AWS IoT: Over-the-air firmware update using MQTT

This code example demonstrates an OTA update with PSoC™ 6 MCU and AIROC™ CYW43xxx Wi-Fi & Bluetooth® combo chips. The example uses the AWS SDK for Embedded C and AWS IoT device sdk port to connect and communicate with the AWS IoT MQTT core.

The device establishes a connection with the AWS IoT MQTT core and subscribes to an OTA job topic. When a new update is available, it is downloaded and written to the secondary slot. On the next reboot, MCUboot swaps the new image in the secondary slot with the primary slot image and runs the application. If the new image is not validated in runtime, on the next reboot, MCUboot reverts to the previously validated image.

MCUboot is a "secure" bootloader for 32-bit MCUs. See the README of the mtb-example-psoc6-mcuboot-basic code example for more details.

Provide feedback on this code example.

Requirements

• ModusToolbox™ software v2.4 or later (tested with v2.4)
• Board support package (BSP) minimum required version: 3.0.0
• Programming language: C
• Associated parts: All PSoC™ 6 MCU parts with SDIO interface, AIROC™ CYW43xxx Wi-Fi & Bluetooth® combo chips

Supported toolchains (make variable 'TOOLCHAIN')

• GNU Arm® embedded compiler v10.3.1 (GCC_ARM) - Default value of TOOLCHAIN
• Arm® compiler v6.13 (ARM)
• IAR C/C++ compiler v8.42.2 (IAR)

Supported kits (make variable 'TARGET')

• PSoC™ 64 Standard Secure - AWS Wi-Fi BT Pioneer Kit (CY8CKIT-064S0S2-4343W) - Default value of TARGET
• PSoC™ 64 "Secure Boot" Wi-Fi Bluetooth® pioneer kit (CY8CKIT-064B0S2-4343W)
• PSoC™ 6 Wi-Fi Bluetooth® pototyping kit (CY8CPROTO-062-4343W)
• PSoC™ 62S2 Wi-Fi Bluetooth® pioneer kit (CY8CKIT-062S2-43012)
• PSoC™ 62S2 evaluation kit (CY8CEVAL-062S2-LAI-4373M2, CY8CEVAL-062S2-MUR-43439M2)

Hardware setup

This example uses the board's default configuration. See the kit user guide to ensure that the board is configured correctly.

Software setup

Install a terminal emulator if you do not have one. Instructions in this document use Tera Term.

Structure and overview

This code example is a dual-core project, where the MCUboot bootloader app runs on the CM0+ core and the OTA update app runs on the CM4 core. The OTA update app fetches the new image and places it in the flash memory; the bootloader takes care of updating the existing image with the new image.

For the PSoC™ 64 series MCU, the pre-built bootloader is programmed automatically during the provisioning process.

For the PSoC™ 62 series MCU, the mtb-example-psoc6-mcuboot-basic code example is the bootloader project. The bootloader project and this OTA update project should be built and programmed independently. They must be placed separately in the workspace as you would do for any other two independent projects. An example workspace would look something like this:

<example-workspace>
   |
   |-<mtb-example-psoc6-mcuboot-basic>
   |-<mtb-example-aws-iot-ota-mqtt>
   |

You must first build and program the MCUboot bootloader project into the CM0+ core; this needs to be done only once. The OTA update app can then be programmed into the CM4 core; you need to only modify this app for all application purposes.

Using the code example

Create the project and open it using one of the following:

In Eclipse IDE for ModusToolbox™ software

1. Click the New Application link in the Quick Panel (or, use File > New > ModusToolbox Application). This launches the Project Creator tool.

2. Pick a kit supported by the code example from the list shown in the Project Creator - Choose Board Support Package (BSP) dialog.

   When you select a supported kit, the example is reconfigured automatically to work with the kit. To work with a different supported kit later, use the Library manager to choose the BSP for the supported kit. You can use the Library Manager to select or update the BSP and firmware libraries used in this application. To access the Library manager, click the link from the Quick Panel.

   You can also just start the application creation process again and select a different kit.

   If you want to use the application for a kit not listed here, you may need to update the source files. If the kit does not have the required resources, the application may not work.

3. In the Project Creator - Select Application dialog, choose the example by enabling the checkbox.

4. Optionally, change the suggested New Application Name.

5. Enter the local path in the Application(s) Root Path field to indicate where the application needs to be created.

   Applications that can share libraries can be placed in the same root path.

6. Click Create to complete the application creation process.

For more details, see the Eclipse IDE for ModusToolbox™ software user guide (locally available at {ModusToolbox™ install directory}/ide_{version}/docs/mt_ide_user_guide.pdf).

In command-line interface (CLI)

ModusToolbox™ software provides the Project Creator as both a GUI tool and a command line tool to easily create one or more ModusToolbox™ software applications. See the "Project Creator Tools" section of the ModusToolbox™ software user guide for more details.

Alternatively, you can manually create the application using the following steps:

1. Download and unzip this repository onto your local machine, or clone the repository.

2. Open a CLI terminal and navigate to the application folder.

   On Windows, use the command line "modus-shell" program provided in the ModusToolbox™ installation instead of a standard Windows command line application. This shell provides access to all ModusToolbox™ tools. You can access it by typing modus-shell in the search box in the Windows menu.

   In Linux and macOS, you can use any terminal application.

   Note: The cloned application contains a default BSP file (TARGET_xxx.mtb) in the deps folder. Use the Library manager (make modlibs command) to select and download a different BSP file, if required. If the selected kit does not have the required resources or is not supported, the application may not work.

3. Import the required libraries by executing the make getlibs command.

Various CLI tools include a -h option that prints help information to the terminal screen about that tool. For more details, see the ModusToolbox™ software user guide (locally available at {ModusToolbox™ install directory}/docs_{version}/mtb_user_guide.pdf).

In third-party IDEs

1. Follow the instructions from the In command-line interface (CLI) section to create the application, and import the libraries using the make getlibs command.

2. Export the application to a supported IDE using the make <ide> command.

   For a list of supported IDEs and more details, see the "Exporting to IDEs" section of the ModusToolbox™ software user guide (locally available at {ModusToolbox™ install directory}/docs_{version}/mtb_user_guide.pdf.

3. Follow the instructions displayed in the terminal to create or import the application as an IDE project.

Provisioning the PSoC™ 64 devices

If you are not using a PSoC™ 64 device, skip this section.

This section will give instructions on provisioning the PSoC™ 64 devices for this example only. For more detailed information on PSoC™ 64 devices and provisioning, see PSoC™ 64 Secure Boot user guide.

The root directory of the OTA application is referred to as <OTA Application> in this document.

Important: The KitProg3 must be in DAPLink mode for performing this section. Press the 'Mode' button on the kit until the Status LED blinks fast. Also make sure that the J26 jumper is open. After the steps in this section are complete, undo to the previous state by pressing the 'Mode' button again until the Status LED stops blinking. Place the J26 jumper back.

For CY8CKIT-064S0S2-4343W kit

1. Open a CLI terminal.

   On Linux and macOS, you can use any terminal application. On Windows, open the "modus-shell" app from the Start menu.

2. Navigate the terminal to the <mtb_shared>/trusted-firmware-m/<tag>/security folder.

3. Run the following command.

   cysecuretools --target CY8CKIT-064S0S2-4343W init
   

4. In the same directory create a folder called certificates and navigate the terminal to the new directory.

   mkdir certificates
   cd certificates
   

5. Create a root CA key pair.

   openssl genrsa -out rootCA.key 2048 
   

6. Create a root CA certificate. When you run the following command you will be asked to enter some fields, fill them. You can leave the Common Name and Email Address fields empty.

   openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.pem
   

7. Download the Amazon Root CA certificate and place it in the certificates directory. Keep the file name as AmazonRootCA1.pem.

8. Open the file <mtb_shared>/trusted-firmware-m/<tag>/security/policy/policy_multi_CM0_CM4_tfm_dev_certs.json in a text editor.

9. Edit the value of set_img_ok key to false.

10. Edit the value of chain_of_trust key to ["../certificates/device_cert.pem", "../certificates/AmazonRootCA1.pem"]. Save the file and close it.

11. If you already have a provisined kit, skip to step 13.

12. Run the following commands in the modus-shell from <mtb_shared>/trusted-firmware-m/<tag>/security directory.

    cysecuretools -t CY8CKIT-064S0S2-4343W -p policy/policy_multi_CM0_CM4_tfm.json create-keys
    cysecuretools -t CY8CKIT-064S0S2-4343W -p policy/policy_multi_CM0_CM4_tfm.json provision-device
    

13. Run the following command in the modus-shell from <mtb_shared>/trusted-firmware-m/<tag>/security directory, to re-provision the device. Select yes for all the questions asked.

    python reprov_helper.py
    

    Note that this step generates a device_cert.pem certificate file in the certificates folder that you created in step 4. This is a self-signed device certificate. This certificate should be attached to the AWS IoT Thing when it is created; do not let AWS create ceritficates for you.

    The device_cert.pem file will be regenerated every time you run the reprov_helper.py python file. Take care to update the new device certificate to the AWS IoT Thing.

For CY8CKIT-064B0S2-4343W kit

1. Open a CLI terminal.

   On Linux and macOS, you can use any terminal application. On Windows, open the "modus-shell" app from the Start menu.

2. Navigate the terminal to the <OTA Application> directory.

3. Run the following commands.

   cysecuretools --target CY8CKIT-064B0S2-4343W init
   cysecuretools -t CY8CKIT-064B0S2-4343W -p policy/policy_single_CM0_CM4_smif_swap.json create-keys
   

4. Open the file <OTA Application>/policy/policy_single_CM0_CM4_smif_swap.json in a text editor.

5. Edit the value of wdt_enable keys to true. Note that wdt_enable key is present at two places, both the instances must have value true.

6. Edit the value of set_img_ok key to false.

7. Run the following command to provision the device.

   cysecuretools -t CY8CKIT-064B0S2-4343W -p policy/policy_single_CM0_CM4_smif_swap.json provision-device
   

   If you are re-provisioning the device, run the following command instead of the previous one.

   cysecuretools -t CY8CKIT-064B0S2-4343W -p policy/policy_single_CM0_CM4_smif_swap.json re-provision-device
   

Building and programming MCUboot

If you are using a PSoC™ 64 device, skip this section. The pre-built MCUBoot bootloader is already programmed as part of the provisioning process.

The mtb-example-psoc6-mcuboot-basic code example bundles two applications: the bootloader app that runs on CM0+ and the Blinky app that runs on CM4. For this code example, only the bootloader app is required. The root directory of the bootloader app is referred to as <bootloader_cm0p> in this document.

1. Import the mtb-example-psoc6-mcuboot-basic code example per the instructions in the Using the code example section of its README.

2. The bootloader and OTA applications must have the same understanding of the memory layout. Override the default memory layout by editing the make variables in the <bootloader_cm0p>/shared_config.mk file. For this example, perform the following edits to match the memory layout with the OTA application:

   ifeq ($(USE_EXT_FLASH), 1)
   MCUBOOT_SLOT_SIZE=0x1C0000
   else
   MCUBOOT_SLOT_SIZE=0xF0000
   endif
   .
   .
   .
   MCUBOOT_SCRATCH_SIZE=0x4000
   

3. Copy the <mtb_shared>/mcuboot/<tag>/boot/cypress/MCUBootApp/config folder and paste it in the <bootloader_cm0p> folder.

4. Edit the <bootloader_cm0p>/config/mcuboot_config/mcuboot_config.h file and comment out the following defines to skip checking the image signature:

   #define MCUBOOT_SIGN_EC256
   #define NUM_ECC_BYTES (256 / 8)
   .
   .
   .
   #define MCUBOOT_VALIDATE_PRIMARY_SLOT
   

5. Edit <bootloader_cm0p>/app.mk and replace the MCUboot include $(MCUBOOTAPP_PATH)/config with ./config. This gets the build system to find the new copy of the config directory that you pasted in the <bootloader_cm0p> directory, instead of the default one supplied by the library.

6. Edit <bootloader_cm0p>/Makefile:

   1. Set USE_EXT_FLASH to '1', to use the external flash to store the secondary image.

   2. Set SWAP_UPGRADE to '1', to enable the swap feature of MCUboot.

7. Connect the board to your PC using the provided USB cable through the KitProg3 USB connector.

8. Open a CLI terminal.

   On Linux and macOS, you can use any terminal application. On Windows, open the "modus-shell" app from the Start menu.

9. Navigate the terminal to the <mtb_shared>/mcuboot/<tag>/scripts folder.

10. Run the following command to ensure that the required modules are installed or already present ("Requirement already satisfied:" is printed).

    pip install -r requirements.txt
    

11. Open a serial terminal emulator and select the KitProg3 COM port. Set the serial port parameters to 8N1 and 115200 baud.

12. Build and program the application per the Step-by-Step instructions in its README.

    After programming, the bootloader application starts automatically.

    Figure 1. Booting with no bootable image

    

Create an AWS IoT Thing

To create the AWS IoT Thing, certificate, and private key, refer to AWS Thing creation page.

The Thing needs to be created with following options:

• During device certificate configuration:

  • If you are using the CY8CKIT-064S0S2-4343 kit, select Use my certificate option and then select CA is not registered with AWS IoT option. Upload the <mtb_shared>/trusted-firmware-m/<tag>/security/certificates/device_cert.pem device certificate file.

    Or

  • If you are using any other kit, select Auto-generate a new certificate option.

• During attatchment of policy to the certificate, the policy should have the following attributes -

  • Policy effect - Allow
  • Policy action - All AWS IoT actions ie: *
  • Policy resource - *
    
    

• When prompted for the certificate/keys dowload option, download the certificate, private key, and Amazon root CA certificate, as these will not be available to view after device creation finishes on the AWS portal.

Configure AWS CLI

This section gives the instructions for installing and configuring AWS CLI. This tool will be used to push the update image to the AWS IoT OTA bucket.

Note: Add the ModusToolbox™ software python installation directory to your Windows user path (environmental variables), move the path to the top.

1. Open a CLI terminal.

   On Linux and macOS, you can use any terminal application. On Windows, open the "modus-shell" app from the Start menu.

2. Navigate the terminal to the <OTA Application>/scripts/ directory.

3. Run the following command to ensure that the required modules are installed or already present ("Requirement already satisfied:" is printed).

   pip install -r requirements.txt
   

4. Log in to your AWS IoT IAM account through a browser. Click on your name on the top right corner and select security credentials.

5. Under AWS IAM Credentials click on Create access key. Download the CSV and keep it safely.

6. On windows, open a command prompt.

7. Run the following command to configure your Identity and Access Management credentials with AWS CLI. This command creates and configures an AWS profile with the supplied name. This created profile will be used in steps like OTA job configuration.

   aws configure --profile <name_of_profile>
   

   If no profile name is provided, the credentials are stored with the profile name as default. When prompted, enter the following information -

   • Access Key ID (present in the CSV file downloaded earlier in step 5)
   • AWS Secret Access Key (present in the CSV file downloaded earlier in step 5)
   • Region (See Region and Availability Zones to find the list of available regions, for example: us-east-2)
   • Output format (Enter json)
   
   

8. From the modus-shell in <OTA Application>/scripts/ directory, run the following command. This will generate a private key for signing the OTA images.

   openssl genpkey -algorithm EC -pkeyopt ec_paramgen_curve:P-256 -pkeyopt ec_param_enc:named_curve -outform PEM -out ota-signing-private.pem
   

9. Create a new file named "cert_config.txt" in the <OTA Application>/scripts/ directory with the following contents. Modify <user_name> and <domain> to match your credentials. The email address used for the AWS account can also be used for the commonName.

   [ req ]
   prompt             = no
   distinguished_name = my_dn
   
   [ my_dn ]
   commonName = <user_name>@<domain>.com
   
   [ my_exts ]
   keyUsage         = digitalSignature
   extendedKeyUsage = codeSigning
   

10. Generate a code-signing certificate by running the following command in modus-shell from the <OTA Application>/scripts/ directory.

    openssl req -new -x509 -config cert_config.txt -extensions my_exts -nodes -days 365 -key ota-signing-private.pem -out ota-signing-private.crt
    

11. Register the certificate and private key with AWS Certificate Manager (ACM) by running the following command in windows command prompt in <OTA Application>/scripts/ directory.

    <name_of_profile> in the following command should be same as the one used in step 7.

    aws acm import-certificate --certificate fileb://ota-signing-private.crt --private-key fileb://ota-signing-private.pem --profile <name_of_profile> > ./certarn.json
    

Note: You can also submit the OTA job manually through the web console. See the "OTA Update Prerequisites" and "OTA Tutorial" sections in FreeRTOS Over-the-Air Updates documentation.

Operation

The device certificates, keys and the ota job code signing certificates needs to be passed from the application to the AWS cloud.

1. Connect the board to your PC using the provided USB cable through the KitProg3 USB connector.

2. Open a terminal program and select the KitProg3 COM port. Set the serial port parameters to 8N1 and 115200 baud.

3. Edit the <OTA Application>/source/credentials_config.h file to configure your OTA application.

   1. Modify the connection configuration such as WIFI_SSID, WIFI_PASSWORD, and WIFI_SECURITY macros to match the settings of your Wi-Fi network.

   2. Modify the AWS IoT configurations such as CLIENT_IDENTIFIER, AWS_IOT_ENDPOINT, and AWS_MQTT_PORT macros to match your AWS IoT Thing settings.

   3. If you are not using the CY8CKIT-064S0S2-4343W kit, add the AWS IoT Thing certificates and private key to aws_root_ca_certificate, aws_client_cert, and aws_client_key variables. The certificates and keys were genererated in the section Create an AWS IoT Thing.

      To convert the certificate and keys to string format use the <OTA Application>/scripts/PEMfileToCString.html

4. Open a CLI terminal.

   On Linux and macOS, you can use any terminal application. On Windows, open the "modus-shell" app from the Start menu.

5. Navigate the terminal to the <OTA Application>/scripts/ directory.

6. Edit the <OTA Application>/configs/ota_config.h file to add the OTA job signing certificate.

   Run the follwing command in the modus-shell.

   python format_cert_key.py ota-signing-private.crt
   

   Copy the formatted certificate from the modus-shell and add it the AWS_IOT_OTA_SIGNING_CERT macro in the ota_config.h file.

7. Program the board.

   Using Eclipse IDE for ModusToolbox™ software

   1. Select the application project in the Project Explorer.

   2. In the Quick Panel, scroll down, and click <Application Name> Program (KitProg3_MiniProg4).

   Using CLI

   From the terminal, execute the make program command to build and program the application using the default toolchain to the default target. You can specify a target and toolchain manually:

   make program TARGET=<BSP> TOOLCHAIN=<toolchain>
   

   Example:

   make program TARGET=CY8CKIT-064S0S2-4343W TOOLCHAIN=GCC_ARM
   

   At this point, the primary slot is programmed and the CM4 CPU starts running the image from the primary slot on reset. Observe the messages on the UART terminal. You should see that a stock image v1.0.0 is running. Wait for the device to make the required connections as shown in Figure 2.

   Figure 2. Connection to the AWS IoT MQTT server

   

8. Modify the value of app version in the <OTA Application>/Makefile by setting APP_VERSION_MINOR to '1'.

9. Build the app (DO NOT program it to the kit). This new image will be uploaded to the MQTT bucket in the following steps to demonstrate OTA update.

   Using Eclipse IDE for ModusToolbox™

   1. Select the application project in the Project Explorer.

   2. In the Quick Panel, scroll down, and click Build <OTA Application> Application.

   Using CLI

   1. From the terminal, execute the make build command to build the application using the default toolchain to the default target. You can specify a target and toolchain manually:

      make build TARGET=<BSP> TOOLCHAIN=<toolchain>
      

      Example:

      make build TARGET=CY8CKIT-064S0S2-4343W TOOLCHAIN=GCC_ARM
      

10. After a successful build, run the <OTA Application>/scripts/start_ota.py python script in the modus-shell from <OTA Application>/scripts/ directory, to create the OTA job. Pass the following as arguments to match your configurations.
    profile - The AWS profile created in Configure AWS CLI
    name - The name of AWS IoT thing.
    role - Select a name of role , if a role is not already present in AWS, it will be created for you with this supplied name.
    s3bucket - Name of your S3 bucket, if a bucket is not already present in AWS, it will be created for you with this supplied name.
    otasigningprofile - Same as the value for profile.
    appversion - 1_1_0
    buildlocation - Path to output bin file. It follows the template - "../build/<TARGET>/<Build-config>". Example - "../build/CY8CKIT-064S0S2-4343W/Debug"

    python start_ota.py --profile <name_of_profile> --name <name_of_thing> --role <name_of_role> --s3bucket <name_of_s3_bucket> --otasigningprofile <name_of_profile> --appversion 1_1_0 --buildlocation "../build/<TARGET>/<Build-config>"
    

    Note: You can also submit the OTA job manually through the web console. See the "OTA Update Prerequisites" and "OTA Tutorial" sections in FreeRTOS Over-the-Air Updates documentation.

11. Once the v1.1.0 image is pushed to the AWS bucket, wait for few seconds. Watch the terminal window, the device should receive an OTA job notification. AWS creates a stream and transfers the image to the device. The progress is shown in the terminal logs as number of blocks remaining for download.

    Figure 3. OTA image download

    

12. Once the download is complete, a soft reset is issued. The MCUboot bootloader starts the image upgrade process. If the image is valid, the images in primary and secondary slots are swapped. This process can take few minutes, wait until the device boots into the new image.

13. After the update, on the terminal window, observe that the device is now running an updated image v1.1.0.

    Figure 4. Booting into new image

    

14. To test the revert feature of MCUboot, send a bad image as the v1.2.0 OTA update. The bad image used in this example is an infinite loop. The watchdog timer will reset the bad image and upon reboot, MCUboot will revert the primary image back to v1.1.0 good image. Edit <OTA Application>/Makefile and add TEST_REVERT to the Defines variable.

15. Edit the app version in the <OTA Application>/Makefile by setting APP_VERSION_MINOR to '2'.

16. Build the application per Step 9.

17. After a successful build, run the following command in the modus-shell from <OTA Application>/scripts/ directory, to push the new v1.2.0 bad image to the AWS bucket. The parameters are same as explained in step 10.

    python start_ota.py --profile <name_of_profile> --name <name_of_thing> --role <name_of_role> --s3bucket <name_of_s3_bucket> --otasigningprofile <name_of_profile> --appversion 1_2_0 --buildlocation "../build/<TARGET>/<Build-config>"
    

18. The device will now find this new v1.2.0 image and update to it. After the update, within a few seconds, the watchdog timer resets the device. Upon reset, MCUboot reverts to the v1.1.0 good image.

    Figure 5. Reverting to good image

    

Debugging

You can debug the example to step through the code. In the IDE, use the <Application Name> Debug (KitProg3_MiniProg4) configuration in the Quick Panel. For details, see the "Program and debug" section in the Eclipse IDE for ModusToolbox™ software user guide.

Note: (Only while debugging) On the CM4 CPU, some code in main() may execute before the debugger halts at the beginning of main(). This means that some code executes twice – once before the debugger stops execution, and again after the debugger resets the program counter to the beginning of main(). See KBA231071 to learn about this and for the workaround.

Design and implementation

This example implements one RTOS task - OTA MQTT client. This task initializes the dependent middleware/libraries, connects to the AWS IoT MQTT core, and subscribes to an OTA update topic. When a new update is available, it is downloaded and written to the secondary slot. On the next reboot, MCUboot swaps the new image in the secondary slot with the primary slot image and runs the application. If the new image is not validated in runtime, on the next reboot, MCUboot reverts to the previously validated image.

For detailed information on the AWS IoT OTA update flow, refer to the Amazon's FreeRTOS Over-the-Air Updates page.

All the source files related to the task are placed under the <OTA Application>/source/ directory:

File	Description
aws_ota_demo_mqtt.c	Contains tasks and functions related to AWS OTA update feature.
aws_ota_demo_mqtt.h	Contains declaration of tasks and functions related to AWS OTA update feature
mqtt_subscription_manager.c	Contains the implementation of the API of a subscription manager for handling subscription callbacks to topic filters in MQTT operations.
mqtt_subscription_manager.h	Contains the API of a subscription manager for handling subscription callbacks to topic filters in MQTT operations.
main.c	Initializes the BSP and the retarget-io library, and creates the OTA MQTT client task.
credentials_config.h	Contains the OTA and Wi-Fi configuration macros such as SSID, password, file server details, certificates, and key.

All the scripts and configurations needed for this example are placed under the <OTA Application>/scripts/ directory:

File	Description
PEMfileToCString.html	HTML page to convert certificate/key to string format for varibales
format_cert_key.py	Python script to convert certificate/key to string format for macros
start_ota.py user.py role.py bucket.py *.json	Python scripts and JSON files to push image updates to AWS IoT bucket

The <OTA Application>/configs/ folder contains other configurations related to the OTA and FreeRTOS.

The code-example mainly includes the anycloud-ota library as the dependency to collect all other connectivity related libraries. The anycloud-ota library includes the mqtt library as a dependency and the mqtt library in turn has dependencies on aws-iot-device-sdk-port and aws-iot-device-sdk-embedded-C libraries.

The aws-iot-device-sdk-port library is using the customized bootutil source files from anycloud-ota library.

The code example uses the customized linker scripts from anycloud-ota library to support dual-cpu operation with MCUBoot bootloader for some targets (kits other than CY8CKIT-064S0S2-4343W). We also use the post build scripts from anycloud-ota library to sign the CM4 image and generate bin file for image upgrade for those targets.

Resources and settings

Table 1. Application resources

Resource	Alias/object	Purpose
UART (HAL)	cy_retarget_io_uart_obj	UART HAL object used by Retarget-IO for the Debug UART port

Related resources

Resources	Links
Application notes	AN228571 – Getting started with PSoC™ 6 MCU on ModusToolbox™ software AN215656 – PSoC™ 6 MCU: Dual-CPU system design AN79953 – Getting started with PSoC™ 4 AN85951 – PSoC™ 4 and PSoC™ 6 MCU CAPSENSE™ design guide
Code examples	Using ModusToolbox™ software on GitHub Using PSoC™ Creator
Device documentation	PSoC™ 6 MCU datasheets PSoC™ 6 technical reference manuals PSoC™ 4 datasheets PSoC™ 4 technical reference manuals
Development kits	Visit www.cypress.com/microcontrollers-mcus-kits and use the options in the Select your kit section to filter kits by Product family or Features.
Libraries on GitHub	mtb-pdl-cat1 – PSoC™ 6 peripheral driver library (PDL) mtb-hal-cat1 – Hardware abstraction layer (HAL) library retarget-io – Utility library to retarget STDIO messages to a UART port mtb-pdl-cat2 – PSoC™ 4 peripheral driver library (PDL) mtb-hal-cat2 – Hardware abstraction layer (HAL) library
Middleware on GitHub	capsense – CAPSENSE™ library and documents psoc6-middleware – Links to all PSoC™ 6 MCU middleware
Tools	Eclipse IDE for ModusToolbox™ software – ModusToolbox™ software is a collection of easy-to-use software and tools enabling rapid development with Infineon MCUs, covering applications from embedded sense and control to wireless and cloud-connected systems using AIROC™ Wi-Fi and Bluetooth® connectivity devices. PSoC™ Creator – IDE for PSoC™ and FM0+ MCU development

Other resources

Infineon provides a wealth of data at www.infineon.com to help you select the right device, and quickly and effectively integrate it into your design.

For PSoC™ 6 MCU devices, see How to design with PSoC™ 6 MCU - KBA223067.

Document history

Document title: CE234776 – MTB-EXAMPLE-AWS-IOT-OTA-MQTT

Version	Description of change
1.0.0	New code example

---

© Cypress Semiconductor Corporation, 2022. This document is the property of Cypress Semiconductor Corporation, an Infineon Technologies company, and its affiliates ("Cypress"). This document, including any software or firmware included or referenced in this document ("Software"), is owned by Cypress under the intellectual property laws and treaties of the United States and other countries worldwide. Cypress reserves all rights under such laws and treaties and does not, except as specifically stated in this paragraph, grant any license under its patents, copyrights, trademarks, or other intellectual property rights. If the Software is not accompanied by a license agreement and you do not otherwise have a written agreement with Cypress governing the use of the Software, then Cypress hereby grants you a personal, non-exclusive, nontransferable license (without the right to sublicense) (1) under its copyright rights in the Software (a) for Software provided in source code form, to modify and reproduce the Software solely for use with Cypress hardware products, only internally within your organization, and (b) to distribute the Software in binary code form externally to end users (either directly or indirectly through resellers and distributors), solely for use on Cypress hardware product units, and (2) under those claims of Cypress’s patents that are infringed by the Software (as provided by Cypress, unmodified) to make, use, distribute, and import the Software solely for use with Cypress hardware products. Any other use, reproduction, modification, translation, or compilation of the Software is prohibited.
TO THE EXTENT PERMITTED BY APPLICABLE LAW, CYPRESS MAKES NO WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, WITH REGARD TO THIS DOCUMENT OR ANY SOFTWARE OR ACCOMPANYING HARDWARE, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. No computing device can be absolutely secure. Therefore, despite security measures implemented in Cypress hardware or software products, Cypress shall have no liability arising out of any security breach, such as unauthorized access to or use of a Cypress product. CYPRESS DOES NOT REPRESENT, WARRANT, OR GUARANTEE THAT CYPRESS PRODUCTS, OR SYSTEMS CREATED USING CYPRESS PRODUCTS, WILL BE FREE FROM CORRUPTION, ATTACK, VIRUSES, INTERFERENCE, HACKING, DATA LOSS OR THEFT, OR OTHER SECURITY INTRUSION (collectively, "Security Breach"). Cypress disclaims any liability relating to any Security Breach, and you shall and hereby do release Cypress from any claim, damage, or other liability arising from any Security Breach. In addition, the products described in these materials may contain design defects or errors known as errata which may cause the product to deviate from published specifications. To the extent permitted by applicable law, Cypress reserves the right to make changes to this document without further notice. Cypress does not assume any liability arising out of the application or use of any product or circuit described in this document. Any information provided in this document, including any sample design information or programming code, is provided only for reference purposes. It is the responsibility of the user of this document to properly design, program, and test the functionality and safety of any application made of this information and any resulting product. "High-Risk Device" means any device or system whose failure could cause personal injury, death, or property damage. Examples of High-Risk Devices are weapons, nuclear installations, surgical implants, and other medical devices. "Critical Component" means any component of a High-Risk Device whose failure to perform can be reasonably expected to cause, directly or indirectly, the failure of the High-Risk Device, or to affect its safety or effectiveness. Cypress is not liable, in whole or in part, and you shall and hereby do release Cypress from any claim, damage, or other liability arising from any use of a Cypress product as a Critical Component in a High-Risk Device. You shall indemnify and hold Cypress, including its affiliates, and its directors, officers, employees, agents, distributors, and assigns harmless from and against all claims, costs, damages, and expenses, arising out of any claim, including claims for product liability, personal injury or death, or property damage arising from any use of a Cypress product as a Critical Component in a High-Risk Device. Cypress products are not intended or authorized for use as a Critical Component in any High-Risk Device except to the limited extent that (i) Cypress’s published data sheet for the product explicitly states Cypress has qualified the product for use in a specific High-Risk Device, or (ii) Cypress has given you advance written authorization to use the product as a Critical Component in the specific High-Risk Device and you have signed a separate indemnification agreement.
Cypress, the Cypress logo, and combinations thereof, WICED, ModusToolbox, PSoC, CapSense, EZ-USB, F-RAM, and Traveo are trademarks or registered trademarks of Cypress or a subsidiary of Cypress in the United States or in other countries. For a more complete list of Cypress trademarks, visit cypress.com. Other names and brands may be claimed as property of their respective owners.