LGA DevKit+EXS82-W start application "Unknown error" problem. And what is at^susrw ? | Telit Cinterion IoT Developer Community
June 24, 2021 - 11:27am, 10006 views
Hi,
I am currently working on module EXS82-W together with LGA DevKit, driver is Ubuntu 20.04. After setting up software environment required and check the firmware, I started to manage embedded applications.
I follow the user guide of SDK, build the application, generate the application root of trust and sign it to the application, verify it, download the signed application to the target. Then, I opened another terminal window to start listening. But when I tried to start the application, it always shows "Unknown error, failed!" (as the sceenshot shows).
I have tried many different ways,
1) Go through app.py and Ctrl+f find this error, it didn't mention; but very interesting thing is there is a line in app.py:
if c.send('at^susrw=1,"A:/' + sargs.APPNAME + '.bin"') == STATUS_KO:
this AT command, I couldn't find any related infomation online or from the EXS82 ATC document.
2) Change to the other application, helloworld, logging... still the same problem
3) Change the module, still the same problem
4) Thinking maybe it's because the FW is newer than the one in the archive, so we "updated" back to 118 from 124, new problem is when I type lsusb
in terminal window, it's not Cinterion but Qualcom, and it couldn't connected, only port /dev/ttyUSB0
5) Check .bin file's permission, enable it, but still same error.
I'd appreciate any kind of help.
Thank you and best regards,
Joefy
Hello,
Thank you for your reply!
The verification returns OK.
As for the Root of Trust, I thought for development and test purposes, the module can be used in unsecured mode, and I check the AT^SSECUC="SEC/MODE", it returns 0 and OK, which means the module s not locked. Do I need to install and protect the application root of trust in the module?
BR,
Joefy
Hi Joefy,
Since your module is not locked (^SSECUC: "SEC/MODE",0) it works in an unsecured mode, which means that the application root of trust in your module is not protected and can be deleted or overwritten. This mode is used for development so that it's possible to easily change the application root of trust on the module. Otherwise, if the secure mode is active, the application root of trust certificate cannot be deleted or modified unless the command (which performs this action) is signed with the corresponding private key.
Still, in both modes the application root of trust has to be installed in module's certificate store so that the module can verify the signature of the embedded application that you downloaded into it. Otherwise, the verification will fail - this is probably the root cause of the error that you see.
BR,
Ida
Hello,
OK, thank you. But the thing is, in the SDK user guide only mentioned how to use windows to build the file "LoadAppRotCert.bin", but I am using Linux, can you bemore specific how to install the root of trust under Linux?
BR,
Joefy
Hello,
So in the SDK user guide, I have found the reference: Transport Layer Security for Client TCP/IP Services, but the one I found online is back tp 2013, very old version. Could you please send me the latest version? Is this file I need to help to install the Root of Trust?
BR,
Joefy
Hi Joefy,
That is correct, I'll send you the latest version of our ApplicationNote 62: "Transport Layer Security for Client
TCP/IP Services" document shortly. This document includes an archive with tools that we provide for Windows and Linux setups - please save it into your Linux machine.
In the archive please check ...\Tools\bin\linux-i386 subfolder, it contains cmd_IpCertMgr.jar utility, that should be used to generate the "LoadAppRotCert.bin" file mentioned in your GettingStarted guide. The command should be similar to:
java -jar cmd_IpCertMgr.jar -mode app_rot -cmd writecert -certfile app_root.der -certIndex 0 -sigType NONE -file ./LoadAppRotCert.bin
where app_root.der is your application root of trust certificate in DER format. Please note that cmd_IpCertMgr.jar should be used with Java 1.7 32 bit environment.
Once the binary command file is created, connect to your module via serial/USB and transfer this file via AT^SBNW, e.g.:
[15:56:25:918] at^sbnw="app_rot",1␍␍␊
[15:56:25:923] CONNECT␍␊
[15:56:25:923] ␍␊
[15:56:25:923] SECURE CMD READY: SEND COMMAND ...␍␊
[15:56:56:104] ␍␊
[15:56:56:112] SECURE CMD END OK␍␊
[15:56:56:112] ␍␊
[15:56:56:112] OK␍␊
Most terminals that support serial connections also include file transfer functionality. On my setup I used cutecom, which also sports this feature.
Afterwards you can check the details of your loaded certificate with AT^SBNR="app_rot" command.
BR,
Ida
Hello Ida,
Thank you for your answer, it's pretty clear, but here is the thing, I am using ubuntu 20.04 and java 1.7 has been removed from the candidate. Even when I tried to manually download the jdk and jre 7, it seems that I still only have the one I installed before.
Do you have any idea about this situation?
BR,
Joefy
Hello,
The java environment problem I have fixed, after I generated the binary file, here is what I got:
CONNECT
SECURE CMD READY: SEND COMMAND ...
SECURE CMD SERVICE TIMEOUT ERROR
+CME ERROR: 767
Is there any specific directory I need to put the .bin file?
BR,
Joefy
Hi Joefy,
"SECURE CMD SERVICE TIMEOUT ERROR" is seen when AT^SBNW command timeouts without receiving required data. So it suggests that your terminal program did not transfer the file you provided after calling at^sbnw="app_rot",1 command.
Normally there's no requirement as to where the file for transfer should be stored on local disk. In most terminal programs with GUI you have an option for "file transfer" and after selecting it you should be able to navigate to your file through your system's folder tree.
Which terminal program do you use to connect to your EXS82 module?
BR,
Ida
Hi Ida,
I am using picocom and putty, I can try cutecom later. However, except the TIMEOUT, the "error 767: operation failed" also concerns me. As for the "file transfer", I couldn't find it, could you please be more specific about this solution?
Thank you very much for your help!
BR,
Joefy
Hi Ida,
I have tried cutecom, putty and picocom, no luck so far. And I tried to put the file under /Home, the same error. And I was thinking maybe when I generate the binary file, the sigType parameter is the problem. Here is what I use:
user@asus-ux330u:~/Downloads/Serval_300_048B/exs62-w_exs82-w_tx62-w_tx82-w_tls_tools/Tools/bin/linux-i386$ java -jar cmd_IpCertMgr.jar -mode app_rot -cmd writecert -certfile '/home/user/app_rot.der' -certIndex 0 -sigType NONE -file ./LoadAppRotCert.bin
Java version: 32-bit
1.7.0_80
signature skipped
However, I check the document, it only support SHA256 and NONE, however, the application signature config is EC with sha384. Would this be a problem?
BR,
Joefy