5.11.1. Ease of Use configuration - IBM Watson¶
5.11.1.1. Configuring Device type and Device name¶
Follow steps given in How to get SE Platform Information and UID to get the device unique ID.
The device name to be registered on the cloud is the 18-byte UID output in
uppercase. In this case, 04005001F5EA9CC8CA7B33042C0559550000
.
Device type would change based on which type of keys are being used
(EC/RSA2K/RSA4K). Device type is set as NXP-SE050-<type>-D
, where type is
EC
, RSA2K
or RSA4K
based on the type of key. Refer to section
Trust provisioned KeyIDs for keyIDs of trust provisioned keys and certificates. On
your IoT platform, create a new device type and create a new device under it
with names as obtained in the previous step.
Note
If you wish to create a gateway on IoT platform, change Device type as
NXP-SE050-<type>-G
, where type is EC
, RSA2K
or RSA4K
based
on the type of key.
5.11.1.2. Uploading certificate chain¶
Certificate chain for cloud connection can be found under demos/Certificate_Chains/0004_A1F4
directory.
Also see Certificate Chains : DEV Kit for details about certificate chain.
Note
A1F4 is the OEF number. The directory name may change based on your OEF configuration.
The certificate chain for ECC from RootCA to Device certificate is as:
IOT_NXP-01-CERT_IOT_CA_KEY-IoTRootCAvE305-01-20190320162439-EC_SEC_P384R1-4B7E5A.crt
–>
IOT_NXP-01-CERT_IOT_4LAYER_CA_KEY-IoTInt4LAYERCAvE205-01-20190320164314-EC_SEC_P256R1-14DBBE.crt
–> CloudConn-Intermediate-ECC_OEF_A1F4.crt
–> ECC Device/Gateway
Certificate
The certificate chain for RSA from RootCA to Device certificate is as:
IOT_NXP-01-CERT_IOT_CA_KEY-IoTRootCAvR406-01-20190425163255-RSA4096-BAB872.crt
–>
IOT_NXP-01-CERT_IOT_4LAYER_CA_KEY-IoTInt4LayerCAvR406-01-20190425163534-RSA4096-540F19.crt
–> CloudConn-Intermediate-RSA_OEF_A1F4.crt
–> RSA Device/Gateway
Certificate
In your IoT platform, go to settings –> CA Certificates section and upload the certificate chain (RootCA and Intermediate CA certificates) for the device certificate.
5.11.1.3. Running the Demo¶
This step is only for Linux platforms. If you wish to use an embedded microcontroller, continue to the next step
Create a reference key file to be used with OpenSSL engine:
ssscli connect se05x t1oi2c none ssscli refpem ecc/rsa pair <trust_provisioned_keyid> keyref.pem ssscli disconnect
Build the OpenSSL engine:
cd simw-top python scripts/create_cmake_projects.py cd ../simw-top_build/<board>_native_se050_t1oi2c cmake --build . make install ldconfig /usr/local/lib
Based on OpenSSL version, select the appropriate configuration file in
<MW_SRC_DIR>/simw-top/demos/linux/common
directory:openssl11_sss_se050.cnf ----- OpenSSL 1.1.1 and SE050 openssl_sss_se050.cnf ----- OpenSSL 1.0.0 and SE050
Set the openssl config path as:
$ export OPENSSL_CONF=/simw-top/demos/linux/common/<appropriate-cnf-file>
To run the demo, see Running the Demo on iMX/Raspberry Pi
5.11.1.4. Update cloud example¶
In file demos/ksdk/ibm_watson/ibm_watson_iot_config.h
, update the
broker endpoint and client ID according to your account, and
keyIDs of Trust provisioned keys and certificates used (as obtained from
Trust provisioned KeyIDs):
#define WATSONIOT_MQTT_BROKER_ENDPOINT "leohx6.messaging.internetofthings.ibmcloud.com"
#define WatsonechoCLIENT_ID \
"d:leohx6:NXP-SE050-EC-D:377813914287991534125055" ///< MQTT client ID should be unique for every device
#define SSS_KEYPAIR_INDEX_CLIENT_PRIVATE 0x20181003 //keyID of device keypair
#define SSS_CERTIFICATE_INDEX 0x20181004 //keyID of device certificate
5.11.1.5. Build and run the demo.¶
Build and run cloud_ibm_watson
.
CMake configurations:
RTOS_FreeRTOS
: ONSSS_HAVE_HOSTCRYPTO_MBEDTLS
: ONSSS_HAVE_MBEDTLS_ALT_SSS
: ON