5.11.2. Ease of Use configuration - Google Cloud Platform¶
5.11.2.2. Creating Registry and Devices¶
If you are using an embedded microcontroller, flash VCOM binary present in
binaries
folder onto the board.Read out the device certificate from the SE using ssscli Tool
Refer to section Trust provisioned KeyIDs for keyIDs of trust provisioned certificates.
Read out the trust provisioned certificate as:
ssscli connect se05x <conn-type> COMxx ssscli get cert <trust_provisioned_keyid> <filename> ssscli disconnect
Note
Give connection parameters according to your board. Refer to List of ssscli commands for details on supported parameters.
Device certificate will be stored at the file location provided.
Note
Give extension of the filename as .cer to store in PEM format
Create a registry on Google Cloud Platform and upload the intermediate certificate:
Intermediate certificates are located in
demos/Certificate_Chains/0004_A1F4
directory. Based on device certificate, ECC or RSA, the intermediate certificates areCloudConn-Intermediate-ECC_OEF_A1F4.crt
orCloudConn-Intermediate-RSA_OEF_A1F4.crt
respectively.
Create a device in that registry and upload the device certificate obtained in the second step.
Also see Certificate Chains : DEV Kit for details about certificate chain.
5.11.2.3. Running the Demo¶
This step is only for Linux platforms. If you wish to use an embedded microcontroller, continue to the next step
Create a reference key file to be used with OpenSSL engine:
ssscli connect se05x t1oi2c none ssscli refpem ecc/rsa pair <trust_provisioned_keyid> keyref.pem ssscli disconnect
Build the OpenSSL engine:
cd simw-top python scripts/create_cmake_projects.py cd ../simw-top_build/<board>_native_se050_t1oi2c cmake --build . make install ldconfig /usr/local/lib
Based on OpenSSL version, select the appropriate configuration file in
<MW_SRC_DIR>/simw-top/demos/linux/common
directory:openssl11_sss_se050.cnf ----- OpenSSL 1.1.1 and SE050 openssl_sss_se050.cnf ----- OpenSSL 1.0.0 and SE050
Set the openssl config path as:
$ export OPENSSL_CONF=/simw-top/demos/linux/common/<appropriate-cnf-file>
To run the demo, see Building the application
5.11.2.4. Update cloud example¶
In file demos/ksdk/gcp/gcp_iot_config.h
, update the project name,
location name, registry name and device name according to your
account, and keyIDs of Trust provisioned keys and certificates used (as
obtained from Trust provisioned KeyIDs):
#define GCP_PROJECT_NAME "pgh-cloud-iot"
#define GCP_LOCATION_NAME "us-central1"
#define GCP_REGISTRY_NAME "nxp-se-demo-reg"
#if (SSS_HAVE_APPLET_SE05X_C || SSS_HAVE_APPLET_SE05X_A)
#define GCP_DEVICE_NAME "nxp-ecc-dev-01"
#elif SSS_HAVE_APPLET_SE05X_B
#define GCP_DEVICE_NAME "nxp-rsa-dev-01"
#else
#define GCP_DEVICE_NAME "a71ch-dev-04"
#endif
#define SSS_KEYPAIR_INDEX_CLIENT_PRIVATE 0x20181001
#define SSS_CERTIFICATE_INDEX 0x20181002
5.11.2.5. Build and run the demo.¶
Build and run cloud_gcp
.
CMake configurations:
RTOS_FreeRTOS
: ONSSS_HAVE_HOSTCRYPTO_MBEDTLS
: ONSSS_HAVE_MBEDTLS_ALT_SSS
: ON