Thales' cellular IoT products business is now part of Telit Cinterion, find out more.

You are here

Community > Forum > Cellular Hardware > EHS6: Update to Firmware 03.001 breaks Java security

EHS6: Update to Firmware 03.001 breaks Java security | Telit Cinterion IoT Developer Community

Like
0
2
Ingo Lepper's picture
Ingo Lepper

June 17, 2015 - 11:26am, 3131 views

Hello,

we are currently updating a bunch of EHS6 terminals from

  REVISION 02.000, A-REVISION 00.000.15

to 

  REVISION 03.001, A-REVISION 00.000.14

and face problems concerning Java security with two of the devices. Before updating, all devices had active Java security and disabled MES tools/OBEX, i.e.

  AT^SJMSEC?

gave

  ^SJMSEC: 2,0,0,0

After the update, 2 of 5 devices permanently deny AT^SJMSEC commands:

 AT^SJMSEC?

 ERROR

 AT+CMEE=2

 OK

 AT^SJMSEC?

 +CME ERROR: Unknown

Trying to re-activate MES tools fails, too:

 AT^SJMSEC="cmd","23010[...redacted...]F2F9AE"

 +CME ERROR: Unknown

I also have a third device where Java security is broken, but I somehow managed to break this one without updating to release 3 firmware. While I was experimenting how to setup Java security it told me the "keystore state" (first component of answer) was "0":

AT^SJMSEC?

^SJMSEC: 0,0,1,0

According to the AT command document, this keystore state means "No keystore installed. Internal mode dedicated for manufacturer." I tried to fix this with an update to release 3 firmware and ended up with exactly the same behaviour as described above.

I have 15 more devices sitting on my desk waiting for an update and would prefer not to break them. So any help is highly appreciated. 

Best regards,

  Ingo 

2
Comment
Log in or register to post comments
Bartłomiej Gemalto Moderator's picture
Bartłomiej Gema...
Jun 22 2015 - 3:01pm

Hello Ingo,

We will try to investigate the problem you have described. 

As a workaround I'd suggest switching off the security on the modules before updating.

You could try to downgrade the broken modules to revision 2 and then check if the security is working again.

If the modules are permanently broken I'd suggest you to contact with your local Gemalto m2m technical support to fix or replace the modules.

According to the module which declares no keystore installed - you will not be able to fix this by firmware update and have to contact the technical support.

Best regards,

Bartłomiej

Ingo Lepper's picture
Ingo Lepper
Jun 26 2015 - 2:53pm

Hello Bartłomiej,

with both devices, downgrading to revision 2 was not possible: "Error: failed to send download command!". We will contact Gemalto m2m technical support.

Thanks for your help, best regards,

Ingo