Release Notes
Version: Legato 21.05.0
Date: September 2, 2021
Legato Application Framework Licensing Information
Visit the release page to download the tarball, clone the repositories from GitHub, or view previous released versions.
New Features
List of new features in the 21.05.0 Release:
New SMACK onlycap Features for Kernel 4.14
- SMACK rules have been updated for some daemons, such as "modemService" to have write access to "admin".
- smack_SetOnlyCap() has been fixed to allow for unsetting of ONLYCAP using "-".
- smack_isMounted() API has been added to check if a file system is mounted.
- smack_IsOnlyCapSet() API has been added to check if onlycap is set.
- Bidirectional write permissions has been given to atService() and atQmiLinker(), so that AVC can successfully run on kernel 4.14.
- For le_fs() API, the backend storage uses /tmp/data/le_fs/ when /data/le_fs is not available.
- Socket permission errors leading to a reboot loop on kernel 4.14 on virtual platform has been resolved.
- Failure to modify permissions on SMACK label directory for SMACK OnlyCap install has been fixed.
New IoT KeyStore Features
- Note
- IoT Keystore has been disabled by default in the generic Legato release and has been enabled by default on the WP release which works on specific Sierra Wireless hardware.
- IoT Keystore is available on WP76 and FX30 starting with Release 17, and WP77 and FX30 starting with Release 15.
- Security features TrustZone4 and IoT KeyStore have been implemented. Secure data migration has been automatically applied when upgrading from an older version of the TrustZone4 to the latest version in kernel 4.14.
- IoT Keystore access has been integrated into Legato's secure storage app. By default, it is disabled in the Legato build. This can be enabled using configs "SECSTORE_IKS_BACKEND" and "ENABLE_IOT_KEYSTORE_API". Please note that the build of IoT Keystore uses proprietary libraries that require the user to be signed in.
- Legato APIs have been created to access the IoT Keystore library. They will perform cryptographic key management and encryption/decryption routines. Additionally a platform adapter component to separate access to the library into a platform-specific layer has been added. Also, key namespaces between applications have been added, to prevent an application from accessing another app's encrypted data.
- Legato IoT Keystore performance has been optimized, by adding a map to reduce the frequency of calling pa_secStore_GetSize().
- IoT Keystore storage has added access protection access. Only privileged system daemon qseecom will be able to access storage. Secure storage app will indirectly access IoT Keystore storage via this daemon.
New AVC Features
- Bootstrap rollback mechanism has been improved to manage more error cases. Logic has been moved to another layer of AVC.
- Improvements have been made to lwm2mcore_CredentialMatch() API which include credential length comparison and using memcmp for comparison.
New Octave Upstreaming Features
- A set of Octave product-layer patches have been ported to Legato code base.
- DTLS_NAT_TIMEOUT has been added to be configurable using the le_avc_SetNatTimeout() API.
- lwm2mcore_SetNatTimeout() API has been added to allow the NAT timeout to be set in LwM2MCore.
- dhub utility has been modified to allow it to perform a data push from a local file.
- Following API functions have been created:
- admin_CreateInput() - Create an input resource, which is used to push data into the Data Hub.
- admin_CreateOutput() - Create an output resource, which is used to receive data output from Data Hub.
- admin_DeleteResource() - Delete a resource.
- admin_SetJsonExample() - Set the example value for a JSON-type Input resource.
- admin_MarkOptional() - Mark an Output resource "optional". (By default, they are marked "mandatory").
- A new API le_coap_GetLastErrorCode() has been added to get last CoAP error code of last push.
- A new CoAP error has been added: CODE_429_Too_Many_Requests.
- A new CoAP push status has been added: LE_COAP_PUSH_TIMEOUT.
New FX30 Upstreaming Features
- Version information has been added in the SDEF file and has been appended to the output of "fwupdate query" and "cm info".
- FX30 patch has been modified to disable the module from switching to the sim's default APN.
- A tags section has been added that will allow users to specify key-value pairs on a per application basis in the adef file. This section will be used for the "disableAirVantageManagement" variable and can be expanded with other variables specified by the client.
New mbedtls Features
- mbedtls version updated from 2.16.3 to 2.16.8.
New Secure Storage Features
- Support has been added to delete all contents from secure storage of an app.
New lwm2m Features
- Piggybacked response on RX stream has been improved.
- Token generation has been added for le_coap_Push() if provided token length is 0.
New deftools Features
- A report mode has been added to ifgen which takes an API file and displays the memory required for each message buffer, as well as how much data is needed by each function and handler.
- Check has been added to internal server type to generate internal bindings correctly. App modeller now will recognize executables as binary bundles and will allow use of any components within the executable.
New Kernel 4.14 Features
- Allowed for new UART names in kernel 4.14.
- Enhanced configEcm to also work with configfs gadgets.
- TI wifi driver has been integrated to work on kernel 4.14.
New Miscellaneous Features
- When using the script framework/tools/scripts/releaselegato, a new directory is created first before copying the symbolic link.
- TCF agent and SFTP server have been removed from DevMode tool set.
- cm tool's input has been enhanced for validation of input values, and now rejects back-to-back multiple connects.
- cm script update_route has been enhanced to filter for only whole words.
- asyncServer and cRelay components have been added to ipcTest.api to fix virt-arm issues.
- Default Target to wp77xx in KConfig has been resolved.
- Missing libresolv.so.2 library have been added.
- pmTool has been enhanced so that users can get all the information about the settings for their GPIOs, ADCs, Timers, Shutdown strategies using
pmtool bootOn status [gpio <gpioNum>] [adc <adcNum>] <timer> <shutdown>
Beta Features
None
Alpha Features
None
Fixed Issues
All changes are tagged in GitHub as "21.05.0". The full list of changes and commit messages can be found on GitHub.
- Legato Application Framework 21.05.0 Fixes
- Legato WiFi 21.05.0 Fixes
- Legato AirVantage Connector 21.05.0 Fixes
- Legato DataHub 21.05.0 Fixes
- Note
- This is only the list of fixes for the Application Framework and Platform Services, for the list of changes in the Platform Adapter view the commits under the tag 21.05.0 in individual repositories on GitHub.
Known Issues
Constraints and Limitations
Legato Image Update
- Warning
- Legato image has to be upgraded or downgraded via a bundle across an image incompatibility boundary described below.
In the Legato upgrade from pre-20.08.0 versions (e.g. 20.04.0) to 20.08.0+, an image incompatibility boundary has been introduced. This is due to the included Yocto update from version 2.5 to 3.0 in which are different libssl versions.
Whenever the Legato image is upgraded or downgraded across this boundary line, it has to be done together with its corresponding LXSWI image in a bundle. Otherwise, Legato would not run and not take any image update to recover.
Dev Machine Linux Version
To develop applications within the Legato Application Framework, a current supported Long Term Support version of Ubuntu Linux is required on your dev machine (or running in a virtual box on Windows). Ubuntu 18.04 is the current recommended version to use on your dev machine.
ECM-USB modem manager issue
Ubuntu 15.10 and newer has Modem Manager version 1.4.12-1ubuntu1
installed by default which conflicts with the ECM-USB driver when connecting a target. Modem manager may cause the Ubuntu Network Manager to crash on your host and/or your target device to become unavailable over USB.
Symptoms:
- NetworkManager crashing when plugging into your device over USB, or
- The target device becomes inaccessible after 30 seconds.
Recommended Work Around:
- Uninstall
modemmanager
from Ubuntu or - Downgrade
modemmanager
to version 1.0.0-2ubuntu1
FOTA upgrade warning
A device that has trustzones enabled, may re-bootstrap (obtain new keys from the AirVantage server) during a FOTA (firmware over-the-air) upgrade.
Copyright (C) Sierra Wireless Inc.