Description
Full modem FOTA is broken on tag 1.3.0 of Asset Tracker Template. The firmware download completes successfully, but the device fails during pre-validation of the image with error -134 (PSA_ERROR_NOT_SUPPORTED), and the modem firmware is never applied.
Root cause
In a recent SDK update, the full modem FOTA library replaced its MbedTLS-based hash validation with PSA crypto. However, the TFM-minimal profile used by this project does not expose the PSA crypto APIs required, causing the pre-validation step to fail.
Detection gap
Our CI test checked the FOTA endpoint's completed status, which is set once the download finishes regardless of whether the device successfully applied the update. The API does provide a count of how many devices applied successfully, but this was not validated in our test, allowing the failure to go undetected.
Resolution
CI is updated to also validate that the device successfully applied the update.
Fixing full modem FOTA requires implementing a custom TF-M configuration based on TFM_PROFILE_TYPE_NOT_SET. A functional implementation exists in the TFM-profile-not-set branch, but this profile increases flash usage by 32kB. Work is ongoing to reduce the flash footprint before merging.
Description
Full modem FOTA is broken on tag 1.3.0 of Asset Tracker Template. The firmware download completes successfully, but the device fails during pre-validation of the image with error -134 (PSA_ERROR_NOT_SUPPORTED), and the modem firmware is never applied.
Root cause
In a recent SDK update, the full modem FOTA library replaced its MbedTLS-based hash validation with PSA crypto. However, the TFM-minimal profile used by this project does not expose the PSA crypto APIs required, causing the pre-validation step to fail.
Detection gap
Our CI test checked the FOTA endpoint's completed status, which is set once the download finishes regardless of whether the device successfully applied the update. The API does provide a count of how many devices applied successfully, but this was not validated in our test, allowing the failure to go undetected.
Resolution
CI is updated to also validate that the device successfully applied the update.
Fixing full modem FOTA requires implementing a custom TF-M configuration based on TFM_PROFILE_TYPE_NOT_SET. A functional implementation exists in the TFM-profile-not-set branch, but this profile increases flash usage by 32kB. Work is ongoing to reduce the flash footprint before merging.