This repository contains the FreeRTOS AWS Reference Integrations
, which are pre-integrated FreeRTOS projects that demonstrate connectivity with AWS IoT. The repository contains projects for many different microcontroller evaluation boards.
- Fixes issues of thread-safety and message readability in the sample logging implementation. (Related PRs are #2982 and #2953.)
- Update FreeRTOS Test Runner to support either a configurable delay (in PR) or a FreeRTOS+CLI based serial prompt input command (in PR) to being executing tests.
- Upgrade of ESP-IDF SDK v4.2 for Espressif boards (in PR). Refer to the instructions in Getting Started Guide for using ESP-IDF v4.2.
- Added logic to support connecting to a TLS server that does not require mutual verification.
- The coreHTTP (https://github.com/FreeRTOS/coreHTTP) library provides the ability to establish an HTTP connection with a server over a customer-implemented transport layer, which can either be a secure channel like a TLS session (mutually authenticated or server-only authentication) or a non-secure channel like a plaintext TCP connection. The HTTP connection can be used to make "GET" (include range requests), "PUT", "POST" and "HEAD" requests. The library provides a mechanism to register a customer-defined callback for receiving parsed header fields in an HTTP response. The library has been refactored for memory optimization, and is a client implementation of a subset of the HTTP/1.1 (https://tools.ietf.org/html/rfc2616) standard.
- See memory requirements for the latest release here (https://docs.aws.amazon.com/embedded-csdk/202011.00/lib-ref/libraries/standard/coreHTTP/docs/doxygen/output/html/index.html#http_memory_requirements).
- The backoffAlgorithm (https://github.com/FreeRTOS/backoffAlgorithm) library is a utility library to calculate backoff period for network operation retries (like failed network connection with server) using an exponential backoff with jitter algorithm. This library uses the "Full Jitter" strategy for the exponential backoff with jitter algorithm. More information about the algorithm can be seen in the Exponential Backoff and Jitter (https://aws.amazon.com/blogs/architecture/exponential-backoff-and-jitter/) AWS blog.
- Exponential backoff with jitter is typically used when retrying a failed connection or network operation with the server. An exponential backoff with jitter helps to mitigate the request failures made to servers, that are caused due to network congestion or high load on the server, by spreading out retry requests across multiple devices. Besides, in an environment with poor connectivity, a client can get disconnected at any time. A backoff strategy helps the client to conserve battery by not repeatedly attempting reconnections when they are unlikely to succeed.
- The backoffAlgorithm library has no dependencies on libraries other than the standard C library.
- The AWS IoT Device Defender (https://github.com/aws/device-defender-for-aws-iot-embedded-sdk) library enables you to interact with the AWS IoT Device Defender service to continuously monitor security metrics from devices for deviations from what you have defined as appropriate behavior for each device. If something doesn’t look right, AWS IoT Device Defender sends out an alert so you can take action to remediate the issue. More details about Device Defender can be found in AWS IoT Device Defender documentation (https://docs.aws.amazon.com/iot/latest/developerguide/device-defender.html).
- The AWS IoT Device Defender library has no dependencies on additional libraries other than the standard C library. It also doesn’t have any platform dependencies, such as threading or synchronization. It can be used with any MQTT library and any JSON library (see demos (https://github.com/aws/amazon-freertos/tree/master/demos/device_defender_for_aws) with coreMQTT and coreJSON).
- See memory requirements for the latest release here (https://docs.aws.amazon.com/embedded-csdk/202011.00/lib-ref/libraries/aws/device-defender-for-aws-iot-embedded-sdk/docs/doxygen/output/html/index.html#defender_memory_requirements).
- The AWS IoT Jobs (https://github.com/aws/jobs-for-aws-iot-embedded-sdk) library enables you to interact with the AWS IoT Jobs service which notifies one or more connected devices of a pending “Job”. A Job can be used to manage your fleet of devices, update firmware and security certificates on your devices, or perform administrative tasks such as restarting devices and performing diagnostics. For documentation of the service, please see the AWS IoT Developer Guide (https://docs.aws.amazon.com/iot/latest/developerguide/iot-jobs.html). Interactions with the Jobs service use the MQTT protocol. This library provides an API to compose and recognize the MQTT topic strings used by the Jobs service.
- The AWS IoT Jobs library has no dependencies on additional libraries other than the standard C library. It also doesn’t have any platform dependencies, such as threading or synchronization. It can be used with any MQTT library and any JSON library (see demos (https://github.com/aws/amazon-freertos/tree/master/demos/jobs_for_aws) with coreMQTT and coreJSON).
- See memory requirements for the latest release (https://docs.aws.amazon.com/embedded-csdk/202011.00/lib-ref/libraries/aws/jobs-for-aws-iot-embedded-sdk/docs/doxygen/output/html/index.html#jobs_memory_requirements)here (https://docs.aws.amazon.com/embedded-csdk/202011.00/lib-ref/libraries/aws/jobs-for-aws-iot-embedded-sdk/docs/doxygen/output/html/index.html#jobs_memory_requirements).
- The HTTP Compatibility Layer provides backwards compatibility from coreHTTP library to HTTPS V1.x.x APIs. In addition, the HTTP Compatibility Layer maintains the dependency of the network abstraction and linear containers from the HTTPS V1.x.x library. The task pool dependency is removed in order to allow the user to allocate tasks on the stack rather than exclusively on the heap.
- Configuration settings using C preprocessor constants, for the HTTP Compatibility Layer, are available in addition to the original configurations of the HTTPS V1.x.x library (https://docs.aws.amazon.com/freertos/latest/lib-ref/html2/https/https_config.html). They can be set with a #define in the config file (iot_config.h) or by using a compiler option such as -D in gcc. If a configuration setting is not defined, the HTTP Compatibility Layer will use a "sensible" default value (unless otherwise noted). Because they are compile-time constants, this HTTP Compatibility Layer must be rebuilt if a configuration setting is changed.
- IOT_HTTPS_DISPATCH_QUEUE_SIZE - The number of requests in the queue that are ready to be sent to the HTTP server.
- IOT_HTTPS_DISPATCH_TASK_COUNT - The number of tasks that are responsible for sending requests from the dispatch queue.
- IOT_HTTPS_DISPATCH_TASK_STACK_SIZE - The stack size of each dispatch task, sized appropriately for each board.
- IOT_HTTPS_DISPATCH_USE_STATIC_MEMORY - If set to 1, the memory used by the dispatch task will be allocated statically by the library. Otherwise, memory will be allocated on the heap.
- IOT_HTTPS_DISPATCH_TASK_PRIORITY - The priority of each dispatch task. This priority is deliberately chosen to match the original taskpool's priority. Doing so prevents starvation of the network-receive task and tasks potentially used by other libraries.
- See memory requirements for the latest release (https://docs.aws.amazon.com/embedded-csdk/202011.00/lib-ref/libraries/aws/jobs-for-aws-iot-embedded-sdk/docs/doxygen/output/html/index.html#jobs_memory_requirements) here (https://github.com/aws/amazon-freertos/blob/master/libraries/c_sdk/standard/https/CODESIZE.md).
- Includes FreeRTOS kernel V10.4.3
- Additional details can be found here: https://github.com/FreeRTOS/FreeRTOS-Kernel/blob/V10.4.3-kernel-only/History.txt
- When a protocol error occurs during the SYN-phase of a TCP connection, a child socket will now be closed (calling FreeRTOS_closesocket() ), instead of being given the eCLOSE_WAIT status. A client socket, which calls connect() to establish a connection, will receive the eCLOSE_WAIT status, just like before.
- Update logs and format specifiers to use standard C types.
- Add dependence on stdbool.h
- Introduce two new configuration macros for setting the timeout for transport reads and sends.
- Added an API function to iterate over a collection in a JSON document.
- Updated xFindObjectWithLabelAndClass to include a size parameter to allow passing in the size of the label, in order to avoid calling strlen in the library code.
- Added CBMC memory proofs for all functions.
- Removed threading_alt.h from corePKCS11.
- Restructured third party folder in order to align with other core repositories. Folders located in “corePKCS11/3rdparty” are now in “corePKCS11/source/dependency/3rdparty”.
- Updated logs and format specifiers to use standard C types.
- Update logs and format specifiers to use standard C types.
- Fixes for compiler warnings by removing unused functions and variables.
This release does not change any source files compared to 202011.00. It only fixes an issue with checksums.json
file used by AWS IoT Device Tester to verify the integrity of FreeRTOS source files during the qualification process. This issue was present only on Windows while Linux and MacOS were unaffected.
This release includes refactored MQTT, JSON Parser, and AWS IoT Device Shadow libraries for optimized memory usage and modularity, and includes dependent libraries via GitHub submoduling. These libraries have gone through code quality checks including verification that no function has a GNU Complexity score over 8, and checks against the MISRA coding standard. Deviations from the MISRA C:2012 guidelines are documented under MISRA Deviations. These libraries have also undergone both static code analysis from Coverity static analysis, and validation of memory safety and functional correction proofs through the CBMC automated reasoning tool.
The MQTT library in this release, coreMQTT, supports backward compatibility with the MQTT library in FreeRTOS version 201906.00 or higher via a compatibility layer. Therefore, MQTT-dependent libraries in FreeRTOS version 201906.00 or higher, including AWS IoT Device Shadow, AWS IoT Device Defender, and Greengrass Discovery, can use the coreMQTT library via the compatibility layer.
- The AWS IoT Device Shadow library enables you to store and retrieve the current state (the “shadow”) of every registered device. The device’s shadow is a persistent, virtual representation of your device that you can interact with from AWS IoT Core even if the device is offline. The device state captured as its “shadow” is itself a JSON document. The device can send commands over MQTT or HTTP to update its latest state. Each device’s shadow is uniquely identified by the name of the corresponding “thing”, a representation of a specific device or logical entity on AWS IoT. More details about AWS IoT Device Shadow can be found in AWS IoT documentation.
- The AWS IoT Device Shadow library has no dependencies on additional libraries other than the standard C library. It also doesn’t have any platform dependencies, such as threading or synchronization. It can be used with any MQTT library and any JSON library (see demos with coreMQTT and coreJSON).
- See memory requirements for the latest release here.
- The coreJSON library is a JSON parser that strictly enforces the ECMA-404 JSON standard. It provides a function to validate a JSON document, and a function to search for a key and return its value. A search can descend into nested structures using a compound query key. A JSON document validation also checks for illegal UTF8 encodings and illegal Unicode escape sequences.
- See memory requirements for the latest release here.
- The coreMQTT library provides the ability to establish an MQTT connection with a broker over a customer-implemented transport layer, which can either be a secure channel like a TLS session (mutually authenticated or server-only authentication) or a non-secure channel like a plaintext TCP connection. This MQTT connection can be used for performing publish operations to MQTT topics and subscribing to MQTT topics. The library provides a mechanism to register customer-defined callbacks for receiving incoming PUBLISH, acknowledgement and keep-alive response events from the broker. The library has been refactored for memory optimization and is compliant with the MQTT 3.1.1 standard. It has no dependencies on any additional libraries other than the standard C library, a customer-implemented network transport interface, and optionally a customer-implemented platform time function. The refactored design embraces different use-cases, ranging from resource-constrained platforms using only QoS 0 MQTT PUBLISH messages to resource-rich platforms using QoS 2 MQTT PUBLISH over TLS connections.
- See memory requirements for the latest release here.
- Added OTA PAL Port for Renesas RX65N-2MB board
- Added ACL connection state change callback for BLE HAL
- Added transport interface for BLE library to send data to AWS IoT using the coreMQTT and AWS IoT Device Shadow client libraries. The transport interface utilizes a companion device mobile application implemented using FreeRTOS BLE Android and iOS SDKs to send data to AWS IoT.
- Added coreMQTT and AWS IoT Device Shadow demos for BLE. The respective demos "MQTT BLE Transport Demo" and "Shadow BLE Transport Demo" can be found under
demos/ble
folder. The demo uses the new MQTT and Shadow client libraries and the BLE transport interface to send and receive data with AWS IoT.
- Added more peripherals to CMake.
- Added FreeRTOS+CLI V1.0.4 to Amazon FreeRTOS repository.
- Added FreeRTOS Console API to interact with CLI over common IO or UDP interface.
- Added sample which demonstrates executing commands using FreeRTOS+CLI and UART interface.
- Sub-moduled to the FreeRTOS/FreeRTOS-Plus-TCP repository. This is a breaking change for users using 202007.00 release of amazon-freertos due to change in folder structure.
- Bug Fix for UDP only (
ipconfigUSE_TCP == 0
) compilation of FreeRTOS+TCP. Conditional compilation on the value ofipconfigUSE_TCP
updated to exclude TCP only components. - Added descriptions for functions and variables in Doxygen compatible format.
- Updated
prvParseDNSReply
function signature.
- The
iot_pki_utils.h
andiot_pki_utils.c
are renamed tocore_pki_utils.h
andcore_pki_utils.c
respectively. They are also now a part of the corePKCS11 repository.
- Added more logging in library.
- Refactored as compatibility layer for V2.x.x MQTT APIs using coreMQTT library. This is the library that supports backward compatibility with MQTT APIs present in between 201906.00 and 202007.00.
- Added check to abort the update if updating job status as self-test in service fails, this helps in early detection of mismatch in device and jobs states before activating new image.
- Sub-moduled to the FreeRTOS/corePKCS11 repository.
- Updated ECC608A and PSA library dependencies to corePKCS naming scheme. Refactored AFQP tests to support HSMs that have locked down credentials.
- Added new optional API
SOCKETS_Bind
. - Extended
SOCKETS_SetSockOpt
to support TCP keepalive settings.
- Updated unit tests to work with the MQTT compatibility layer. This is the library that supports backward compatibility with Shadow APIs present in between 201906.00 and 202007.00.
- Added missing Max Fragment Length (MFL) runtime configuration if MFL macro is enabled.
- Updated WiFi APIs to support more granular error codes, WEP encryption, SoftAP provisioning, optional asynchronous APIs, event handling and set country code. This is a breaking change to the WIFI API. See more details here.
- Changed default configuration for number and size of blocks to be compatible with the size of the mbedTLS input buffer.
- Changed default configuration for number and size of blocks to be compatible with the size of the mbedTLS input buffer.
- Changed default configuration for number and size of blocks to be compatible with the size of the mbedTLS input buffer.
- Changed default configuration for number and size of blocks to be compatible with the size of the mbedTLS input buffer.
- Changed default configuration for number and size of blocks to be compatible with the size of the mbedTLS input buffer.
- Updated the over-the-air (OTA) agent with the ability to pause and resume an in-progress update.
- Updated the OTA demo to demonstrate how to suspend an in-progress OTA update should the MQTT connection disconnect, then resume the same update when the MQTT connection reconnects. In line with best practice, the reconnect logic uses an exponential backoff and jitter algorithm to prevent the MQTT server getting overwhelmed with connection requests if a fleet of devices get disconnected and then attempt to reconnect at the same time.
- For testing purposes only, it is now possible to use the OTA agent to downgrade a version number or revert to an older version. This new functionality is disabled by default.
- New Board: The Cypress PSoC 64 board is now qualified with FreeRTOS.
- New Board: ESP32-WROOM-32SE is now available in the FreeRTOS Console.
- Update the UTILS_TimespecAdd utility function to support both signed and unsigned definitions of
struct timespec.tv_sec
. (Some implementations use unsigned definition ofstruct timespec.tv_sec
to address the 2038 problem on 32-bit systems. ) This change is backwards compatible.
- Improved the Keep-Alive mechanism: The MQTT library will not send PING requests when connection is not idle, which fixes a disconnect issue during OTA. In prior versions, MQTT would sometimes disconnect during OTA due to timeouts for server PING response.
- Bug fix for Keep-Alive interval: The MQTT library was incorrectly sending PING requests at intervals greater than the keep alive period sent in the CONNECT request. This change fixes the problem.
- Fix invalid memory access - ss_ctx_t context is shared and sent to a user callback. If the socket is closed and subsequently freed during callback execution, the callback can potentially access the invalid context.
- Fix two separate issues for potential invalid memory access; at one place by validating socket handle before de-referencing, and at another place by freeing memory only if it had been previously allocated.
- Added doxygen to various PKCS #11 files.
- Added improved logging for mbed TLS return codes in iot_pkcs11_mbedtls.c.
- Change status parameter type for GATT Client callbacks to match Bluetooth 5.0.
- Add pxMultiAdvSetInstRawData API to set raw advertisement data for multi-advertisement instances.
- Mark pxBondedCb callback and ucTimeout variables as deprecated.
- Added new API IotBle_SetDeviceName() to set the BLE device name at runtime.
- Fixed IotBle_On() and IotBle_Off() APIs.
- Accommodate larger-than-expected writes to RXLargeMesg Gatt characteristic.
- Added ability to cache multiple IP addresses per DNS entry.
- Defensive security improvements:
- In compliance with the UDP protocol specification, prior versions of FreeRTOS+TCP accepted UDP packets that had their checksum set to 0. FreeRTOS+TCP V2.3.0 adds a new configuration parameter,
ipconfigUDP_PASS_ZERO_CHECKSUM_PACKETS
, that enables users to opt to drop UDP packets that have their checksum set to 0. Note: This new setting defaults to 0, so it defaults to dropping UDP packets that have their checksum set to 0. - Prior versions of FreeRTOS+TCP accept IP packets that contain IP options, although those options are not processed. FreeRTOS+TCP V2.3.0 adds a new configuration parameter,
ipconfigIP_PASS_PACKETS_WITH_IP_OPTIONS
, that enables users to opt to drop IP packets that contain IP options. - Setting configuration parameter,
ipconfigDRIVER_INCLUDED_RX_IP_CHECKSUM
, to 1 offloads IP checksum and length checking to the hardware. From FreeRTOS+TCP V2.3.0, the length is checked in software even when it has already been checked in hardware.
- In compliance with the UDP protocol specification, prior versions of FreeRTOS+TCP accepted UDP packets that had their checksum set to 0. FreeRTOS+TCP V2.3.0 adds a new configuration parameter,
- Upgraded the version of Mbed TLS to v2.16.7.
- Replaced copy of Mbed TLS with a submodule reference to the official Mbed TLS GitHub repository.
- Fixed an issue encountered when an OTA job is force cancelled while the related download is in progress. It was caused due to the self-start timer starting after the OTA job document is received. The fix starts the self-start timer when the OTA agent on the device starts.
- Support OTA via HTTP over the BLE channel for ESP32 (when SPIRAM is enabled).
- Added ESP-IDF component for WiFi provisioning in SoftAP mode. This allows provisioning devices with Wi-Fi credentials via a web-server running on the device and a provisioning mobile application. This mode requires the use of lwIP as the networking stack.
- Replaced ESP-IDF code to be a submodule pointer to the official ESP-IDF repository.
- Updated LwIP as the default networking stack.
- Includes FreeRTOS kernel V10.3.0
- Additional details can be found here: https://github.com/FreeRTOS/FreeRTOS-Kernel/blob/V10.3.0-kernel-only/History.txt
- The name 'Amazon FreeRTOS' has been changed to 'FreeRTOS'
- The name 'Amazon FreeRTOS Qualification (AFQ)' has been changed to 'Device Qualification Program for FreeRTOS'
- Changes were applied only to comments and headers
- Fix a dependency parsing bug in CMake
- Refactor OTA agent and separate data transfer and control interface.
- Support OTA data transfer over HTTP.
- A preview of Common I/O library is included.
- Common I/O library provides a set of standard APIs, across supported reference boards, for accessing common devices.
- This preview supports UART, SPI and I2C. Support for other peripherals will follow.
- Enable lwIP full duplex feature
- The same socket may be used by multiple tasks concurrently
- lwIP is now a submodule from https://github.com/lwip-tcpip/lwip.git
- Ethernet is now available for Nuvoton NuMaker-IoT-M487.
- Either Wi-Fi or Ethernet can be enabled exclusively.
- Documentation updates and additional debug logging.
- Remove demo configuration dependency from library files.
- Update demonstration code to use MQTT V2 APIs.
- HAL modification to replace bonded callback with pairing state change callback.
- HAL modification to change to 16-bit value for advertisement duration.
- The Infineon XMC4800 IoT Connectivity Kit with OPTIGA Trust X secure element is now qualified for Amazon FreeRTOS.
- The Microchip ATECC608A secure element with Windows Simulator is now qualified for Amazon FreeRTOS.
- Defender Library API change to shared MQTT connection.
- Demonstration code for Defender Library updated to show use of shared connection.
- Upload support with HTTP methods PUT and POST is now available in the HTTPS Client Library.
- Demonstration code with PUT and POST methods are now available in demos/https.
- A port for SoftHSMv2, a third-party open-source implementation of PKCS #11, has been provided for use with the Windows Simulator project for Amazon FreeRTOS.
- The purpose of the SoftHSMv2 port is to allow ad hoc interoperability testing with an independent implementation of the PKCS #11 standard.
- CMake build is now supported for Nordic nRF52840 DK Development kit.
- FreeRTOS kernel is now a submodule from https://github.com/FreeRTOS/FreeRTOS-Kernel.git
- Add nodejs/http_parser as a submodule in place of copied-over files.
- Add ThrowTheSwitch/Unity as a submodule in place of copied-over files.
- Update the PKCS #11 third-party headers to be the latest from OASIS (version 2.40 Plus Errata 01).
- Add PKCS #11 as a submodule.
- ESP32 board supports NIMBLE as the default underlying stack for Bluetooth Low Energy.
- Contains bug fixes and enhancements in ESP NIMBLE stack.
- Contains bug fixes in ESP Bluedroid stack.
- Marvell SDK now updated to R8 P2 (v1.2.r8.p2)
- ESP32 board supports NIMBLE as the default underlying stack for Bluetooth Low Energy.
- Contains bug fixes and enhancements in ESP NIMBLE stack.
- Contains bug fixes in ESP Bluedroid stack.
- Nuvoton NuMaker-IoT-M487 is now qualified for Amazon FreeRTOS.
- Disclaimer on RNG: The random number generation solution in this port is for demonstration purposes only.
- Kernel version for Amazon FreeRTOS is updated to V10.2.1.
- Add ARM Cortex-M23 (ARMv8-M) GCC/ARMclang and IAR ports.
- Add support to automatically switch between 32-bit and 64-bit cores to RISC-V port.
- The HTTPS Client library for Amazon FreeRTOS supports the HTTP/1.1 protocol over TLS.
- The current request methods supported are GET and HEAD.
- Examples demonstrate downloading a file from S3 using GET with a pre-signed URL.
- Update the Amazon FreeRTOS mbedTLS-based PKCS #11 implementation, tests, demos, and PKCS #11 consuming libraries for compliance with standard.
- Add PKCS #11 wrapper functions for easy use of commonly grouped PKCS #11 calls.
- Make stack size and priority to be demo specific. In current release all demos have same stack size and priority. This change will make stack size and priority configurable for each demo. Demo can use default stack size/ priority or define its own.
- Update Microchip Curiosity PIC32MZEF project and configuration files to support Ethernet connectivty. Developers must define PIC32_USE_ETHERNET at the project level to use Ethernet instead of Wi-Fi.
- Update lwIP to version 2.1.2, and change existing ports as necessary.
- Remove elliptic curve tests from "quarantine" test group and add them back to the TLS test group.
- OTA Callback changes for custom and secondary processor jobs. Modifying the OTA Agent to use callback structure instead of directly calling PAL functions. This allows users to pass in custom callbacks for the PAL functions.
- Move Amazon FreeRTOS to a new versioning scheme (YYYYMM.NN [optional "Major" tag]), while retaining semantic versioning (x.y.z) used for individual libraries within Amazon FreeRTOS. This release contains multiple major version updates for individual libraries. See below for details.
- Update folder structure to provide a cleaner separation between FreeRTOS kernel, standard libraries, AWS libraries, platform-specific ports and 3rd party libraries. Customers upgrading from earlier versions will need to update their project files.
- Bluetooth Low Energy management API for GAP and GATT services, with support for
- Bluetooth Low Energy v4.2 and above.
- Device discovery, notifications and indications.
- Creating, starting, stopping, and deleting GATT services.
- “Just Works” and “Secure Connections - Numeric Comparison” connection methods.
- Companion device SDK 1.0.0 release for
- GATT services for
- Device information.
- Wi-Fi credentials provisioning.
- MQTT-over-Bluetooth Low Energy through Android or iOS device proxy to support.
- OTA and Device Shadow functionality.
- Enable consistent re-use pattern of one single connection across all libraries.
- Add support for MQTT 3.1.1 standard features.
- Last Will and Testament.
- QoS1 with randomized retry logic.
- Persistent sessions.
- Add programming model revisions to enable.
- Fully non-blocking programming model.
- Per-operation user callback.
- Fully dynamic or fully static memory management.
- Full support for Bluetooth Low Energy transport as well as TCP/IP.
- Re-implementable abstraction layer to allow port on any network stacks.
- Standard, configurable logging mechanism.
- Extend Device Defender support to additional development boards. Current set of metrics now available on all development boards that implement Secure Sockets abstraction.
- Task (Thread) pool library for asynchronous processing.
- Add library for atomic operations support.
- Add new API
WIFI_RegisterNetworkStateChangeEventCallback
to allow application notifications for Wi-Fi state transitions.
- Extend the ability to build projects using CMake in addition to providing IDE project files. CMake files are now available for the following development boards:
- Espressif ESP32-DevKitC
- Espressif ESP-WROVER-KIT
- Infineon XMC4800 IoT Connectivity Kit
- Marvell MW320 AWS IoT Starter Kit
- Marvell MW322 AWS IoT Starter Kit
- Microchip Curiosity PIC32MZEF Bundle
- STMicroelectronicsSTM32L4 Discovery Kit IoT Node
- Texas Instruments CC3220SF-LAUNCHXL
- Microsoft Windows Simulator
- mbedTLS library is upgraded to version 2.16.0.
- ESP-IDF version is upgraded to 3.1.3.
- Update demo projects for cleaner separation of platform specific code.
- Documentation update.
- Marvell boards MW320 and MW322 are now qualified for Amazon FreeRTOS.
- Disclaimer on RNG: The random number generation solution in this port is for demonstration purposes only.
- Kernel version for Amazon FreeRTOS is updated to V10.2.0.
- Add Support for RISC-V.
- Include pre-existing ARM Cortex-M33 (ARMv8-M) GCC/ARMclang and IAR ports.
- Include C runtime header for snprintf.
- Sanity check the number of bytes written.
- Thing name can be a non-string literal.
- Set the socket to block on sends with a timeout in prvSetupConnection.
- ulApplicationGetNextSequenceNumber is now thread safe without stopping the scheduler.
- Leave the scheduler running during PKCS #11 calls.
- lib/wifi: fix issue with WiFi configuration for non-null strings, and fix scanning failure under certain disconnect scenarios.
- ib/FreeRTOS-Plus-TCP: do not send eNetworkDownEvent to stack if interface is already down.
- mbedtls: configurable options for controlling dynamic memory allocations.
- lib/third_party: update ESP-IDF to latest v3.1.3 release.
- NetworkInterface: check interface state before sending packets to WiFi driver.
- Fix WIFI_GetMac returning wrong mac address.
- Fix Cypress build error with IDE.
- Fix Cypress build error with IDE.
- Make RST packet handling more robust.
- Make TCP window high and low watermark thresholds runtime configurable.
- Fix parsing of the last option in a DHCP response packet.
- Fix TCP window size calculation.
- Allow the DNS cache to be programmatically cleared.
- Free the memory allocated by the pcap_compile routine in the WinPCap network interface module.
- Add a debug message in the event that JSMN runs out of memory trying to parse JSON.
- Print a debug message for any JSMN error, not just 'JSMN_ERROR_NOMEM'.
- Update to permit multithreaded read from object storage.
- Update documentation.
- TLS_Send now handles the error condition when space is not avaiable.
- Convert errors in TLS wrapper to negative error codes.
- The latest XC32 compiler (version 2.15) does not allow multiple definitions by default. Explicitly enabling multiple definitions in aws_tests and aws_demos projects for now.
- Cypress boards CYW54907 and CYW43907 are now qualified for Amazon FreeRTOS.
- Kernel version for Amazon FreeRTOS is updated to 10.1.1.
- Update all object handles (TaskHandle_t, QueueHandle_t, etc.) to be unique types instead of void pointers, improving type safety.
- Add Xtensa port.
- Update to the latest trace recorder code.
- Update lint checked MISRA compliance to use the latest MISRA standard.
- Add configUSE_POSIX_ERRNO to enable per task POSIX style errno functionality.
- Use stack based alloaction for POSIX types. Stack based allocation will reduce heap fragmentation.
- Fixed potential overflow in Posix timespec utils.
- Stopped Posix timer spawnning thread every time it is invoked.
- Unlock and update owner atomically, while unlocking mutex.
- Bug fix: MQTT agent tries to setup a connection with the MQTT broker when the socket does not exist.
- ESP-IDF upgraded to 3.1.1.
- Rename variables to comply with style guidelines.
- Rename variables to comply with style guidelines.
- Rename variables to comply with style guidelines.
- Rename variables to comply with style guidelines.
- Added as part of Cypress CYW43907 board port.
- Note that the random number generation solution in this port is provided for demonstration purposes only. See the comment in lib/pkcs11/portable/cypress/CYW943907AEVAL1F/hw_poll.c.
- Added as part of Cypress CYW54907 board port.
- Note that the random number generation solution in this port is provided for demonstration purposes only. See the comment in lib/pkcs11/portable/cypress/CYW954907AEVAL1F/hw_poll.c
- Updated as part of Updrade to ESP-IDF to 3.1.1.
- Bug Fix: Multi-threaded use of PKCS #11 Sign/Verify could cause key corruption.
- Added as part of Cypress CYW43907 board port.
- Added as part of Cypress CYW54907 board port.
- Update as part of Updrade to ESP-IDF to 3.1.1.
- Bug fix: Update WIFI init API to return success if WIFI module was already successfully initialized.
- Bug fix: Update WIFI AP connection API for NXP to check if DHCP was successful.
The Renesas Starter Kit+ for RX65N-2MB is now qualified for Amazon FreeRTOS. This port updates the PKCS #11 portable layer, demo projects, and tests.
- Improvement to reduce the size of a pthread object and make the object user allocatable from stack.
- Add FreeRTOS+TCP support for the Renesas Starter Kit+ for RX65N-2MB.
- Add FreeRTOS Kernel support for the Renesas Starter Kit+ for RX65N-2MB.
- Update license information.
- Add PKCS #11 support for the Renesas Starter Kit+ for RX65N-2MB.
- Note that the random number generation solution in this port is provided for demonstration purposes only. See the comment in lib/third_party/mcu_vendor/renesas/amazon_freertos_common/entropy_hardware_poll.c for more information.
- Update license information.
The MediaTek MT7697 System on Chip (SoC) is now qualified for Amazon FreeRTOS. You can take advantage of Amazon FreeRTOS features and benefits using the MediaTek MT7697Hx Development Kit available from MediaTek Labs. This development board contains the MT7697 SoC, which includes an Arm Cortex-M4 MCU, low power 1T1R 802.11 b/g/n Wi-Fi, Bluetooth 4.2 subsystem and power management unit.
Amazon FreeRTOS support for the MediaTek MT7697Hx-Dev-Kit includes for the first time support for the Lightweight TCP / IP network stack (lwIP). This flexibility will support customer choice in identifying the best TCP stack solution for IoT devices.
- Update to flush ARP cache when then network is down.
- Delete extra include headers.
- Add PKCS #11 support for the MediaTek MT7697Hx-Dev-Kit.
- Update documentation.
- Add Secure Sockets support for lwIP.
- Update documentation.
- Add Wi-Fi support for the MediaTek MT7697Hx-Dev-Kit.
- Remove warnings in Device Defender Demo build.
- Fix post-build command and python script for generating OTA factory image for Mac users.
- Update formatting and build warnings.
- Fix bug in retrieving code signature verification certificate.
- Fix bug in retrieving code signature verification certificate.
- Update Amazon FreeRTOS with port files, demo projects, and tests for the Xilinx Zynq-7000 based MicroZed Industrial IoT Bundle
- Upgrade to mbedTLS version 2.13.1.
- Minor bug fixes.
- Update the Zynq-7000 portable layer for receive descriptor alignment.
Update mbedTLS-based PKCS #11, and PKCS #11 PAL. These changes have been made to more closely align with the PKCS #11 standard, respond to feedback from users and partners, and make it easy for users to go to production from a prototype. Applications calling into PKCS #11 functions directly (rather than indirectly via an Amazon provided secure sockets or TLS layer) may experience breaking changes.
- C_Initialize handles initialization of randomness in an effort to minimize entropy generation (or seed access) every time sessions are created and destroyed. To protect random values, thread safety has been enabled in mbedTLS.
- C_SignInit and C_VerifyInit utilize the key handle that is passed in, rather than the first key found in order to comply with the PKCS #11 standard
- C_FindObject APIs no longer instantiate keys from the aws_clientcredential_keys.h header file if keys are not found. This removes the dependency of PKCS #11 on values that will be unique per-device (a transition step for enabling production-scale provisioning). Note that calling vDevModeKeyProvisioning() is now necessary to provision the device.
- C_FindObject PKCS #11 objects can be looked up by CKA_LABEL, in order to provide a standard-compliant object lookup. Note that pkcs11configFILE_NAME_* configurations have been removed from aws_pkcs11_config.h, see aws_pkcs11.h for pkcs11configLABEL_* defines to access labels, and aws_pkcs11_pal.c for pkcs11palFILE_NAME_* defines.
- C_FindObject and C_GetAttributeValue accept different attribute arguments.
- C_CreateObject requires DER encoded certificates and keys instead of PEM formatted and object attributes required for creating objects have changed. Note that vDevModeKeyProvisioning() has been updated to supply required attributes and convert inputs from DER to PEM if necessary.
- C_GenerateKeyPair now stores keys in non-volatile memory.
- C_Finalize is no longer invoked by helper functions to prevent threads from interfering with each other's PKCS #11 instances.
- Some error codes have been changes to better match the PKCS #11 standard.
- aws_tls.c and PKCS #11 AFQP tests have updates to reflect these changes.
- mbedTLS-based PKCS #11 V1.0.5
- TLS V1.1.3
- Breaking changes were made to PAL PKCS #11 functions in order to transition from file-centric API to object handle and object label based API.
- PKCS #11 PAL for ESP32-DevKitC ESP-WROVER-KIT V1.0.1
- PKCS #11 PAL for XMC4800 IoT Kit V1.0.1
- PKCS #11 PAL for Curiosity PIC32MZEF V1.0.4
- PKCS #11 PAL for LPC54018 IoT Module V1.0.3
- PKCS #11 PAL for Windows Simulator V1.0.3
- PKCS #11 PAL for STM32L4 Discovery kit IoT node V1.0.3
- PKCS #11 PAL for Xilinx Zynq MicroZed V1.0.0 (new)
- Updates to match behavior of mbedTLS-based PKCS #11.
- mbedTLS added to support conversion between DER and PEM objects. Note that after provisioning the device, mbedTLS and provisiong PKCS #11 functions may be removed to reduce code size.
- PKCS #11 PAL for CC3220SF-LAUNCHXL V1.0.3
- The OTA PALs for the Curiosity PIC32MZEF and ESP32-DevKitC ESP-WROVER-KIT boards have been modified to utilize PKCS #11 API to retrieve code signing keys, rather than calling into PKCS #11 PAL functions.
- OTA PAL for Curiosity PIC32MZEF V1.0.1
- OTA PAL for ESP32-DevKitC ESP-WROVER-KIT V1.0.1
- Minor update to handle PKCS #11 error codes.
- Update formatting.
- Fix the license header from Secure Socket to Secure Sockets.
- Bug fix to support Amazon Trust Services endpoints. For more information, please see https://aws.amazon.com/blogs/iot/aws-iot-core-ats-endpoints/.
- Remove duplicate file name definitions. See iot_secure_sockets_config.h for file name defines.
- Minor bug fixes.
Update Amazon FreeRTOS with port files, demo projects, and tests for the Infineon XMC4800 IoT Connectivity Kit.
Incorporate an update to Espressif's ESP-IDF which improves the implementation of pthread.
Resolve several warnings in the MPLAB project builds, and update the projects to no longer assume that the XC32 compiler is in the host computer's path.
Move a few utilities to the root-level 'tools/' directory, from the 'tests/common/tools/' and 'demos/common/tools/' directories.
Improve consistency of Hungarian Notation usage, update a number of methods to use 'void' instead of an empty argument list, and update the style guide.
Add POSIX functions including time
, localtime_r
, and strftime
.
Update Device Defender code to use the same 'lib/' and 'include/' directory structures as the other libraries.
Update the Amazon FreeRTOS Qualification Program's documentation to reflect updated directory structures.
None
- Update Amazon FreeRTOS Windows Simulator to use ECDSA/SHA-256 for OTA image verification.
The demo bootloader supports Amazon FreeRTOS over-the-air (OTA) update by implementing firmware version checking, cryptographic signature verification, and application self-test. The firmware verification includes verifying the authenticity and integrity of the new firmware received over the air. The bootloader verifies the cryptographic signature of the application before boot. The elliptic-curve digital signature algorithm (ECDSA) with SHA256 is used. The utilities provided can be used to generate a signed application that can be flashed on the device. This enables signature verification of the initial image.
The over-the-air (OTA) updates feature of Amazon FreeRTOS is now generally available. The release includes enhancements to the OTA Agent and changes to the OTA Portable Abstraction Layer (PAL) interface.
Update for API changes for OTA general availability release.
Update for API changes for OTA general availability release.
Update for API changes for OTA general availability release.
Update for API changes for OTA general availability release.
Enhancements and API changes for OTA general availability release.
None
- Multiple security improvements and fixes in packet parsing routines, DNS caching, and TCP sequence number and ID generation.
- Disable NBNS and LLMNR by default.
- Add TCP hang protection by default.
- Improve security in Amazon FreeRTOS Secure Sockets usage of mbedTLS and ALPN.
We thank Ori Karliner of Zimperium zLabs Team for reporting these issues.
None
- Updates to OTA Beta to incorporate a new API for the OTA service. This API is not compatible with the API used in the original OTA Beta released on Dec. 20th.
- Add a "reference bootloader" for use in the OTA process. This bootloader is for use with the Microchip MCU.
- Update AFQP documentation. For more info on the changes to AFQP, reference the Revision History of the "Amazon FreeRTOS Qualification Program Developer Guide" in the "tests" directory.
- Add a demo to illustrate the operation of Device Defender for the Windows Simulator and Microchip PIC32MZEF MCU.
- Address an issue where the "Hello World" demo did not build with TI CCS 7.3 in AFR 1.3.0 when downloaded from OCW.
This release of AFR has support for vendors who wish to have their ports qualified for Amazon FreeRTOS through the Amazon FreeRTOS Qualification Program (AFQP). This is the first public release of AFQP tests and documentation. A new top level "tests" directory is added to support this functionality. AFQP documents are available in "tests" directory. Learn more.
AWS IoT Device Defender is an AWS IoT security service that allows users to audit the configuration of their devices, monitor connected devices to detect abnormal behavior, and to mitigate security risks. It gives you the ability to enforce consistent security policies across your AWS IoT device fleet and respond quickly when devices are compromised. Device side support of this feature is part of this release. Devices supported are WinSim and Microchip PIC32MZEF. Learn more.
This release includes version 1.0.0 of FreeRTOS+POSIX. FreeRTOS+POSIX is a POSIX compatibility layer that allows existing POSIX applications to run without modifications of FreeRTOS. This release supports POSIX threads, mutexes, barriers, condition variables, semaphores, message queues, clocks, timers, and error numbers. While most of the POSIX functions are implemented and up to specification, limitations in the FreeRTOS kernel precluded the standard implementations of certain functions. The functions which differ from the POSIX specification are identified in their header files. Currently, FreeRTOS+POSIX is only used by drivers of the TI CC3220SF.
- Add Idle tick counter interface
- Rename posix/ to FreeRTOS_POSIX/
- Fix issues raised by the Coverity scan
- Fix a typo ulRxWindowLength -> ulTxWindowLength in FreeRTOS_Sockets.c
- Fix strncmp length in FreeRTOS_DNS.c
- Fix styling in FreeRTOS_ARP.c
- Fix a spelling typo ";east" -> "least" (response from a pull request)
- Add auto check of network interfaces for WinSim
- Move MQTT metrics to agent
- Reduce the number of warnings generated
- Change project baudrate setting to resolve AFQP test failures
- Update to latest NXP driver to address AFQP 1.0 test failures
- Update to new Inventek driver to resolve AFQP 1.0 test failures
- Change Microchip network param to use a direct address instead of a section to reduce the size of the binary image to allow OTA to continue working.
- Reduce number of warnings generated.
- Add fixes for Demo and DHCP.
- Update for release of AFQP 1.0
- Update for release of AFQP 1.0
- Update the Texas Instruments SimpleLink CC3220SF SDK from version 1.40.01.00 to version 2.10.00.04.
- Fix the MQTT Echo Demo (Hello World Demo) to avoid truncating received strings.
- Modify the Getting Started scripts to check if the AWS CLI is configured.
- Update comments for SimpleLink CC3220SF SDK version 2.10.00.04.
- Fix NXP MCUXpresso project build failure on Linux.
- Add support for Espressif's ESP32-DevKitC and ESP-WROVER-KIT.
- Add Espressif ESP32 network interface support.
- Implement C_DigestInit, C_DigestUpdate, and C_DigestFinal for SHA-256.
- Implement C_GenerateKeyPair for non-persistent ECDSA P256.
- Add support for Espressif's ESP32-DevKitC and ESP-WROVER-KIT.
- Bug fix to ensure that WIFI_ConnectAP() switches to the network parameters input, even when already connected to a different set.
- Add support for Espressif's ESP32-DevKitC and ESP-WROVER-KIT.
- Upgrade to mbedTLS version 2.8.
- Add MCUXpresso IDE demo project for the NXP LPC54018 IoT Module.
- Minor updates due to mbedTLS crypto interface changes.
- Fix a bug where re-transmission and duplicated TCP packets would create a computation underflow as well as a memory leak.
- Add new public function FreeRTOS_UpdateMACAddress() to allow changing the MAC address after FreeRTOS_IPInit. Sometimes the device MAC address is not available at the time FreeRTOS_IPInit() is called, so it needs to be changed afterward.
- Remove non-cryptographic rand() implementation.
- Remove a static variable in functions prvGetHostByName() and prvCreateDNSSocket() to make them threadsafe.
- Provide a helpful error message if the Greengrass Discovery JSON does not fit in the supplied buffer.
- Bug fix to avoid socket leak if MQTT Connect fails after a successful TCP connection.
- Add support for disabling subscription management feature by defining the macro mqttconfigENABLE_SUBSCRIPTION_MANAGEMENT as 0.
- Update for PKCS #11 PAL layer API changes.
- Minor restructuring of file locations.
- Minor changes to enable test integration.
- Minor restructuring of file locations.
- Combine the mbedTLS based PKCS #11 implementation from Curiosity PIC32MZEF, LPC54018 IoT Module, Windows Simulator, and STM32L4 Discovery kit IoT node into a single file.
- Add support for public key verification of signatures.
- Fix to free context structures on session failure.
- Update C_OpenSession to use CKF_SERIAL_SESSION flag.
- Create port specific functions for certificate and key access: PKCS11_PAL_SaveFile(), PKCS11_PAL_ReadFile(), PKCS11_PAL_ReleaseFileData().
- Create port specific functions for certificate and key access: PKCS11_PAL_SaveFile(), PKCS11_PAL_ReadFile(), PKCS11_PAL_ReleaseFileData().
- Create port specific functions for certificate and key access: PKCS11_PAL_SaveFile(), PKCS11_PAL_ReadFile(), PKCS11_PAL_ReleaseFileData().
- Create port specific functions for certificate and key access: PKCS11_PAL_SaveFile(), PKCS11_PAL_ReadFile(), PKCS11_PAL_ReleaseFileData().
- PKCS #11 implementation for TI based on mbedTLS moved into this file.
- Combine Secure Sockets implementation for Curiosity PIC32MZEF and Windows Simulator into a single file.
- Fix return value of SOCKETS_Socket on error.
- Attempting to create an unsupported UDP socket now triggers an assert.
- Add cryptographic random number generator function for TCP sequence numbers.
- Update the Socket structure to keep track of a connection attempt and added support of the ECONN error.
- Fix minor bug in SOCKETS_Recv().
- Fix return value of SOCKETS_Close on error.
- Secure sockets printing is now controlled independently using the SOCKETS_PRINT macro. SOCKETS_PRINT prints TI driver error codes.
- Change names of configuration constants to be consistent with FreeRTOS style.
- Support AWS IoT Just-in-Time Registration (JITR) by sending optional client-issuer certificate.
- Use CKF_SERIAL_SESSION flag with PKCS #11.
- Update for setting the MAC Address in WIFI_On() by using new FreeRTOS+TCP function FreeRTOS_UpdateMACAddress().
- Redefine printing and assert stubs used in the Wi-Fi driver code.
- Add implementation of WIFI_GetMAC().
- Add implementation of WIFI_IsConnected().
- Minor bug fixes.
- Add implementation of WIFI_IsConnected().
- Fix max DNS name length redefinition.
- Fix compiler errors in MCUXpresso IDE.
- Minor bug fixes.
- Add implementation of WIFI_IsConnected().
- Add NULL pointer checks throughout.
- Minor bug fixes.
- Add implementation of WIFI_IsConnected().
- Add NULL pointer checks throughout.
- Minor bug fixes.
- Fix TI IAR project build failure.
- Formatting update.
- Beta release of the OTA Update support for the Microchip Curiosity PIC32MZEF.
- Add support for the management of OTA update code signing keys.
- Update to conditionally compile the entire file.
- Add an IAR IDE demo project for the Texas Instruments CC3220SF-LAUNCHXL.
- Add Wi-Fi support for the Microchip Curiosity PIC32MZEF.
- Improve NULL variable check in buffer management.
- Minor bug fix checking for a NULL pointer.
- Update to support NULL OTA file handles.
- Update to support NULL OTA file handles.
- Add a dummy variable to a previously empty structure to fix IAR compiler errors.
- Formatting update.
- Update to print SimpleLink driver-specific error codes when debugging.
- Add error handling for non-blocking sockets.
- Update socket option to return an error if security options are specified after a connection.
- Update such that Wi-Fi disconnection waits until the link is down before returning.
- Fix error in attempting to overwrite a const memory.
- Update to send all data until an error is received.
- Add support for ALPN. ALPN allows MQTT traffic to be sent to the AWS IoT broker over port 443 instead of 8883.
- Send a FAILED status from agent when a file too large for the platform is received.
- Rename some files.
- Add developer mode key provisioning support.
- Add support for ALPN.
- Add support for ALPN.
- Remove unnecessary server certificate storage on the client side.
- Remove unnecessary global synchronization semaphore.
- Update for other small bugs.
- Fix error handling bugs.
- Require client tokens.
- Update for other small bugs.
- Add support for ALPN.
- Fix compiler warning for the Microchip Curiosity PIC32MZEF.
- Add support for the Microchip Curiosity PIC32MZEF.
- Minor bug fixes to allow Linux and C++ builds.
- Reformat console display messages in order to better facilitate demos and debugging.
- The MQTT Agent now processes commands between successive socket reads to enable faster command handling, especially when the connected socket is receiving data continuously.
- Beta release of OTA Update library for Amazon FreeRTOS. Includes support for the Texas Instruments CC3220SF-LAUNCHXL and Windows Simulator.
- Add support for the Microchip Curiosity PIC32MZEF.
- Add support for the Microchip Curiosity PIC32MZEF.
- Fix bugs in the Secure Sockets implementation for the NXP LPC54018 IoT Module.
- Fix compiler warning for the Microchip Curiosity PIC32MZEF.
- Change the Wi-Fi Connection timeout to 10 seconds.