• Home
  • History
  • Annotate
Name Date Size #Lines LOC

..--

src/11-Mar-2024-190115

CMakeLists.txtD11-Mar-2024653 2618

KconfigD11-Mar-2024679 3024

README.rstD11-Mar-20248.8 KiB293193

overlay-tls.confD11-Mar-2024226 117

prj.confD11-Mar-2024987 5126

sample.yamlD11-Mar-2024254 1312

README.rst

1Hawkbit Direct Device Integration API sample
2############################################
3
4Overview
5********
6
7The hawkbit update server provides REST resources which are consumed by the
8device to retrieve software update tasks. This API is based on HTTP standards
9and a polling mechanism.
10
11This sample shows how to use Hawkbit DDI API in both a polling and manual
12update mode.
13
14Polling mode run automatically on a predefined period, probing the server
15for updates and installing them without requiring user intervention. You can
16access the sample source code for this hawkbit_polling.
17
18Manual mode requires the user to call the server probe and then, if there is
19an available update, it will install the update. You can access the sample
20source code for this mode hawkbit_manual
21
22Caveats
23*******
24
25* The Zephyr port of ``Hawkbit`` is configured to run on a
26  :ref: `Freedom-K64F <frdm_k64f>` MCU by default. The application should
27  build and run for other platforms with support internet connection. Some
28  platforms need some modification. Overlay files would be needed to support
29  BLE 6lowpan, 802.15.4 or OpenThread configurations as well as the
30  understanding that most other connectivity options would require an edge
31  gateway of some sort (Border Router, etc).
32
33* The MCUboot bootloader is required for ``Hawkbit`` to function properly.
34  More information about the Device Firmware Upgrade subsystem and MCUboot
35  can be found in :ref:`mcuboot`.
36
37Building and Running
38********************
39
40The below steps describe how to build and run the ``Hawkbit`` sample in
41Zephyr. Where examples are given, it is assumed the sample is being build for
42the Freedom-K64F Development Kit (``BOARD=frdm_k64f``).
43
44Step 1: Build MCUboot
45=====================
46
47Build MCUboot by following the instructions in the :ref:`mcuboot` documentation
48page.
49
50Step 2: Flash MCUboot
51=====================
52
53Flash the resulting image file to the 0x0 address of the flash memory. This can
54be done by,
55
56.. code-block:: console
57
58   west flash
59
60Step 3: Start the Hawkbit Docker
61================================
62
63By default, the hawkbit application is set to run on http at port:8080.
64
65.. code-block:: console
66
67   sudo docker run -p 8080:8080 hawkbit/hawkbit-update-server:latest \
68   --hawkbit.dmf.rabbitmq.enabled=false \
69   --hawkbit.server.ddi.security.authentication.anonymous.enabled=true
70
71This will start the hawkbit server on the host system.Opening your browser to
72the server URL, ``<your-ip-address>:8080``, and logging into the server using
73``admin`` as the login and password by default.
74
75Step 4: Build Hawkbit
76=====================
77
78``Hawkbit`` can be built for the frdm_k64f as follows:
79
80.. zephyr-app-commands::
81    :zephyr-app: samples/net/hawkbit
82    :board: frdm_k64f
83    :conf: "prj.conf"
84    :goals: build
85
86.. _hawkbit_sample_sign:
87
88Step 5: Sign and confirm the first image
89========================================
90
91From this section onwards you use a binary (``.bin``) image format.
92
93.. code-block:: console
94
95   west sign -t imgtool -- --key \
96   ~/zephyrproject/bootloader/mcuboot/root-rsa-2048.pem --confirm \
97   --version 1.0.0
98
99The command above creates a signed and confirmed image file called
100:file:`zephyr.signed.confirmed.bin` in the build directory. It's important for
101the first image to be confirmed as MCUboot isn't able to confirm an image that
102is flashed using a hardware tool, and Hawkbit will reboot to trigger a firmware
103swap if it isn't able to confirm the running image on init.
104
105Step 6: Flash the first image
106=============================
107
108Upload the :file:`zephyr.signed.confirmed.bin` file from Step 5 to image slot-0
109of your board.
110
111.. code-block:: console
112
113   west flash --bin-file build/zephyr/zephyr.signed.confirmed.bin
114
115Once the image is flashed and booted, the sample will print the image build
116time to the console. After it connects to the internet, in hawkbit server UI,
117you should see the the frdm_k64f show up in the Targets pane. It's time to
118upload a firmware binary to the server, and update it using this UI.
119
120Step 7: Building and signing the test image
121===========================================
122
123The easiest way to test the functionality of Hawkbit is to repeat step 4 to
124build the sample again, so that the build time will be different. Then, similar
125to step 5, sign the image and assign it a different version number but without
126confirming it like so:
127
128.. code-block:: console
129
130   west sign -t imgtool -- --key \
131   ~/zephyrproject/bootloader/mcuboot/root-rsa-2048.pem \
132   --version 1.0.1
133
134The command above creates a signed image file called
135:file:`zephyr.signed.bin` in the build directory.
136
137Upload the signed image to the server. Click Upload icon in left pane of UI and
138create a new Software Module with type Apps (``name:hawkbit,version:1.0.1``).
139Then upload the signed image to the server with Upload file Icon.
140
141Click on distribution icon in the left pane of UI and create a new Distribution
142with type Apps only (``name:frdm_k64f_update,version:1.0.1``). Assign the
143``hawkbit`` software module to the created distribution. Click on Deployment
144icon in the left pane of UI and assign the ``frdm_k64f_update`` distribution to
145the target ``frdm_k64f``.
146
147Step 8: Run the update
148======================
149
150Back in the terminal session that you used for debugging the board, type the
151following command:
152
153.. code-block:: console
154
155   hawkbit run
156
157And then wait. The board will ping the server, check if there are any new
158updates, and then download the update you've just created. If everyting goes
159fine the message ``Image flashed successfully, you can reboot now`` will be
160printed on the terminal.
161
162Step 9: Reboot the system
163=========================
164
165In the terminal you used for debugging the board, type the following command:
166
167.. code-block:: console
168
169   kernel reboot cold
170
171Your board will reboot and then start with the new image. After rebooting, the
172board will print a different image build time then automatically ping the server
173again and the message ``No update available`` will be printed on the terminal.
174
175Step 10: Clone and build hawkbit with https
176===========================================
177
178Below steps clone and build the hawkbit with self-signed certificate
179to support https.
180
181.. code-block:: console
182
183   git clone https://github.com/eclipse/hawkbit.git
184   cd hawkbit/hawkbit-runtime/hawkbit-update-server/src/main/resources
185
186* Generate the private key
187
188.. code-block:: console
189
190   openssl genrsa -des3 -out server.key 2048
191
192* Generate the CSR
193
194.. code-block:: console
195
196   openssl req -new -key server.key -out server.csr
197
198Once you run the command, it will prompt you to enter your Country,
199State, City, Company name and enter the Comman Name field with
200``<your-ip-address>``.
201
202* Generate the self-signed x509 certificate suitable to use on web server.
203
204.. code-block:: console
205
206   openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
207
208* Generate pem file from generated server.key and server.crt
209
210.. code-block:: console
211
212   cat server.key > server.pem
213   cat server.crt >> server.pem
214
215* Generate .pkcs12 file
216
217.. code-block:: console
218
219   openssl pkcs12 -export -in server.pem -out keystore.pkcs12
220
221* Following command imports a .p12 into pkcs12 Java keystore
222
223.. code-block:: console
224
225   keytool -importkeystore -srckeystore keystore.pkcs12 -srcstoretype pkcs12 \
226   -destkeystore hb-pass.jks -deststoretype pkcs12 \
227   -alias 1 -deststorepass <password_of_p12>
228
229* Edit the hawkbit application.properties file
230
231.. code-block:: console
232
233   vi application.properties
234
235Change authentication security from false to true.
236
237.. code-block:: console
238
239   hawkbit.server.ddi.security.authentication.anonymous.enabled=true
240
241* Enter the https details at last
242
243.. code-block:: console
244
245   server.hostname=localhost
246   server.port=8443
247   hawkbit.artifact.url.protocols.download-http.protocol=https
248   hawkbit.artifact.url.protocols.download-http.port=8443
249
250   security.require-ssl=true
251   server.use-forward-headers=true
252
253   server.ssl.key-store=  <hb-pass.jks file location>
254   server.ssl.key-store-type=JKS
255   server.ssl.key-password= <password_of_key>
256   server.ssl.key-store-password= <password_of_key_store>
257
258   server.ssl.protocol=TLS
259   server.ssl.enabled-protocols=TLSv1.2
260   server.ssl.ciphers=TLS_RSA_WITH_AES_256_CBC_SHA256,
261                      TLS_RSA_WITH_AES_256_CBC_SHA
262
263* Start Compile
264
265.. code-block:: console
266
267   cd ~/hawkbit
268
269   mvn clean install -DskipTests=true
270
271* Once the build is successful, run hawkbit
272
273.. code-block:: console
274
275   java -jar ./hawkbit-runtime/hawkbit-update-server/target/ \
276        hawkbit-update-server-#version#-SNAPSHOT.jar
277
278Step 11: Build Hawkbit HTTPS
279============================
280
281* Convert the server.pem file to self_sign.der and place the der file in
282  hawkbit/src directory
283
284``Hawkbit https`` can be built for the frdm_k64f as follows:
285
286.. zephyr-app-commands::
287    :zephyr-app: samples/net/hawkbit
288    :board: frdm_k64f
289    :conf: "prj.conf overlay-tls.conf"
290    :goals: build
291
292Repeat the steps from 5 to 9, to update the device over https.
293