Table of Contents
Advertisement
__________________________________________________________________________
22. FIRMWARE
22.1. Firmware Integrity
At every meter power up, the bootloader checks if a backup image exists for the current firmware. If there is no backup
image or the backup image is obsolete (different than the current one), the bootloader creates and stores a backup image
from the current firmware.
An integrity check on current executing firmware is done on every power up by the bootloader. If the integrity fails, then the
bootloader restores the image from backup or if a pending image is available that has been transferred completely and
successful verified, the meter will activate this new image.
"Firmware backup" is launched only if the restoration process is finished successfully. The integrity of the Firmware backup
is verified on backup creation and before backup restoration.
If integrity check fails, the backup image is verified for integrity and launched. After the backup is successfully launched, the
backup image will log an entry in logbook and send a corresponding alert. The current (backup) image will continue to run
on the meter after sending this alert.
22.2. Firmware Download
The meter allows new firmware to be downloaded at any time. The mechanism is robust to ensure against Loss of Data.
Only Firmware received from an Authorised and Authenticated source is allowed.
The Firmware must be verified for Authenticity and Integrity before it is allowed to run on the meter, Distribution Receipt
Alerts identifying success or failure are provided. Also an event is created in the Security Log.
New images can be activated by a Firmware Activation Command.
The Firmware Image is verified before being activated.
The Firmware includes a Version Number which, once activated, is available to read by the DCC and is available on the
Meter Display.
22.3. Firmware Download Process
Firmware Update Process contains three stages:
•
Distribution of the Image (this is performed using OTA Cluster)
•
Verification of the Image (this is performed by the AS302P)
•
Activation of the Image (this is performed using a GBCS Command)
If the Firmware Image is larger than 750kB then the Image will be fragmented.
If the Image is fragmented and the first Fragment is received again then previously received fragments are ignored.
22.3.1. Distribution of the Image
•
The Comms Hub receives a New Image from the DCC
•
The Comms Hub notifies the AS302P that a New Firmware Image is available
•
The AS302P downloads the new Image, via the ZigBee OTA process, when it is aware of the availability of a
suitable Upgrade Image
22.3.2. Verification of the Image
•
The AS302P verifies the Upgrade Image contained within the OTA Upgrade Image. In the verification process the
AS302P checks the following:
-
If the Firmware is received from an Authorized and Authenticated source (checks the Remote Party Role
and the corresponding Remote Party Signature)
-
If the Firmware is signed using Honeywell Signature
-
The CRC on the Firmware
-
The size of the Firmware
© Honeywell - M450 001 1D - 23.05.2019
Operating & Maintenance Instructions
37
- Quick Links:
- Display and Pushbuttons
Hide quick links:
Advertisement
Table of Contents
