Hawkbit Direct Device Integration API sample
The hawkbit update server provides REST resources which are consumed by the device to retrieve software update tasks. This API is based on HTTP standards and a polling mechanism.
This sample shows how to use Hawkbit DDI API in both a polling and manual update mode.
Polling mode run automatically on a predefined period, probing the server for updates and installing them without requiring user intervention. You can access the sample source code for this hawkbit_polling.
Manual mode requires the user to call the server probe and then, if there is an available update, it will install the update. You can access the sample source code for this mode hawkbit_manual
The Zephyr port of
Hawkbitis configured to run on a Freedom-K64F MCU by default. The application should build and run for other platforms with support internet connection. Some platforms need some modification. Overlay files would be needed to support BLE 6lowpan, 802.15.4 or OpenThread configurations as well as the understanding that most other connectivity options would require an edge gateway of some sort (Border Router, etc).
The MCUboot bootloader is required for
Hawkbitto function properly. More information about the Device Firmware Upgrade subsystem and MCUboot can be found in MCUboot.
Building and Running
The below steps describe how to build and run the
Hawkbit sample in
Zephyr. Where examples are given, it is assumed the sample is being build for
the Freedom-K64F Development Kit (
Step 1: Build MCUboot
Build MCUboot by following the instructions in the MCUboot documentation page.
Step 2: Flash MCUboot
Flash the resulting image file to the 0x0 address of the flash memory. This can be done by,
Step 3: Start the Hawkbit Docker
By default, the hawkbit application is set to run on http at port:8080.
sudo docker run -p 8080:8080 hawkbit/hawkbit-update-server:latest \ --hawkbit.dmf.rabbitmq.enabled=false \ --hawkbit.server.ddi.security.authentication.anonymous.enabled=true
This will start the hawkbit server on the host system.Opening your browser to
the server URL,
<your-ip-address>:8080, and logging into the server using
admin as the login and password by default.
Step 4: Build Hawkbit
Hawkbit can be built for the frdm_k64f as follows:
# From the root of the zephyr repository west build -b frdm_k64f samples/net/hawkbit -- -DCONF_FILE="prj.conf"
Step 5: Sign and confirm the first image
From this section onwards you use a binary (
.bin) image format.
west sign -t imgtool -- --key \ ~/zephyrproject/bootloader/mcuboot/root-rsa-2048.pem --confirm \ --version 1.0.0
The command above creates a signed and confirmed image file called
zephyr.signed.confirmed.bin in the build directory. It’s important for
the first image to be confirmed as MCUboot isn’t able to confirm an image that
is flashed using a hardware tool, and Hawkbit will reboot to trigger a firmware
swap if it isn’t able to confirm the running image on init.
Step 6: Flash the first image
zephyr.signed.confirmed.bin file from Step 5 to image slot-0
of your board.
west flash --bin-file build/zephyr/zephyr.signed.confirmed.bin
Once the image is flashed and booted, the sample will print the image build time to the console. After it connects to the internet, in hawkbit server UI, you should see the the frdm_k64f show up in the Targets pane. It’s time to upload a firmware binary to the server, and update it using this UI.
Step 7: Building and signing the test image
The easiest way to test the functionality of Hawkbit is to repeat step 4 to build the sample again, so that the build time will be different. Then, similar to step 5, sign the image and assign it a different version number but without confirming it like so:
west sign -t imgtool -- --key \ ~/zephyrproject/bootloader/mcuboot/root-rsa-2048.pem \ --version 1.0.1
The command above creates a signed image file called
zephyr.signed.bin in the build directory.
Upload the signed image to the server. Click Upload icon in left pane of UI and
create a new Software Module with type Apps (
Then upload the signed image to the server with Upload file Icon.
Click on distribution icon in the left pane of UI and create a new Distribution
with type Apps only (
name:frdm_k64f_update,version:1.0.1). Assign the
hawkbit software module to the created distribution. Click on Deployment
icon in the left pane of UI and assign the
frdm_k64f_update distribution to
Step 8: Run the update
Back in the terminal session that you used for debugging the board, type the following command:
And then wait. The board will ping the server, check if there are any new
updates, and then download the update you’ve just created. If everything goes
fine the message
Image flashed successfully, you can reboot now will be
printed on the terminal.
Step 9: Reboot the system
In the terminal you used for debugging the board, type the following command:
kernel reboot cold
Your board will reboot and then start with the new image. After rebooting, the
board will print a different image build time then automatically ping the server
again and the message
No update available will be printed on the terminal.
Step 10: Clone and build hawkbit with https
Below steps clone and build the hawkbit with self-signed certificate to support https.
git clone https://github.com/eclipse/hawkbit.git cd hawkbit/hawkbit-runtime/hawkbit-update-server/src/main/resources
Generate the private key
openssl genrsa -des3 -out server.key 2048
Generate the CSR
openssl req -new -key server.key -out server.csr
Once you run the command, it will prompt you to enter your Country,
State, City, Company name and enter the Command Name field with
Generate the self-signed x509 certificate suitable to use on web server.
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
Generate pem file from generated server.key and server.crt
cat server.key > server.pem cat server.crt >> server.pem
Generate .pkcs12 file
openssl pkcs12 -export -in server.pem -out keystore.pkcs12
Following command imports a .p12 into pkcs12 Java keystore
keytool -importkeystore -srckeystore keystore.pkcs12 -srcstoretype pkcs12 \ -destkeystore hb-pass.jks -deststoretype pkcs12 \ -alias 1 -deststorepass <password_of_p12>
Edit the hawkbit application.properties file
Change authentication security from false to true.
Enter the https details at last
server.hostname=localhost server.port=8443 hawkbit.artifact.url.protocols.download-http.protocol=https hawkbit.artifact.url.protocols.download-http.port=8443 security.require-ssl=true server.use-forward-headers=true server.ssl.key-store= <hb-pass.jks file location> server.ssl.key-store-type=JKS server.ssl.key-password= <password_of_key> server.ssl.key-store-password= <password_of_key_store> server.ssl.protocol=TLS server.ssl.enabled-protocols=TLSv1.2 server.ssl.ciphers=TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA
cd ~/hawkbit mvn clean install -DskipTests=true
Once the build is successful, run hawkbit
java -jar ./hawkbit-runtime/hawkbit-update-server/target/ \ hawkbit-update-server-#version#-SNAPSHOT.jar
Step 11: Build Hawkbit HTTPS
Convert the server.pem file to self_sign.der and place the der file in hawkbit/src directory
Hawkbit https can be built for the frdm_k64f as follows:
# From the root of the zephyr repository west build -b frdm_k64f samples/net/hawkbit -- -DCONF_FILE="prj.conf overlay-tls.conf"
Repeat the steps from 5 to 9, to update the device over https.