 necessary settings (like Wi-Fi SSID etc.).
 
-[Guide showing basic usage of Coiote DM](https://iotdevzone.avsystem.com/docs/Coiote_DM_Device_Onboarding/Quick_start/)
+[Guide showing basic usage of Coiote DM](https://iotdevzone.avsystem.com/docs/IoT_quick_start/Device_onboarding/)
 is available on IoT Developer Zone.
 
 > **__NOTE:__**

demo/CMakeLists.txt

@@ -68,9 +68,15 @@ elseif(CONFIG_ANJAY_CLIENT_BUILD_MCUBOOT_AUTOMATICALLY)
     # Kconfig variables, which are populated by find_package(Zephyr).
     # That's why we do it ourselves here...
     set(MERGED_HEX_NAME "${CMAKE_CURRENT_BINARY_DIR}/zephyr/merged.hex")
+    # In Zephyr 3.2, mergehex.py has been moved
+    # from scripts/mergehex.py to scripts/build/mergehex.py
+    set(MERGEHEX_SCRIPT "${ZEPHYR_BASE}/scripts/build/mergehex.py")
+    if(NOT EXISTS "${MERGEHEX_SCRIPT}")
+        set(MERGEHEX_SCRIPT "${ZEPHYR_BASE}/scripts/mergehex.py")
+    endif()
     add_custom_command(OUTPUT "${MERGED_HEX_NAME}"
                        COMMAND "${PYTHON_EXECUTABLE}"
-                               "${ZEPHYR_BASE}/scripts/mergehex.py"
+                               "${MERGEHEX_SCRIPT}"
                                -o "${MERGED_HEX_NAME}"
                                "${CMAKE_CURRENT_BINARY_DIR}/mcuboot/zephyr/zephyr.hex"
                                "${CMAKE_CURRENT_BINARY_DIR}/zephyr/zephyr.signed.hex"
@@ -110,6 +116,9 @@ else()
         src/status_led.h
         src/utils.c
         src/utils.h
+        src/network/network.c
+        src/network/network.h
+        src/network/network_internal.h
         src/objects/basic_sensors.c
         src/objects/buzzer.c
         src/objects/device.c
@@ -147,12 +156,31 @@ else()
         list(APPEND app_sources
              src/firmware_update.c)
     endif()
+
+    if(CONFIG_LTE_LINK_CONTROL)
+        list(APPEND app_sources
+             src/network/network_nrf91.c)
+    elseif(CONFIG_NET_L2_OPENTHREAD)
+        list(APPEND app_sources
+             src/network/network_openthread.c)
+    elseif(CONFIG_WIFI_ESP32)
+        list(APPEND app_sources
+             src/network/network_esp32.c)
+    elseif(CONFIG_WIFI_ESWIFI)
+        list(APPEND app_sources
+             src/network/network_eswifi.c)
+    elseif(CONFIG_WIFI)
+        list(APPEND app_sources
+             src/network/network_wifi.c)
+    else()
+        message(FATAL_ERROR "Neither CONFIG_LTE_LINK_CONTROL nor CONFIG_WIFI is enabled")
+    endif()
 endif()
 
 target_sources(app PRIVATE
                ${app_sources})
 
-if(CONF_FILE_BUILD_TYPE STREQUAL "extflash" AND CONFIG_BOOTLOADER_MCUBOOT)
+if(CONF_FILE_BUILD_TYPE MATCHES ".*extflash.*" AND CONFIG_BOOTLOADER_MCUBOOT)
     # This is a workaround for a bug in nCS' integration with TF-M.
     #
     # When MCUboot and TF-M are both in use, the CONFIG_BOOTLOADER_MCUBOOT

demo/Kconfig

@@ -87,6 +87,12 @@ config ANJAY_CLIENT_NRF_LC_INFO_CELL_POLL_RATE
 	range 1 2147483647
 	depends on ANJAY_CLIENT_NRF_LC_INFO
 
+config ANJAY_CLIENT_NETWORK_KEEPALIVE_RATE
+	int "Rate of checking whether the network connection is still alive [seconds]"
+	default 60
+	range 1 2147483647
+	depends on WIFI_ESWIFI
+
 config ANJAY_CLIENT_FOTA
 	bool "Enable the Firmware Update object"
 	depends on BOOTLOADER_MCUBOOT

demo/README.md

@@ -4,7 +4,7 @@ Project containing all implemented features, intended to be a showcase.
 ## Supported hardware and overview
 
 This folder contains LwM2M Client application example, which targets
-[B-L475E-IOT01A Discovery kit](https://www.st.com/en/evaluation-tools/b-l475e-iot01a.html), [nRF9160 Development kit](https://www.nordicsemi.com/Software-and-Tools/Development-Kits/nRF9160-DK), [Nordic Thingy:91 Prototyping kit](https://www.nordicsemi.com/Products/Development-hardware/Nordic-Thingy-91) and [ESP32-DevKitC](https://www.espressif.com/en/products/devkits/esp32-devkitc).
+[B-L475E-IOT01A Discovery kit](https://www.st.com/en/evaluation-tools/b-l475e-iot01a.html), [nRF9160 Development kit](https://www.nordicsemi.com/Software-and-Tools/Development-Kits/nRF9160-DK), [Nordic Thingy:91 Prototyping kit](https://www.nordicsemi.com/Products/Development-hardware/Nordic-Thingy-91), [ESP32-DevKitC](https://www.espressif.com/en/products/devkits/esp32-devkitc) and [nRF52840 Development kit](https://www.nordicsemi.com/Products/Development-hardware/nrf52840-dk).
 
 There's an alternative configuration for nRF9160DK, revisions 0.14.0 and up, which utilizes external flash chip to perform firmware updates.
 
@@ -18,6 +18,7 @@ The following LwM2M Objects are supported:
 | B-L475E-IOT01A | **Firmware Update (/5)** (experimental)<br>Temperature (/3303)<br>Humidity (/3304)<br>Accelerometer (/3313)<br>Magnetometer (/3314)<br>Barometer (/3315)<br>Distance (/3330)<br>Gyrometer (/3334)<br>Push button (/3347)                                                                                                                                      |
 | nRF9160DK      | Connectivity Monitoring (/4)<br>**Firmware Update (/5)**<br>Location (/6, configurable in Kconfig)<br>On/Off switch (/3342)<br>Push button (/3347)<br>ECID-Signal Measurement Information (/10256)<br>Location Assistance (/50001, experimental)                                                                                                              |
 | Thingy:91      | Connectivity Monitoring (/4)<br>**Firmware Update (/5)**<br>Location (/6, configurable in Kconfig)<br>Temperature (/3303)<br>Humidity (/3304)<br>Accelerometer (/3313)<br>Barometer (/3315)<br>Buzzer (/3338)<br>Push button (/3347)<br>LED color light (/3420)<br>ECID-Signal Measurement Information (/10256)<br>Location Assistance (/50001, experimental) |
+| nRF52840DK     | Push button (/3347)                                                                                                                                                                                                                                                                                                                                           |
 
 ## Compilation
 
@@ -30,7 +31,7 @@ west update
 
 You can now compile the project for B-L475E-IOT01A using `west build -b disco_l475_iot1` in `demo` directory.
 
-### Compilation guide for nRF9160DK and Thingy:91
+### Compilation guide for nRF9160DK, Thingy:91 and nRF52840DK
 
 Because NCS uses different Zephyr version, it is necessary to change our Zephyr workspace, it is handled by using different manifest file.
 Set West manifest path to `Anjay-zephyr-client/demo`, and manifest file to `west-nrf.yml` and do `west update`.
@@ -39,7 +40,7 @@ west config manifest.path Anjay-zephyr-client/demo
 west config manifest.file west-nrf.yml
 west update
 ```
-Now you can compile the project using `west build -b nrf9160dk_nrf9160_ns` or `west build -b thingy91_nrf9160_ns` in `demo` directory, respectively.
+Now you can compile the project using `west build -b nrf9160dk_nrf9160_ns`, `west build -b thingy91_nrf9160_ns` or `west build -b nrf52840dk_nrf52840` in `demo` directory, respectively. The last command compiles project for use with the OpenThread network, more about this can be found in the section `Connecting to the LwM2M Server with OpenThread`.
 
 
 > **__NOTE:__**
@@ -57,6 +58,14 @@ For nRF9160DK hardware revisions 0.14.0 and up, an alternate configuration that
 
 To compile in this configuration, use `west build -b [email protected] -- -DCONF_FILE=prj_extflash.conf`.
 
+### Compiling with software-based cryptography
+
+On Nordic boards, security is provided using the (D)TLS sockets implemented in modem firmware and provided by nrfxlib.
+
+However, on nRF9160DK revisions 0.14.0 and up, it is possible to switch to software-based implementation based on Mbed TLS instead. This is not recommended due to lowered security and performance, but may be desirable if you require some specific (D)TLS features (e.g. ciphersuites) that are not supported by the modem.
+
+To compile in this configuration, use `west build -b [email protected] -- -DCONF_FILE=prj_extflash.conf -DOVERLAY_CONFIG=overlay_nrf_mbedtls.conf`.
+
 ## Flashing the target
 
 After successful build you can flash the target using `west flash`.
@@ -98,12 +107,22 @@ LwM2M Server, please register at https://eu.iot.avsystem.cloud/. Then have
 a look at the Configuration menu to configure security credentials and other
 necessary settings (like Wi-Fi SSID etc.).
 
-[Guide showing basic usage of Coiote DM](https://iotdevzone.avsystem.com/docs/Coiote_DM_Device_Onboarding/Quick_start/)
+[Guide showing basic usage of Coiote DM](https://iotdevzone.avsystem.com/docs/IoT_quick_start/Device_onboarding/)
 is available on IoT Developer Zone.
 
 NOTE: You may use any LwM2M Server compliant with LwM2M 1.0 TS. The server URI
 can be changed in the Configuration menu.
 
+## Connecting to the LwM2M Server with OpenThread
+
+To use this project on the nRF52840dk board, in addition to the configuration shown in the previous paragraph, you will need to configure the OpenThread Border Router and Commissioner as described in the guides from the links below.
+You can change default `CONFIG_OPENTHREAD_JOINER_PSKD` value in the `boards/nrf52840dk_nrf52840.conf`. In same file, replace `CONFIG_OPENTHREAD_FTD=y` with `CONFIG_OPENTHREAD_MTD=y` if you want your device to run as an MTD.
+
+Resources:
+- [Introduction to OpenThread](https://openthread.io/guides)
+- [Border Router guide](https://openthread.io/guides/border-router)
+- [Commissioner guide](https://openthread.io/guides/commissioner)
+
 ## Configuration menu
 
 Using serial port terminal, you can manage Anjay client using built-in Zephyr shell. Use `anjay` command to list possible options.
@@ -142,5 +161,73 @@ to which the user is able to pre-provision credentials to the device using a spe
 tailored version of the application. This feature allows to easily pre-provision large
 quantities of devices in a semi-automatic manner.
 
-To use this feature, generate a special file containing the credentials using our [Factory Provisioning Tool](https://avsystem.github.io/Anjay-doc/Tools/FactoryProvisioning.html).
-Then, follow the flow described in `src/factory_provisioning/factory_flash.c` file to finish the process.
+To use this feature, one can use a script `tools/provisioning-tools/ptool.py`.
+It might be used in the similar manner as the script of the same name described in the documentation:
+[Factory Provisioning Tool](https://avsystem.github.io/Anjay-doc/Tools/FactoryProvisioning.html).
+There are a few new and important command-line arguments:
+
+* `--board` (`-b`) - the board for which the images should be built,
+* `--image_dir` (`-i`) - directory for the cached Zephyr hex images,
+* `--serial` (`-s`) - serial number of the device to be used,
+* `--baudrate` (`-B`) - baudrate for the used serial port, when it is not provided the default value is 115200.
+
+If the image `initial.hex` exists in the given `image_dir` the initial provisioning image won't be built and the same works for
+final image and `final.hex`. When `image_dir` path is provided, but some images are missing, they will be built in the given directory.
+If `image_dir` is not provided then the images will be built in `$(pwd)/provisioning_builds`.
+
+Before using the script make sure that in the shell in which you run it the `west build` command would work and
+that all of the configs passed to the script are valid - in particular, make sure that you changed `<YOUR_DOMAIN>` in `lwm2m_server.json`
+config file to your actual domain in EU cloud Coiote installation (or fill the whole file with some different valid server configuration).
+
+Currently the script is designed only for Nordic boards, and it was tested with nRF 9160DK.
+
+Example script invocation from the `demo` for provisioning some nRF 9160DK board directory may look like:
+
+```bash
+../tools/provisioning-tool/ptool.py -b nrf9160dk_nrf9160_ns -s <SERIAL> -c ../tools/provisioning-tool/configs/endpoint_cfg -t <TOKEN> -S ../tools/provisioning-tool/configs/lwm2m_server.json
+```
+
+where `<SERIAL>` should be replaced by our board's serial number and `<TOKEN>` should be replaced by some valid authentication token for the Coiote server provided in the `lwm2m_server.json` file.
+
+### Using Certificate Mode with factory provisioning
+
+If supported by the underlying (D)TLS backend (if using Mbed TLS, make sure that
+it is configured appropriately), the application can authenticate with the
+server using certificate mode.
+
+You will need to download the server certificate first. One possible way to do
+it is with `openssl`:
+
+```bash
+openssl s_client -showcerts -connect eu.iot.avsystem.cloud:5684 | openssl x509 -outform der -out eu-cloud-cert.der
+```
+
+> **__NOTE:__**
+> Only servers that use self-signed certificates are reliably supported by
+> default. You can change this behavior by setting the Certificate Usage
+> resource in the endpoint configuration file. However, this might not be
+> supported by all (D)TLS backends.
+>
+> In particular, when `CONFIG_ANJAY_COMPAT_ZEPHYR_TLS` is enabled (which is the
+> default for Nordic boards), the Certificate Usage are only approximated by
+> adding the server certificate to traditional PKIX trust store if Certificate
+> Usage is set to 2 or 3 (note that 3 is the default) and ignoring it otherwise.
+
+You should then modify the `cert_info.json` file that's located in
+`tools/provisioning-tool/configs` for the desired self-signed certificate
+configuration.
+
+Once you have the server certificate, you can now provision the board. Example
+script invocation may look like:
+
+```bash
+../tools/provisioning-tool/ptool.py -b nrf9160dk_nrf9160_ns -s <SERIAL> -c ../tools/provisioning-tool/configs/endpoint_cfg_cert -p eu-cloud-cert.der -C ../tools/provisioning-tool/configs/cert_info.json
+```
+
+> **__NOTE:__**
+> Coiote DM currently does not support registering devices together with
+> uploading dynamically generated self-signed certificates using command-line
+> tools.
+>
+> You will need to manually add the new device on Coiote DM via GUI and upload
+> the certificate during the "Add device credentials" step.

demo/boards/disco_l475_iot1.conf

@@ -45,3 +45,6 @@ CONFIG_BOOTLOADER_MCUBOOT=y
 # Note: if relative paths are used here, it is treated as
 # relative to $WEST_TOPDIR (typically ~/zephyrproject)
 CONFIG_MCUBOOT_SIGNATURE_KEY_FILE="bootloader/mcuboot/root-rsa-2048.pem"
+# TODO: consider a deploy script, which will fill in the release version into config variable below
+# Warning: MCUBoot's imgtool doesn't allow leading zeros in version string components, that may be a bug
+CONFIG_MCUBOOT_EXTRA_IMGTOOL_ARGS="--version 22.8.1"

demo/boards/esp32.overlay

@@ -0,0 +1,3 @@
+&wifi {
+    status = "okay";
+};

demo/boards/nrf52840dk_nrf52840.conf

@@ -0,0 +1,66 @@
+# anjay-zephyr-client
+CONFIG_ANJAY_CLIENT_DEVICE_MANUFACTURER="Nordic Semiconductor"
+CONFIG_ANJAY_CLIENT_MODEL_NUMBER="nRF52840DK"
+
+# Anjay Settings
+CONFIG_ANJAY_COMPAT_TIME=y
+CONFIG_ANJAY_COMPAT_MBEDTLS=y
+CONFIG_ANJAY_COMPAT_NET=y
+
+# General Settings
+CONFIG_MAIN_STACK_SIZE=2048
+CONFIG_SYSTEM_WORKQUEUE_STACK_SIZE=2048
+
+# Logging
+CONFIG_LOG_BLOCK_IN_THREAD=y
+CONFIG_LOG_MODE_DEFERRED=y
+
+# Clock synchronization
+CONFIG_DATE_TIME=y
+CONFIG_DATE_TIME_AUTO_UPDATE=n
+
+# Networking
+CONFIG_NET_IPV4=n
+CONFIG_NET_IPV6=y
+CONFIG_NET_IPV6_NBR_CACHE=n
+CONFIG_NET_IPV6_MLD=n
+CONFIG_NET_CONFIG_NEED_IPV4=n
+CONFIG_NET_MGMT_EVENT_INFO=y
+CONFIG_NET_L2_OPENTHREAD=y
+
+# DNS
+CONFIG_DNS_RESOLVER=y
+CONFIG_DNS_SERVER_IP_ADDRESSES=y
+CONFIG_DNS_SERVER1="fdaa:bb:1::2"
+
+# OpenThread
+CONFIG_OPENTHREAD_JOINER=y
+CONFIG_OPENTHREAD_JOINER_AUTOSTART=y
+CONFIG_OPENTHREAD_MANUAL_START=y
+CONFIG_OPENTHREAD_SLAAC=y
+CONFIG_OPENTHREAD_JOINER_PSKD="J01NME"
+CONFIG_OPENTHREAD_FTD=y
+
+# MbedTLS and security
+CONFIG_MBEDTLS=y
+CONFIG_MBEDTLS_KEY_EXCHANGE_PSK_ENABLED=y
+CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED=y
+CONFIG_MBEDTLS_DTLS=y
+CONFIG_MBEDTLS_ENTROPY_ENABLED=y
+
+# Shell settings
+CONFIG_SHELL_MINIMAL=y
+CONFIG_SHELL_WILDCARD=n
+CONFIG_SHELL_VT100_COMMANDS=y
+CONFIG_SHELL_VT100_COLORS=n
+CONFIG_SHELL_STATS=n
+CONFIG_SHELL_CMDS=n
+CONFIG_SHELL_TAB=y
+CONFIG_SHELL_TAB_AUTOCOMPLETION=y
+CONFIG_SHELL_CMDS_RESIZE=n
+CONFIG_DEVICE_SHELL=n
+CONFIG_DATE_SHELL=n
+CONFIG_DEVMEM_SHELL=n
+CONFIG_MCUBOOT_SHELL=n
+CONFIG_KERNEL_SHELL=y
+CONFIG_OPENTHREAD_SHELL=y

demo/boards/nrf52840dk_nrf52840.overlay

@@ -0,0 +1,9 @@
+/ {
+    aliases {
+        push-button-0 = &button0;
+        push-button-1 = &button1;
+        push-button-2 = &button2;
+        push-button-3 = &button3;
+        status-led = &led0;
+    };
+};

demo/boards/nrf9160dk_nrf9160_ns.conf

@@ -22,10 +22,10 @@ CONFIG_SYSTEM_WORKQUEUE_STACK_SIZE=4096
 CONFIG_LOG_RUNTIME_FILTERING=n
 CONFIG_LOG_CMDS=n
 CONFIG_LOG_MAX_LEVEL=3
-CONFIG_LOG_DEFAULT_LEVEL=2
 CONFIG_HWINFO=n
 
 # Networking
+CONFIG_NET_NATIVE=n
 CONFIG_NET_IF_MAX_IPV4_COUNT=2
 CONFIG_NET_TCP_ISN_RFC6528=n
 CONFIG_NET_LOG=n
@@ -75,3 +75,4 @@ CONFIG_DEVICE_SHELL=n
 CONFIG_DATE_SHELL=n
 CONFIG_DEVMEM_SHELL=n
 CONFIG_MCUBOOT_SHELL=n
+CONFIG_KERNEL_SHELL=y

demo/boards/nrf9160dk_nrf9160_ns_extflash.conf

@@ -16,6 +16,7 @@ CONFIG_MAIN_STACK_SIZE=2048
 CONFIG_SYSTEM_WORKQUEUE_STACK_SIZE=4096
 
 # Networking
+CONFIG_NET_NATIVE=n
 CONFIG_NET_IF_MAX_IPV4_COUNT=2
 CONFIG_NET_TCP_ISN_RFC6528=n
 

demo/boards/thingy91_nrf9160_ns.conf

@@ -25,10 +25,10 @@ CONFIG_SYSTEM_WORKQUEUE_STACK_SIZE=4096
 CONFIG_LOG_RUNTIME_FILTERING=n
 CONFIG_LOG_CMDS=n
 CONFIG_LOG_MAX_LEVEL=3
-CONFIG_LOG_DEFAULT_LEVEL=2
 CONFIG_HWINFO=n
 
 # Networking
+CONFIG_NET_NATIVE=n
 CONFIG_NET_IF_MAX_IPV4_COUNT=2
 CONFIG_NET_TCP_ISN_RFC6528=n
 CONFIG_NET_LOG=n
@@ -87,3 +87,4 @@ CONFIG_DEVICE_SHELL=n
 CONFIG_DATE_SHELL=n
 CONFIG_DEVMEM_SHELL=n
 CONFIG_MCUBOOT_SHELL=n
+CONFIG_KERNEL_SHELL=y