5.3.2. AWS Demo for iMX Linux / RaspberryPi

This demo demonstrates connection to AWS IoT Console using pre-provisioned device credentials and publish/subscribe procedure using MQTT.

5.3.2.1. Prerequisites

  • AWS account

  • SD Card image with SE050 Middleware pre-installed. The application is built on the iMX platform.

  • IMX6UL-EVK platform or Raspberry pi connected to the Internet

5.3.2.2. Preparing the credentials and Provisioning the secure element

Use ssscli tool from iMX/Rpi platform

  1. Complete Section 9.3 Steps needed before running ssscli tool

  2. To create certificates on imx and Raspberry Pi, call:

    cd simw-top/pycli/Provisioning/
    python3 GenerateAWSCredentials.py
    python3 ResetAndUpdate_AWS.py
    

    Note

    Provisioning of the keys is done with default policies. Refer - Section 9.9 to change the scripts to add required policies.

  3. Certificates and Keys are generated at simw-top/pycli/Provisioning/aws

5.3.2.2.1. Build the OpenSSL engine [Optional]

Note

This step is optional in case you are using a prepared SD card image from NXP.

The OpenSSL engine uses the sss abstraction layer to access the crypto services of the secure element, the implementation remains dependent on the secure element attached. The following illustrates compiling the OpenSSL engine for SE050 connected over I2C.

cd simw-top
python scripts/create_cmake_projects.py
cd ../simw-top_build/imx_native_se050_t1oi2c
cmake --build .
make install
ldconfig /usr/local/lib

Note

Replace imx_native_se050_t1oi2c with raspbian_native_se050_t1oi2c when building for Raspberry Pi.

5.3.2.3. Run the example

  1. Clone the Code

    cd /simw-top/demos/linux/aws/
    git clone https://github.com/aws/aws-iot-device-sdk-cpp.git
    

    Note

    If curl is not installed - run sudo apt-get install libcurl4-openssl-dev

  1. Modify the CMakeLists.txt file under samples/PubSub so it ensures OPENSSL_LOAD_CONF is defined (see excerpt below):

    if (UNIX AND NOT APPLE)
        ADD_DEFINITIONS(-DOPENSSL_LOAD_CONF)
        # Prefer pthread if found
        set(THREADS_PREFER_PTHREAD_FLAG ON)
        set(CUSTOM_COMPILER_FLAGS "-fno-exceptions -Wall -Werror")
    elseif (APPLE)
        set(CUSTOM_COMPILER_FLAGS "-fno-exceptions -Wall -Werror")
    elseif (WIN32)
        set(CUSTOM_COMPILER_FLAGS "/W4")
    endif ()
    
  1. Use ‘buildScript.sh’ script at simw-top/demos/linux/aws/ to build the mqtt application for aws call:

    ./buildScript.sh
    
  1. Adapt the PubSub example specific configuration file so that it refers to the reference key and the device certificate.
    • Update the endpoint to match your AWS account

    • Ensure the AmazonRootCA1.pem certificate is in place (it is used by the iMX/rpi to validate the AWS IoT counterpart

    • Update the configuration file (/simw-top/demos/linux/aws/aws-iot-device-sdk-cpp/build/bin/config/SampleConfig.json) with endpoint, device_certificate_relative_path, device_private_key_relative_path (Ensure the value for “endpoint” matches your setup, you must replace “xxxxiukfoyyyy-ats.iot.eu-central-1.amazonaws.com”)

    • Sample Json file

      {
        "endpoint": "xxxxiukfoyyyy-ats.iot.eu-central-1.amazonaws.com",
        "mqtt_port": 8883,
        "https_port": 443,
        "greengrass_discovery_port": 8443,
        "root_ca_relative_path": "certs/AmazonRootCA1.pem",
        "device_certificate_relative_path": "<UID>_device_certificate.crt",
        "device_private_key_relative_path": "<UID>_device_reference_key.pem",
        "tls_handshake_timeout_msecs": 60000,
        "tls_read_timeout_msecs": 2000,
        "tls_write_timeout_msecs": 2000,
        "aws_region": "",
        "aws_access_key_id": "",
        "aws_secret_access_key": "",
        "aws_session_token": "",
        "client_id": "CppSDKTesting",
        "thing_name": "CppSDKTesting",
        "is_clean_session": true,
        "mqtt_command_timeout_msecs": 20000,
        "keepalive_interval_secs": 600,
        "minimum_reconnect_interval_secs": 1,
        "maximum_reconnect_interval_secs": 128,
        "maximum_acks_to_wait_for": 32,
        "action_processing_rate_hz": 5,
        "maximum_outgoing_action_queue_length": 32,
        "discover_action_timeout_msecs": 300000
      }
      
  1. Search for default_algorithms in /simw-top/demos/linux/common/openssl_sss_se050.cnf file and set it as

    default_algorithms = RSA,RAND,ECDSA,ECDH    ----- For openssl 1.0.0
    default_algorithms = RSA,RAND,EC            ----- For openssl 1.1.1
    
  1. Set the openssl config path as call:

    $ export OPENSSL_CONF=/simw-top/demos/linux/common/openssl_sss_se050.cnf
    
  2. Upload the root certificate (/simw-top/pycli/Provisioning/aws/rootCA_certificate.cer) to AWS account. Refer Creating a device on AWS account

  3. Run the application:

    cd /simw-top/demos/linux/aws/aws-iot-device-sdk-cpp/build/bin
    ./pub-sub-sample
    

Note

  1. Export the OpenSSL conf path to the exact location of the file. The above example is for illustrative purpose