Firmware Version 5.0.16 Release Notes

Affected Models:  This firmware (FW) update affects the following models produced and shipped on or after February 7, 2022:

  • TS030 - Large RFID Cabinet
  • TS032 - Compact RFID Cabinet
  • TS035 - Compact International RFID Cabinet
  • TS074e - Large RFID Refrigerator
  • TS088 - Ultra Low Temperature RFID Freezer
  • TS092 - Large Secure Access Cabinet
  • TS096 - Undercounter RFID Freezer
  • TS097 - Undercounter RFID Refrigerator
  • TS098 - Countertop RFID Refrigerator

Note: Devices that have shipped prior to the date above are not compatible with this new firmware. Terso will be releasing new versions of firmware for these devices later in 2022.

The following devices will receive the then current version of firmware at a later date when inventory of firmware version 4 devices has been depleted:

  • TS047e
  • TS056
  • TS060
  • TS079

Firmware Version: FW 5.0.16 / OS 11.1.8

Release Date: February 7, 2022

Overview of changes:

Firmware version 5 (FW5) is a major update to Terso’s device firmware.  This release includes the implementation of additional cyber security enhancements to minimize the risk of cyber-attacks.  This includes items such as the ability to automatically update the Operating System (OS), disabling unused ports, improved password management, removal of “Root” user, and removal of SSH capability.

Adds:

AutoUpdate

The device will check for available OS and FW updates and is capable of automatically updating both. Terso will be releasing OS and FW updates as required to remediate potential security vulnerabilities, add new functionality, and correct any performance issues. New device configuration parameters are available for customizing the AutoUpdate behavior. All new devices with FW5 will have AutoUpdate enabled by default. It is strongly recommended that this feature remain enabled to ensure the device is running on the most secure OS and is performing optimally.

New parameters related to AutoUpdate:

  • AutoUpdateFW - turns on/off automatic FW updates
  • AutoUpdateOS - turns on/off automatic OS updates
    • NOTE: these parameters will be set to “on” by default and require Terso permission to disable
  • UpdateNotification - turns on/off the update notification messages on the device LCD display
  • UpdateDay – sets the day of the week that updates will install. 0 for everyday checking, 1-7 for specific day (1 is Sunday)
  • UpdateHour – sets the hour of the day that an update will install (-1 sets UpdateHour equal to ObjectEventHour parameter)
  • DelayScans – sets the number of times an update can be delayed by presenting a valid pass to the device
  • DelayMinutes – sets the number of minutes an update can be delayed by presenting a valid pass to the device

Secure Communication

  • All communications from the device now use certificate validation

OS Hardening

  • Added a firewall to block all unauthorized requests
  • The U-boot which controls how the device system is booted, is now password protected

LCD Messaging

The AutoUpdate functionality has introduced two new messages to alert a user of a pending update via the device’s LCD display. When UpdateNotification is set to on, the following messages will display on the device’s LCD display in rotation with the “Scan Pass to Unlock Doors” message.

  • Device Update in xxx min – where ‘xxx’ is the amount of time before the device will start to install the update. The value will begin to count down from 60 minutes before the scheduled update time. This is based on the UpdateDay and UpdateHour parameters.
  • Scan Pass to Delay yyy min – where ‘yyy’ is the amount of time specified by the DelayMinutes parameter. This is also impacted by the DelayScans parameter as the number of times the update can be delayed by presenting a valid pass to the device.

Removes:

OS Hardening

  • SSH has been removed from the local interface.
  • “Root” user has been disabled.

Local Interface changes

  • SSH has been removed from the local interface

Updates:

UpdateFirmwareCommand –

  • This command is used to update FW and/or the OS
  • The naming convention of the update file will indicate whether it is FW or OS
    • OS example: iris-debian-11-1-8.sig
    • FW example: iris-debian-11-1_fw5-0-16.sig

Web Interface changes -

  • Authentication security has been improved. Contact Terso Technical Support for additional information.
  • The hostname can be changed. This feature is available on the “Network” tab.
  • Ability to add user passes via the "Test" tab

ObjectEvent changes –

  • The daily set of tasks including ObjectEvent, will now occur at a random minute during the set hour

Known Issues:

  • Static IP for updates to devices is not supported at this time

Device Definitions:

  • FW v5.00.016, Ambient Cabinet
  • FW v5.00.016, Standard Freezer
  • FW v5.00.016, Standard Refrigerator
  • FW v5.00.016, ULT