Amazon FreeRTOS
User Guide

Using the OTA Update Demo Application on the Microchip Curiosity PIC32MZEF

This section will walk you through using the OTA Update demo application on the Microchip Curiosity PIC32MZEF. You will create a code-signing certificate, install an initial version of the demo application (firmware), update the version of the firmware, upload the new version of the firmware and then create an OTA update job that will perform the over the air update on your Microchip Curiosity PIC32MZEF.

Creating Code-Signing Certificates

The Microchip Curiosity PIC32MZEF supports a self-signed SHA256 with ECDSA code-signing certificate.

  1. In your working directory use the following text to create a file named cert_config. Replace with your email address:

    [ req ] prompt = no distinguished_name = my dn [ my dn ] commonName = [ my_exts ] keyUsage = digitalSignature extendedKeyUsage = codeSigning
  2. Create an ECDSA code-signing private key:

    openssl genpkey -algorithm EC -pkeyopt ec_paramgen_curve:P-256 -pkeyopt ec_param_enc:named_curve -outform PEM -out ecdsasigner.key
  3. Create an ECDSA code-signing certificate:

    openssl req -new -x509 -config cert_config -extensions my_exts -nodes -days 365 -key ecdsasigner.key -out ecdsasigner.crt
  4. Import the code-signing certificates to the AWS Certificate Manager:

    aws acm import-certificate --certificate file://ecdsasigner.crt --private-key file://ecdsasigner.key

    This command displays an ARN for your certificate. You need this ARN when you create an OTA update job. For example:

    { "CertificateArn": "arn:aws:acm:us-west-2:123123123123:certificate/23312627-963b-4798-888b-09e89071a861" }

    Save this ARN to reference from the console.