5.11.2. Ease of Use configuration - Google Cloud Platform

5.11.2.1. Pre-requisites

  • Google Cloud Platform Account

  • ssscli Tool. Refer to CLI Tool

5.11.2.2. Creating Registry and Devices

  • If you are using an embedded microcontroller, flash VCOM binary present in binaries folder onto the board.

  • Read out the device certificate from the SE using ssscli Tool

    • Refer to section Trust provisioned KeyIDs for keyIDs of trust provisioned certificates.

    • Read out the trust provisioned certificate as:

      ssscli connect se05x <conn-type> COMxx
      ssscli get cert <trust_provisioned_keyid> <filename>
      ssscli disconnect
      

      Note

      Give connection parameters according to your board. Refer to List of ssscli commands for details on supported parameters.

    • Device certificate will be stored at the file location provided.

    Note

    Give extension of the filename as .cer to store in PEM format

  • Create a registry on Google Cloud Platform and upload the intermediate certificate:

    • Intermediate certificates are located in demos/Certificate_Chains/0004_A1F4 directory. Based on device certificate, ECC or RSA, the intermediate certificates are CloudConn-Intermediate-ECC_OEF_A1F4.crt or CloudConn-Intermediate-RSA_OEF_A1F4.crt respectively.

  • Create a device in that registry and upload the device certificate obtained in the second step.

Also see Certificate Chains : DEV Kit for details about certificate chain.

5.11.2.3. Running the Demo

This step is only for Linux platforms. If you wish to use an embedded microcontroller, continue to the next step

  • Create a reference key file to be used with OpenSSL engine:

    ssscli connect se05x t1oi2c none
    ssscli refpem ecc/rsa pair <trust_provisioned_keyid> keyref.pem
    ssscli disconnect
    
  • Build the OpenSSL engine:

    cd simw-top
    python scripts/create_cmake_projects.py
    cd ../simw-top_build/<board>_native_se050_t1oi2c
    cmake --build .
    make install
    ldconfig /usr/local/lib
    
  • Based on OpenSSL version, select the appropriate configuration file in <MW_SRC_DIR>/simw-top/demos/linux/common directory:

    openssl11_sss_se050.cnf   ----- OpenSSL 1.1.1 and SE050
    openssl_sss_se050.cnf     ----- OpenSSL 1.0.0 and SE050
    
  • Set the openssl config path as:

    $ export OPENSSL_CONF=/simw-top/demos/linux/common/<appropriate-cnf-file>
    
  • To run the demo, see Building the application

5.11.2.4. Update cloud example

In file demos/ksdk/gcp/gcp_iot_config.h, update the project name, location name, registry name and device name according to your account, and keyIDs of Trust provisioned keys and certificates used (as obtained from Trust provisioned KeyIDs):

#define GCP_PROJECT_NAME "pgh-cloud-iot"
#define GCP_LOCATION_NAME "us-central1"
#define GCP_REGISTRY_NAME "nxp-se-demo-reg"

#if (SSS_HAVE_APPLET_SE05X_C || SSS_HAVE_APPLET_SE05X_A)
#define GCP_DEVICE_NAME "nxp-ecc-dev-01"
#elif SSS_HAVE_APPLET_SE05X_B
#define GCP_DEVICE_NAME "nxp-rsa-dev-01"
#else
#define GCP_DEVICE_NAME "a71ch-dev-04"
#endif
#define SSS_KEYPAIR_INDEX_CLIENT_PRIVATE 0x20181001
#define SSS_CERTIFICATE_INDEX 0x20181002

5.11.2.5. Build and run the demo.

Build and run cloud_gcp.

CMake configurations:

  • RTOS_FreeRTOS: ON

  • SSS_HAVE_HOSTCRYPTO_MBEDTLS: ON

  • SSS_HAVE_MBEDTLS_ALT_SSS: ON