Azure FOTA Update File Access from Blob Storage

Hi Nick

2. What is the purpose of CONFIG_AZURE_FOTA_SEC_TAG?

The security tags are so that you are able to save multiple different certificates in your modem. They are not used by the cloud, but by the modem. See here for more information.

If you used the same certificates for as for azure in general, use the same tag as "CONFIG_AZURE_IOT_HUB_SEC_TAG".
If you provisioned new certificates for FOTA using another tag, use the tag number you chose when provisioning.

Regarding question 1 and question 2, I understand that both these are related to your issue with not being able to do a FOTA update?
Here are the steps I took to create a blob storage:

1. Create a Azure Storage Account. I just put in a name and used standard settings. This might change for you.

2. Chose your new Storage account, and go to the containers menu. Press "Create container" and choose a name.

3. Change something in your code (I added printk("After FOTA\n")) and build the project. Do not flash.

3. Select the new container. Then press "upload", and upload the file <your_project>/build/zephyr/app_update.bin.

4. Then just proceed as described in the Azure FOTA sample documentation, Go to your hub, find "device twin", copy and paste the JSON to "desired" and press save. 
    Remember to change the "jobID" every time you want it to perform a FOTA again.
    Also remember to change the "host" and "path" variables to what you use on Azure.
    I had to add my container name to "path", as such:
 

"path": "fota-container/app-update.bin

Is this the same method you used to upload the firmware image?

(PS: You should be able to edit your posts, to fix formatting after you have posted)

Regards,
Sigurd Hellesvik

Thank you Sigurd. My process was the same but I must have changed a setting somewhere during the creation of the Storage Account or Container as the process looked different today than it did yesterday. It appears to be working now, though I'm concerned that everything is set to public access. How do you suggest we modify this setup so that only administrators and our IoT leaf devices have access to these update files?

And thank you, I am aware of the edit feature but a problem with our firewall was causing this website to be excessively slow and exhibit odd behavior so I wasn't going to depend on something that didn't work the first time anyway.

Hi Nick

Good to hear that it is working now!

For the private access:
I asked the developers, and they say that it does not look like Azure blob storage allow for the use of a custom certificate chain.

You will have to setup their own endpoints, for example using: Configure TLS mutual authentication for Azure App Service

Regards,
Sigurd Hellesvik

Thanks Sigurd. I'll look into that.

Hi, I've this same problem. 

When I try do download the firmware.bin

I've download errono - 113 any idea? 

Hi, I've this same problem. 

When I try do download the firmware.bin

I've download errono - 113 any idea? 

Hi Yvan,

Can you create a new ticket where you explain your issue?

I think it will be more tidy than doing a conversatiion in the middle of this ticket

Hi 

My ticket already created. 

devzone.nordicsemi.com/.../need-help-with-fota-via-device-provisioning-on-my-nrf7002dk---azure-fota---iot-hub