Release Letter

This letter contains latest information about the above-mentioned firmware version.

1 General

This firmware release is a product launch release for the new device DINION thermal 8100i, based on the CPP14 platform. Changes since former firmware versions are marked blue.

2 Applicable products

• DINION thermal 8100i

3 Important notes

3.1 Two-factor authenticated firmware signature

The security of the signature of the firmware file has been strengthened by using a two-factor authentication process for signing the final released firmware file. The new signature protects from non-released versions being installed in production systems. As a result, pre-release (beta) versions, required sometimes in projects, need to have a special license installed prior to the firmware update. Requests for pre-release versions need to be handled via tech support tickets in order to allow tracking and require a concession signed by the customer.

3.2 "Originally manufactured" certificate

All cameras are prepared to receive a unique Bosch certificate during production, assigned and enrolled by Escrypt LRA. These certificates prove that every device is an original Bosch-manufactured and untampered unit. Escrypt is a Bosch-owned company, providing the Bosch certificate authority (CA). Enrollment of the certificates in production is asynchronous to this firmware release.

3.3 Secure Element (TPM)

All CPP14 devices incorporate a new secure crypto-microcontroller, which we call our Secure Element. "A Secure Element is a tamper-resistant platform capable of securely hosting applications and their confidential and cryptographic data (for example cryptographic keys) in accordance with the rules and security requirements set by well-identified trusted authorities."¹ In this specific case the requirements are defined in the Trusted Platform Module library specification defined by the Trusted Computing Group (TCG). As the Secure Element supports the main functionalities specified by TCG, the ones needed for an IoT device, it is often referred to as a “TPM”. Due to security reasons, the firmware or functionality of the secure crypto-microcontroller cannot be altered in the field. Thus, not all new security features become available on devices with older secure crypto-microcontroller hardware or firmware revisions.

3.4 Secure Boot Protection

All CPP14 devices are shipped with secure boot enabled, protecting the device from execution of unauthorized code. Even in the case that an attacker could circumvent all other security barriers, any malicious code would never become active due to secure boot hindering the camera to start with unauthorized code.

¹ https://globalplatform.org/wp-content/uploads/2018/05/Introduction-to-Secure-Element-15May2018.pdf, page 1

3.5 Open-Source Software

Bosch Security Systems is an advocate of integrating open-source software into its products. The use of open-source software is noted in the Service menu on the System Overview page of every camera's web interface. For general information regarding open-source software in Bosch Security Systems products, please visit http://www.boschsecurity.com/oss.

• This software is based in part on the work of the Independent JPEG Group.
• This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/).

3.6 Backward compatibility and intermediate firmware update

With firmware constantly being developed, including adapting architectures, some firmware versions may introduce features, increase security, or introduce fixes, that do not allow backward compatibility. This may result, on one hand, in an increase of the minimum firmware version for cameras like it was required with firmware version 8.50, introducing a security fix, that does not allow to downgrade firmware below such a version. On the other hand, it may result in the need of an intermediate step to upgrade firmware, requiring a specific version to be installed first before upgrading to a newer version. This is the case with firmware version 9.0, which introduced a new file system and architecture that will allow us to introduce new features, like app support, while reducing the overall file size of firmware packages.

4 New Features

• Support of new camera family DINION thermal 8100i

5 Changes

• Enablement of Tamper detection and image rotation on the DINION Thermal 8100i

6 System Requirements

For configuration purposes:

• Bosch Project Assistant 2.4.0 or higher
• Bosch Configuration Manager (CM) 7.76 or higher

Web Browsers:

• Google Chrome
• Microsoft Edge (chromium based)
• Mozilla Firefox

For operation purposes:

• Bosch Video Security app 3.7.2 or higher
• Bosch Video Security Client 3.7.2 or higher
• Bosch Video Management System 12.1 (12.3 or higher recommended)
• Bosch Video Management System Viewer 12.1 or higher (12.3 or higher recommended)
• Bosch Video Management System 11.1.1 and Bosch Video Management System Viewer 11.1.1 supports most of the functionalities of the camera when deployed together with the patch ID:434923.
• Bosch Video Management System 12.01 and Bosch Video Management System Viewer 12.01 supports most of the functionalities of the camera when deployed together with the patch "429121, 418648, 425002 - FW8.90 improvements"

7 Restrictions; Known Issues

7.1 User Interface

• If UAC is set to default in Windows 7, no snapshot or recording via LIVEPAGE is possible.
• Video and audio may be asynchronous during replay via Web page.
• If a VCA configuration using a rule engine is switched to a VCA configuration without using a rule engine, e. g. MOTION+ or IVA default configuration, the saved configuration is invalid. Forensic search with this configuration may lead to undesired search results.
• In Firefox, no audio is audible on the Audio Settings page.
• Opera mini for mobile devices cannot work in Intranets because it gets all pages through an opera proxy on the Internet. If there is no Internet connection no content is provided.
• When changing GUI language, the browser cache may have to be deleted and the web browser be reloaded before the language will be selected correctly.
• Google Chrome requires a plug-in for displaying TIFF images to properly show the reference image.
• Fluent decoding of buffered .mp4 video from camera is strongly dependent on the browser, Jerky video may occur, e. g. with Mozilla Firefox 52.0, which is not a camera malfunction.
• Shutter time values in preview window might slightly deviate from rounded values selectable from dropdown menu.
• Privacy masks and other orientation-related parameters must be checked and eventually re-assigned after rotating a camera.
• On-screen display stamping:
  • Font size minimum is ensured for lower resolutions if per mill value would be too small.
  • Font size is automatically limited when maximum display stamping capabilities are reached though values may indicate differently. Limitation is evenly distributed over all defined stamping sections.
• A defective SD card may show 'device ok' status while being unusable. Check recording status for high level error description.
• Microsoft Edge may request re-entering the login credentials multiple times after reactivating a sleeping tab.
• Stream limit settings change is directly executed without requiring the Set button.
• Masking color of the image circle is bound to the privacy mask color.
• Video may appear stuttering with Firefox 108.02, use different browser version or brand.
• Live preview is not updated when changing stream limits. Page reload or opening the live preview window solves the issue.
• Due to the dynamic distribution of memory resources for display stamping it may happen that fonts appear smaller than the requested size.
• The "Login Notification" setting is currently located in the "Appearance" section of the web UI and can be enabled or disabled via a checkbox. However, this setting is stored in the browser cache, so if the cache is cleared, the configured setting will be lost and must be reconfigured.

7.2 Imaging

• Focus area can still be drawn but zoomed display of the selection is not functional since it required MPAX which is not supported anymore by browsers.

7.3 Encoding

• For H.264, only Main/High Profile using CABAC is supported. CAVLC is not supported.
• Frame rates in low light mode might vary and cause bit rate control to produce higher bit rates than set as maximum.
• With GOP structure set to IBP and IBBP the I-frame distance may not exactly correspond with the set value.
• Encoder quality regions are not implemented.
• In case of a high load, the least prioritized stream may drop to a very low frame rate, e. g. 1 or 2 fps, making it difficult for a decoder to synchronize due to a large GOP size. This may result in temporarily showing black video.
• On cameras running at 60 fps, a frame might get dropped occasionally, slightly reducing the nominal frame rate.
• Privacy Mode blurring has limited effect on lower resolutions. When working with low resolution images where Privacy Mode is not sufficient enough, use of solid masks is recommended.
• On certain conditions involving CPU overload during reconfiguration of encoding capabilities may cause the camera to reboot.

7.4 Security

• When using certificates for mutual authentication, it must be ensured that the camera uses a solid and trusted time base. In case the time differs too much from the actual time, a client might be locked out. Then, only a factory default will recover access to the camera.
• Excessive signing, e. g. due to very short video authentication signing interval, may have an impact on TLS connection setup.
• If software sealing is active and SNMP is disabled in Network -> Network Services, no SNMP trap will be sent out on seal break due to the disabled service. The seal break itself is logged.
• SCEP (Simple Certificate Enrollment Protocol) certificate requests are currently non-functional. A forthcoming release will include the necessary fix to address this issue.
• AD FS authentication does not work when HTTP referrer check is enabled.
• Network authentication will not work when EAP-TLS and MD5 is selected on camera, but server is configured for MD5 only.
• Uploading a certificate in PFX format with password protection may fail in case it used an outdated encryption algorithm, e. g. RC2-40-CBC. Re-export the certificate with an updated encryption method.
• In the context of Syslog, some clients, such as Configuration Manager (CM) and Video Security Client, may generate multiple login requests during configuration, resulting in multiple log entries. This behavior is expected and indicates active configuration, helping to identify unauthorized or unexpected access during periods of inactivity. Please note that SNMP logins cannot be registered in the syslog.
• If the device is rebooted without user intervention, the software sealing will be considered broken. This behavior is not by design but is a known bug that will be addressed in an upcoming release.

7.5 Network

• QoS values are set according to group Video/Audio/Control for UDP packets, but for TCP packets, only the QoS value for Video is inserted.
• Note: Values are allowed to be entered as ToS values in increments of 4.
• To set a valid DSCP enter a (ToS) value between 32 and 224 as increments of 8.
• Changes to IPv6 settings, e. g. prefix, are not taking effect until device is restarted.
• Gateway setting is empty after switching DHCP to ‘Off'. Make sure to manually configure a gateway when needed.
• When switching from IPv4 to IPv6, or vice versa, make sure the configured IP address is reachable in the network. Alternatively, leave the default state which allows both versions in parallel.

7.6 VCA

• Slow moving objects may not be detected. There is a minimum speed for objects to be detected as moving.
• IVA and flow need at least 12.5 frames per second video input frame rate. If IVA or Flow are configured, minimum frame rate of 12.5 must be set in ALC mode.
• There is only one configuration for IVA. When analysis type is changed, e. g. from IVA to IVA Flow, the former configuration is lost. Due to this, it is not possible to change the analysis type in a VCA profile switch.
• Due to a limitation of the script language that is used in the background, the delay timer for event triggered VCA starts immediately when the configuration is set. A trigger event during this period does not restart the timer. Once the timer has elapsed, operation is as desired.
• "Too dark” alarm is not triggered under normal conditions due to the cameras low-light capabilities.

7.7 Recording

• VCA shapes are not synchronized with video when using the open-source JavaScript library for decoding.
• In ceiling mount, when the gyro sensor is perpendicular to earth plane, the roll angle cannot be determined and appears unstable, thus must be ignored.
• Reference image becomes invalid with changing the base frame rate, or rotating or mirroring the image, and needs to be re-created.
• As dynamic lens curves are not implemented yet, especially applicable to varifocal lenses, the focal length is optimized for the r/2 of the inner circle of field-of-view to reduce deviations for IVA to a minimum. Introduction of the lens curves will improve this in future firmware.
• When using 3.8 MP 16:9 image mode, IVA objects are systematically displaced. This issue will be fixed with next firmware release.
• LUN size for local recording via “Direct iSCSI” is limited to 2 TB.
• VRM version 2.12 or higher is required.
• In some cases, formatting errors on external iSCSI drives may occur, which might need multiple tries to overcome.
• In rare cases it may happen that the owner of an iSCSI LUN is not displayed correctly. Recording is not affected; just previous owner remains displayed.
• If a device had primary and secondary recording running on SD card and is then added to a VRM system, the blocks used for primary recording will not be re-used, reducing the available recording space for the ANR recording. This can be solved by re-formatting the SD card.
• SD card recording performance is highly dependent on the speed (class) and performance of the SD card.
• With I-frame-only recording and audio also enabled for recording, audio will be fragmented or not audible during replay. Please disable audio recording in case of I-frame-only recording.
• Numbering of the recorded files on the replay page is not always contiguous.
• If snippets across block borders belong together, like pre-alarm and alarm recording, the snippets become logically united and only the lower file number is presented in the list.
• SDXC cards are formatted to FAT32 file system and not using the exFAT file system as being mandatory for SDXC standard compliance but fully recognized and accessible. The maximum size of 2TB is also supported with FAT32, once SD cards of that size might become available. FAT32 also increases portability to other than Windows platforms.
• If a local media is exchanged, existing former recordings are only discovered after rebooting the device.
• Physically removing the local storage media while recording causes the device to reboot. Recording must be stopped before removal.
• Changing audio format while audio is being recorded may cause unknown behaviour of the device and must be avoided.
• The storage system indicator status must be ignored during formatting of an SD card.
• Forcing the camera into an overload situation may cause undesired behaviour and in worst cases even recording gaps. It should always be ensured that the CPU load is not consistently around or at its maximum. This can be achieved by adapting encoder settings or avoiding too many tasks, e. g. client sessions, in parallel.
• Selection of streams for recording is limited to stream1 and 2 only.
• Encoder profile selection per stream is only possible for all four imagers simultaneously.
• Recording profile names are defined for defaults. Changes to the profile may mismatch with the pre-defined name, thus adaption may be advised.
• Recording will continue even if local storage is deselected until already allocated storage spans are utilized, then stop.

7.8 Export

• FTP exported files which include audio in a format other than AAC must be renamed from .mp4 to .m4a to allow correct playback in QuickTime.
• With JPEG Posting active when device is booting, the first posted JPEG image may be a no-cam logo.
• FTP posting with resolution 1080p delivers JPEG with size of 1920x1072 pixels due to 16 pixels macroblock boundary of the JPEG encoder.
• If FTP export files contain only a few frames some players might not correctly replay such a file, or the replay is too quick to recognize something. The exported file is not corrupt though it might seem so.
• Files exported using continuous FTP backup for Rec. 2 where stream 2 is set to I-frames only mode contain wrong timing information and play back too fast.
• FTP export file size is always 100 MB if resolution change occurred in exported time span.
• After modifying account settings, e. g. FTP server address, to get the changes applied either switching posting off and on or restarting the device is required.
• Using "export from memory” with pre-alarm recording exceeding the available memory will cause continuous recording on the account storage. Checking the memory requirement of the pre-alarm ring is advised to avoid unexpected memory consumption.
• Dropbox is not supported anymore.
• SD-card export of an entire file does not work. Manually configuring the export time will lead to a successful export though.
• Condensed export to FTP may show 100% although it is not completely finished. This is caused by estimation due to unknown I-frame size and resulting fill bytes to complete an export file, which can only be written after the relevant content is exported with 100%.
• Filenames for FTP export shall not include non-ASCII UTF-8 characters to avoid incompatibilities with FTP servers.

7.9 Miscellaneous

• After reboot, the system time re-synchronisation may be delayed up to 9 seconds for SNTP respectively up to 14 seconds for time server protocol.
• AAC audio timestamps for UDP live video streams as well as for recording streams are based on 90 kHz instead of 16 kHz to ensure compatibility with Video SDK. AAC audio timestamps for TCP live video streams are based on the standard 16 kHz timestamps. Standard players should connect to live video with AAC audio using TCP.
• After changing the selectable camera mode via alarm input the switch back to a previous mode doesn't work anymore.
• Firmware upload stops recording when it fails or is terminated.
• Uploading a configuration file from a different camera platform may result in unpredictable behaviour.
• When combining CPU-intensive functions like e. g. encryption, watermarking, or dual recording, with high quality and high frame rate encoder settings, tuning of encoder profile settings might be required to avoid overload situations. Likelihood of overload increases with higher encoding bitrates and higher sensor resolutions, and persistent overload may result in unexpected reboots of a camera.
• No time change is allowed during the time when the "hour is repeated".
• Maintenance log file creation and download requires some time, though there is no progress indication, and needs to be waited for completion.
• Millisecond stamping is not supported.
• JPEGs with VCA overlay are not fully synchronized. Shapes might be slightly off.
• If the configured bitrate for a JPEG is too low, the JPEG encoder will nevertheless create its minimally required bitrate, exceeding the expected bitrate.
• JPEGs for JPEG posting and in alarm e-mails are taken from the JPEG stream, thus 'burn-in' metadata overlays are not possible.
• With using stream prioritization, non-prioritized streams will drop frame rate when camera is not able to fulfil all requested streams equally.
• JPEG generation, especially with resolutions that are not matching a pre-defined JPEG stream, puts extra load on the camera which could lead to frame drops with cameras that are close to the performance capacity. It is recommended to set an unused stream to JPEG with the required resolution, allowing snap.jpg to take a pre-processed JPEG from this stream without creating extra load.
• Following a device configuration restore, involving BOSCH Remote Portal connection, the status is not fully recovered. While the device display indicates an existing connection to the portal, the device remains inaccessible via the remote portal.