5.3.4. GCP Demo for iMX Linux / Raspberry Pi

This demo demonstrates connection to Google Cloud Platform using pre-provisioned device credentials and publish/subscribe procedure using MQTT.

5.3.4.1. Prerequisites

  • GCP account

  • SD Card image with SE050 Middleware pre-installed. The application is built on the iMX platform.

  • IMX6UL-EVK/RPi platform connected to the Internet

  • Install autoconf and libtool. Execute - sudo apt-get install autoconf libtool

For additional information:

5.3.4.2. Preparing the credentials and Provision the SE

  1. Complete Section 9.3 Steps needed before running ssscli tool

  2. To create certificates on imx and Raspberry Pi, call:

    cd simw-top/pycli/Provisioning
    python3 GenerateGCPCredentials.py
    python3 ResetAndUpdate_GCP.py
    

    Note

    Provisioning of the keys is done with default policies. Refer - Section 9.9 to change the scripts to add required policies.

  3. Certificates and Keys are generated at simw-top/pycli/Provisioning/gcp

5.3.4.2.1. Build the OpenSSL engine [Optional]

Note

This step is optional in case you are using a prepared SD card image from NXP.

The OpenSSL engine uses the sss abstraction layer to access the crypto services of the secure element, the implementation remains dependent on the secure element attached. The following illustrates compiling the OpenSSL engine for SE050 connected over I2C.

cd simw-top
python scripts/create_cmake_projects.py
cd ../simw-top_build/imx_native_se050_t1oi2c
cmake --build .
make install
ldconfig /usr/local/lib

Note

Replace imx_native_se050_t1oi2c with raspbian_native_se050_t1oi2c when building for Raspberry Pi.

5.3.4.3. Building the application

  1. Use ‘buildScript.sh’ script at simw-top/demos/linux/gcp/ to download all dependencies and build the mqtt application for gcp call:

    cd /simw-top/demos/linux/gcp/
    ./buildScript.sh
    

Note

Demo is tested with GCP client code with commit - 6b003f5ad945fdfd3788af275174a8bcb3aab095. ‘buildScript.sh’ will download the same.

  1. Search for default_algorithms in /simw-top/demos/linux/common/openssl_sss_se050.cnf file and set it as

    default_algorithms = RSA,RAND,ECDSA,ECDH    ----- For openssl 1.0.0
    default_algorithms = RSA,RAND,EC            ----- For openssl 1.1.1
    
  2. Set the openssl config path. Skip if already done:

    $ export OPENSSL_CONF=/simw-top/demos/linux/common/openssl_sss_se050.cnf
    
  3. Upload the root certificate (/simw-top/pycli/Provisioning/gcp/rootCA_certificate.cer) and device certificate (/simw-top/pycli/Provisioning/gcp/<UID>_device_certificate.cer) to GCP account. Refer Preparing the Cloud. Skip if already done.

  4. Run the application call:

    cd /simw-top/demos/linux/gcp/gcp/cpp-docs-samples/iot/mqtt-ciotc
    $ ./mqtt_ciotc --deviceid "nxp-ecc-dev-01" --region "us-central1" --registryid "nxp-se-demo-reg" --projectid "pgh-cloud-iot" --keypath /simw-top/pycli/Provisioning/gcp/<UID>_device_reference_key.pem --rootpath /simw-top/demos/linux/gcp/keys/roots.pem --algorithm ES256
    

Note

  1. The above example is for illustrative purpose

  2. Export the open ssl conf path to the exact location of the file.

  3. While executing the application, use the appropriate values for registryid, projectid, keypath, rootpath and algorithm