OCPP 2.0.1 Edition 4 Section L

Firmware Management - CSMS Developer Guide

Based on OCPP 2.0.1 Edition 4 Specification (Part 2, Section L, pages 287-303). This guide covers all firmware management flows from the CSMS perspective.

6 Sections

4 Use Cases

L01 - L04

1. Overview

Introduction

The Firmware Management functional block enables a CSO (Charging Station Operator) to update the firmware of Charging Stations. The CSMS informs the Charging Station of the time at which it can start downloading new firmware and the location to download it from. The Charging Station notifies the CSMS after each step as it downloads and installs the new firmware.

Update Modes

L01

Secure Firmware Update

Includes certificate verification and digital signature validation. The CSMS must include the firmware signing certificate and signature in the update request.

L02

Non-Secure Firmware Update

No cryptographic verification (simplified flow). The update request omits the signing certificate and signature fields.

Local Controller Support

For deployments with a Local Controller acting as a local firmware cache, two additional flows are available:

L03

Publish

CSMS instructs the Local Controller to download and serve firmware locally, saving WAN bandwidth.

L04

Unpublish

CSMS instructs the Local Controller to stop serving a firmware file when it is no longer needed.

2. OCPP Messages Used

Protocol

Messages Initiated by CSMS (CSMS → Charging Station)

CSMS --> Charging Station

Message	Direction	Description
`UpdateFirmwareRequest`	CSMS → CS	Instruct CS to download and install firmware
`PublishFirmwareRequest`	CSMS → LC	Instruct Local Controller to download and publish firmware
`UnpublishFirmwareRequest`	CSMS → LC	Instruct Local Controller to stop serving firmware

Messages Initiated by Charging Station (CS → CSMS)

Charging Station --> CSMS

Message	Direction	Description
`FirmwareStatusNotificationRequest`	CS → CSMS	CS reports firmware update progress
`PublishFirmwareStatusNotificationRequest`	LC → CSMS	Local Controller reports publish progress

3. L01 - Secure Firmware Update

Use Case L01

ID	L01
Name	Secure Firmware Update
Objective	Download and install a Secure firmware update
Actors	CSMS, Charging Station
Alternative	L02 - Non-Secure Firmware Update

Scenario Flow

L01 - Secure Firmware Update Sequence

CSMS                                          Charging Station
  │                                                  │
  │──── UpdateFirmwareRequest(requestId=123) ───────>│
  │<─── UpdateFirmwareResponse(Accepted) ────────────│
  │                                                  │ Verify certificate
  │                                                  │ Wait for retrieveDateTime...
  │                                                  │
  │<─── FirmwareStatusNotification(Downloading) ─────│
  │──── FirmwareStatusNotificationResponse() ───────>│
  │                                                  │ Download firmware...
  │                                                  │
  │<─── FirmwareStatusNotification(Downloaded) ──────│
  │──── FirmwareStatusNotificationResponse() ───────>│
  │                                                  │ Verify signature
  │                                                  │
  │<─── FirmwareStatusNotification(SignatureVerified)─│
  │──── FirmwareStatusNotificationResponse() ───────>│
  │                                                  │ Wait for transactions to finish...
  │                                                  │
  │  [opt: if reboot required before installing]     │
  │<─── FirmwareStatusNotification(InstallRebooting)─│
  │──── FirmwareStatusNotificationResponse() ───────>│
  │                                                  │ Reboot...
  │                                                  │
  │<─── FirmwareStatusNotification(Installing) ──────│
  │──── FirmwareStatusNotificationResponse() ───────>│
  │                                                  │ Install firmware...
  │                                                  │
  │  [opt: if reboot required after installing]      │
  │<─── FirmwareStatusNotification(InstallRebooting)─│
  │──── FirmwareStatusNotificationResponse() ───────>│
  │                                                  │ Reboot...
  │                                                  │
  │<─── FirmwareStatusNotification(Installed) ───────│
  │──── FirmwareStatusNotificationResponse() ───────>│
  │                                                  │
  │  [opt: final reboot]                             │

Step 1: CSMS Sends UpdateFirmwareRequest

The CSMS initiates the firmware update by sending an UpdateFirmwareRequest to the Charging Station.

L01.FR.11: For security purposes, the CSMS SHALL include the Firmware Signing certificate (PEM encoded X.509) in the UpdateFirmwareRequest.

UpdateFirmwareRequest

{
  "requestId": 123,
  "retries": 3,
  "retryInterval": 60,
  "firmware": {
    "location": "https://firmware.example.com/fw-v2.0.bin",
    "retrieveDateTime": "2025-06-01T02:00:00Z",
    "installDateTime": "2025-06-01T03:00:00Z",
    "signingCertificate": "-----BEGIN CERTIFICATE-----\nMIIC...\n-----END CERTIFICATE-----",
    "signature": "base64EncodedSignatureString..."
  }
}

Field	Type	Required	Description
`requestId`	integer	Yes	Unique ID for this firmware update request. All subsequent FirmwareStatusNotificationRequest messages will reference this ID.
`retries`	integer	No	Number of download retry attempts before giving up. If omitted, CS decides.
`retryInterval`	integer	No	Seconds between retry attempts. If omitted, CS decides.
`firmware`	FirmwareType	Yes	Firmware details (see below)

FirmwareType:

Field	Type	Required	Max Len	Description
`location`	string (URI)	Yes	512	URI to download the firmware from
`retrieveDateTime`	date-time	Yes	-	Earliest time the CS should start downloading
`installDateTime`	date-time	No	-	Time at which firmware should be installed. If omitted, install ASAP after download.
`signingCertificate`	string	No*	5500	PEM encoded X.509 certificate used to sign the firmware. Required for L01 secure update (L01.FR.11).
`signature`	string	No*	800	Base64 encoded firmware signature. Required for L01 secure update (L01.FR.09).

*For L01 (Secure), both signingCertificate and signature are effectively mandatory per the requirements, even though the JSON schema marks them optional.

Step 2: Handle UpdateFirmwareResponse

The Charging Station responds synchronously.

UpdateFirmwareResponse

{
  "status": "Accepted",
  "statusInfo": {
    "reasonCode": "...",
    "additionalInfo": "..."
  }
}

Value	Description	CSMS Action
`Accepted`	CS accepted the request and will proceed	Track firmware update with the requestId. Expect FirmwareStatusNotificationRequest messages.
`Rejected`	CS rejected the request	Log the rejection. Investigate reason. May retry later.
`AcceptedCanceled`	CS accepted the new request and canceled a previous ongoing firmware update (L01.FR.24)	Track the new firmware update. The previous one is canceled.
`InvalidCertificate`	The signing certificate is invalid or could not be verified (L01.FR.22)	Log security event. Check certificate validity and chain. Provide valid certificate and retry.
`RevokedCertificate`	The signing certificate has been revoked	Log security event. Obtain a new, valid signing certificate from manufacturer.

Step 3: Handle FirmwareStatusNotificationRequest

Throughout the firmware update lifecycle, the Charging Station sends FirmwareStatusNotificationRequest messages to report progress. The CSMS must handle each status and always respond with an empty FirmwareStatusNotificationResponse.

FirmwareStatusNotificationRequest

{
  "status": "Downloading",
  "requestId": 123
}

FirmwareStatusNotificationResponse

{}

Field	Type	Required	Description
`status`	FirmwareStatusEnumType	Yes	Current firmware update status
`requestId`	integer	Conditional	The requestId from the UpdateFirmwareRequest that started this update. Mandatory unless status = Idle (L01.FR.20).

Firmware Status State Machine

The Charging Station progresses through these states. The CSMS should track and validate transitions.

Firmware Update State Machine

                        ┌──────────────────────────────────────────┐
                        │                                          │
    ┌─────┐  retrieveDateTime  ┌──────────────────┐               │
    │ Idle │ ──── in future ──>│ DownloadScheduled │               │
    └─────┘                    └────────┬─────────┘               │
                                        │                          │
                  ┌─────────────────────▼──────────────────┐      │
                  │            Downloading                  │<─────┘
                  │  (may loop: retry on failure)           │  Failed to download,
                  └────┬──────────┬───────────┬────────────┘  waiting for retryInterval
                       │          │           │
              ┌────────▼───┐  ┌──▼────────┐  ▼
              │  Downloaded│  │DownloadPaused│ DownloadFailed
              └────┬───────┘  └───────────┘
                   │
          ┌────────▼─────────┐
          │ Invalid firmware  │──> InvalidSignature
          │   signature?      │
          └────────┬─────────┘
                   │ Valid
          ┌────────▼──────────┐
          │ SignatureVerified  │
          └────────┬──────────┘
                   │
        ┌──────────┼──────────────────┐
        │          │                  │
  installDateTime  │ needs reboot     │ install immediately
  in future        │ first            │
        │          │                  │
  ┌─────▼──────┐ ┌▼───────────────┐  │
  │InstallSched│ │InstallRebooting│  │
  └─────┬──────┘ └───────┬───────┘  │
        │                │          │
        └────────┬───────┘          │
                 │                  │
        ┌────────▼──────────┐       │
        │    Installing     │<──────┘
        └──┬─────────┬──┬──┘
           │         │  │
           │    ┌────▼──▼──────────────────┐
           │    │InstallVerificationFailed │
           │    └──────────────────────────┘
           │
     ┌─────┼──────────────┐
     │     │              │
     │  ┌──▼────────────┐│
     │  │InstallRebooting││
     │  └──┬──────┬─────┘│
     │     │      │      │
  ┌──▼─────▼──┐ ┌▼──────▼───┐
  │Installed   │ │InstallFailed│
  └────────────┘ └────────────┘

FirmwareStatusEnumType - CSMS Handling Guide

Status	Description	CSMS Action
`Idle`	No firmware update in progress	No action. This is the default/resting state.
`DownloadScheduled`	CS is waiting for retrieveDateTime or is busy charging	Record state. No action needed — CS will begin download when ready.
`Downloading`	CS is actively downloading firmware	Record state. Monitor for timeout.
`Downloaded`	Firmware downloaded successfully	Record state. CS will proceed to signature verification (L01) or installation (L02).
`DownloadPaused`	Download temporarily suspended (e.g., CS has higher priority tasks)	Record state. Download will resume automatically.
`DownloadFailed`	All download retry attempts exhausted	Alert operator. Investigation needed — check URI accessibility, network, firewall. May re-initiate update.
`SignatureVerified`	Firmware signature validated successfully (L01 only)	Record state. CS will proceed to installation.
`InvalidSignature`	Firmware signature verification failed (L01 only)	Alert operator / security event. Firmware file may be corrupted or tampered with. Verify firmware file integrity and re-sign if needed.
`InstallScheduled`	Waiting for installDateTime or waiting for transactions to finish	Record state. Installation will proceed at scheduled time or when transactions complete.
`InstallRebooting`	CS is rebooting (before or after installation)	Record state. Expect CS to reconnect after reboot. The order of messages and reboots is NOT fixed.
`Installing`	CS is actively installing firmware	Record state. Note: CS MAY omit this status if bootloader cannot send OCPP messages during reboot (L01.FR.23).
`Installed`	Firmware successfully installed and activated	Success! Record completion. CS should also send a SecurityEventNotificationRequest with type FirmwareUpdated (L01.FR.31).
`InstallationFailed`	Firmware installation failed	Alert operator. May need to retry the update or investigate CS hardware issues.
`InstallVerificationFailed`	Post-install verification failed (e.g., checksum mismatch)	Alert operator. Firmware image may be corrupted. Retry with a verified firmware file.

CSMS Requirements Summary for L01

ID	Requirement
`L01.FR.09`	Firmware updates SHALL be digitally protected (signature over hash of firmware file)
`L01.FR.10`	Every FirmwareStatusNotificationRequest for a firmware update SHALL contain the same requestId as the UpdateFirmwareRequest that started it
`L01.FR.11`	CSMS SHALL include the Firmware Signing certificate in the UpdateFirmwareRequest
`L01.FR.24`	When CS receives a new UpdateFirmwareRequest while installing/scheduled, it SHOULD cancel the ongoing update and respond AcceptedCanceled. CSMS SHOULD NOT cancel unless the new firmware file exists.
`L01.FR.25`	If CS receives a TriggerMessageRequest for FirmwareStatusNotification and last status was Installed, it returns Idle
`L01.FR.26`	If CS receives a TriggerMessageRequest for FirmwareStatusNotification and last status was NOT Installed, it returns the last sent status
`L01.FR.28`	On successful installation, CS sends Installed status. CS SHOULD activate the new firmware immediately.
`L01.FR.31`	On successful installation, CS SHALL send SecurityEventNotificationRequest with type = FirmwareUpdated

Postconditions

Outcome	Final Status	Description
Success	`Installed`	Firmware is updated and active
Certificate Invalid	`InvalidCertificate (in response)`	Certificate could not be verified
Download Failed	`DownloadFailed`	Download exhausted all retries
Signature Invalid	`InvalidSignature`	Digital signature verification failed
Install Failed	`InstallationFailed`	Installation was not successful
Verification Failed	`InstallVerificationFailed`	Post-install verification failed

Important Notes

The Charging Station has a configuration variable FileTransferProtocols that reports which file transfer protocols it supports.
It is RECOMMENDED to send firmware encrypted (use HTTPS, SFTP, or FTPS).
FTP needs to support Passive FTP for broad network topology compatibility.
The manufacturer SHALL NOT use intermediate certificates for the firmware signing certificate.
When migrating OCPP versions, it is RECOMMENDED to install a fallback NetworkConnectionProfile.

4. L02 - Non-Secure Firmware Update

Use Case L02

ID	L02
Name	Non-Secure Firmware Update
Objective	Download and install a Non-Secure firmware update
Actors	CSMS, Charging Station
Alternative	L01 - Secure Firmware Update

Differences from L01 (Secure)

The flow is identical to L01 but without certificate verification and signature validation steps.

Aspect	L01 (Secure)	L02 (Non-Secure)
signingCertificate in request	Required	Not needed (omit)
signature in request	Required	Not needed (omit)
Certificate verification by CS	Yes	No
Signature verification after download	Yes (SignatureVerified / InvalidSignature)	No — jumps from Downloaded to install
InvalidCertificate response possible	Yes	No
RevokedCertificate response possible	Yes	No
SignatureVerified status	Yes	Not sent
InvalidSignature status	Yes	Not sent

Scenario Flow

L02 - Non-Secure Firmware Update Sequence

CSMS                                          Charging Station
  │                                                  │
  │──── UpdateFirmwareRequest(requestId=456) ───────>│
  │<─── UpdateFirmwareResponse(Accepted) ────────────│
  │                                                  │
  │<─── FirmwareStatusNotification(Downloading) ─────│
  │──── FirmwareStatusNotificationResponse() ───────>│
  │                                                  │ Download firmware...
  │                                                  │
  │<─── FirmwareStatusNotification(Downloaded) ──────│
  │──── FirmwareStatusNotificationResponse() ───────>│
  │                                                  │ Wait for transactions to finish...
  │                                                  │
  │  [opt: if reboot required before installing]     │
  │<─── FirmwareStatusNotification(InstallRebooting)─│
  │──── FirmwareStatusNotificationResponse() ───────>│
  │                                                  │ Reboot...
  │                                                  │
  │<─── FirmwareStatusNotification(Installing) ──────│
  │──── FirmwareStatusNotificationResponse() ───────>│
  │                                                  │ Install firmware...
  │                                                  │
  │  [opt: if reboot required after installing]      │
  │<─── FirmwareStatusNotification(InstallRebooting)─│
  │──── FirmwareStatusNotificationResponse() ───────>│
  │                                                  │ Reboot...
  │                                                  │
  │<─── FirmwareStatusNotification(Installed) ───────│
  │──── FirmwareStatusNotificationResponse() ───────>│

UpdateFirmwareRequest (Non-Secure)

Same schema as L01, but omit signingCertificate and signature:

UpdateFirmwareRequest (Non-Secure)

{
  "requestId": 456,
  "retries": 3,
  "retryInterval": 60,
  "firmware": {
    "location": "https://firmware.example.com/fw-v2.0.bin",
    "retrieveDateTime": "2025-06-01T02:00:00Z",
    "installDateTime": "2025-06-01T03:00:00Z"
  }
}

Response handling: Same as L01. Possible values: Accepted, Rejected, AcceptedCanceled. InvalidCertificate and RevokedCertificate are NOT expected for non-secure updates. The following firmware statuses will NOT occur: SignatureVerified, InvalidSignature.

Postconditions

Success

Firmware update was successfully installed

Failure

Firmware update failed

L02 Requirements Summary

Most requirements mirror L01:

ID	Description	Mirrors
`L02.FR.01`	CS SHALL send FirmwareStatusNotificationRequest for each new status	L01.FR.01
`L02.FR.02`	CS SHALL install firmware as soon as possible when installDateTime has passed or is not set	L01.FR.04/05
`L02.FR.03`	CS SHALL wait for all transactions to end before installing	L01.FR.06
`L02.FR.04`	CS SHALL set unused EVSEs to UNAVAILABLE while waiting (if AllowNewSessionsPendingFirmwareUpdate is false)	L01.FR.07
`L02.FR.05`	RECOMMENDED to send firmware encrypted	L01.FR.08
`L02.FR.06`	Every status notification SHALL contain the same requestId	L01.FR.10
`L02.FR.07`	CS sends DownloadScheduled when not ready to download yet	L01.FR.13
`L02.FR.08`	CS sends DownloadPaused when download is paused	L01.FR.14
`L02.FR.09`	CS sends InstallRebooting before reboot	L01.FR.15
`L02.FR.10`	CS sends InstallScheduled when installDateTime is in the future	L01.FR.16
`L02.FR.14`	requestId in FirmwareStatusNotificationRequest is mandatory unless status = Idle	L01.FR.20
`L02.FR.15`	CS SHOULD cancel ongoing update when receiving new UpdateFirmwareRequest	L01.FR.24
`L02.FR.19`	CS sends DownloadFailed when all retry attempts are exhausted	L01.FR.30
`L02.FR.20`	CS sends Installed after successful installation and activation	-
`L02.FR.22`	CS SHALL wait for transactions to end before activating firmware (if reboot needed)	L01.FR.33

5. Local Controller Flows

L03-L04

L03 - Publish Firmware file on Local Controller

ID	L03
Name	Publish Firmware file on Local Controller
Objective	Allow Charging Stations to download a firmware update directly from the Local Controller
Actors	Local Controller, CSMS
Prerequisite	n/a

In deployments with a Local Controller, the CSMS can instruct the Local Controller to download a firmware file and publish it on the local network. This saves WAN bandwidth — Charging Stations download the firmware from the Local Controller instead of from the internet. After the Local Controller publishes the firmware, the CSMS uses L01/L02 UpdateFirmwareRequest to individual Charging Stations, pointing the firmware URI to the Local Controller.

L03 - Publish Firmware Sequence

CSMS                                       Local Controller
  │                                                │
  │──── PublishFirmwareRequest() ─────────────────>│
  │<─── PublishFirmwareResponse(Accepted) ─────────│
  │                                                │
  │<─── PublishFirmwareStatusNotification           │
  │     (status=Downloading) ──────────────────────│
  │──── PublishFirmwareStatusNotificationResponse()>│
  │                                                │ Download firmware...
  │                                                │
  │<─── PublishFirmwareStatusNotification           │
  │     (status=Downloaded) ───────────────────────│
  │──── PublishFirmwareStatusNotificationResponse()>│
  │                                                │ Verify MD5 checksum...
  │                                                │
  │<─── PublishFirmwareStatusNotification           │
  │     (status=ChecksumVerified) ─────────────────│
  │──── PublishFirmwareStatusNotificationResponse()>│
  │                                                │ Publish FW on local URL...
  │                                                │
  │<─── PublishFirmwareStatusNotification           │
  │     (status=Published, location=[...]) ────────│
  │──── PublishFirmwareStatusNotificationResponse()>│
  │                                                │
  │  Now CSMS sends UpdateFirmwareRequest to       │
  │  Charging Stations with URI pointing to        │
  │  Local Controller (from location field)        │

Step 1: CSMS Sends PublishFirmwareRequest

PublishFirmwareRequest

{
  "location": "https://firmware.example.com/fw-v2.0.bin",
  "checksum": "d41d8cd98f00b204e9800998ecf8427e",
  "requestId": 789,
  "retries": 3,
  "retryInterval": 60
}

Field	Type	Required	Max Len	Description
`location`	string (URI)	Yes	512	URI to download the firmware from
`checksum`	string	Yes	32	MD5 checksum of the entire firmware file (hex string, 32 chars). See RFC-1321.
`requestId`	integer	Yes	-	Unique ID for this publish request
`retries`	integer	No	-	Number of download retry attempts
`retryInterval`	integer	No	-	Seconds between retry attempts

Step 2: Handle PublishFirmwareResponse

PublishFirmwareResponse

{
  "status": "Accepted",
  "statusInfo": {
    "reasonCode": "...",
    "additionalInfo": "..."
  }
}

Value	CSMS Action
`Accepted`	Local Controller accepted. Expect PublishFirmwareStatusNotificationRequest messages.
`Rejected`	Local Controller rejected. Investigate reason and retry.

Step 3: Handle PublishFirmwareStatusNotificationRequest

PublishFirmwareStatusNotificationRequest

{
  "status": "Published",
  "location": [
    "https://local-controller.local/fw-v2.0.bin",
    "http://local-controller.local/fw-v2.0.bin",
    "ftp://local-controller.local/fw-v2.0.bin"
  ],
  "requestId": 789
}

PublishFirmwareStatusNotificationResponse

{}

Field	Type	Required	Description
`status`	PublishFirmwareStatusEnumType	Yes	Current publishing status
`location`	array of strings	Conditional	URIs where firmware is available. Required when status = Published. Multiple URIs for different protocols. Max 512 chars each.
`requestId`	integer	No	The requestId from the PublishFirmwareRequest

PublishFirmwareStatusEnumType - CSMS Handling Guide:

Status	Description	CSMS Action
`Idle`	No publishing in progress	No action. Default state.
`DownloadScheduled`	Download scheduled	Record state.
`Downloading`	Actively downloading firmware	Record state. Monitor progress.
`Downloaded`	Firmware downloaded successfully	Record state. MD5 verification will follow.
`DownloadPaused`	Download temporarily paused	Record state.
`DownloadFailed`	Download failed (L03.FR.06)	Alert operator. Check URI, network. May retry.
`ChecksumVerified`	MD5 checksum verified successfully	Record state. Publishing will follow.
`InvalidChecksum`	MD5 checksum verification failed (L03.FR.07)	Alert operator. Firmware file may be corrupted. Verify checksum and re-upload firmware.
`Published`	Firmware published and available for download (L03.FR.09)	Key event! Extract the location array — these are the URIs to use in subsequent UpdateFirmwareRequest messages to Charging Stations.
`PublishFailed`	Could not publish firmware (L03.FR.08)	Alert operator. Local Controller storage or network issue.

Step 4: Use Published Location in UpdateFirmwareRequests

After receiving Published status with location URIs, the CSMS sends UpdateFirmwareRequest (L01 or L02) to individual Charging Stations, using the Local Controller's URI(s) as the firmware location.

L03 Requirements Summary:

ID	Requirement
`L03.FR.01`	Local Controller SHALL send PublishFirmwareStatusNotificationRequest for each new status
`L03.FR.02`	MD5 checksum SHALL be calculated over the entire firmware file
`L03.FR.03`	Local Controller SHALL publish using all supported protocols (HTTP, HTTPS, FTP)
`L03.FR.04`	Local Controller SHALL set all URIs in the location field of the Published status message
`L03.FR.05`	Local Controller SHALL respond with PublishFirmwareResponse indicating acceptance
`L03.FR.06`	If download fails → DownloadFailed status
`L03.FR.07`	If checksum fails → InvalidChecksum status
`L03.FR.08`	If publish fails → PublishFailed status
`L03.FR.09`	After successful publish → Published status
`L03.FR.10`	If TriggerMessageRequest for PublishFirmwareStatusNotification received and last status was Published → respond with Idle
`L03.FR.11`	If TriggerMessageRequest for PublishFirmwareStatusNotification received and last status was NOT Published → respond with last sent status

L04 - Unpublish Firmware file on Local Controller

ID	L04
Name	Unpublish Firmware file on Local Controller
Objective	Stop the Local Controller from publishing a firmware update to connected Charging Stations
Actors	Local Controller, CSMS
Prerequisite	A firmware was previously successfully published by the Local Controller (L03)

When the CSMS wants the Local Controller to stop serving a firmware file (e.g., firmware is outdated, superseded, or no longer needed), it sends an UnpublishFirmwareRequest. The MD5 checksum is used as the unique identifier for the firmware file to unpublish.

L04 - Unpublish Firmware Sequence

CSMS                                       Local Controller
  │                                                │
  │──── UnpublishFirmwareRequest(checksum) ───────>│
  │<─── UnpublishFirmwareResponse(Unpublished) ────│

UnpublishFirmwareRequest

{
  "checksum": "d41d8cd98f00b204e9800998ecf8427e"
}

Field	Type	Req	Description
`checksum`	string	Yes	MD5 checksum of the firmware file to unpublish (hex string, max 32 chars). Same checksum used in the original PublishFirmwareRequest.

UnpublishFirmwareResponse

{
  "status": "Unpublished"
}

Value	CSMS Action
`Unpublished`	Success. Record that this firmware is no longer served by the Local Controller.
`NoFirmware`	The firmware was already unpublished or never published with this checksum. No further action needed.
`DownloadOngoing`	A Charging Station is currently downloading this firmware file. Retry later. The Local Controller will not unpublish while a download is in progress.

L04 Requirements Summary:

ID	Requirement
`L04.FR.01`	If no ongoing download → firmware SHALL be unpublished
`L04.FR.02`	After successful unpublish → respond with Unpublished
`L04.FR.03`	If no published file matches → respond with NoFirmware
`L04.FR.04`	If a CS is downloading the file → respond with DownloadOngoing and do NOT unpublish

6. CSMS Implementation Checklist

Implementation

Database Tables / State Tracking

Firmware Update Tracking Table

requestId
charge_point_id
Firmware URI
Current status
Timestamps

Firmware Publish Tracking Table

requestId
checksum
Local Controller ID
Current status
Published location URIs

Message Handlers to Implement

Outbound (CSMS → CS) — CALL messages the CSMS sends:

#	Message	Used In	Handler Type
1	`UpdateFirmwareRequest`	L01, L02	CSMS initiates (via API/operator action)
2	`PublishFirmwareRequest`	L03	CSMS initiates (via API/operator action)
3	`UnpublishFirmwareRequest`	L04	CSMS initiates (via API/operator action)

Inbound (CS → CSMS) — CALL messages the CSMS must handle:

#	Message	Used In	CSMS Response
1	`FirmwareStatusNotificationRequest`	L01, L02	Empty FirmwareStatusNotificationResponse {} — always acknowledge, update tracked state
2	`PublishFirmwareStatusNotificationRequest`	L03	Empty PublishFirmwareStatusNotificationResponse {} — always acknowledge, update tracked state. Extract location when Published.

Inbound Responses (CS → CSMS) — CALLRESULT for CSMS-initiated messages:

#	Message	Used In	CSMS Handling
1	`UpdateFirmwareResponse`	L01, L02	Check status field. Handle Accepted, Rejected, AcceptedCanceled, InvalidCertificate, RevokedCertificate.
2	`PublishFirmwareResponse`	L03	Check status field. Handle Accepted, Rejected.
3	`UnpublishFirmwareResponse`	L04	Check status field. Handle Unpublished, NoFirmware, DownloadOngoing.

Security Considerations

L01.FR.08: RECOMMENDED to send firmware encrypted (HTTPS, SFTP, FTPS)
L01.FR.09: Firmware SHALL be digitally signed for secure updates
L01.FR.11: CSMS SHALL include signing certificate in the UpdateFirmwareRequest
L01.FR.31: Expect SecurityEventNotificationRequest with type FirmwareUpdated after successful install
L01.FR.02/03: Expect SecurityEventNotificationRequest with type InvalidFirmwareSigningCertificate or InvalidFirmwareSignature on security failures
Manufacturers SHALL NOT use intermediate certificates for firmware signing