Device Management Client 4.0.0 General Availability

Features

• Support for PSA Crypto API v1.0b3 in PSA configurations.
• Support for Secure Storage with PSA with Linux, too.
• Support for UNISOC SXOS SDK v8p2.1 for UIS8908A NB-IoT board.
• Mbed OS - compatibility with Mbed OS 5.14.0.
• Mbed OS - support for STM Discovery L475VG IOT01A board.
• Improved support for congested, long latency network registration with configurable random delay to registration.

Device Management Client

• Added a new API init() to MbedCloudClient class. You can use this optional API for two-phased memory allocation when initializing the client. It allows the example application to resolve out-of-memory issues during the initialization of the client library.

• Removed a redundant switch in M2MFirmware class get_resource function.

• Updated Mbed CoAP to 5.1.1.

• Fixed the Resource /1/0/7 to return the correct binding mode when trying to GET the value of the Resource using a REST API call.

• Increased the Device Management Client initial reconnection delay to have range of 10 to 100 seconds.

• Increased the MBED_CLIENT_TCP_KEEPALIVE_INTERVAL to nine minutes.

• Implemented DTLS timer handling for handshake.

• When Device Management Client is compiled with the PSA configuration, it uses PSA-protected storage APIs instead of:

  • KVStore in Mbed OS.
  • ESFS/SOTP for non-Mbed OS platforms.

  Note: Both storage types above are still used in the non-PSA variant of Device Management Client.

Factory configurator client

• Support for UNISOC SXOS SDK v8p2.1 for UIS8908A NB-IoT board.

Platform Adaptation Layer (PAL)

• Improved support and proper timer logic for UDP/DTLS.
• PSA Crypto API v1.0b3 support.
• Support for UNISOC SXOS SDK v8p2.1 for UIS8908A NB-IoT board.

Release notes can be found from:

https://cloud.mbed.com/docs/current/release-notes/device-management-client.html

Device Management Client 3.4.0 General Availability

Features

• Device Management Client now includes Secure Device Access (SDA) library.
• Support for update priority.
• Support for certificate renewal with Platform Security Architecture (PSA).
• A new feature flag, MBED_CONF_MBED_CLIENT_ENABLE_OBSERVATION_PARAMETERS, controls the usage of LwM2M Write attributes for LwM2M resources. Disabling this feature will allow you to save RAM used by observation parameters per resource. Disabled by setting the flag to 0.
• A new API for creating M2MResource directly without first creating M2MObject and M2MObjectInstance.

Device Management Connect client

• Added the max-age option to be part of the notification message construction. This fixes the issue that the resource cache was not being updated due to value changes from notification messages.
• Added a Secure Device Access (SDA) client library.
• A new feature flag that enables SDA - MBED_CLOUD_CLIENT_ENABLE_SDA (disabled by default).
• A new feature flag, MBED_CONF_MBED_CLIENT_ENABLE_OBSERVATION_PARAMETERS, controls the usage of LwM2M Write attributes for LwM2M resources. Disabling this feature will allow you to save RAM used by observation parameters per resource. Disabled by setting the flag to 0.
• New API for managing update priority and rejecting optional firmware updates.
  • Added set_update_authorize_priority_handler().
  • Added update_reject().
  • New error enums for update authorization rejection, UpdateWarningAuthorizationRejected, UpdateWarningAuthorizationUnavailable.
• Support for certificate renewal with Platform Security Architecture (PSA).
• Extended MbedCloudClient() constructor to allow callback registration to client.
• A new API for creating M2MResource directly without first creating M2MObject and M2MObjectInstance.
• Bug fix: Requests sent from Device Management Client using the same URI and method were determined duplicates even if the context parameter was different.

Factory configurator client

• Replaced CBOR implementation library with tinycbor.
• Bug fix: Working with a file name length of KCM_MAX_FILENAME_SIZE in KCM APIs resulted in a KCM_STATUS_FILE_NAME_TOO_LONG error.

Secure Device Access client

• Initial Secure Device Access (SDA) release.
• SDA implements the ACE-OAuth standard, which specifies a framework for authenticating and authorizing in constrained IoT environments.
• The full SDA documentation is available on our documentation site.

Device Management Update client

• New update authorization API:
  • Deprecated ARM_UC_SetAuthorizeHandler() in favor of ARM_UC_SetAuthorizePriorityHandler().
  • Added ARM_UC_Reject() to the application authorization callback to deliver the rejection reason to the service.
  • Added a priority field to the manifest.
  • Propagated update priority from the manifest to the application authorization callback.
• Writing of the update candidate metadata is postponed to a later phase. The metadata is written when the download has completed and the client application has authorized the installation.

Platform Adaptation Layer (PAL)

• [Linux] Read the source entropy from the target machine system environment if available; otherwise, use the user default source entropy file path.
  • Read the entropy file name from the system environment entry ENTROPYSOURCE=<path-to-entropy-file-name>.
• [TLS] Fixed potential double free issue in pal_initTLS().
• [Tests] Do not try to execute filesystem tests if there is no filesystem.

Release notes can be found from:

https://cloud.mbed.com/docs/current/release-notes/device-management-client.html

Device Management Client 3.3.0 General Availability

Features

• Mbed OS 5.13.0 support.
• Client support added for Wi-SUN FAN stack, which is now supported by Mbed OS.

Device Management Connect client

• Updated Mbed CoAP to 4.8.0.
• A fix to accommodate a null terminator space for managing a common name parameter (max 64 characters) in an X.509 certificate.
• A fix to clear a stored SSL session when the device rebootstraps. Without clearing, a bootstrap loop may render the device unusable.

Factory configurator client

New kcm_item_get_size_and_data API combines kcm_item_get_data_size and kcm_item_get_data into one synchronous API.

Release notes can be found from:

https://cloud.mbed.com/docs/current/release-notes/device-management-client.html

Device Management Client 3.2.0 General Availability

Features

• Implemented support for compressed delta updates.
  • This feature can reduce the size of firmware update images as the image will have only the changed parts rather than the full image.
• Implemented SSL session resume.
  • This feature reduces the need for full handshakes (and thus amount of data transferred and time used for reconnections) as long as the session is valid.
  • Session information is stored in the configured secure storage, so consider the potential flash wearing.
  • To minimize flash wearing, session information is only stored when it changes.

Device Management Connect client

• Relaxed the enforcement of client configuration. Only SN_COAP_MAX_BLOCKWISE_SIZE is considered as a mandatory application configuration due to bootstrap and update (CoAP download) dependencies.
  • LIFETIME (default 3600 seconds), ENDPOINT_TYPE ("default") and TRANSPORT_MODE (default TCP) now have defaults. The application does not need to define them if default values are acceptable.
• Added new public APIs to the MbedCloudClient class to request Enrollment over Secure Transport (EST) (est_request_enrollment) and free the resulting certificate chain context (est_free_cert_chain_context).

Device Management Update client

• Added the delta update feature into Update client.
• Fixed HTTP download for very small files.
• Implemented a check to reject zero bytes firmware.
• Fixed installation authorization logic which was proceeding without waiting for the application callback.
• Fixed manifest manager to report correct error codes.
• Fixed PAL include files.
• Optimized flash and RAM footprint for CoAP source.
• Added a check to ensure that SN_COAP_MAX_BLOCKWISE_PAYLOAD_SIZE is aligned with the storage page size.
• Added code to read the active firmware metadata header from file. This enables e-2-e testing with filesystem storage in a Linux host.
• Added heap and stack statistic trace messages.

Factory configurator client

• Naming restrictions for KCM APIs are now identical for KVStore and Pelion Secure Storage solutions (ESFS-SOTP):
  • kcm_item_name must only include characters a-z, A-Z, 0-9, _, -, ..
  • The max kcm_item_name length is 100 bytes.
  • This deprecates Pelion Secure Storage naming restrictions.
• New APIs:
  • kcm_asymmetric_sign computes ECDSA raw signature on hash digest using associated private key name. Supports keys with EC SECP256R1 curve only.
  • kcm_asymmetric_verify verifies ECDSA raw signature on hash digest using associated private key name. Supports keys with EC SECP256R1 curve only.
  • kcm_generate_random generates a random number into a given buffer.
  • kcm_ecdh_key_agreement computes a shared secret using the elliptic curve Diffie Hellman algorithm.
• Fixed a bug in conversion of private key from DER to raw.
• kcm_item_close_handle receives a pointer to the handle instead of the handle. This is a bugfix for crash when kcm_item_close_handle is called twice.

Platform Adaptation Layer (PAL)

New cryptographic APIs implemented for PSA and non-PSA variants:

• pal_parseECPrivateKeyFromHandle parses EC private key from PAL private key handle.
• pal_parseECPublicKeyFromHandle parses EC public key from PAL public key handle.
• pal_asymmetricSign computes ECDSA raw signature of a previously hashed message. Supports keys with EC SECP256R1 curve only.
• pal_asymmetricVerify verifies the ECDSA raw signature of a previously hashed message. Supports keys with EC SECP256R1 curve only.
• pal_ECDHKeyAgreement computes raw shared secret key using elliptic curve Diffie–Hellman algorithm.

Other changes:

• Fixed unnessary dependencies to SN_COAP_MAX_BLOCKWISE_SIZE parameter.
• Added pal_x509CertCheckExtendedKeyUsage that checks the usage of certificate against extended-key-usage extension.
• [Linux] When creating threads, use the system provided PTHREAD_STACK_MIN as a minimum value. Previously, the application was allowed to define values smaller than the system-defined minimum.
• Implemented SSL session resume feature. This feature is enabled by default. Use the PAL_USE_SSL_SESSION_RESUME flag to control it.

Release notes can be found from:

https://cloud.mbed.com/docs/current/release-notes/device-management-client.html

Device Management Client 3.1.1 General Availability

No changes.

Release notes can be found from:

https://cloud.mbed.com/docs/current/release-notes/device-management-client.html

Device Management Client 3.1.0 General Availability

Device Management Client 3.1.0

Features

RAM optimizations for Device Management Client.

PDMC library	PDMC example	Configuration	Flash	Delta	Peak RAM	Delta	Notes
3.0.0	3.0.0	ESP8266	353644	0	97769	0	PDMC example 3.0.0 with default ESP8266 profile.
3.1.0	3.1.0	ESP8266	303044	-50600	57914	-39855	PDMC example 3.1.0 with RAM-optimized ESP8266 minimal profile.

GCC compiler (GCC_ARM) with the release profile for K64F with ESP8266 module.

Device Management Connect client

• Fixed client state machine for pause() handling. Fixes the issues that caused the pause() call to be ignored while other operations are active.
• Implemented network status callback handling for the client library. Now, the client reacts to changes in the network status callbacks to speed up client connection recovery during reconnection.
• Improved internal flagging of the client library to enable further optimizations and modularization of client components.

Platform Adaptation Layer (PAL)

• Improved TLS configuration to optimize RAM usage.
• Improved header include handling within the PAL layer.
• CMake improvements.
• Improved PAL unit tests.

Release notes can be found from:

https://cloud.mbed.com/docs/current/release-notes/device-management-client.html

Device Management Client 3.0.0 General Availability

Device Management Connect client

• Disabled STL and Namespace pollution by default. These are deprecated features.
• [Mbed OS] Enabled secure storage feature (KVStore) by default.
• [Mbed OS] Disabled certificate enrollment features by default. You can enable them from application by setting "mbed-cloud-client.disable-certificate-enrollment": null in the mbed_app.json file. This saves 5.5 KB of flash.

Factory Configurator client

• Integration with PSA APIs.
• Factory Tool Communication Demo layer using asynchronous socket API.
• Bugfix for running with IAR8.32 compiler.

Device Management Update client

Added a temporary workaround for Cypress PSOC6 target to read each block from an external block device twice.

Platform Adaptation Layer (PAL)

• [Mbed OS] Added support for PSA-enabled Mbed TLS that is part of Mbed OS 5.12 release.
• Added new configuration flag for server socket APIs, PAL_NET_SERVER_SOCKET_API. The default is 1.
  • For quick porting, set it to 0. You do not need to implement pal_plat_accept and pal_plat_listen, which factory configurator client requires for the factory flow.
• Removed unused synchronous socket API implementation to reduce porting effort across different operating systems.
• Removed unused PAL_NET_ASYNCHRONOUS_SOCKET_API flag since there is only asynchronous socket implementation.
• Improved test coverage for platform tests.

Release notes can be found from:

https://cloud.mbed.com/docs/current/release-notes/device-management-client.html

Device Management Client 2.2.1 General Availability

Device Management Connect client

• Fixed handling of blockwise message during concurrent notification sending.
• Fixed handling of content type format for PUT requests on resource level. Client only accepts text/plain and opaque content-types.

Factory Configurator client

• [Mbed OS] Support for injecting external entropy for devices using KVstore (internal flash).

Platform Adaptation Layer (PAL)

• [Mbed OS] Fixed the usage of deprecated socket APIs.
• Added logic to pal_plat_initTime to recover from data corruption due to power failure.
• Improved API documentation.
• [Mbed OS] Support for injecting external entropy for devices using KVstore (internal flash).

Release notes can be found from:

https://cloud.mbed.com/docs/current/release-notes/device-management-client.html

Device Management Client 2.2.0 General Availability

Device Management Connect client

• Updated Mbed CoAP to 4.7.4.
  • Mbed CoAP for non-Mbed OS platforms is one patch release ahead of the Mbed OS version (5.11.3) of Mbed CoAP.
• Implemented DTLS fragmentation support for Device Management Client.
  • If your device has constraints with network buffer sizes where the DTLS handshake packets cannot fit into the single MTU, this configuration allow smaller packet size (minimum fragment length of 512 bytes + DTLS headers).
  • This feature is supported from MbedTLS 2.15.1 onwards.
  • To enable support, define mbed-client-pal.pal-max-frag-len = <value> in the mbed_app.json file.
  • Value 0 = disabled, 1 = MBEDTLS_SSL_MAX_FRAG_LEN_512, 2= MBEDTLS_SSL_MAX_FRAG_LEN_1024, 3 = MBEDTLS_SSL_MAX_FRAG_LEN_2048.
  • The value must be twice the defined value of SN_COAP_MAX_BLOCKWISE_PAYLOAD_SIZE, otherwise your client will give a compilation error with mismatching configuration options.
• [Edge] In Edge mode, the client can process more than one request per resource at a time.
• Fixed message status callback handling when using delayed response with the blockwise option.
  • Application received multiple delivered statuses when using blockwise transfer. This issue has now been resolved.
• [Linux] Updated CMake minimum version to 3.5.
• [Mbed OS] Enabled new configuration option for selecting secure storage mechanism : "mbed-cloud-client.external-sst-support":"<null/1>"
  • "mbed-cloud-client.external-sst-support":null means client continues using SOTP-ESFS based storage implementation.
  • "mbed-cloud-client.external-sst-support":1 means client uses KVStore-based storage implementation. This requires Mbed OS 5.11.4 version and higher.
  • By default, it is set to null so older versions of Device Management Client example are binary compatible with this client version.
  • For Linux, client continues using SOTP-ESFS based storage implementation.
• Added a configuration check for the update profile (ARM_UC_PROFILE_MBED_CLIENT_LITE) to prevent accidental usage of LITE profile with Device Management Client.
• Added the pause and resume functionality. The APIs let you change the network interface without deregistering the client. You can also pause the client, for example, for sleeping (with RAM retention).
• Deprecated client APIs that use std::string, including the whole SimpleM2MResourceString and SimpleM2MResourceInt classes.
  • The existing code using these APIs still compiles and works, but gives compiler warnings.
  • This was changed because the code using C++ Standard Template Library (STL) is causing issues in some environments, where the std:: namespace or STL is not available at all.
  • STL also causes large ROM overhead, and disabling it saves ~15 KB on ROM budget, depending on the compiler toolchain used.
  • To remove the deprecated APIs completely, set MBED_CLOUD_CLIENT_STL_API to 0.
• You can now disable the namespace pollution of code that includes MbedCloudClient.h with using namespace std;.
  The behavior is left unchanged, but you can disable it by setting MBED_CLOUD_CLIENT_STD_NAMESPACE_POLLUTION to 0.
• Fixed regression on the application not receiving value_updated() callback for a POST message to an Object or Object Instance.
• Fixed stack overflow issue with local memory allocation from stack rather than heap when trying to read values from KCM.
• Changed network errors printing in M2MConnectionHandlerpimpl.cpp to use hexadecimal format for easier comparison with mbed-client-pal/Source/PAL-Impl/Services-API/pal_errors.h.
• Modified event API to use uintptr_t types for passing pointers instead of uint32_t for 64-bit compatibility.

Factory Configurator client

• Integration with Mbed OS 5.11 KVStore module.

Device Management Update client

• Support for large file download: converted notification handling to use a flag instead of a counter to avoid a deadlock in the scheduler.
• [Mbed OS] Enabled a new configuration option for selecting the storage location for the Update client update image.
  • "mbed-cloud-client.update-storage":"<mode>"
  • <mode> can be either ARM_UCP_FLASHIAP for internal flash or ARM_UCP_FLASHIAP_BLOCKDEVICE for external flash.
• Fixed the Update client state machine reboot state logic so that the active firmware details are not re-sent if reboot does not happen.
• Enabled a single HTTP request to be sent instead of multiple fragments during file download. Added a flag to guard the writing of the entire update file to pre-allocate space before the file is downloaded. The flag is disabled by default.
• Fixed traces from printing empty values for asynchronous DNS calls.
• Modified the trace and error macros in the manifest manager to use common macros.
• Fixed the race conditions on critical section code in the atomic-queue module.
• Fixed various compiler warnings.
• Update client calls a new pal_plat_osGetRoT function that reads RoT from KVStore.
• Added the possibility of queueing callbacks with an associated context in the Update client scheduler.
• Implemented an Update client scheduler API to post an error. The scheduler executes the error callback in priority over all the other callbacks in the queue.
• Added a compilation check for CoAP buffer size.
• Added trace messages to HTTP source module for debugging purposes.
• Fixed the Update client trace module when mbed_trace is off.
• Removed the accelerated handling of binary comparisons that relied on unaligned access.
• Fixed overflow in the HTTP request header.
• Sanitized module codes in trace messages. Defined a macro that replaces non-printable characters with a dot character. Wrapped module codes in the new macro wherever traces or debug messages are printed.
• Replaced calls to mbed_tracef with calls to tr_debug/tr_error.
• Added a compile time check for non-zero update storage size.
• Fixed page rounding issue in PAL block device.
• Improved trace messages in HTTP resume engine.
• Fixed the event API callback types to match the changes in Update client.
• Added support for reporting out of memory error from Mbed TLS.
• Removed TRACE_GROUP definitions from public header files.

Platform Adaptation Layer (PAL)

• Introduced PAL Secure Storage (SST) APIs.
  • Added Mbed OS configuration for secure storage using KVStore through this API (PAL SST).
• Added more unit tests and clarified error messages in them to help in-platform porting process.
• Added PAL_UNIT_TESTING_NONSTANDARD_ENTRYPOINT for executing unit tests.
• Added pal_osSetRoT API and related pal_plat_osSetRoT functions for SOTP and KVstore.
• Remove obsolete documentation and unnecessary board-specific configuration.
• Added error handling of MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED.
• Fixed error translation in the Linux implementation of pal_plat_getAddressInfo.
• Refactored the flash simulation over file system code out of the generic flash module.
• Refactored the Linux-specific reboot simulation code.

Release notes can be found from:

https://cloud.mbed.com/docs/current/release-notes/device-management-client.html

Device Management Client 2.1.1 General Availability

Device Management Connect client

Client handles packet duplication correctly. This resolves the case where Client was occasionally unable to reconnect. This is fixed in CoAP 4.7.2, which is part of Mbed OS 5.11.0.

https://cloud.mbed.com/docs/current/release-notes/device-management-client.html