STM32N6 Gateway Development with FreeRTOS

Developer Specification – STM32N6 (NUCLEO-N657X0-Q) 1) Goal & Scope Build a reliable, secure, and universal STM32N6 + FreeRTOS gateway that: • is offline-first (logs locally during outages), • streams telemetry to and receives control from Azure IoT Central, • publishes to Home Assistant (MQTTS) in parallel, • exposes a local HTTPS Web UI, • uses 128 GB eMMC (encryption, rotation, indexing), • performs BG95 failover (alarms/SMS, emergency heartbeat) and GPS time, • executes OTA (for N6 only for now) safely without impacting critical tasks. 2) HW/Platform • MCU: NUCLEO-N657X0-Q (STM32N6), FreeRTOS. • Network: Ethernet (primary), optional ESP32-S3 Wi-Fi bridge, BG95 as backup + GPS. • Buses: CAN FD (primary), RS-485 split into: o RS485-I (internal binary protocol with AEAD), o RS485-M (Modbus RTU for 3rd-party devices, separate physical line). • Storage: eMMC 128 GB (no SD). 3) Security (mandatory) • Secure/Verified boot: ECDSA-P256 + SHA-256 signed images, anti-rollback. • TrustZone: key/cert storage and KDF in Secure World. • At-rest encryption (eMMC): AES-GCM-256 (per-file keys, unique nonces). • In-transit encryption: TLS 1.2/1.3 for Azure, HA MQTT, and Web (HTTPS). • AEAD on internal buses (CAN FD, RS485-I): AES-GCM-256 with AAD=header; session-key via ECDH P-256 + HKDF-SHA256; replay protection. • Secret management: rotation via UI/Azure; secure storage. 4) Connectivity modes & failover • State machine: ONLINE_ALL, ONLINE_HA_ONLY, ONLINE_AZURE_ONLY, OFFLINE. • Offline-first: full local logging; backfill on reconnect. • BG95 is OFF by default. Wake up when: 1. ALARM (SMS immediately; email via BG95 only if LAN down), 2. IP-SMS via Internet fails (after N retries → SMS via BG95), 3. Azure down > X s (e.g., 120 s) → short heartbeat/critical via BG95. • 02:00: NTP sync (Ethernet) → GPS fallback (BG95). 5) FreeRTOS architecture (priorities) configMAX_PRIORITIES = 10 (10 = highest) Task Prio Purpose Health/Watchdog 9 HW/RTOS WD, heartbeats, self-tests Storage/eMMC Writer 8 sequential write, index, rotation, encryption HA Client (MQTTS) 8 publish/subscribe TCP/IP Net Stack 7 networking Web/HTTPS Server 7 UI + REST API Azure Client 6 IoT Central (telemetry, DM, twin) CAN FD Acquisition 5 ISR → lock-free queues RS485-I 4 internal AEAD protocol RS485-M (Modbus) 3 master polling BG95 Service 3 (boost 8 on ALARM/failover) SMS/email/heartbeat, GPS Backfill 2 token-bucket batching OTA 1 download & update N6 6) eMMC – layout & rotation /data/ telemetry/YYYY/MM/DD/[login to view URL] (16 kB blocks, CRC32, AES-GCM encrypted) errors/YYYY/MM/[login to view URL] (CBOR on-disk, encrypted; NEVER auto-deleted) index/[login to view URL] (time index, encrypted) /ota/ staging/[login to view URL] (encrypted) • Retention: default 90 days (configurable 7/30/90/180/custom). • Mode: FIFO (default) / STRICT (stop telemetry when full). • Reserved: min 5 GiB for critical data (errors + last hour). • 02:00 maintenance: rotation, free-space check, reindex. 7) Backfill & throttling • Token-bucket + adaptive throttle: o Azure: 100 msg/s or 256 kB/s (whichever first). o HA: 200 msg/s or 512 kB/s. • Adapt by latency/errors (429/5xx): on errors −50 %, otherwise +10 % every 30 s up to max. 8) Azure IoT Central • Telemetry: JSON (see sample below). • Direct Methods: [login to view URL], [login to view URL], [login to view URL], [login to view URL], device.setMode. • Device Twin (Desired/Reported) – key fields: • { • "storage": { "retentionDays": 90, "mode": "FIFO", "reservedGiB": 5 }, • "connectivity": { "preferred": "ETH", "dhcp": true }, • "ha": { "enabled": true, "mqtt": { "broker": "ip:8883", "tls": true }}, • "ota": { "autoAt2am": true, "channel": "prod", "source": "azure" }, • "log": { "level": "INFO", "categories": ["NET","CTRL","BUS"] }, • "power": { "batteryPresent": false }, • "failover": { "useCellAzure": true, "azureFailoverSeconds": 120 } • } • Emails: SMTP/TLS via LAN; BG95 fallback on ALARM if LAN is down. 9) Home Assistant (MQTTS) • Configurable broker (IP/port/CA/auth). • Topics (examples): o n6/tele/status, n6/tele/storage, n6/tele/heartbeat o n6/cmd/ota_check → ack n6/ack/ota_check o n6/evt/<category> for alarms/events • Optional MQTT Discovery (sensors, binary_sensors, buttons). 10) Web UI (HTTPS) & REST API (JSON) • Auth: password, certificate rotation, session timeout. • Endpoints: o GET /api/status, o GET /api/storage, o POST /api/storage/purge, o POST /api/ota/check, POST /api/ota/update, o GET /api/config, PATCH /api/config, o GET /api/logs/errors?from&to&level (CBOR→JSON). 11) Buses: CAN FD & RS-485 • CAN FD / RS485-I: unified internal AEAD frame Header (plaintext, used as AAD), payload encrypted: • [src8][dst8][msgId16][type8][flags8][seq16][len16] | [nonce64][ciphertext...][tag128] • type: 0=scalar, 1=vector, 2=cmd, 3=resp, 4=diag • flags: bit0=ACK_REQ, bit1=ACK, bit2=ERR, bit3=FRAG o ECDH P-256 → session key (HKDF-SHA256), o key rotation by N messages or T minutes, o fragmentation for >64 B on CAN FD (FRAG, seq). • RS485-M (Modbus RTU): separate line; N6 = master; whitelist, rate-limit; register map per device. 12) OTA (N6) • Trigger: Web/Azure or 02:00 (if batteryPresent and [login to view URL]). • Source: Azure Blob / LAN HTTP(S) / external URL. • Flow: download → hash + ECDSA-P256 verify → write inactive bank → reboot → self-test → confirm/rollback. • Watchdog and timeouts to prevent bricking. 13) Logging & observability • Errors: CBOR on-disk (never auto-deleted), UI JSON export. • Syslog: TLS-syslog (configurable IP/port/CA), UDP 514 fallback; level filtering + rate-limit. • Health: heartbeat to Azure/HA; periodic self-tests (eMMC R/W, latency, loss). 14) Configuration (JSON) – single source of truth • Stored locally (encrypted), synced with Azure Twin; editable via Web/HA/Azure. • Key fields: storage.*, connectivity.*, ha.*, ota.*, failover.*, email.*, backfill.*, power.batteryPresent. 15) Example payloads Telemetry (Azure/HA): { "ts": 1735212345678, "mode": "ONLINE_ALL", "net": { "eth": true, "cell": false, "rtt_ms": 7 }, "storage": { "used_gib": 12.4, "free_gib": 109.5, "files": 131072 }, "power": { "battery": false, "v": 12.1 }, "bus": { "can_rx": 10021, "can_tx": 9980, "rs485i_ok": true, "rs485m_ok": true }, "fw": { "version": "1.2.0", "channel": "prod" } } 16) Acceptance criteria (excerpt) 1. Offline-first: no data loss during Azure outage; controlled backfill on reconnect to Azure/HA. 2. BG95 failover: ALARM → SMS within 10 s; Azure down >120 s → heartbeat/critical via BG95; anti-flap cooldown. 3. Security: secure boot, TLS, AES-GCM at-rest, AEAD on internal buses; secrets in TrustZone. 4. Web UI/REST: complete management under HTTPS. 5. eMMC: retention, FIFO/STRICT, 5 GiB reserved; errors never auto-deleted. 6. Buses: CAN FD + RS485-I reliable under load; Modbus runs on a dedicated line.

Project ID: 39735750