Cannot update OTAcertificate in AWS IoT ExpressLink (ESP32-C3-AWS-ExpressLink-DevKit)

Question

I used command AT+CONF OTAcertificate=pem

and paste certificate info

but got response :

ERR21 INVALID OTA UPDATE

and the following logs

I (1302613) CONF: Writing OTAcertificate[0]
    I (1302613) CONF: Reading OTAcertificate[0]
    I (1302613) CONF: -----> PEM

If I used command AT+CONF? OTAcertificate pem

I got the response

OK1 pem
    PEM

And the following logs

I (1535193) CONF: Reading OTAcertificate[0]
    I (1535203) CONF: -----> PEM

Looks like OTAcertificate is read-only not writable?
Is there any way to write or erase the data of OTAcertificate?
I tried to OTW the firmware on both v1.0.20 and v2.4.1
but the OTAcertificate doesnt change

Answer

Thank you for your post.  This has been difficult to sort out because there are a number of issues.
1. Mistyping the OTAcertificate change command will cause the certificate to be set to an invalid value.  The certificate checking is not being performed correctly.  This will be fixed in a FW release that can be applied with the Over the wire method.
2. The instructions in the README.md incorrectly specify the pem mode as PEM (capitalized).  The readme will be updated ASAP.
3. We discovered that adding a space after the '=' will also cause an incorrect certificate.  FW will be updated to correct the certificate checking on a new certificate.

These issues have been discussed and duplicated with Espressif and they are working on a FW update that will be released as soon as possible.  While waiting for a new FW to correct these OTA issues, the rest of the Expresslink will continue to operate correctly.  If you need to update to the latest FW (2.4.1) please use the OTW feature described here: https://github.com/espressif/esp-aws-expresslink-eval#92-carrying-out-an-over-the-wire-otw-upgrade

Answer

We are working with Espressif to understand the root cause and create a possible solution.
The new certificate must be signed with the private key corresponding to the previous valid module OTA certificate.
Since the OTA certificate is invalid (just the letters PEM), it should have been expected that the first valid module OTA certificate would be accepted.

Answer

I have been studying this problem and I have a few questions.
1) What version of ESP32-C3-AWS-ExpressLink-DevKit are you using?
    enter 
```
AT+CONF? Version
```
 to get the version string.
2) When did the ERR21 appear?  This error is supposed to be related to performing an OTA.  A failed OTAcertificate write is supposed to result in ERR23 INVALID SIGNATURE so I wanted clarify the ERR21.

3) Since we were tardy in our responses, do you have any additional information to offer on this issue?

We are working with Espressif to resolve the OTA certificate issues.  We will have more information on Monday, but any additional information will help us provide better data.

Cannot update OTAcertificate in AWS IoT ExpressLink (ESP32-C3-AWS-ExpressLink-DevKit)

相关内容