I have followed all the steps given in the AWS OTA Update demo, but at the final stage, when the new version image in downloaded onto the device, it fails to verify the signature and rolls back.
Here are the logs:
1085 12611 [OTA Agent Task] [prvIngestDataBlock] Received file block 265, size 2176
I (126139) ota_pal: No such certificate file: /. Using aws_ota_codesigner_certificate.h.
1086 12612 [OTA Agent Task] [prvIngestDataBlock] Received final expected block of file.
1087 12612 [OTA Agent Task] [prvStopRequestTimer] Stopping request timer.
E (126929) ota_pal: signature verification failed
1088 12709 [iot_thread] [INFO ][DEMO][127090] State: WaitingForFileBlock Received: 268 Queued: 0 Processed: 0 Dropped: 0
This is how I have setup the signing certificate in the aws_ota_codesigner_certificate.h file:
static const char signingcredentialSIGNING_CERTIFICATE_PEM[] = "-----BEGIN CERTIFICATE-----\n"\
"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX\n"\
"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX\n"\
"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX\n"\
"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX\n"\
"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX\n"\
"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX\n"\
"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX\n"\
"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX\n"\
"-----END CERTIFICATE-----";
details of certificate removed, but the format is exactly the same.