FreeRTOS qualification checklist - FreeRTOS

FreeRTOS qualification checklist

Use the following checklists to keep track of qualification items.

You must pass each of these items in order to be listed in the AWS Partner Device Catalog.

  • Review the steps you must follow for Porting FreeRTOS to your device. These steps are summarized in the FreeRTOS porting flowchart. For more information, see the FreeRTOS Porting Guide.

    • You must port a FreeRTOS qualified kernel architecture and can't make modifications to it on your own. For more information, see Configuring a FreeRTOS kernel port in the FreeRTOS Porting Guide.

  • Validate your FreeRTOS port with AWS IoT Device Tester.

    • A successful IDT log (with all test groups passing on one log) is required in your Device Qualification Portal (DQP) submission.

    • All qualification submissions must be made through the Device Listing Portal on APN Partner Central.

  • Create a Hello World demo.

  • Create a Getting Started Guide (GSG) for your device

  • Create an appropriate open source license text file and place it with your code.

  • Provide an accessible location to download your code.

    • We recommend that you use a GitHub repository, but don't use a personal GitHub repository. Use an official company GitHub repository.

  • Mitigate the following threat in regard to the random number generator (RNG):

    • To mitigate the risk of network spoofing and man-in-the-middle attacks that can result in unauthorized data disclosure, a true hardware random number generator (TRNG) is required for FreeRTOS qualification. The TRNG is recommended by the FreeRTOS libraries that implement protocols such as DHCP, DNS, TCP/IP, and TLS. Consistent with the guidance published by NIST, the TRNG on your board is used by FreeRTOS as the entropy source for a standard implementation CTR_DRBG. For more information, see page 50 in the NIST SP 800-90A.

      Per the NIST SP 800-90B description, a TRNG is a "physical noise source" (section 2.2.1) that produces "independent and identically distributed" (IID) samples (section 5), for example, a ring oscillator.

    • To control BOM costs and for some customer use cases, certain boards will not have a dedicated TRNG. If you are qualifying these boards, add the following advisory notice in the header of the file core_pkcs11.h that you have ported for the core_pkcs11_pal.h API. View our changelog for examples of boards that are similar.

      Note

      For best security practice, we recommend that you use a random number generation solution that is truly randomized and conforms to the guidelines provided in the FreeRTOS qualification checklist. The random number generator method presented in this file by the silicon vendor is not truly random in nature. Contact the silicon vendor for details regarding the method implemented.

  • If you're qualifying for OTA, verify that you mitigate the risks defined in the OTA Threat Model described in Porting the OTA library in the FreeRTOS Porting Guide.

To be designated as supporting the long-term support (LTS) version of FreeRTOS in the AWS Partner Device Catalog, you must provide a manifest file. This isn't required for standard qualification. You must use a LTS version of FreeRTOS and include a manifest.yml file in the root directory. The requirements for the manifest file are described in FreeRTOS manifest file instructions and a template is provided as a Example manifest.yml. The FreeRTOS repository includes a compatible manifest file by default.

To be listed in the Online Configuration Wizard, contact your APN representative and provide the following items:

  • Create a CMake list file, and build the test and demo applications with this file.

    • For instructions, see Creating a CMakeLists.txt file for your platform.

      Note

      A CMake list file isn't required to qualify a board through the AWS Device Qualification Program. The file is only required for listing devices on the FreeRTOS console.

  • Provide the following hardware information for your device:

    • The compiler options for optimizations.

    • The Supported IDE, with latest supported version number.

    • The CLI command to build target executables.

    • The CLI command to flash the target.