Browse Source

3_doc_on_module - large dir commit

master
Robert Smith 7 months ago
parent
commit
43c61081db
27 changed files with 42383 additions and 0 deletions
  1. BIN
      3_doc_on_module/01_Software.zip
  2. 1523
    0
      3_doc_on_module/01_Software/Quectel_EC2x&EG25-G_Wi-Fi_Application_Note_V1.1.pdf
  3. 14715
    0
      3_doc_on_module/01_Software/Quectel_EC2x&EG9x&EG2x-G&EM05_Series_AT_Commands_Manual_V2.0.pdf
  4. 2253
    0
      3_doc_on_module/01_Software/Quectel_EC2x&EG9x&EG2x-G&EM05_Series_FTP(S)_Application_Note_V1.1.pdf
  5. 1822
    0
      3_doc_on_module/01_Software/Quectel_EC2x&EG9x&EG2x-G&EM05_Series_GNSS_Application_Note_V1.3.pdf
  6. 1333
    0
      3_doc_on_module/01_Software/Quectel_EC2x&EG9x&EG2x-G&EM05_Series_SMTP_Application_Note_V1.1.pdf
  7. 1677
    0
      3_doc_on_module/01_Software/Quectel_EC2x&EG9x&EG2x-G&EM05_Series_SSL_Application_Note_V1.1.pdf
  8. 624
    0
      3_doc_on_module/01_Software/Quectel_EC2x&EG9x&EG2x-G&EM05_Series_Thermal_Mitigation_User_Guide_V1.0.pdf
  9. 910
    0
      3_doc_on_module/01_Software/Quectel_EC2x&EG9x&EG2x-G_Series_LwM2M_Application_Note_V1.0.pdf
  10. 1600
    0
      3_doc_on_module/01_Software/Quectel_EG25-G&EC2x_Series_BT_Application_Note_V1.1.pdf
  11. 159
    0
      3_doc_on_module/01_Software/Quectel_EG25-G_T-Mobile_Certification_Software_Configuration_Guide_V1.0.pdf
  12. 1010
    0
      3_doc_on_module/01_Software/Quectel_LTE_Standard_FILE_Application_Note_V1.1.pdf
  13. 1647
    0
      3_doc_on_module/01_Software/Quectel_LTE_Standard_HTTP(S)_Application_Note_V1.1.pdf
  14. 1085
    0
      3_doc_on_module/01_Software/Quectel_LTE_Standard_MMS_Application_Note_V1.1.pdf
  15. 1400
    0
      3_doc_on_module/01_Software/Quectel_LTE_Standard_MQTT_Application_Note_V1.2.pdf
  16. 329
    0
      3_doc_on_module/01_Software/Quectel_LTE_Standard_Security_Protection_Design_V1.0.pdf
  17. 2126
    0
      3_doc_on_module/01_Software/Quectel_LTE_Standard_TCP(IP)_Application_Note_V1.1.pdf
  18. 436
    0
      3_doc_on_module/01_Software/Quectel_LTE_Standard_UAC_Application_Note_V1.0.pdf
  19. BIN
      3_doc_on_module/02_Hardware.zip
  20. 1333
    0
      3_doc_on_module/02_Hardware/Quectel_EC2x&EG2x-G&UC200T_Series_Compatible_Design_V1.2.pdf
  21. BIN
      3_doc_on_module/02_Hardware/Quectel_EC2x&EG2x-G_Compatible_Footprint&Part_V1.2.zip
  22. 1020
    0
      3_doc_on_module/02_Hardware/Quectel_EC2x&EG2x-G_Series_PCB_Design_Guideline_V1.1.pdf
  23. BIN
      3_doc_on_module/02_Hardware/Quectel_EG21-G&EG25-G_2D_Dimensions_V1.0.zip
  24. BIN
      3_doc_on_module/02_Hardware/Quectel_EG21-G&EG25-G_3D_Dimensions_V1.0.zip
  25. BIN
      3_doc_on_module/02_Hardware/Quectel_EG25-G&EG21-G_Footprint&Part_V1.2.zip
  26. 4183
    0
      3_doc_on_module/02_Hardware/Quectel_EG25-G_Hardware_Design_V1.4.pdf
  27. 1198
    0
      3_doc_on_module/02_Hardware/Quectel_EG25-G_Reference_Design_V1.0.pdf

BIN
3_doc_on_module/01_Software.zip View File


+ 1523
- 0
3_doc_on_module/01_Software/Quectel_EC2x&EG25-G_Wi-Fi_Application_Note_V1.1.pdf
File diff suppressed because it is too large
View File


+ 14715
- 0
3_doc_on_module/01_Software/Quectel_EC2x&EG9x&EG2x-G&EM05_Series_AT_Commands_Manual_V2.0.pdf
File diff suppressed because it is too large
View File


+ 2253
- 0
3_doc_on_module/01_Software/Quectel_EC2x&EG9x&EG2x-G&EM05_Series_FTP(S)_Application_Note_V1.1.pdf
File diff suppressed because it is too large
View File


+ 1822
- 0
3_doc_on_module/01_Software/Quectel_EC2x&EG9x&EG2x-G&EM05_Series_GNSS_Application_Note_V1.3.pdf
File diff suppressed because it is too large
View File


+ 1333
- 0
3_doc_on_module/01_Software/Quectel_EC2x&EG9x&EG2x-G&EM05_Series_SMTP_Application_Note_V1.1.pdf
File diff suppressed because it is too large
View File


+ 1677
- 0
3_doc_on_module/01_Software/Quectel_EC2x&EG9x&EG2x-G&EM05_Series_SSL_Application_Note_V1.1.pdf
File diff suppressed because it is too large
View File


+ 624
- 0
3_doc_on_module/01_Software/Quectel_EC2x&EG9x&EG2x-G&EM05_Series_Thermal_Mitigation_User_Guide_V1.0.pdf View File

@@ -0,0 +1,624 @@
EC2x&EG9x&EG2x-G&EM05
Series Thermal Mitigation
User Guide

LTE Standard Module Series
Rev. EC2x&EG9x&EG2x-G&EM05_Thermal_Mitigation_User_Guide_V1.0
Date: 2020-06-30
Status: Released

www.quectel.com
LTE Standard Module Series
EC2x&EG9x&EG2x-G&EM05 Series Thermal Mitigation User Guide

Our aim is to provide customers with timely and comprehensive service. For any
assistance, please contact our company headquarters:

Quectel Wireless Solutions Co., Ltd.

Building 5, Shanghai Business Park Phase III (Area B), No.1016 Tianlin Road, Minhang District, Shanghai,
China 200233
Tel: +86 21 5108 6236
Email: info@quectel.com

Or our local office. For more information, please visit:

http://www.quectel.com/support/sales.htm

For technical support, or to report documentation errors, please visit:

http://www.quectel.com/support/technical.htm
Or email to: support@quectel.com

GENERAL NOTES

QUECTEL OFFERS THE INFORMATION AS A SERVICE TO ITS CUSTOMERS. THE INFORMATION
PROVIDED IS BASED UPON CUSTOMERS’ REQUIREMENTS. QUECTEL MAKES EVERY EFFORT
TO ENSURE THE QUALITY OF THE INFORMATION IT MAKES AVAILABLE. QUECTEL DOES NOT
MAKE ANY WARRANTY AS TO THE INFORMATION CONTAINED HEREIN, AND DOES NOT ACCEPT
ANY LIABILITY FOR ANY INJURY, LOSS OR DAMAGE OF ANY KIND INCURRED BY USE OF OR
RELIANCE UPON THE INFORMATION. ALL INFORMATION SUPPLIED HEREIN IS SUBJECT TO
CHANGE WITHOUT PRIOR NOTICE.

COPYRIGHT

THE INFORMATION CONTAINED HERE IS PROPRIETARY TECHNICAL INFORMATION OF
QUECTEL WIRELESS SOLUTIONS CO., LTD. TRANSMITTING, REPRODUCTION, DISSEMINATION
AND EDITING OF THIS DOCUMENT AS WELL AS UTILIZATION OF THE CONTENT WITHOUT
PERMISSION ARE FORBIDDEN. OFFENDERS WILL BE HELD LIABLE FOR PAYMENT OF
DAMAGES. ALL RIGHTS ARE RESERVED IN THE EVENT OF A PATENT GRANT OR
REGISTRATION OF A UTILITY MODEL OR DESIGN.

Copyright © Quectel Wireless Solutions Co., Ltd. 2020. All rights reserved.

EC2x&EG9x&EG2x-G&EM05_Series_Thermal_Mitigation_User_Guide 1 / 17
LTE Standard Module Series
EC2x&EG9x&EG2x-G&EM05 Series Thermal Mitigation User Guide

About the Document

Revision History

Version Date Author Description
1.0 2020-06-30 Initial
Max TANG/
Wayne WEI

EC2x&EG9x&EG2x-G&EM05_Series_Thermal_Mitigation_User_Guide 2 / 17
LTE Standard Module Series
EC2x&EG9x&EG2x-G&EM05 Series Thermal Mitigation User Guide

Contents

About the Document .................................................................................................................................. 2
Contents ...................................................................................................................................................... 3
Table Index.................................................................................................................................................. 4

1 Introduction ......................................................................................................................................... 5
1.1. Applicable Modules.................................................................................................................... 5

2 Limit the Data Throughput ................................................................................................................. 6
2.1. Reduce Rate .............................................................................................................................. 6
2.1.1. Temperature Thresholds ................................................................................................. 7
2.1.1.1. Query Temperature Thresholds by AT Commands.............................................. 7
2.1.1.2. Configure Temperature Thresholds by AT Commands to Reduce
Downlink/Uplink Rates ........................................................................................................... 8
2.1.1.2.1. Reduce Uplink Rate ............................................................................................. 8
2.1.1.2.2. Reduce Uplink and Downlink Rates Simultaneously........................................... 8
2.1.2. Rate Thresholds .............................................................................................................. 8
2.1.2.1. Configure the Level of Reducing Uplink Rate...................................................... 8
2.1.2.2. Configure the Level of Reducing Downlink Rate ............................................... 10

3 Limit Transmission Power ............................................................................................................... 11
3.1. Reduce Transmission Power ....................................................................................................11
3.1.1. AT+QCFG="thermal/txpwrlmt" Control Transmission Power Under High Temperature
....................................................................................................................................... 12

4 Enter Limited Service State ............................................................................................................. 14

5 Reboot the Module............................................................................................................................ 15

6 Auto-configure Thermal Mitigation ................................................................................................. 16
6.1. AT+QCFG="thermal/limit_rates" Enable/Disable Thermal Mitigation................................... 16

7 Appendix A Reference...................................................................................................................... 17

EC2x&EG9x&EG2x-G&EM05_Series_Thermal_Mitigation_User_Guide 3 / 17
LTE Standard Module Series
EC2x&EG9x&EG2x-G&EM05 Series Thermal Mitigation User Guide

Table Index

Table 1: Default Configuration of AT Commands for Reducing Rate .......................................................... 6
Table 2: Detection Cycle .............................................................................................................................. 8
Table 3: Uplink Rate Threshold Parameters ................................................................................................ 9
Table 4: Downlink Rate Threshold Parameters ......................................................................................... 10
Table 5: Default Value Configuration of AT Commands for Reducing Transmission Power ......................11
Table 6: Default Configuration of AT Command for Entering Limited Service State.................................. 14
Table 7: Terms and Abbreviations .............................................................................................................. 17

EC2x&EG9x&EG2x-G&EM05_Series_Thermal_Mitigation_User_Guide 4 / 17
LTE Standard Module Series
EC2x&EG9x&EG2x-G&EM05 Series Thermal Mitigation User Guide

1 Introduction

This document mainly introduces the thermal mitigation mechanism on Quectel LTE Standard
EC2x&EG9x&EG2x-G&EM05 series modules.

There are two main cooling strategies to cool down the module: reduce rate and limit the transmission
power, which will be described in detail in Chapter 2 and 3 respectively, and either of the two strategies
can be used or be used together according to the actual demands.

In addition, if the temperature of the module is still rising after reducing the rate and the transmission
power due to some reasons, the module will enter the Limited Service State after reaching Level 3 of the
temperature threshold. In this state, services such as data transmission are limited, and the temperature
will drop. If the temperature of the module continues to rise and exceeds 120 ºC after entering the Limited
Service State, the software will force the module to restart in order to protect the module's hardware from
damage. For more details, please refer to Chapter 4 and 5.

1.1. Applicable Modules

Table 1: Applicable Modules

Module Series Model
EC2x series EC25 series
EC21 series
EG9x series EC20 R2.1
EG2x-G EG95 series
EM05 series EG91 series
EG25-G
EG21-G
EM05 series

EC2x&EG9x&EG2x-G&EM05_Series_Thermal_Mitigation_User_Guide 5 / 17
LTE Standard Module Series
EC2x&EG9x&EG2x-G&EM05 Series Thermal Mitigation User Guide

2 Limit the Data Throughput

 Effect
The workload of components such as CPU/PA can be reduced.

 Limitation
The cooling is not obvious in the case of no data or low rate.

2.1. Reduce Rate

Data throughput can be limited through reducing the data rate. The following sub-chapters illustrate the
detailed information of temperature and rate thresholds concerning data rate reduction.

Thermal mitigation levels for the applicable LTE Standard modules are:
Level 0 – No mitigation.
Level 1 – Reduce uplink data.
Level 2 – Reduce the downlink rate besides reducing the uplink rate.
Level 3 – Disable services like call and data transmission.

For detailed information of the default values of the relevant AT commands used, which are
recommended for thermal mitigation, please refer to the table below. For more details of these AT
commands, please contact Quectel Technical Support Team.

Table 1: Default Configuration of AT Commands for Reducing Rate

AT Commands Description

Configure the temperature thresholds as 100 ºC and 95 ºC to

reduce uplink rate (i.e. module enters Level 1).

AT+QCFG="thermal/modem",1,10

0000,95000 1: Level 1.

100000: The configured temperature threshold 100 ºC.
95000: The configured temperature threshold 95 ºC.

Configure the temperature thresholds as 105 ºC and 100 ºC to
AT+QCFG="thermal/modem",2,10

reduce uplink and downlink rates simultaneously (i.e. module
5000,100000

enters Level 2).

EC2x&EG9x&EG2x-G&EM05_Series_Thermal_Mitigation_User_Guide 6 / 17
LTE Standard Module Series
EC2x&EG9x&EG2x-G&EM05 Series Thermal Mitigation User Guide

2: Level 2.

105000: The configured temperature threshold 105 ºC.

100000: The configured temperature threshold 100 ºC.

AT+QNVFW="/nv/item_files/mode Configure the detection cycle of the temperature on sensor.

m/utils/cfm/cfm_thermal_step_tim

er_in_sec",03 03: Detection cycle of the temperature on sensor

AT+QNVFW="/nv/item_files/mode

m/lte/common/lte_fc_macul_targe

t_rates",0A0100006A18000088130 Configure the levels of reducing uplink rate. For more details of

000C4090000E2040000E80300006 the parameter, please refer to Table 3.

B030000EE020000EE020000F4010

000F4010000

AT+QNVFW="/nv/item_files/mode
Enable the level configuration of reducing downlink rate.

m/lte/ML1/tm_mechanism",01

AT+QNVFW="/nv/item_files/mode

m/lte/ML1/pucch_cancel",0603030

01E00AA003C008C0050007800640
Configure the levels of reducing downlink rate.

06400780050008C003C000000000

00000000000000000000000001027

000090010000

2.1.1. Temperature Thresholds

The rate can be reduced according to different temperature thresholds, which can be queried and
configured as below.

2.1.1.1. Query Temperature Thresholds by AT Commands

The commands for querying different temperature thresholds for the applicable modules are as follows.
AT+QCFG="thermal/modem"
+QCFG: "thermal/modem",1,100000,95000
+QCFG: "thermal/modem",2,105000,100000
+QCFG: "thermal/modem",3,115000,105000

OK

EC2x&EG9x&EG2x-G&EM05_Series_Thermal_Mitigation_User_Guide 7 / 17
LTE Standard Module Series
EC2x&EG9x&EG2x-G&EM05 Series Thermal Mitigation User Guide

2.1.1.2. Configure Temperature Thresholds by AT Commands to Reduce Downlink/Uplink Rates

2.1.1.2.1. Reduce Uplink Rate

AT+QCFG="thermal/modem",1,100000,95000 (default configuration) is used to configure temperature
thresholds as 100 ºC and 95 ºC:

 When the temperature indicated by the temperature sensor is higher than the configured temperature
threshold 100 ºC, the uplink rate will be reduced (i.e, module enters Level 1).

 When the temperature indicated by the temperature sensor is lower than the configured temperature
threshold 95 ºC, the module will exist from Level 1.

2.1.1.2.2. Reduce Uplink and Downlink Rates Simultaneously

AT+QCFG="thermal/modem",2,105000,100000 (default configuration) is used to configure temperature
thresholds as 105 ºC and 100 ºC:

 When the temperature indicated by the temperature sensor is higher than the configured temperature
threshold 105 ºC, the uplink rate and the downlink rates will be reduced simultaneously (i.e, module
enters Level 2).

 When the temperature indicated by the temperature sensor is lower than the configured temperature
threshold 100 ºC, module will exit Level 2.

2.1.2. Rate Thresholds

2.1.2.1. Configure the Level of Reducing Uplink Rate

1. AT+QNVFW="/nv/item_files/modem/utils/cfm/cfm_thermal_step_timer_in_sec",03 is used to
configure the detection cycle of the temperature on sensor. When the temperature is higher than
100 ºC, the module will enter Level 1 and set the maximum transmission rate to 40 Mbit/s
(target_rate[1]). If the temperature is still at Level 1 (or higher to enter Level 2) after 3 seconds, set the
transmission rate to 20 Mbit/s (target_rate[2]). Otherwise the transmission rate will be set to 50 Mbit/s
(target_rate[0]).

Table 2: Detection Cycle

Parameter Value In Hexadecimal
03 (8 bits)
Detection cycle of the temperature
3s

on sensor

EC2x&EG9x&EG2x-G&EM05_Series_Thermal_Mitigation_User_Guide 8 / 17
LTE Standard Module Series
EC2x&EG9x&EG2x-G&EM05 Series Thermal Mitigation User Guide

2. AT+QNVFW="/nv/item_files/modem/lte/common/lte_fc_macul_target_rates",0A0100006A1800
0088130000C4090000E2040000E80300006B030000EE020000EE020000F4010000F4010000
configures the levels of reducing uplink rate. The parameters in this command are in hexadecimal and
are configured to switch between different uplink rate levels. For more details, please refer to the
following table.

Table 3: Uplink Rate Threshold Parameters

Parameter Category Parameter ID Value (In Decimal) In Hexadecimal
10 0A (8 bits)
Number of uplink rate num_states
threshold level 1 01 (8 bit)
(i.e. target_rate[1])
Initial uplink rate threshold 0x0000 0000 (16 bits)
6A180000 (32 bits)
level when entering Level default_state 88130000 (32 bits)
1 C4090000 (32 bits)
E2040000 (32 bits)
Reserved E8030000 (32 bits)
6B030000 (32 bits)
target_rate[0] 6250 (50 Mbit/s) EE020000 (32 bits)
EE020000 (32 bits)
target_rate[1] 5000 (40 Mbit/s) F4010000 (32 bits)
F4010000 (32 bits)
target_rate[2] 2500 (20 Mbit/s)

target_rate[3] 1250 (10 Mbit/s)

Rate threshold levels target_rate[4] 1000 (8 Mbit/s)

target_rate[5] 875 (7 Mbit/s)

target_rate[6] 750 (6 Mbit/s)

target_rate[7] 750 (6 Mbit/s)

target_rate[8] 500 (4 Mbit/s)

target_rate[9] 500 (4 Mbit/s)

NOTE

The module cannot directly control the downlink rate but tries to force the network to reduce the downlink
rate by not responding the network ACK at the wireless protocol stack level. This requires the support of
the protocol between the module and the network, but the rate threshold is uncontrollable.

EC2x&EG9x&EG2x-G&EM05_Series_Thermal_Mitigation_User_Guide 9 / 17
LTE Standard Module Series
EC2x&EG9x&EG2x-G&EM05 Series Thermal Mitigation User Guide

2.1.2.2. Configure the Level of Reducing Downlink Rate

First execute AT+QNVFW="/nv/item_files/modem/lte/ML1/tm_mechanism",01 to enable the level
configuration of reducing downlink rate.

Then execute AT+QNVFW="/nv/item_files/modem/lte/ML1/pucch_cancel",060303001E00AA003C0
08C005000780064006400780050008C003C00000000000000000000000000000000001027000090010
000 to configure the levels of reducing downlink rate.

The PUCCH cycle is 200 ms (Time On + Off). ACK/NACK is sent in PUCCH when the cycle is on and
ACK/NACK is not sent in PUCCH when the cycle is off. After entering Level 2 of thermal mitigation, the
default level of reducing downlink rate is Level 3. If the temperature is at Level 2 of thermal mitigation for
10 seconds, the level of reducing downlink rate will be limited to Level 2 (On: 80 ms; Off: 120 ms);
otherwise it will rise to level 4 (On: 120 ms; Off: 80 ms), and so on. For more details, please refer to the
following table.

Table 4: Downlink Rate Threshold Parameters

Parameter Value

PUCCH cycle 200 ms

Number of states 6

Default state for thermal mitigation 3

Default state for CPU based flow control 3

Level 0 of reducing downlink rate (timer [0]) On: 30 ms; Off: 170 ms

Level 1 of reducing downlink rate (timer [1]) On: 60 ms; Off: 140 ms

Level 2 of reducing downlink rate (timer [2]) On: 80 ms; Off: 120 ms

Level 3 of reducing downlink rate (timer [3]) On: 100 ms; Off: 100 ms

Level 4 of reducing downlink rate (timer [4]) On: 120 ms; Off: 80 ms

Level 5 of reducing downlink rate (timer [5]) On: 140 ms; Off: 60 ms

Step timer for each state for thermal mitigation 10000

Default state for each CPU based flow control 400

EC2x&EG9x&EG2x-G&EM05_Series_Thermal_Mitigation_User_Guide 10 / 17
LTE Standard Module Series
EC2x&EG9x&EG2x-G&EM05 Series Thermal Mitigation User Guide

3 Limit Transmission Power

 Effect
The workload of PA can be reduced.

 Limitation
The transmission power in field test is configured by the network. When network signal is not too bad, the
transmission power is generally not high, and thus it is not obvious to limit the transmission power for
cooling.

When the actual transmission power is restricted, and is lower than that of the network configured, the
network may not be able to receive the signal sent by the module or to decode the signals, resulting in a
decrease in the data transmission performance.

3.1. Reduce Transmission Power

The transmission power affects the power consumption and heat of the PA, and the limited transmission
power can theoretically reduce the temperature. For more details of these AT commands, please contact
Quectel Technical Support Team.

For EC2x&EG9x&EG2x-G&EM05 series modules, the transmission power control level is divided into
eight levels from Level 0 to Level 7, which respectively correspond to different maximum transmission
power ranges from 23 dBm to 16 dBm.

Table 5: Default Value Configuration of AT Commands for Reducing Transmission Power

AT Commands Description

AT+QCFG="thermal/txpwrlmt",1,2, Restrict the transmission power when the temperature exceeds
105,1000,3,10 105 ºC.

For details of these parameters, please refer to Chapter 3.1.1.

EC2x&EG9x&EG2x-G&EM05_Series_Thermal_Mitigation_User_Guide 11 / 17
LTE Standard Module Series
EC2x&EG9x&EG2x-G&EM05 Series Thermal Mitigation User Guide

3.1.1. AT+QCFG="thermal/txpwrlmt" Control Transmission Power Under High
Temperature

AT+QCFG="thermal/txpwrlmt" Control Transmission Power Under High

Temperature

Write Command Response

AT+QCFG="thermal/txpwrl If parameters <enable>, <sensor>, <temp_threshold>, <duration>,

mt"[,<enable>,<sensor>,<te <trig_cnt> and <clr_cnt> are omitted, return current configuration:

mp_threshold>,<duration>, +QCFG: "thermal/txpwrlmt",<enable>,<sensor>,<temp_threshol

<trig_cnt>,<clr_cnt>] d>,<duration>,<trig_cnt>,<clr_cnt>

OK

Maximum Response Time If all the parameters are specified, control transmission power under
Characteristics the temperature thresholds that trigger the power limit or higher
(default: 105 ºC):
OK
Or
ERROR

300 ms

The command takes effect immediately.
The configurations will be saved automatically.

Parameter

<enable> Integer type. Enable/disable to control transmission power reduction under high
<sensor> temperature.
1 Enable
<temp_threshold> 0 Disable
<duration> Integer type. Temperature sensor ID. It corresponds to the sensor temperature
value returned by AT+QTEMPDBG=0. For more details of the AT command,
please contact Quectel Technical Support Team. Range: 0-7. Default: 2
(Recommend not to modify this value).
2 Modem temperature sensor
5 PA temperature sensor
7 XO temperature sensor
Other parameters are not necessary to be paid attention to.
Integer type. The temperature thresholds that trigger the power limit. Range:
-150–150. Default: 105. Unit: ºC.
Integer type. Temperature detection cycle. Range: 1000–360000. Default: 1000
(Recommend not to modify this value). Unit: ms.

EC2x&EG9x&EG2x-G&EM05_Series_Thermal_Mitigation_User_Guide 12 / 17
<trig_cnt> LTE Standard Module Series
<clr_cnt> EC2x&EG9x&EG2x-G&EM05 Series Thermal Mitigation User Guide

Integer type. The number of triggering power limit detection threshold. Range:
1-1000. Default: 3 (Recommend not to modify this value).
Integer type. The number of triggering power recovery detection threshold.
Range: 1-10000. Default: 10 (Recommend not to modify this value).

EC2x&EG9x&EG2x-G&EM05_Series_Thermal_Mitigation_User_Guide 13 / 17
LTE Standard Module Series
EC2x&EG9x&EG2x-G&EM05 Series Thermal Mitigation User Guide

4 Enter Limited Service State

AT+QCFG="thermal/modem",3,115000,105000 (default configuration) is used to configure the
temperature thresholds as 115 ºC and 105 ºC to enable module to enter Limited Service State (i.e. Level
3). For more details of the AT command, please contact Quectel Technical Support Team.

Table 6: Default Configuration of AT Command for Entering Limited Service State

AT Command Description

AT+QCFG="thermal/modem",3,11 Configure the temperature thresholds as 115 ºC and 105 ºC to
5000,105000 enable module to enter Limited Service State (i.e. Level 3).

3: Level 3.
115000: The configured temperature threshold 115 ºC.
105000: The configured temperature threshold 105 ºC.

 When the temperature indicated by the temperature sensor is higher than the configured temperature
threshold 115 ºC, the module will enter Limited Service State.

 When the temperature indicated by the temperature sensor is lower than the configured temperature
threshold 105 ºC, the module will exit Limited Service State.

 Effect
Module can be cooled down rapidly.

 Limitation
Once the module enters limited service state, it will be out of service immediately.

EC2x&EG9x&EG2x-G&EM05_Series_Thermal_Mitigation_User_Guide 14 / 17
LTE Standard Module Series
EC2x&EG9x&EG2x-G&EM05 Series Thermal Mitigation User Guide

5 Reboot the Module

When the temperature of the baseband chipset is over 120 ºC, rebooting will occur automatically.
 Effect
Module’s hardware can be protected.
 Limitation
None.

EC2x&EG9x&EG2x-G&EM05_Series_Thermal_Mitigation_User_Guide 15 / 17
LTE Standard Module Series
EC2x&EG9x&EG2x-G&EM05 Series Thermal Mitigation User Guide

6 Auto-configure Thermal Mitigation

When thermal mitigation is enabled (When <enable>=1 in the command below) and the temperature
reaches the set thresholds, the thermal mitigation will be adjusted according to the corresponding default
values. For default values, please refer to Table 4, 5 and 6.

6.1. AT+QCFG="thermal/limit_rates" Enable/Disable Thermal
Mitigation

AT+QCFG="thermal/limit_rates" Enable/Disable Thermal Mitigation

Write Command Response

AT+QCFG="thermal/limit_ra If <enable> is omitted, return current configuration:

tes"[,<enable>] +QCFG: "thermal/limit_rates",<enable>

OK

If <enable> is specified, control rate and transmission power reduction
under specified high temperature of each level of thermal mitigation:
OK
Or
ERROR

Parameter

<enable> Integer type. Enable/disable thermal mitigation.
1 Auto-configure temperature thresholds

Level 1 Enter Level 1 when temperature reaches 100 ºC and exits from Level 1
when temperature is lower than 95 ºC

Level 2 Enter Level 2 when temperature reaches 105 ºC and exits from Level 2
when temperature is lower than 100 ºC

Limited Service State Enter Level 3 when temperature reaches 115 ºC and exits
from Level 3 when temperature is lower than 105 ºC

0 Disable thermal mitigation.

EC2x&EG9x&EG2x-G&EM05_Series_Thermal_Mitigation_User_Guide 16 / 17
LTE Standard Module Series
EC2x&EG9x&EG2x-G&EM05 Series Thermal Mitigation User Guide

7 Appendix A Reference

Table 7: Terms and Abbreviations

Abbreviation Description
ACK Acknowledgement
BB Baseband
CPU Central Processing Unit
GMSK Gaussian Filtered Minimum Shift Keying
GSM Global System for Mobile Communications
NACK Negative Acknowledgement
NVM Non-volatile Memory
PA Power Amplifier
PUCCH Physical Uplink Control Channel
WCDMA Wideband Code Division Multiple Access
XO Crystal Oscillators

EC2x&EG9x&EG2x-G&EM05_Series_Thermal_Mitigation_User_Guide 17 / 17

+ 910
- 0
3_doc_on_module/01_Software/Quectel_EC2x&EG9x&EG2x-G_Series_LwM2M_Application_Note_V1.0.pdf View File

@@ -0,0 +1,910 @@
EC2x&EG9x&EG2x-G Series
LwM2M Application Note

LTE Standard Module Series
Version: 1.0
Date: 2020-10-12
Status: Released

www.quectel.com
LTE Standard Module Series
EC2x&EG9x&EG2x-G Series LwM2M Application Note

Our aim is to provide customers with timely and comprehensive service. For any assistance,
please contact our company headquarters:

Quectel Wireless Solutions Co., Ltd.
Building 5, Shanghai Business Park Phase III (Area B), No.1016 Tianlin Road, Minhang District, Shanghai
200233, China
Tel: +86 21 5108 6236
Email: info@quectel.com

Or our local office. For more information, please visit:
http://www.quectel.com/support/sales.htm.

For technical support, or to report documentation errors, please visit:
http://www.quectel.com/support/technical.htm
Or email to support@quectel.com.

General Notes

Quectel offers the information as a service to its customers. The information provided is based upon
customers’ requirements. Quectel makes every effort to ensure the quality of the information it makes
available. Quectel does not make any warranty as to the information contained herein, and does not
accept any liability for any injury, loss or damage of any kind incurred by use of or reliance upon the
information. All information supplied herein is subject to change without prior notice.

Disclaimer

While Quectel has made efforts to ensure that the functions and features under development are free
from errors, it is possible that these functions and features could contain errors, inaccuracies and
omissions. Unless otherwise provided by valid agreement, Quectel makes no warranties of any kind,
implied or express, with respect to the use of features and functions under development. To the maximum
extent permitted by law, Quectel excludes all liability for any loss or damage suffered in connection with
the use of the functions and features under development, regardless of whether such loss or damage
may have been foreseeable.

Duty of Confidentiality

The Receiving Party shall keep confidential all documentation and information provided by Quectel,
except when the specific permission has been granted by Quectel. The Receiving Party shall not access
or use Quectel’s documentation and information for any purpose except as expressly provided herein.
Furthermore, the Receiving Party shall not disclose any of the Quectel's documentation and information
to any third party without the prior written consent by Quectel. For any noncompliance to the above
requirements, unauthorized use, or other illegal or malicious use of the documentation and information,
Quectel will reserve the right to take legal action.

EC2x&EG9x&EG2x-G_Series_LwM2M_Application_Note 1 / 23
LTE Standard Module Series
EC2x&EG9x&EG2x-G Series LwM2M Application Note

Copyright

The information contained here is proprietary technical information of Quectel Wireless Solutions Co., Ltd.
Transmitting, reproducing, disseminating and editing this document as well as using the content without
permission are forbidden. Offenders will be held liable for payment of damages. All rights are reserved in
the event of a patent grant or registration of a utility model or design.

Copyright © Quectel Wireless Solutions Co., Ltd. 2020. All rights reserved.

EC2x&EG9x&EG2x-G_Series_LwM2M_Application_Note 2 / 23
LTE Standard Module Series
EC2x&EG9x&EG2x-G Series LwM2M Application Note

About the Document

Revision History

Version Date Author Description
- 2020-09-02
1.0 2020-10-12 Herry GENG Creation of the document

Herry GENG First official release

EC2x&EG9x&EG2x-G_Series_LwM2M_Application_Note 3 / 23
LTE Standard Module Series
EC2x&EG9x&EG2x-G Series LwM2M Application Note

Contents

About the Document .................................................................................................................................. 3
Contents ...................................................................................................................................................... 4
Table Index.................................................................................................................................................. 5

1 Introduction ......................................................................................................................................... 6
1.1. Applicable Modules .................................................................................................................... 6

2 Description of LwM2M AT Commands ............................................................................................. 7
2.1. AT Command Syntax ................................................................................................................. 7
2.1.1. Definitions........................................................................................................................ 7
2.1.2. AT Command Syntax ...................................................................................................... 7
2.2. Description of AT Commands .................................................................................................... 8
2.2.1. AT+QLWCFG Configure Optional Parameters of LwM2M........................................... 8
2.2.2. AT+QLWREG Send a Register Request to the LwM2M Server ................................ 14
2.2.3. AT+QLWUPDATE Send an Update Request to the LwM2M Server ......................... 14
2.2.4. AT+QLWDEREG Send a Deregister Request to the LwM2M Server........................ 15
2.2.5. AT+QLWSTAT Get the State of LwM2M Client .......................................................... 15

3 LwM2M Related URCs ...................................................................................................................... 16
3.1. +QLWURC: "pdp active" The PDP Activation Indication....................................................... 16
3.2. +QLWURC: "initial" The Initialization Indication .................................................................... 16
3.3. +QLWURC: "dtls" The DTLS Handshake Indication ............................................................. 17
3.4. +QLWURC: "bootstraping" The Bootstrap Working Indication ............................................. 17
3.5. +QLWURC: "bootstrap" The Bootstrap Indication................................................................. 18
3.6. +QLWURC: "registering" Start Registration Indication.......................................................... 18
3.7. +QLWURC: "ready" The Registration Indication................................................................... 18
3.8. +QLWURC: "update" The Update Indication ........................................................................ 19
3.9. +QLWURC: "deregister" The Deregistration Indication ........................................................ 19

4 Examples ........................................................................................................................................... 20
4.1. Login to the LwM2M Server ..................................................................................................... 20

5 Appendix A References.................................................................................................................... 23

EC2x&EG9x&EG2x-G_Series_LwM2M_Application_Note 4 / 23
LTE Standard Module Series
EC2x&EG9x&EG2x-G Series LwM2M Application Note

Table Index

Table 1: Applicable Modules......................................................................................................................... 6
Table 2: Type of AT Commands and Responses ......................................................................................... 7
Table 3: Terms and Abbreviations .............................................................................................................. 23

EC2x&EG9x&EG2x-G_Series_LwM2M_Application_Note 5 / 23
LTE Standard Module Series
EC2x&EG9x&EG2x-G Series LwM2M Application Note

1 Introduction

OMA Lightweight M2M (LwM2M) is a device management protocol designed for sensor networks and the
demands of a machine-to-machine (M2M) environment. The LwM2M protocol, designed for remote
management of M2M devices and related service enablement, features a modern architectural design
based on REST, defines an extensible resource and data model and builds on an efficient secure data
transfer standard called the Constrained Application Protocol (CoAP).

This document mainly introduces how to use the LwM2M feature with the following Quectel LTE standard
modules through AT commands.

1.1. Applicable Modules

Table 1: Applicable Modules

Module Series Module
EC2x series EC21 series
EG9x series EC25 series
EG2x-G EC20 R2.1
EG91 series
EG95 series
EG21-G
EG25-G

EC2x&EG9x&EG2x-G_Series_LwM2M_Application_Note 6 / 23
LTE Standard Module Series
EC2x&EG9x&EG2x-G Series LwM2M Application Note

2 Description of LwM2M AT Commands

2.1. AT Command Syntax

2.1.1. Definitions

 <CR> Carriage return character.
 <LF> Line feed character.
 <...> Parameter name. Angle brackets do not appear on command line.
 [...] Optional parameter of a command or an optional part of TA information response.

Square brackets do not appear on command line. When an optional parameter is

omitted, the new value equals its previous value or its default setting, unless otherwise

specified.
 Underline Default setting of a parameter.

2.1.2. AT Command Syntax

The AT or at prefix must be added at the beginning of each command line. Entering <CR> will terminate a
command line. Commands are usually followed by a response that includes
<CR><LF><response><CR><LF>. Throughout this document, only the response <response> will be
presented, <CR><LF> are omitted intentionally.

Table 2: Type of AT Commands and Responses

Test Command AT+<cmd>=? This command returns the list of parameters and value
ranges set by the corresponding Write Command or
Read Command internal processes.
Write Command
Execution Command AT+<cmd>? This command returns the currently set value of the
parameter or parameters.

AT+<cmd>=<p1>
This command sets the user-definable parameter values.

[,<p2>[,<p3>[...]]]

AT+<cmd> This command reads non-variable parameters affected
by internal processes in the module.

EC2x&EG9x&EG2x-G_Series_LwM2M_Application_Note 7 / 23
LTE Standard Module Series
EC2x&EG9x&EG2x-G Series LwM2M Application Note

2.2. Description of AT Commands

2.2.1. AT+QLWCFG Configure Optional Parameters of LwM2M

This command configures optional parameters of LwM2M.

AT+QLWCFG Configure Optional Parameters of LwM2M

Test Command Response
AT+QLWCFG=? +QLWCFG: "security",(range of supported <serverID>s),(range
of supported <SSID>s),<server_addr>,(list of supported <boots
trap>s),(list of supported <security_mode>s),<pskID>,<psk_ke
y>
+QLWCFG: "server",(range of supported <serverID>s),(range
of supported <life_time>s),(range of supported <pmin>s),(range
of supported <pmax>s),(range of supported <disable_timeout>
s),(list of supports <storing>s),(list of supported <binding_mod
e>s)
+QLWCFG: "epname/mode",(list of supported <mode>s)
+QLWCFG: "urc",(list of supported <URC_onoff>s)
+QLWCFG: "startup",(list of supported <auto_startup>s)
+QLWCFG: "fota",(list of supported <download>s),(list of
supported <update>s)
+QLWCFG: "hostdevice",(list of supported <hostID>s),<device
ID>,<manufacturer>,<model>,<sw_version>,<fw_version>,<hw
_version>,<upgrade_time>
+QLWCFG: "reset"
+QLWCFG: "nettype",(range of supported <net_type>s)
+QLWCFG: "maxreconntime",(range of supported
<unitreconntime>s),(range of supported
<multreconntime>s),(range of supported <maxdelaytime>s)
+QLWCFG: "apnretry",(list of supported <APN_ID>s),(range of
supported <retry_time>s),(range of supported <period>s)

Write Command OK
Read/configure the LwM2M Response
server property If the optional parameters are omitted, query the current
AT+QLWCFG="security"[,<serv configuration:
erID>[,<SSID>,<server_addr>,< +QLWCFG: "security",<serverID>,<SSID>,<server_addr>,<boo
bootstrap>,<security_mode>[,< tstrap>,<security_mode>
pskID>,<psk_key>]]] …

OK

If only <serverID> is specified and other optional parameters are

EC2x&EG9x&EG2x-G_Series_LwM2M_Application_Note 8 / 23
LTE Standard Module Series
EC2x&EG9x&EG2x-G Series LwM2M Application Note

omitted, delete the property data of the specified <serverID>:
OK
Or
ERROR

Write Command If any of the other optional parameters are specified, configure the
Read/configure the LwM2M specified server property:
server attribute OK
AT+QLWCFG="server"[,<server Or
ID>,<life_time>[,<pmin>[,<pma ERROR
x>[,<disable_timeout>[,<storin Response
g>[,<binding_mode>]]]]]] If the optional parameters are omitted, query the current
configurations:
+QLWCFG: "server",<serverID>,<life_time>,<pmin>,<pmax>,<
disable_timeout>,<storing>,<binding_mode>

OK

Write Command If any of the optional parameters are specified, configure the server
Read/configure mode of end point attribute:
name OK
AT+QLWCFG="epname/mode"[ Or
,<mode>] ERROR
Response
If the optional parameter is omitted, query the current configuration:
+QLWCFG: "epname/mode",<mode>

OK

Write Command If the optional parameter is specified, configure the mode of end
Read/configure LwM2M URC point name:
enablement OK
AT+QLWCFG="urc"[,<URC_on Or
off>] ERROR
Response
If the optional parameter is omitted, query the current configuration:
+QLWCFG: "urc",<URC_onoff>

OK

If the optional parameter is specified, configure whether to enable
URC report:
OK

EC2x&EG9x&EG2x-G_Series_LwM2M_Application_Note 9 / 23
LTE Standard Module Series
EC2x&EG9x&EG2x-G Series LwM2M Application Note

Or

ERROR

Write Command Response

Read/configure the startup mode If the optional parameter is omitted, query the current configuration:

of LwM2M client +QLWCFG: "startup",<auto_startup>

AT+QLWCFG="startup"[,<auto_

startup>] OK

Write Command If the optional parameter is specified, configure the startup mode:
Read/configure FOTA mode OK
AT+QLWCFG="fota"[,<downloa Or
d>,<update>] ERROR
Response
If the optional parameters are omitted, query the current
configuration:
+QLWCFG: "fota",<download>,<update>

OK

Write Command If the optional parameters are specified, configure the FOTA mode:
Read/configure host device OK
information if the network is not Or
Verizon ERROR
AT+QLWCFG="hostdevice"[,<h Response
ostID>,<deviceID>,<manufactur If the optional parameters are omitted, query the current
er>,<model>,<sw_version>] configurations:
+QLWCFG: "hostdevice",<hostID>,<deviceID>,<manufacture
r>,<model>,<sw_version>

OK

Write Command If the optional parameters are specified, configure host device
Read/configure host device information:
information under Verizon OK
network Or
AT+QLWCFG="hostdevice"[,<h ERROR
ostID>[,<deviceID>[,<manufact Response
urer>[,<model>[,<sw_version>[ If the optional parameters are omitted, query the current
,<fw_version>[,<hw_version>[, configurations:
+QLWCFG: "hostdevice",<hostID>,<deviceID>,<manufacture
r>,<model>,<sw_version>,<fw_version>,<hw_version>,<upgra
de_time>

OK

EC2x&EG9x&EG2x-G_Series_LwM2M_Application_Note 10 / 23
LTE Standard Module Series
EC2x&EG9x&EG2x-G Series LwM2M Application Note

<upgrade_time>]]]]]]]]

If the optional parameters are specified, configure host device

information:

OK

Or

ERROR

Execution Command Response

Erase LwM2M client running OK

record Or

AT+QLWCFG="reset" ERROR

Write Command Response

Read/configure the net type of If the optional parameter is omitted, query the current configuration:

LwM2M client +QLWCFG: "nettype",<net_type>

AT+QLWCFG="nettype"[,<net_t

ype>] OK

Write Command If the optional parameter is specified, configure the net type:
Read/configure the reconnection OK
attribute Or
AT+QLWCFG="maxreconntime ERROR
"[,<unitreconntime>,<multreco Response
nntime>,<maxdelaytime>] If the optional parameters are omitted, query the current
configuration:
+QLWCFG: "maxreconntime",<unitreconntime>,<multreconnti
me>,<maxdelaytime>

OK

Write Command If the optional parameters are specified, configure the specified
Read/configure the APN retry reconnection:
attribute OK
AT+QLWCFG="apnretry"[,<AP Or
N_ID>,<retry_time>,<period>] ERROR
Response
If the optional parameters are omitted, query the current
configuration:
+QLWCFG: "apnretry",<APN_ID>,<retry_time>,<period>

OK

If the optional parameters are specified, configure the specified
APN retry attribute:
OK

EC2x&EG9x&EG2x-G_Series_LwM2M_Application_Note 11 / 23
LTE Standard Module Series
EC2x&EG9x&EG2x-G Series LwM2M Application Note

Maximum Response Time Or
Characteristics ERROR

/

The commands take effect immediately.
The configurations will be saved automatically while the <net_t
ype> will not be saved.

Parameter

<serverID> Integer type. Server type.
0 Bootstrap server
<SSID> 1 DM server
2 Diagnostics server
<server_addr> 3 Repository server
<bootstrap> Integer type. Short server ID. Custom parameter. Range: 1–65535.
For Verizon network, the valid values are:
<security_mode> 100 Bootstrap server
101 Diagnostics server
<pskID> 102 DM server
<psk_key> 1000 Repository server
<life_time> String type. Server address. The format is "address:port".
<pmin> Integer type. Bootstrap server flag.
<pmax> 0 Not bootstrap (Only valid when <serverID> is not 0)
<disable_timeout> 1 Bootstrap (Only valid when <serverID>=0)
<storing> Integer type. Encryption method.
0 Pre-share key mode
<binding_mode> 3 No security mode
String type. Pre-shared key identity. Only valid when <security_mode>=0.
String type in hexadecimal. Pre-share key. Only valid when <security_mode>=0.
Integer type. The lifetime of receiving heartbeat package by server. Range:
1–86400. Default: 60. Unit: second.
Integer type. The minimum response period. Range: 1–86400. Default: 1. Unit:
second.
Integer type. The maximum response period. Range: 1–86400. Default: 60. Unit:
second.
Integer type. The interval to the next connection after disconnecting from the
LwM2M server. Range: 1–86400. Default: 86400. Unit: second.
Integer type. Whether to save the server information.
0 Do not save
1 Save
String type. The binding mode used to connect the LwM2M server.
"U" UDP

EC2x&EG9x&EG2x-G_Series_LwM2M_Application_Note 12 / 23
LTE Standard Module Series
EC2x&EG9x&EG2x-G Series LwM2M Application Note

<mode> "UQ" UDP with Queue mode
"S" SMS
<URC_onoff> "SQ" SMS with Queue mode
"US" UDP and SMS
<auto_startup> "UQS" UDP and SMS with Queue mode
Integer type. The format of endpoint name.
<download> 3 The endpoint name format: urn:imei:xxxxx
6 The endpoint name format: urn:imei-msisdn:xxxxx-xxx
<update> 7 The endpoint name format: urn:imei-imsi:xxxxx-xxx
8 China Mobile DM endpoint name
<hostID> Integer type.
<deviceID> 0 Disable LwM2M URC report
<manufacturer> 1 Enable LwM2M URC report
<model> Integer type.
<sw_version> 0 LwM2M will not be started automatically when the module is powered on
<fw_version> 1 LwM2M will be started automatically when the module is powered on
<hw_version> Integer type. The mode of downloading delta firmware package.
<upgrade_time> 0 Download package manually
<net_type> 1 Download package automatically
Integer type. The update mode of FOTA.
<unitreconntime> 0 Update manually
<multreconntime> 1 Update automatically
<maxdelaytime> Integer type. The identity of host device. Range: 0–1.
String type. The device ID of host device.
String type. The manufacturer name of host device.
String type. The model of host device.
String type. The software version number of host device.
String type. The firmware version number of host device.
String type. The hardware version number of host device.
Integer type. The seconds from January 1,1970 00:00:00 to the last firmware or
software update time. If no time stamp is available, 0 is returned.
Integer type. The network type.
0 Others
1 Verizon
2 AT&T
Integer type. The coefficient of the wait time before retrying. Range: 1–86400.
Default: 1 (300 under AT&T network). Unit: second.
Integer type. Base number of the wait time before retrying. Range: 2–86400.
Default: 2 (5 under AT&T network).
Integer type. The max delay time of the wait time before retrying. Range:
0–86400. Default: 0 (86400 under AT&T network). Unit: second. The module will
retry to connect if <maxdelaytime> is greater than the delay time calculated by
the following formula, otherwise, it will end reconnection.

EC2x&EG9x&EG2x-G_Series_LwM2M_Application_Note 13 / 23
<APN_ID> LTE Standard Module Series
<retry_time> EC2x&EG9x&EG2x-G Series LwM2M Application Note

<period> Delay time = <unitreconntime> x <multreconntime> ^ reconnection times
Integer type. The ID of the APN to be reactivated. Range: 0–1.
Integer type. The retry times to reactivate the APN. Range: 0–16. Default: 0 (2
under AT&T network).
Integer type. The retry period to reactivate the APN. Range: 0–86400. Default: 0
(86400 under AT&T network). Unit: second.

2.2.2. AT+QLWREG Send a Register Request to the LwM2M Server

This command sends a register request to the LwM2M Server.

AT+QLWREG Send a Register Request to the LwM2M Server

Test Command Response
AT+QLWREG=? OK
Execution Command Response
AT+QLWREG OK
Or
ERROR

2.2.3. AT+QLWUPDATE Send an Update Request to the LwM2M Server

This command sends an update request to the LwM2M Server.

AT+QLWUPDATE Send an Update Request to the LwM2M Server

Test Command Response
AT+QLWUPDATE=? OK
Write Command Response
AT+QLWUPDATE=<SSID> OK
Or
ERROR

Parameter Integer type. Short server ID.
0 All servers
<SSID> Others Other specified server

EC2x&EG9x&EG2x-G_Series_LwM2M_Application_Note 14 / 23
LTE Standard Module Series
EC2x&EG9x&EG2x-G Series LwM2M Application Note

2.2.4. AT+QLWDEREG Send a Deregister Request to the LwM2M Server

This command launches a deregister request to the LwM2M Server.

AT+QLWDEREG Send a Deregister Request to the LwM2M Server

Test Command Response
AT+QLWDEREG=? OK
Execution Command Response
AT+QLWDEREG OK
Or
ERROR

2.2.5. AT+QLWSTAT Get the State of LwM2M Client

This command queries the state of the specified LwM2M client.

AT+QLWSTAT Get the State of LwM2M Client

Test Command Response
AT+QLWSTAT=? OK

Read Command Response
AT+QLWSTAT? +QLWSTAT: <stat>

OK
Or
ERROR

Parameter Integer type. Indicates the state of LwM2M client.
0 Not registered
<stat> 1 Registering
2 Registered
3 Deregistering

EC2x&EG9x&EG2x-G_Series_LwM2M_Application_Note 15 / 23
LTE Standard Module Series
EC2x&EG9x&EG2x-G Series LwM2M Application Note

3 LwM2M Related URCs

This chapter gives LwM2M related URCs and descriptions.

3.1. +QLWURC: "pdp active" The PDP Activation Indication

The activation result of PDP. The PDP should be activated before sending register request to the LwM2M
server.

+QLWURC: "pdp active" The PDP Activation Indication

+QLWURC: "pdp active",<result>,<APN> This URC is reported to indicate the PDP activation
result.

Parameter String type. The result of PDP activation.
"successfully"
<result> "failed"
String type. APN name.
<APN>

3.2. +QLWURC: "initial" The Initialization Indication

The initialization result of connection between client and the LwM2M server.

+QLWURC: "initial" The Initialization Indication

+QLWURC: "initial",<result>,<SSID> This URC is reported to indicate the connection
initialization result.

Parameter String type. The initialization result.
"successfully"
<result> "failed"

EC2x&EG9x&EG2x-G_Series_LwM2M_Application_Note 16 / 23
<SSID> LTE Standard Module Series
EC2x&EG9x&EG2x-G Series LwM2M Application Note

Integer type. Short server ID.
0 All servers
Others Specified servers

3.3. +QLWURC: "dtls" The DTLS Handshake Indication

This URC is reported to indicate the DTLS handshake result if the encryption method is used.

+QLWURC: "dtls" The DTLS Handshake Indication

+QLWURC: "dtls",<result>,<SSID> This URC is reported to indicate the DTLS
handshake result.

Parameter String type. DTLS handshake result.
"successfully"
<result> "failed"
Integer type. Short server ID.
<SSID> 0 All servers
Others Specified servers

3.4. +QLWURC: "bootstraping" The Bootstrap Working Indication

This URC will be reported when Bootstrap is working.

+QLWURC: "bootstraping" The Bootstrap Working Indication

+QLWURC: "bootstraping" This URC is reported to indicate that the Bootstrap
is working.

EC2x&EG9x&EG2x-G_Series_LwM2M_Application_Note 17 / 23
LTE Standard Module Series
EC2x&EG9x&EG2x-G Series LwM2M Application Note

3.5. +QLWURC: "bootstrap" The Bootstrap Indication

The working result of Bootstrap.

+QLWURC: "bootstrap" The Bootstrap Indication

+QLWURC: "bootstrap",<result>,<SSID> This URC is reported to indicate the Bootstrap
working result.

Parameter String type. The working result of Bootstrap.
"successfully"
<result> "failed"
Integer type. Short server ID.
<SSID> 0 All servers
Others Specified servers

3.6. +QLWURC: "registering" Start Registration Indication

This URC will be reported when the client is registering on the LwM2M server.

+QLWURC: "registering" Start Registration Indication

+QLWURC: "registering" This URC is reported to indicate that the client is
registering.

3.7. +QLWURC: "ready" The Registration Indication

This URC is reported to indicate the registration result after sending the register request to the LwM2M
server.

+QLWURC: "ready" The Registration Indication

+QLWURC: "ready",<result>,<SSID> This URC is reported to indicate the registration
result.

Parameter String type. The registration result.

<result>

EC2x&EG9x&EG2x-G_Series_LwM2M_Application_Note 18 / 23
<SSID> LTE Standard Module Series
EC2x&EG9x&EG2x-G Series LwM2M Application Note

"successfully"
"failed"
Integer type. Short server ID.
0 All servers
Others Specified servers

3.8. +QLWURC: "update" The Update Indication

This URC is reported to indicate the update result after sending the update request to the LwM2M server.

+QLWURC: "update" The Update Indication

+QLWURC: "update",<result>,<SSID> This URC is reported to indicate the update result.

Parameter String type. Update result.
"successfully"
<result> "failed"
Integer type. Short server ID.
<SSID> 0 All servers
Others Specified servers

3.9. +QLWURC: "deregister" The Deregistration Indication

This URC is reported to indicate the deregistration result after sending deregister request to the LwM2M
server.

+QLWURC: "deregister" The Deregistration Indication

+QLWURC: "deregister",<SSID> This URC is reported to indicate the deregistration
result.

Parameter Integer type. Short server ID.
0 All servers
<SSID> Others Specified servers

EC2x&EG9x&EG2x-G_Series_LwM2M_Application_Note 19 / 23
LTE Standard Module Series
EC2x&EG9x&EG2x-G Series LwM2M Application Note

4 Examples

This chapter gives the examples to explain how to use LwM2M related AT commands.

4.1. Login to the LwM2M Server

AT+QLWCFG=?

+QLWCFG: "security",(0-3),(1-65535),<server_addr>,(0,1),(0,3),<pskID>,<psk_key>
+QLWCFG: "server",(0-3),(1-86400),(1-86400),(1-86400),(1-86400),(0,1),("U","UQ","S","SQ","US""U
QS")
+QLWCFG: "epname/mode",(3,6,7,8)
+QLWCFG: "urc",(0,1)
+QLWCFG: "startup",(0,1)
+QLWCFG: "fota",(0,1),(0,1)
+QLWCFG: "hostdevice",(0,1),<deviceID>,<manufacturer>,<model>,<sw_version>,<fw_version>,
<hw_version>,<upgrade_time>
+QLWCFG: "reset"
+QLWCFG: "nettype",(0-2)
+QLWCFG: "maxreconntime",(1-86400),(2-86400),(0-86400)
+QLWCFG: "apnretry",(0,1),(0-16),(0-86400)

OK
AT+QLWCFG="security",0,100,"coaps://InteropBootstrap.dm.iot.att.com:5694",1,0,"urn:imei:8644
30010001095","313233343536"
OK
AT+QLWCFG="security"
+QLWCFG: "security",0,100,"coaps://InteropBootstrap.dm.iot.att.com:5694",1,0

OK
AT+QLWCFG="epname/mode",3
OK
AT+QLWCFG="epname/mode"
+QLWCFG: "epname/mode",3

OK
AT+QLWCFG="urc",1

EC2x&EG9x&EG2x-G_Series_LwM2M_Application_Note 20 / 23
LTE Standard Module Series
EC2x&EG9x&EG2x-G Series LwM2M Application Note

OK
AT+QLWCFG="urc"
+QLWCFG: "urc",1

OK
AT+QLWCFG="startup",1
OK
AT+QLWCFG="startup"
+QLWCFG: "startup",1

OK
AT+QLWCFG="fota",1,1
OK
AT+QLWCFG="fota"
+QLWCFG: "fota",1,1

OK

AT+QLWCFG="hostdevice",0,"HUID0","HMAN0","HMOD0","HSW0" //Configure host device

information if the network is not

Verizon.

OK

AT+QLWCFG="hostdevice" //Read host device information if the network is not Verizon.

+QLWCFG: "hostdevice",0,"HUID0","HMAN0","HMOD0","HSW0"

+QLWCFG: "hostdevice",1,"HUID1","HMAN1","HMOD1","HSW1"

OK
AT+QLWCFG="reset"
OK
AT+QLWCFG="nettype",2
OK
AT+QLWCFG="nettype"
+QLWCFG: "nettype",2

OK
AT+QLWSTAT?
+QLWSTAT: 0

OK
AT+QLWREG
OK

+QLWURC: "pdp active","successfully","attm2mglobal"

+QLWURC: "initial","successfully",100

EC2x&EG9x&EG2x-G_Series_LwM2M_Application_Note 21 / 23
LTE Standard Module Series
EC2x&EG9x&EG2x-G Series LwM2M Application Note

+QLWURC: "dtls","successfully",100

+QLWURC: "bootstraping"

+QLWURC: "bootstrap","successfully",100

+QLWURC: "initial","successfully",1

+QLWURC: "dtls","successfully",1

+QLWURC: "registering"

+QLWURC: "ready","successfully",1
AT+QLWUPDATE=0
OK

+QLWURC: "update","successfully",1
AT+QLWSTAT?
+QLWSTAT: 2

OK
AT+QLWDEREG
OK

+QLWURC: "deregister",0
AT+QLWSTAT?
+QLWSTAT: 0

OK

EC2x&EG9x&EG2x-G_Series_LwM2M_Application_Note 22 / 23
LTE Standard Module Series
EC2x&EG9x&EG2x-G Series LwM2M Application Note

5 Appendix A References

Table 3: Terms and Abbreviations

Abbreviation Description
APN Access Point Name
CoAP Constrained Application Protocol
DM Device Management
DTLS Datagram Transport Layer Security
ID Mostly refers to Identifier in terms of software
LTE Long Term Evolution
LwM2M Lightweight Machine to Machine
PDP Packet Data Protocol
REST Representational State Transfer
SMS Short Message Service
SSID Service Set Identifier
UDP User Datagram Protocol
URC Unsolicited Result Code

EC2x&EG9x&EG2x-G_Series_LwM2M_Application_Note 23 / 23

+ 1600
- 0
3_doc_on_module/01_Software/Quectel_EG25-G&EC2x_Series_BT_Application_Note_V1.1.pdf
File diff suppressed because it is too large
View File


+ 159
- 0
3_doc_on_module/01_Software/Quectel_EG25-G_T-Mobile_Certification_Software_Configuration_Guide_V1.0.pdf View File

@@ -0,0 +1,159 @@
EG25-G T-Mobile Certification
Software Configuration Guide

LTE Standard Module Series
Version: 1.0
Date: 2020-08-27
Status: Released

www.quectel.com
LTE Standard Module Series
EG25-G T-Mobile Certification Software Configuration Guide

Our aim is to provide customers with timely and comprehensive service. For any assistance,
please contact our company headquarters:

Quectel Wireless Solutions Co., Ltd.
Building 5, Shanghai Business Park Phase III (Area B), No.1016 Tianlin Road, Minhang District, Shanghai
200233, China
Tel: +86 21 5108 6236 Email: info@quectel.com

Or our local office. For more information, please visit: http://www.quectel.com/support/sales.htm.

For technical support, or to report documentation errors, please visit:
http://www.quectel.com/support/technical.htm or email to support@quectel.com.

GENERAL NOTES
QUECTEL OFFERS THE INFORMATION AS A SERVICE TO ITS CUSTOMERS. THE INFORMATION
PROVIDED IS BASED UPON CUSTOMERS’ REQUIREMENTS. QUECTEL MAKES EVERY EFFORT
TO ENSURE THE QUALITY OF THE INFORMATION IT MAKES AVAILABLE. QUECTEL DOES NOT
MAKE ANY WARRANTY AS TO THE INFORMATION CONTAINED HEREIN, AND DOES NOT ACCEPT
ANY LIABILITY FOR ANY INJURY, LOSS OR DAMAGE OF ANY KIND INCURRED BY USE OF OR
RELIANCE UPON THE INFORMATION. ALL INFORMATION SUPPLIED HEREIN IS SUBJECT TO
CHANGE WITHOUT PRIOR NOTICE.

DISCLAIMER
WHILE QUECTEL HAS MADE EFFORTS TO ENSURE THAT THE FUNCTIONS AND FEATURES
UNDER DEVELOPMENT ARE FREE FROM ERRORS, IT IS POSSIBLE THAT THESE FUNCTIONS
AND FEATURES COULD CONTAIN ERRORS, INACCURACIES AND OMISSIONS. UNLESS
OTHERWISE PROVIDED BY VALID AGREEMENT, QUECTEL MAKES NO WARRANTIES OF ANY
KIND, IMPLIED OR EXPRESS, WITH RESPECT TO THE USE OF FEATURES AND FUNCTIONS
UNDER DEVELOPMENT. TO THE MAXIMUM EXTENT PERMITTED BY LAW, QUECTEL EXCLUDES
ALL LIABILITY FOR ANY LOSS OR DAMAGE SUFFERED IN CONNECTION WITH THE USE OF THE
FUNCTIONS AND FEATURES UNDER DEVELOPMENT, REGARDLESS OF WHETHER SUCH LOSS
OR DAMAGE MAY HAVE BEEN FORESEEABLE.

COPYRIGHT
THE INFORMATION CONTAINED HERE IS PROPRIETARY TECHNICAL INFORMATION OF
QUECTEL WIRELESS SOLUTIONS CO., LTD. TRANSMITTING, REPRODUCING, DISSEMINATING
AND EDITING THIS DOCUMENT AS WELL AS USING THE CONTENT WITHOUT PERMISSION ARE
FORBIDDEN. OFFENDERS WILL BE HELD LIABLE FOR PAYMENT OF DAMAGES. ALL RIGHTS ARE
RESERVED IN THE EVENT OF A PATENT GRANT OR REGISTRATION OF A UTILITY MODEL OR
DESIGN.

Copyright © Quectel Wireless Solutions Co., Ltd. 2020. All rights reserved.

EG25-G_T-Mobile_Certification_Software_Configuration_Guide 1/7
LTE Standard Module Series
EG25-G T-Mobile Certification Software Configuration Guide

About the Document

Revision History

Version Date Author Description
Initial
1.0 2020-08-27 Jarvis FENG

EG25-G_T-Mobile_Certification_Software_Configuration_Guide 2/7
LTE Standard Module Series
EG25-G T-Mobile Certification Software Configuration Guide

Contents

About the Document .................................................................................................................................. 2
Contents ...................................................................................................................................................... 3
1 Introduction ......................................................................................................................................... 4
2 Software Configuration ...................................................................................................................... 5

2.1. Configuration Steps ................................................................................................................... 5
2.1.1. Disable Voice .................................................................................................................. 5
2.1.2. Disable IMS ..................................................................................................................... 5
2.1.3. Configure UE’s Usage Setting ........................................................................................ 6
2.1.4. Reboot the Module.......................................................................................................... 6

3 Appendix A References...................................................................................................................... 7

EG25-G_T-Mobile_Certification_Software_Configuration_Guide 3/7
LTE Standard Module Series
EG25-G T-Mobile Certification Software Configuration Guide

1 Introduction

Some functions of the chip in Quectel EG25-G module that supports both data and voice (hereinafter
referred to as Telematics module) do not meet the T-Mobile certification requirements, so T-Mobile
requires the module to only support data (hereinafter referred to as Data-only module) when undergoing
T-Mobile certification. Therefore, this document mainly introduces the software configuration methods to
make the Telematics version of EG25-G module as Data-only version to meet the requirements of
T-Mobile certification.

NOTE

For other Telematics versions of LTE Standard EC21 series, EC25 series, EG91 series, EG95 series and
EG21-G modules that require T-Mobile certification, this document can also be used as a reference.

EG25-G_T-Mobile_Certification_Software_Configuration_Guide 4/7
LTE Standard Module Series
EG25-G T-Mobile Certification Software Configuration Guide

2 Software Configuration

2.1. Configuration Steps

The following sub-chapters describe the software configuration steps for meeting the requirements of
T-Mobile certification.

2.1.1. Disable Voice

Execute AT+QNVW=5280,0,"0102000000000000" to disable voice as below. For more details of the
command, please contact Quectel Technical Supports.

2.1.2. Disable IMS

Execute AT+QNVFW="/nv/item_files/ims/IMS_enable",00 to disable IMS task as below. For more
details of the command, please contact Quectel Technical Supports.

EG25-G_T-Mobile_Certification_Software_Configuration_Guide 5/7
LTE Standard Module Series
EG25-G T-Mobile Certification Software Configuration Guide

2.1.3. Configure UE’s Usage Setting

Execute AT+QNVFW="/nv/item_files/modem/mmode/ue_usage_setting",01 to configure the UE’s
usage setting as data centric as T-Mobile requires for Data-only module.

2.1.4. Reboot the Module

The configurations performed through the commands in above sub-chapters take effect after the module
is rebooted. Therefore, reboot the module to make it a Data-only module for T-Mobile certification.

NOTE

Reconfigure the software of the module according to the steps described in this chapter every time you
switch to T-Mobile (U)SIM card.

EG25-G_T-Mobile_Certification_Software_Configuration_Guide 6/7
LTE Standard Module Series
EG25-G T-Mobile Certification Software Configuration Guide

3 Appendix A References

Table 1: Terms and Abbreviations

Abbreviation Description
IMS IP Multimedia Subsystem
(U)SIM (Universal) Subscriber Identity Module
UE User Equipment

EG25-G_T-Mobile_Certification_Software_Configuration_Guide 7/7

+ 1010
- 0
3_doc_on_module/01_Software/Quectel_LTE_Standard_FILE_Application_Note_V1.1.pdf
File diff suppressed because it is too large
View File


+ 1647
- 0
3_doc_on_module/01_Software/Quectel_LTE_Standard_HTTP(S)_Application_Note_V1.1.pdf
File diff suppressed because it is too large
View File


+ 1085
- 0
3_doc_on_module/01_Software/Quectel_LTE_Standard_MMS_Application_Note_V1.1.pdf
File diff suppressed because it is too large
View File


+ 1400
- 0
3_doc_on_module/01_Software/Quectel_LTE_Standard_MQTT_Application_Note_V1.2.pdf
File diff suppressed because it is too large
View File


+ 329
- 0
3_doc_on_module/01_Software/Quectel_LTE_Standard_Security_Protection_Design_V1.0.pdf View File

@@ -0,0 +1,329 @@
LTE Standard
Security Protection Design

LTE Standard Module Series
Rev. LTE_Standard_Security_Protection_Design_V1.0
Date: 2019-10-24
Status: Released

www.quectel.com
LTE Standard Module Series
LTE Standard Security Protection Design

Our aim is to provide customers with timely and comprehensive service. For any
assistance, please contact our company headquarters:

Quectel Wireless Solutions Co., Ltd.

Building 5, Shanghai Business Park Phase III (Area B), No.1016 Tianlin Road, Minhang District, Shanghai,
China 200233
Tel: +86 21 5108 6236
Email: info@quectel.com

Or our local office. For more information, please visit:

http://www.quectel.com/support/sales.htm

For technical support, or to report documentation errors, please visit:

http://www.quectel.com/support/technical.htm
Or email to: support@quectel.com

GENERAL NOTES

QUECTEL OFFERS THE INFORMATION AS A SERVICE TO ITS CUSTOMERS. THE INFORMATION
PROVIDED IS BASED UPON CUSTOMERS’ REQUIREMENTS. QUECTEL MAKES EVERY EFFORT
TO ENSURE THE QUALITY OF THE INFORMATION IT MAKES AVAILABLE. QUECTEL DOES NOT
MAKE ANY WARRANTY AS TO THE INFORMATION CONTAINED HEREIN, AND DOES NOT ACCEPT
ANY LIABILITY FOR ANY INJURY, LOSS OR DAMAGE OF ANY KIND INCURRED BY USE OF OR
RELIANCE UPON THE INFORMATION. ALL INFORMATION SUPPLIED HEREIN IS SUBJECT TO
CHANGE WITHOUT PRIOR NOTICE.

COPYRIGHT

THE INFORMATION CONTAINED HERE IS PROPRIETARY TECHNICAL INFORMATION OF
QUECTEL WIRELESS SOLUTIONS CO., LTD. TRANSMITTING, REPRODUCTION, DISSEMINATION
AND EDITING OF THIS DOCUMENT AS WELL AS UTILIZATION OF THE CONTENT ARE
FORBIDDEN WITHOUT PERMISSION. OFFENDERS WILL BE HELD LIABLE FOR PAYMENT OF
DAMAGES. ALL RIGHTS ARE RESERVED IN THE EVENT OF A PATENT GRANT OR
REGISTRATION OF A UTILITY MODEL OR DESIGN.

Copyright © Quectel Wireless Solutions Co., Ltd. 2019. All rights reserved.

LTE_Standard_Security_Protection_Design 1 / 10
LTE Standard Module Series
LTE Standard Security Protection Design

About the Document

History

Revision Date Author Description
1.0 2019-10-24 Darren LI Initial

LTE_Standard_Security_Protection_Design 2 / 10
LTE Standard Module Series
LTE Standard Security Protection Design

Contents

About the Document .................................................................................................................................. 2
Contents ...................................................................................................................................................... 3

1 Introduction ......................................................................................................................................... 4
1.1. General Description ................................................................................................................... 4
1.2. Applicable Modules .................................................................................................................... 5

2 Security Protection Measures ........................................................................................................... 6
2.1. Network Security Protection....................................................................................................... 6
2.2. Linux Login Protection ............................................................................................................... 6

3 Common Attacks and Defense Methods.......................................................................................... 7
3.1. GSM Pseudo Base Station Attack ............................................................................................. 7
3.2. Private APN Attack ..................................................................................................................... 7
3.3. Module AT command Vulnerability Attack.................................................................................. 7
3.4. SSL KEY Vulnerability Attack ..................................................................................................... 8
3.5. OTA Attack.................................................................................................................................. 8
3.6. TSP Attack.................................................................................................................................. 8

4 Security Protection Recommendation ............................................................................................. 9

5 Appendix A Terms and Abbreviations ........................................................................................... 10

LTE_Standard_Security_Protection_Design 3 / 10
LTE Standard Module Series
LTE Standard Security Protection Design

1 Introduction

1.1. General Description

By default, the Linux OS of Quectel LTE standard modules will not access the network, and thus the
attacker cannot remotely log in or control the operating system of the module.

If features of RNDIS, ECM, SGMII and Wi-Fi drivers are needed, the module will access the Internet
through the TCP/IP protocol stack of Linux system on AP side. When Linux system accesses the Internet,
the security protection must be performed both in customers’ device and the module. The network
security framework is shown as the following figure.

Active Repair of Network Vulnerabilities

WAN driver Firewall

Linux IP stack
Routing/NATing/IP filter/DMZ

Data service Login protection Nerwork drivers
TCP/IP stack
SMD/
SMEM RNDIS network ECM network SGMII network Wi-Fi network

driver driver driver driver

Protocol RmNet SMD/ USB driver stack USB ECM/RNDIS
stack driver SMEM TTY/ACM SGMII/SDIO driver

RF driver SMD/ SMD/
SMEM SMEM

USB interface USB SDIO/SGMII interface

WWAN
interface

Customer MCU Customer MCU as LAN Port
as WWAN Port
Base
station

TCP/IP AT USB GobiNet/NDIS/ USB SGMII Wi-Fi
command QMI_WWAN/MBIM ECM/RNDIS

Figure 1: Network Security Framework

LTE_Standard_Security_Protection_Design 4 / 10
LTE Standard Module Series
LTE Standard Security Protection Design

1.2. Applicable Modules

This document is applicable to the following Quectel LTE Standard modules.

 EC2x: EC25, EC21, EC20 R2.0 and EC20 R2.1
 EG2x-G: EG25-G and EG21-G
 EG9x: EG91 and EG95
 EM05

LTE_Standard_Security_Protection_Design 5 / 10
LTE Standard Module Series
LTE Standard Security Protection Design

2 Security Protection Measures

Quectel will continuously merge the patches into the module’s firmware to fix various public software
vulnerabilities, and enable the firewall to turn off all the unnecessary remote listening ports, remote login
services and network ports (such as ADB remote debug ports) to prevent module being remotely cracked
and controlled.

Meanwhile, Quectel will enable the login protection for Linux console to avoid malicious login and
debugging. If the Linux console needs to be used for debugging, the RSA asymmetric encryption
algorithm or the hardware ID binding will be used; and the Linux console can only be enabled after
passing the password authentication of Quectel’s internal server.

2.1. Network Security Protection

With the Netfilter-based firewall function supported and the public software vulnerabilities regularly fixed,
the main network security protection measures are as follows.

1. Filter incoming/outgoing packets for protecting against attacks like SYN Flood, ping Flood, UDP
Flood, Fragmentation bomb, ICMP routing redirect bomb, etc.

2. Protect the port, i.e. disable the unused ports and their scanning response function.
3. If the built-in protocol stack SSL is used, Quectel will provide a security storage solution for storing

the customers’ communication certificate to avoid their key certificate being filched in the future.

2.2. Linux Login Protection

The login protection for Linux console is the core of the security protection, and the main protection
measures are as follows.

1. Disable the remote login port and service by default. If the Linux console needs to be enabled, the
RSA asymmetric encryption algorithm should be used and the related services of the console can
only be enabled after passing the password authentication of Quectel’s internal server.

2. The unauthorized user login is prohibited (Unauthorized users cannot obtain the login information).
3. Bind the initial password to the hardware ID, and use the strong password technology to prevent the

module’s password from being cracked and causing all modules to be cracked.

LTE_Standard_Security_Protection_Design 6 / 10
LTE Standard Module Series
LTE Standard Security Protection Design

3 Common Attacks and Defense

Methods

3.1. GSM Pseudo Base Station Attack

Attack Method:
The attacker uses the GSM network accessed by the module to make the module access the pseudo
base station and performs network attack through the pseudo base station.

Defense Method:
When the customers’ application program performs end-to-end communication with their server, the
two-way authentication mechanism will be used, in which the pseudo base station is not regarded as a
server even after the module accesses the pseudo base station.

3.2. Private APN Attack

Attack Method:
The attacker accesses the private APN network which the module accesses and scans it to find the
module that can be attacked.

Defense Method:
It is recommended that customers communicate with the operator to isolate the private key APN network
and ensure that the module communication port is not exposed to the APN network.

3.3. Module AT command Vulnerability Attack

Attack Method:
The attacker performs a Linux command injection attack on the module through AT command like
AT+QLINUXCMD and the commands with the similar functions to it.

LTE_Standard_Security_Protection_Design 7 / 10
LTE Standard Module Series
LTE Standard Security Protection Design

Defense Method:
LTE Standard modules do not support AT commands like AT+QLINUXCMD and the commands with the
similar functions to it anymore. Additionally, the related debugging backdoor will not be reserved.

3.4. SSL KEY Vulnerability Attack

Attack Method:
The attacker obtains the KEY through the SSL KEY plaintext store, thereby disguising as the server to
communicate with the module and control it.

Defense Method:
If the Quectel‘s’ built-in protocol stack is used, the module will support security storage feature and
Quectel will encrypt and bind the SSL KEY, certificate, and hardware ID, and store them to the special file
system. It is recommended that customers embed the SSL KEY and certificate into the module during the
production process.

If an external protocol stack is used, the security storage of the SSL KEY and certificate need to be
ensured on client side.

3.5. OTA Attack

Attack Method:
The attacker hijacks the OTA server and obtains the upgrade package to perform the attack.

Defense Method:
It is recommended that customers take security mechanisms to protect OTA servers from being hijacked
by attackers. The upgrade program of the module will verify the validity of the upgrade package.

3.6. TSP Attack

Attack Method:
The attacker uses a one-way authentication mechanism to disguise as a TSP server to perform the
attack.

Defense Method:
It is recommended to use the two-way authentication mechanism between the communication of
customer application program and TSP server to prevent the attack by the man-in-the-middle.

LTE_Standard_Security_Protection_Design 8 / 10
LTE Standard Module Series
LTE Standard Security Protection Design

4 Security Protection Recommendation

It is recommended for customers to take the following security protection measures when using modules.

1. Communicate with the operator to isolate the private key APN network to prevent the attacker
attacking other devices over the same APN network through the customers' private APN network.

2. Take the two-way authentication mechanism for the communication between customer application
program and customer server to avoid the attack from the man-in-the-middle, and Quectel will
provide the necessary components for the mechanism.

3. For remote control interface of customers’ device, such as for remote SMS AT command interface,
two-way authentication or enabling the whitelist mechanism are required to prevent the device from
being maliciously controlled by the unauthorized device.

4. Take the security mechanisms of OTA servers to prevent the OTA server being attacked and sending
the wrong upgrade package to cause the module to work abnormally.

LTE_Standard_Security_Protection_Design 9 / 10
LTE Standard Module Series
LTE Standard Security Protection Design

5 Appendix A Terms and Abbreviations

Table 1: Terms and Abbreviations

Abbreviation Description
ACM Abstract Control Model
AP Application Processor
APN Access Point Name
DMZ Demilitarized Zone
ECM Ethernet Networking Control Model
GSM Global System for Mobile Communications
ICMP Internet Control Message Protocol
MCU Micro Control Unit
OTA Over-The-Air
RNDIS Remote Network Driver Interface Specification
SDIO Secure Digital Input and Output Card
SGMII Serial Gigabit Media Independent Interface
SMD Shared Memory Driver
SMEM Shared Memory
SSL Secure Sockets Layer
TCP/IP Transmission Control Protocol/Internet Protocol
TSP Telematics Service Provider
USB Universal Serial Bus
WWAN Wireless Wide Area Network

LTE_Standard_Security_Protection_Design 10 / 10

+ 2126
- 0
3_doc_on_module/01_Software/Quectel_LTE_Standard_TCP(IP)_Application_Note_V1.1.pdf
File diff suppressed because it is too large
View File


+ 436
- 0
3_doc_on_module/01_Software/Quectel_LTE_Standard_UAC_Application_Note_V1.0.pdf View File

@@ -0,0 +1,436 @@
LTE Standard UAC
Application Note

LTE Standard Module Series
Rev. LTE_Standard_UAC_Application_Note_V1.0
Date: 2019-10-24
Status: Released

www.quectel.com
LTE Standard Module Series
LTE Standard UAC Application Note

Our aim is to provide customers with timely and comprehensive service. For any
assistance, please contact our company headquarters:

Quectel Wireless Solutions Co., Ltd.

Building 5, Shanghai Business Park Phase III (Area B), No.1016 Tianlin Road, Minhang District, Shanghai,
China 200233
Tel: +86 21 5108 6236
Email: info@quectel.com

Or our local office. For more information, please visit:

http://www.quectel.com/support/sales.htm

For technical support, or to report documentation errors, please visit:

http://www.quectel.com/support/technical.htm
Or email to: support@quectel.com

GENERAL NOTES

QUECTEL OFFERS THE INFORMATION AS A SERVICE TO ITS CUSTOMERS. THE INFORMATION
PROVIDED IS BASED UPON CUSTOMERS’ REQUIREMENTS. QUECTEL MAKES EVERY EFFORT
TO ENSURE THE QUALITY OF THE INFORMATION IT MAKES AVAILABLE. QUECTEL DOES NOT
MAKE ANY WARRANTY AS TO THE INFORMATION CONTAINED HEREIN, AND DOES NOT ACCEPT
ANY LIABILITY FOR ANY INJURY, LOSS OR DAMAGE OF ANY KIND INCURRED BY USE OF OR
RELIANCE UPON THE INFORMATION. ALL INFORMATION SUPPLIED HEREIN IS SUBJECT TO
CHANGE WITHOUT PRIOR NOTICE.