• State Not Answered
  • Replies 19 replies
  • Subscribers 76 subscribers
  • Views 2814 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 319473
Options

NEED HELP WITH FOTA VIA DEVICE PROVISIONING ON MY NRF7002DK - AZURE FOTA - IOT HUB

overflow

Hello, I'm trying to do the fota via azure IoT hub, except I can't, I don't know if I'm doing it wrong because I followed the doc   Azure FOTA  https://shorturl.at/fsAJ1 ainsi que  Azure IoT Hub https://shorturl.at/eoT57 , maybe I missed something.

sdk 2.5.99-dev1

I would like to add this, when try to download the zephyr.bin on my azure

<err> download_client: Unable to connect, errno 113
[00:00:44.678,955] <err> fota_download: Download client error
[00:00:44.689,544] <err> azure_fota: FOTA download failed

If you need more information, I'm open, thank you, I hope to find a solution :)

  • 0 in reply to Actif

    Thanks for your feedback, Vincent! It's valuable for us to understand how to make the documentation better.

    In the Azure IoT Hub sample docs, there's a link to the Azure IoT Hub library documentation where Iot Hub setup is presented: https://docs.nordicsemi.com/bundle/ncs-latest/page/nrf/libraries/networking/azure_iot_hub.html#prereq-connect-to-azure-iot-hub

    There, we link to Azure's own documentation on how to set up an account and IoT Hub, which is how we do it ourselves when testing: https://learn.microsoft.com/en-us/azure/iot-hub/iot-hub-create-through-portal

    In addition, our own docs have some additional details on the credentials part and how to use Azure's portal and tools to add those. The challenge with this, is that it can get outdated and out of sync with Azure's side of things. We've tried to hit a good compromise here, between pointing to external sources that are always up to date and adding some guidance to Azure's docs, but we might have missed the target.

    I tested the Azure Iot Hub sample today for nRF7002 DK on NCS v2.5.1, with DPS and FOTA. It worked accoring to the explanations in the sample docs. I did note some improvements that we will make to the docs for the next NCS release (v2.6.0), related to credentials and where we place the links mentioned above.

    If you still have issues with Azure IoT Hub + DPS + FOTA, please raise a new ticket and I will follow up. If you do that, please enable the following Kconfig options to get some more logging and share the logs:

    CONFIG_AZURE_IOT_HUB_LOG_LEVEL_DBG=y
    CONFIG_AZURE_FOTA_LOG_LEVEL_DBG=y

    Best regards,

    Jan Tore

  • 0 in reply to Jan Tore Guggedal

    Hello, Thank you for your nice explanation it is appreciated.

    I use the same certificates for DPS and FOTA, it works with DPS, so I get the telemetry and for FOTA I get the error mentioned above.

    I'm using blob storage to host my binary file that I need to flash later via FOTA, do I need to specify a certificate from the blob storage server, or is the DPS certificate used directly by blobstorage?

  • 0 in reply to overflow

    I hope to get an anwer as soon as possible :)

  • 0 in reply to overflow

    I can't guarantee that blob storage and DPS use the same certificates in all instances, but in the common case and today that is the case. Keep in mind, though, that this will not last for long. DPS will soon be transitioning to DigiCert Global Root G2, same as IoT Hub: https://techcommunity.microsoft.com/t5/internet-of-things-blog/azure-iot-tls-critical-changes-are-almost-here-and-why-you/ba-p/2393169

    That should not be a problem, as you already have that certificate in place in order to be able to connect to the IoT Hub at all.

    When it comes to the error that you see, I think this is because CONFIG_AZURE_FOTA_SEC_TAG is pointing to the wrong sec tag. In this case, and provided that your blob storage instance indeed uses Baltimore CyberTrust root CA, it should be set to the sec tag where you have provisioned that certificate:

    • If you have placed the Baltimore certificate in "ca-cert.pem", then you should set CONFIG_AZURE_FOTA_SEC_TAG to the same value as CONFIG_MQTT_HELPER_SEC_TAG.
    • If the certificate is in "ca-cert-2.pem", CONFIG_AZURE_FOTA_SEC_TAG should be set to the value of CONFIG_MQTT_HELPER_SECONDARY_SEC_TAG.
  • 0 in reply to Jan Tore Guggedal

    Here's my configuration for FOTA and DPS

    CONFIG_AZURE_IOT_HUB_DPS=y


    # ID scope can be omitted and supplied at runtime
    CONFIG_AZURE_IOT_HUB_DPS_ID_SCOPE=""
    CONFIG_AZURE_IOT_HUB_HOSTNAME=""

    #We use the device ID in our case
    CONFIG_AZURE_IOT_HUB_SAMPLE_DEVICE_ID_USE_HW_ID=n
    CONFIG_AZURE_IOT_HUB_DPS_REG_ID="device-0000002"


    CONFIG_MQTT_HELPER_PROVISION_CERTIFICATES=y
    CONFIG_MQTT_HELPER_SEC_TAG=10
    CONFIG_MQTT_HELPER_SECONDARY_SEC_TAG=11
    CONFIG_MQTT_HELPER_STACK_SIZE=16384
    CONFIG_TLS_MAX_CREDENTIALS_NUMBER=6

    # FOTA
    CONFIG_AZURE_FOTA=y
    CONFIG_AZURE_FOTA_TLS=y
    CONFIG_AZURE_FOTA_APP_VERSION_AUTO=n
    CONFIG_AZURE_FOTA_APP_VERSION="v0.0.0"

    #FOTA TAG
    CONFIG_AZURE_FOTA_SEC_TAG=10

    # Change the security tag for the tag where certificates are provisioned
    # for the server where the FOTA image is hosted
    #
    CONFIG_BOOTLOADER_MCUBOOT=y
    CONFIG_FOTA_DOWNLOAD=y
    CONFIG_DFU_TARGET=y
    CONFIG_MCUBOOT_IMG_MANAGER=y
    CONFIG_IMG_MANAGER=y
    CONFIG_STREAM_FLASH=y
    CONFIG_FLASH_MAP=y
    CONFIG_FLASH=y
    CONFIG_IMG_ERASE_PROGRESSIVELY=y
    CONFIG_DOWNLOAD_CLIENT=y
    CONFIG_DOWNLOAD_CLIENT_STACK_SIZE=4096

    This is how my certificate files are reported
    ca-cert-2.pem
    private-key.pem
    ca-cert.pem
    client-cert.pem

    You can see the tags
    CONFIG_MQTT_HELPER_SEC_TAG=10
    CONFIG_MQTT_HELPER_SECONDARY_SEC_TAG=11

    and my FOTA TAG
    CONFIG_AZURE_FOTA_SEC_TAG=10
    at 10 or 11, it doesn't work any more.

    I feel like I'm missing something, I'm not sure what.

Related
Terms of service