10 Replies Latest reply on Oct 10, 2020 8:05 PM by AxLi_1746341

    On whether you need to update filesystem.bin

    hiko_4316286

      The update in OTA1 does not have the ability to update the external Flash filesystem.bin.

      Is it correct to assume that the filesystem.bin does not need to be updated because it does not contain any security-related information?

       

      *The intent of this question is to make sure that only the area that can be updated by OTA1 is the area that needs to be updated by the vulnerability measure, and that the external flash filesystem.bin will not be updated by the vulnerability measure.

       

      *It is my understanding that security-related contents, such as drivers, can be updated via OTA1.

       

      *We found out that we cannot update the filesystem.bin of the external Flash filesystem with OTA1 after mass production, so we wanted to know if the update of the filesystem.bin is necessary.

        • 1. Re: On whether you need to update filesystem.bin
          KotnaniK_71

          Hi,

           

          Can you please let me know the platform or host processor you are using?

           

          Usually, the filesystem.bin consists of the resource information like WiFi firmware, CLM_blob, webserver components and other security related information. Also, the filesystem.bin encapsulates the whatever resource information present in the WICED resources directory.

           

          The limitation with OTA is that only the main application system components can be updated and you can find more information in section-5 of WICED-OTA.pdf document.

           

          Thanks.

          • 2. Re: On whether you need to update filesystem.bin
            hiko_4316286
            Can you please let me know the platform or host processor you are using?

            "That would be STM32F412.

             

            You answered: "The limitation with OTA is that only the main application system components are updated." I have a question about.

             

            It says that the resource will not be updated with OTA.

            Is this because the resource's firmware is not updated and therefore there is no ability to update the resource in OTA?

            Or, if there is an update to the resource's firmware, is there no ability to update the resource via OTA because of the content that does not need to be updated?

            (Think of it as a WICED update, not as a case of a user changing a resource.)

            • 3. Re: On whether you need to update filesystem.bin
              hiko_4316286

              If you can find out anything, please respond.

              • 4. Re: On whether you need to update filesystem.bin
                KotnaniK_71

                Hi,

                 

                Yes, the ota_fr doesn't have the ability to update firmware and only the main application can be updated via OTA which is the limitation of OTA1.

                 

                Please check the implementation in this thread Updating 4343W wifi firmware for our module via OTA suggested by one of our users in community and see if it's a possible solution for you.

                If not, updating the firmware is mandatory for you, I request you to please contact our local sales/marketing team and they should be able to help you out.

                 

                Thanks.

                • 5. Re: On whether you need to update filesystem.bin
                  hiko_4316286

                  When WICED is updated due to a vulnerability, it is recognized that the driver part can be updated by OTA1.

                  However, filesystem.bin (data in resources) cannot be updated by OTA1 and does not necessarily need to be updated.

                  Therefore, even if WICED is updated, filesystem.bin of external flash is recognition that it is not necessary to update.

                  Even if you do not update using "Updating 4343W wifi firmware for our module via OTA", it is recognition that there is no problem as operation, is it correct?

                  • 6. Re: On whether you need to update filesystem.bin
                    hiko_4316286

                    If you can find out anything, please respond.

                    • 7. Re: On whether you need to update filesystem.bin
                      hiko_4316286

                      Please answer the question, as the vulnerability will determine whether the filesystem.bin needs to be updated.

                      • 8. Re: On whether you need to update filesystem.bin
                        KotnaniK_71

                        My sincere apologies for the delay and missing your responses.

                         

                        The device functionality won't stop even if you don't update the filesystem.bin. All you need to make ensure is that the application update that you intend to deploy is built using the same firmware as that in the field.

                         

                        Now coming to whether the filesystem.bin needs to be updated or not, it is required only if you want to update your firmware to fix these vulnerabilities that may arise in future. Otherwise, you don't need OTA update if your device looks good.

                        Since the ota_fr default implementation doesn't have the the ability to update the firmware and if you want those firmware fixes deployed, you need to have some sort of custom implementation to be done. In order to do this, you need to contact our local sales/marketing team and they should be able to help you.

                         

                        Thanks.

                        • 9. Re: On whether you need to update filesystem.bin
                          AxLi_1746341

                          KotnaniK_71 wrote:

                           

                          Now coming to whether the filesystem.bin needs to be updated or not, it is required only if you want to update your firmware to fix these vulnerabilities that may arise in future. Otherwise, you don't need OTA update if your device looks good.

                          Since the ota_fr default implementation doesn't have the the ability to update the firmware and if you want those firmware fixes deployed, you need to have some sort of custom implementation to be done. In order to do this, you need to contact our local sales/marketing team and they should be able to help you.

                           

                          Thanks.

                          The WICED-6.6.0 release includes several security fix in various WLAN firmware.

                          I believe you will get a lot similar questions regarding how to update filesystem.bin.

                          Why not provide a standard implementation so people can easily test and verify if it works?

                          • 10. Re: On whether you need to update filesystem.bin
                            AxLi_1746341

                            KotnaniK_71 MuraliR_36

                             

                            I just notice the new wiced-6.6 release will cause problems in OTA wlan firmware because the

                            wlan firmware file size becomes much bigger than older sdk versions.

                            No matter the wlan firmware is in filesystem.bin or in a separate partition,

                            it will hit problem as mentioned in https://community.cypress.com/thread/55934