@adbridge adbridge released this Dec 19, 2018 · 1021 commits to master since this release

Assets 2

We are pleased to announce the Mbed OS 5.11.0 release is now available.

Summary

Mbed OS 5.11 adds secure sockets, so your Mbed OS applications can securely connect and send data to any cloud or server through any TCP-based protocol. It also provides advanced storage solutions for IoT devices to encrypt external memory, and a storage stack that allows using internal flash for firmware updates. Mbed OS 5.11 also supports enhanced device statistics APIs for capturing key information, such as network statistics and advanced system information.

This release includes many minor fixes and enhancements and brings support for 157 target development boards.

Operating system

Secure sockets

With secure sockets, your Mbed OS applications can securely connect and send data to any cloud or server through any TCP-based protocol. By introducing native secure sockets to Mbed OS we enable TLS functionality in the background, simplifying secure connections. For more information, please visit secure sockets.

Advanced storage solutions for IoT devices

Encrypted and authenticated storage

Encryption and authentication for external memory provide greater protection against physical attacks against IoT devices. This adds significant value to products that do not trust the PCB, and which could be tampered with, making security comparable to being on-chip. For more information, please visit storage.

Storage stack for internal memory

Microcontrollers now provide more performance and bigger internal memory, offering new opportunities. In Mbed OS 5.11, we allow businesses to use internal MCU memory to store configuration and firmware images, and reduce the cost of the bill of materials for IoT devices. For more information, please visit storage.

Enhanced device statistics APIs

Pulling valuable stats from IoT devices is key for any business deploying these devices, and is an important initiative driven by Arm. The intension is to collect data from embedded devices and (in the future) predict their behaviour using machine learning.

Mbed OS already implements a Device Statistics API to collect data such as thread info, CPU usage, memory info, and system info. In Mbed OS 5.11, we've added advanced device stats such as network stats, advanced system Info, and errors info. For more information, please visit statistics.

Internal RAM marked as execute never

Many Remote Code Execution (RCE) exploits attempt to use buffer overflows in the stack or the heap to write exploit code into memory, and then cause the system to execute that code. If the address where the exploit was written were marked execute never, this exploit code would not be executable. With Mbed OS 5.11 on supported targets, all RAM space is marked as execute never by default. For more information, please visit MPU management.

Crash reporting for critical fault with automatic reboot

When the system encounters a fatal crash (for example, a hard fault), we capture information such as register context and thread info, as these are required to debug the issue. This information is usually dumped over the serial port, but when the crash happens in deployed devices, there will not be any serial port enabled or logged, so a different mechanism is needed to record and report this data. With the crash-reporting feature of Mbed OS, the system reboots without losing RAM contents, and we can send this information over a network or other interfaces to be logged, or even write to the file system if required. For more information, please visit error handling.

Connectivity

Support for extended and periodic advertising in GAP (BLE stack)

Extended advertising uses multiple physical layers and spreads the payload across many packets to support much larger payloads than normal. In this scenario, advertising is split across primary advertising on the advertising channels and secondary advertising on channels normally used for sending data to connected devices. Similarly, if the controller supports periodic advertising, you may use it to send changing data to many peers. Each peer needs to scan the advertisements on the primary channels and create a sync with the periodic advertisement it's interested in. For more information, please visit GAP.

Cellular stack updates

The LoRaWAN stack was updated to version 1.1, which includes support for secure device provisioning through a Join Server, new security primitives, handover roaming, and optimizations for communication from the network to the device. For more information, please visit LoRaWAN-11.

In addition, we added support for AT-mode TCP over cellular for selected modules

  • Quectel BG96
  • Quectel BC95 (used in the WISE-1570 module)
  • Gemalto cellular modem driver.

Security

Update to Mbed TLS

Mbed OS 5.11 includes Mbed TLS 2.15.1, which introduces the Mbed Crypto library and other new features. For more information, please visit, mbedtls.

Mbed Crypto APIs

The Mbed Crypto library is a reference implementation of the Platform Security Architecture (PSA) Cryptography API. Therefore, the library's API documentation is the PSA Cryptography API specification. Arm's PSA is a holistic set of threat models, security analyses, hardware and firmware architecture specifications and an open source firmware reference implementation. PSA provides a recipe, based on industry best practices, that allows security to be consistently designed, at both a hardware and firmware level. The PSA Cryptography API provides access to a set of cryptographic primitives. It has a dual purpose: It can be used in a PSA-compliant platform to build services, such as secure boot, secure storage and secure communication; and it can be used independently of other PSA components on any platform. The Mbed Crypto APIs are currently in development. For more information, please visit mbed-crypto.

PSA Secure Partition Manager

We have added PSA compliant process separation for the Future Electronics Sequana dual-core v7-M platform. The process separation is enforced with the Secure Partition Manager (SPM), which uses hardware on the device to provide RAM and Flash isolation between the two cores. It also implements the PSA Firmware Framework Inter-Process Communication (IPC) API, which allows the cores to communicate with each other. More information about Sequana is available at Future-Sequana. For more information about SPM, please visit SPM.

Targets and tools

Thanks to our Partners’ hard work, Mbed OS 5.11 added 12 new target platforms for a total of 157. We’ll continue to add targets in our biweekly patch releases as partners work with us.

The official Arm Mbed OS compiler has been update from ARM CC 5.06 update 3 to ARM CC 5.06 update 6, which includes new bug fixes.

Testing and improvements

Support Ethernet for Fast Models

Arm Fast Models are software models of Arm cores, subsystems, peripherals and so on. Mbed OS has enabled working with Cortex-M family Fast Models. You can run and test Mbed OS and its applications on the software model instead of the hardware. In Mbed OS 5.11, we now support Mbed OS sockets examples with Fast Models Ethernet. For more information, please visit Fast Models.

Continuous integration framework

We designed Mbed OS to significantly reduce the cost and time of embedded software development by providing production-quality toolset and code. We are committed to delivering high-quality code working across all supported boards and platforms. To ensure all the features of code meet our quality control requirements, we have built an automated testing environment and processes that perform rigorous testing on every line of code. The continuous integration framework is a highlight of our testing framework - it ensures that every new feature and change in Mbed OS is tested:

  • For every new feature, we create tests that we then deliver to our Partners. For every board to be Mbed Enabled, we need our Partners to successfully conduct these tests.
  • Partners must test the changes on their boards before submitting pull requests (PRs) on GitHub.
  • The Mbed OS gatekeepers manually review the code of each PR to ensure it meets our coding guidelines and code standards.
  • Once approved by the gatekeepers, the code goes through the automated test infrastructure, which tests across multiple platforms using three toolchains: IAR, ARM and GCC.
  • During the testing phase, we select the combination of boards and devices that support a variety of peripherals, MCU cores and features for maximum coverage.
  • To ensure the Mbed OS code is compatible with all IDEs, we test that the code can be exported properly to all the compilers.
  • We merge a PR only if all the above procedures are successful.

For Mbed OS 5.11.0, our testing included:

  • Total test time of 42,372 hours on development boards.
  • 30 new test cases since the Mbed OS 5.10.0 release. These test new and existing features and bring the total number of test cases to 1,346.
  • The total number of binaries built since the Mbed OS 5.10.0 release is 50,800,176.

We plan to share more details about testing processes, such as our out-of-box testing coverage and system testing, in upcoming release blogs.

Known Issues

We publish Mbed OS as a collection of modules on GitHub. Issues are raised in the specific repositories and then tracked internally. The purpose of this list is to provide a single view of the outstanding key issues that have not been addressed for this release. As such, it is a filtered and reviewed list based on priority and potential effect. Each item summarizes the problem and includes any known workarounds, along with a link to the GitHub issue (if applicable). We welcome any comments or proposed solutions.

For more information about an issue, contact us on the forum.

TLS: IP addresses in the X.509 certificate subjectAltNames

  • Description: Parsing IP addresses in the X.509 certificate subjectAltNames is not supported yet. In certificate chains relying on IP addresses in subjectAltNames a BADCERT_CN_MISMATCH error is returned.
  • Workaround: merge branch https://github.com/ARMmbed/mbedtls/tree/iotssl-602-san-ip into your copy of Mbed TLS before building the application. It is still in EXPERIMENTAL stage, use it on your own responsibility!
  • Reported Issue: Issue reported by a customer in email.
  • Priority: MAJOR

TLS: Mismatch of root CA and issuer of CRL not caught

  • Description: The x509_crt_verifycrl() function ignores the CRL, when the CRL has an issuer different from the subject of root CA certificate.
  • Workaround: Make sure that the issuer of the CRL and the root CA certificate's subject are the same before passing them to x509_crt_verifycrl().
  • Reported Issue: Reported by a partner.
  • Priority: MAJOR

TLS: Self Test Failure with Some Hardware Accelerators

  • Description: Most HW acceleration engines (if not all) require the parameters to be from contiguous memory.
    All the self tests use test vectors that are defined in the .bss section, which means these are not contiguous. This causes the self test to possibly fail, when implementing HW accelerated engines.
  • Workaround: There are no known workarounds.
  • Reported Issue: Reported by the development team.
  • Priority: MAJOR

TLS: Hardware-accelerated hash creates CBC padding oracle in TLS

  • Description: The current countermeasures against CBC padding oracle attacks in Mbed TLS call a low level internal API. The implementation of this API might not be possible with the hardware accelerator API and even if it is, the timing might still have detectable differences. The lower level API is called out of sequence and accelerators that are not aware of this might crash.
  • Workaround: Keep MBEDTLS_SSL_ENCRYPT_THEN_MAC enabled in mbedtls/config.h and enable the Encrypt-then-MAC extension (RFC7366) on the peers side.
  • Reported Issue: Reported by the development team.
  • Priority: MAJOR

Tools: Mbed OS tools have issues with python 3.x

  • Description: A number of issues have been found when using Python 3.x with the Mbed OS tools
  • Workaround: Use Python > 2.7
  • Reported Issues: #8146
  • Priority: Major

Tools: Error when running mbed test --compile/run list

  • Description: The error, "pkg_resources.DistributionNotFound: The 'mbed-ls==1.*,>=1.5.1' distribution was not found and is required by icetea, mbed-flasher" is observed when running the command "mbed test -m K64F -t ARM --icetea --compile-list -vv".
  • Workaround: None
  • Reported Issues: #8064
  • Priority: Major

Platform: Realtek RTL8195AM does not define flash algorithms for uvision

  • Description: No flashing support in uvision for Realtek RTL8195AM
  • Workaround: Use drag-n-drop programming
  • Reported Issue: #4651
  • Priority: Minor

Platform: Realtek RTL8195AM - CMSIS-RTOS error: ISR Queue overflow

  • Description: Realtek RTL8195AM does not maintain a long running connection to Mbed device connector. The error manifests as an ISR Queue overflow.
  • Workaround: None
  • Reported Issue: #5640
  • Priority: Major

Core: Some boards are crashing when lots of data is sent and received through buffered serial.

  • Description: This is currently known to affect Ublox ODIN W2 and RTL8195AM.
  • Workaround: None
  • Reported Issue: #8081
  • Priority: Major

Platform: Realtek RTL8195AM not passing networking tests

  • Description: RTL8195AM is not passing Mbed OS socket or WiFi tests. Various problems exist.
  • Workaround: None
  • Reported Issue: #8124
  • Priority: Major

NVStore and TDBStore objects can collide in internal flash

  • Description: NVStore and TDBStore are classes implementing storage solutions. By default they will allocate the last two sectors in internal flash.
    If both are used, the behavior of the system will be unexpected. NVStore is deprecated, and TDBStore should be used instead.
  • Workaround: Use TDBStore instead of NVStore.
  • Reported Issue: Internal reference: IOTSTOR-697
  • Priority: Minor

ESP8266 works unreliably, unless latest firmware is used and CTS, RTS and RST are connected

  • Description: Due to missing flow control and issues with older firmwares the ESP8266 can end up in states, where it
  • fails to connect
  • fails to resolve name queries (DNS).
    With ESP8266 firmware version 1.6.2 the behaviour of the module is greatly improved, but it will not be 100% reliable. However,
    firmware 1.6.2 is the newest you can install to a board with less than 2 MB flash. The newest firmware 1.7 can only be
    updated to boards with 2 MB flash memory.
  • Workaround: Update the firmware on the ESP8266 module. Preferrably you should get a ESP8266 with 2 MB flash and have the
    CTS, RTS and RESET pins connected.
  • Reported Issue: Internal references: ONME-4002, ONME-4074, ONME-4073, ONME-4071, ONME-4069
  • Priority: Critical

STM32L4 random / entropy broken

  • Description: STM32L4 random / entropy broken
  • Workaround: None, Fix will be available in 5.11.1 patch release
  • Reported Issue: Internal reference: MBEDOSTEST-377
  • Priority: Critical

Bluetooth: NRF52/Cordio platforms experience faults when using GATT Server with IAR in Release profile

  • Description: A Cordio Stack function is called with invalid parameters which leads to a crash with IAR in Release profile.
  • Workaround: Cherry-pick commits from #8884
  • Reported Issue: ARMmbed/mbed-os-example-ble#205 Internal reference: IOTPAN-345
  • Priority: Critical

Contents

Fixes and Changes

8898
Add crypto example to examples.json

8897
Add TLS Sockets example to examples.json

8896
Update Statistics examples in example test json

8895
Add crash-reporting example to examples.json

8876
Add support for Cordio to NRF52 Devices

8871
MPU API (Reopened)

8863
Adding KVStore Examples for Global API

8859
Import Mbed TLS v2.15.0 with Mbed Crypto

8851
Change error code from NSAPI_ERROR_PARAMETER to NSAPI_ERROR_NO_CONNEC

8850
DISCO_F746NG: add bootloader support

8849
Correct detect_code for TMPM4G9

8847
Cellular: Fix bc95 to accept only RAT_NB1

8840
Fix build of library archive with Arm Compiler 6

8839
S2-LP: Cleaned thread deprecation warnings

8837
Update mbed-coap to version 4.7.2

8836
Clarify asynchronous NetworkInterface::connect() documentation

8826
Revert "Merge pull request #8272 from NXPmicro/Ensure_RTC_OSC_Start"

8824
NUCLEO_F030/F070: remove ADC_VBAT pin definition

8823
DISCO_L072CZ: remove ADC_VBAT pin definition

8821
Cellular: add radio access technology as configurable in json

8820
travis: fix coding style for remaining 2 files

8814
Cellular: unified return value comments on API folder.

8804
PSA Crypto SPM

8803
Compatibilize ArmC6 with ArmC5-built archives

8794
Deprecate TCP/UDPSocket open-calling constructors

8790
Cellular: Fix ATHandler URC processing

8787
[Wio 3G] Adding IAR exporting definition

8784
NRF52 serial fixes

8782
Fix traceback when running mbed test

8778
STM32 LPTICKER with LPTIM : reduce clock feature

8772
Cellular: more gracefully disconnect.

8767
Cellular: Update cellular debug prints

8766
Fix cellular backward compatibility

8764
ONME-3983 Fix the defects found in IPV4 testing against packet dropping

8761
Add MBED_ALL_STATS_ENABLED to config system

8756
Adding Murata WSM-BL241 as new target

8751
Cellular: minor fix to CellularDevice and adding updating unit tests after refactoring

8750
realtek-rtl8195am-wifi-headerfile-updates

8744
PSA Secure partition manager and services

8743
Add design document for network statistics.

8740
Add block device test for small data sizes

8738
Ble extended advertising

8737
Add low power implementations for CM3DS

8735
Compliance test errors fixed

8734
Patch whitespace inconsistencies in platform lib file

8730
Add a new PSA Internal Trusted Storage APIs

8719
M2351 RAM / ROM defines updated

8718
NFC Eeprom erase command fails

8717
Format targets.json to put the items of large lists on their own line

8711
Fix astyle errors (clears all remaining styling issues)

8708
[Wio BG96] Adding platform HAL

8704
Fix issues in Cryptocell 310 ccm_alt discovered by On Target Testing

8703
Improve the efficiency of BufferedBlockDevice

8702
Crash Reporting implementation

8701
[Wio 3G] Added default I/F type and pin defs

8689
Add ESP8266 driver v1.7

8687
TLSSocketWrapper: decouple error requirements

8685
Clean up deprecated feature code

8683
Feature qspi lpc546xx

8680
Add PSA build components to build configuration for non-PSA targets

8673
Add Mbed Configuration Option Range Limits

8671
Feature: Add non-blocking serial break/unbreak functions

8670
Remove protected member functions and protected attributes from rendering

8668
Enable Fast Models emac drivers

8667
KVStore & derived classes: design docs, implementation & configuration

8662
KW41Z: Add Bootloader support

8659
Implement DTLSSocket and fix non-blocking connections on TLSSocket

8657
Icetea tests - update socket command client

8651
Implement Socket::getpeername() API

8647
Nanostack release for Mbed OS 5.11

8646
Add a Unity macro to assert on platform error code difference

8643
Modify HW accelerator drivers to new error code

8639
Add get_erase_value() support

8621
Add missing include for TLSSocket

8617
Typo fixes in Doxygen for Platform

8613
Make sure that TLSSocketWrapper::close() is called before the transport is destroyed.

8612
Add names to system thread

8607
Fetch ram/rom start/size

8602
Sync 802.15.4 RF drivers

8601
Add format checking to printf-type APIs

8600
Wi-SUN interface implementation.

8592
Network Socket Statistics

8591
features: fix coding style

8590
Export: Remove DS-5

8589
Support erase value in Flash HAL drivers, FlashIAP and block devices

8584
system_reset is MBED_NORETURN

8579
Major refactoring: changing Network inheritance from CellularNetwork to new class CellularContext

8573
Compile time config flag MBED_CONF_SD_CRC_ENABLED for CRC in SD

8569
CellularConnectionFSM unchain queue when stopped

8563
Add QSPIF block device to default system storage

8561
Design document for Crash Reporting feature in MbedOS

8560
Fix typos in Features/Netsocket

8550
Add required namespace instead of relying on mbed.h

8530
Docs: Mail docs fixed

8488
Rewrite CThunk so it does not execute from ram

8487
Update mbed_mem_tracing config option

8478
Fhss timer dev

8465
Flag certificate verification functions with MBEDTLS_X509_CRT_PARSE_C.

8441
More mbed_error refinements

8440
Cellular: Gemalto TCP Socket support

8417
I2c doc update

8401
At handler fixes

8365
Fix astyle for tests folders

8354
SingletonPtr: const and alignment

8352
QSPI SFDP Flash Block Device

8342
Icetea missing test doc

8332
Refactoring fault handler implementation

8331
Stream: add necessary flushes, removing unneeded IAR workaround

8329
Platform: fix missing namespace for SharedPtr

8328
Error path tightening: use MBED_NORETURN; add+use core_util_atomic_flag

8313
Reduce cellular memory footprint

8311
Implement TLSSocket

8295
Cellular: Update Cinterion AT drivers

8291
*LPC546XX: Finish MCU Refactoring

8266
Realtek-rtl8195am: Add MCU_ target

8255
Change behaviour of mbed_asert to use mbed_error instead of mbed_die

8245
Nanostack libservice update

8223
Improve RTOS behavior with deep sleep

8190
MIMXRT1050EVK: Add ENET support

8189
Wait API updated to remove deepsleep lock

8180
Cellular: Quectel BG96 TCP socket support

8176
CellularDevice_stub added

8148
Cellular: Quectel BC95 TCP socket support

8114
Registration parameters as struct

8109
Add reset recovery for I2C bus

8076
Error output improvements

8050
Cellular: Fix Greentea tests for UBLOX_C027

8039
Add framework for configuring boot stack size

8019
Cellular: fixed crash when closing CellularNetwork via CellularDevice.

8003
Leverage the simplification of the IPv6 parsing primitive

8001
Add * operator to SingletonPtr

7980
Clean up rtos::Thread deprecation warnings

7979
Using SPI_ macros from PinNames in SPIF and SD config files.

7969
Cellular: CellularDevice:get_default_instance() implemented

7955
Add SPI_FREQ parameter to DATAFLASH block device configuration

7948
Add enable/disable cb function in mem_trace

7864
Add required header file and namespace element instead add all.

7760
Give an option to remove 'using namespace'

7304
Add MTS dragonfly, MTS dragonfly l471

8953
Update FEATURE_BLE README

8952
Turn off MPU for PSOC 6

8946
STM32L4: before calling HAL_CRYP_DeInit initialize the Instance member

8944
Travis fix: rabbitmq key update (travis msg broker)

8932
Fix target handling in build.py

8926
mbedtls: Update Mbed TLS to 2.15.1

8925
Fix PSA storage typo

8922
MTB_ADV_WISE_1570: disable MPU code until target properly supported

8920
MODULE_UBLOX_ODIN_W2: disable MPU code until target properly supported

8908
Fix PSA internal storage configuration

8904
Ble extended advertising fixes

8873
PSA-SPM documentation follow-up

9051
ESP8266 send returns WOULD_BLOCK error when busy

9040
Add a platform config to disable the MPU

9030
Reduce ROM impact of MPU code

9025
Mbed os 5.11.0 oob: fix fault exception issue

9020
Revert "Turn off MPU on targets failing OOB"

9005
Mbed TLS: Fix ECC hardware double initialization

9003
Revert "Merge pull request #8922 from juhoeskeli/wise_1570_mpu_disable"

8998
Ble extended advertising fixes

8996
Fix uninitialized handler pointer in FastModels ethernet driver

8994
Turn off MPU on targets failing OOB

8987
Fix a few SecureStore issues (following preliminary security review)

8986
Fix a few bugs in TDBStore and KV config

8982
Ensure macros and parameters with the same name are not repeated.

8981
Cordio Nordic memory optimizations

8959
[ESP8266] Adds support for controlling HW reset of the modem from the

8935
Fix PSA crypto partition and tests

8905
SPI and deep sleep fixes for FUTURE_SEQUANA target.

8890
ESP8266 disconnect returns ERROR_NO_CONNECTION

8889
Add PSA code generation check in travis

8875
Add dependency checks to components

8853
Reports NSAPI_STATUS_CONNECTING when trying to reconnect

8841
Bugfix restrict send size; namespace fixes; ATCmdParser::read return value fix

8754
Mbed Crypto Tests

8745
Add new target future sequana PSA

9072
Enable stats reporting with a flag in targets.json

9036
Disable MPU on RT1050 due to memory map

Using this release

Arm Mbed CLI

To take advantage of the new device management and testing framework features, please update your Mbed CLI to 1.8.x or higher.

When you create a new program, Mbed CLI automatically imports the latest Mbed OS release. Each release includes all the components: code, build tools and IDE exporters. If you want to update your Mbed OS version or existing program to Mbed OS 5.11.0, run the CLI command mbed update mbed-os-5.11.0.

Arm Mbed Online Compiler

When you create a new program, the Mbed Online Compiler automatically uses the latest Mbed OS release. If you want to update the Mbed OS version of an existing program, right click on the mbed-os library, and click update.

GitHub

You can fetch this release from the mbed-os GitHub repository, using the tag "mbed-os-5.11.0".

If you need any help with this release please visit our support page, which provides reference links and details of our support channels.