5.11.1. Ease of Use configuration - IBM Watson

5.11.1.1. Configuring Device type and Device name

Follow steps given in How to get SE Platform Information and UID to get the device unique ID.

The device name to be registered on the cloud is the 18-byte UID output in uppercase. In this case, 04005001F5EA9CC8CA7B33042C0559550000.

Device type would change based on which type of keys are being used (EC/RSA2K/RSA4K). Device type is set as NXP-SE050-<type>-D, where type is EC, RSA2K or RSA4K based on the type of key. Refer to section Trust provisioned KeyIDs for keyIDs of trust provisioned keys and certificates. On your IoT platform, create a new device type and create a new device under it with names as obtained in the previous step.

Note

If you wish to create a gateway on IoT platform, change Device type as NXP-SE050-<type>-G, where type is EC, RSA2K or RSA4K based on the type of key.

5.11.1.2. Uploading certificate chain

Certificate chain for cloud connection can be found under demos/Certificate_Chains/0004_A1F4 directory.

Also see Certificate Chains : DEV Kit for details about certificate chain.

Note

A1F4 is the OEF number. The directory name may change based on your OEF configuration.

The certificate chain for ECC from RootCA to Device certificate is as:

IOT_NXP-01-CERT_IOT_CA_KEY-IoTRootCAvE305-01-20190320162439-EC_SEC_P384R1-4B7E5A.crt –> IOT_NXP-01-CERT_IOT_4LAYER_CA_KEY-IoTInt4LAYERCAvE205-01-20190320164314-EC_SEC_P256R1-14DBBE.crt –> CloudConn-Intermediate-ECC_OEF_A1F4.crt –> ECC Device/Gateway Certificate

The certificate chain for RSA from RootCA to Device certificate is as:

IOT_NXP-01-CERT_IOT_CA_KEY-IoTRootCAvR406-01-20190425163255-RSA4096-BAB872.crt –> IOT_NXP-01-CERT_IOT_4LAYER_CA_KEY-IoTInt4LayerCAvR406-01-20190425163534-RSA4096-540F19.crt –> CloudConn-Intermediate-RSA_OEF_A1F4.crt –> RSA Device/Gateway Certificate

In your IoT platform, go to settings –> CA Certificates section and upload the certificate chain (RootCA and Intermediate CA certificates) for the device certificate.

5.11.1.3. Running the Demo

This step is only for Linux platforms. If you wish to use an embedded microcontroller, continue to the next step

  • Create a reference key file to be used with OpenSSL engine:

    ssscli connect se05x t1oi2c none
    ssscli refpem ecc/rsa pair <trust_provisioned_keyid> keyref.pem
    ssscli disconnect
    
  • Build the OpenSSL engine:

    cd simw-top
    python scripts/create_cmake_projects.py
    cd ../simw-top_build/<board>_native_se050_t1oi2c
    cmake --build .
    make install
    ldconfig /usr/local/lib
    
  • Based on OpenSSL version, select the appropriate configuration file in <MW_SRC_DIR>/simw-top/demos/linux/common directory:

    openssl11_sss_se050.cnf   ----- OpenSSL 1.1.1 and SE050
    openssl_sss_se050.cnf     ----- OpenSSL 1.0.0 and SE050
    
  • Set the openssl config path as:

    $ export OPENSSL_CONF=/simw-top/demos/linux/common/<appropriate-cnf-file>
    
  • To run the demo, see Running the Demo on iMX/Raspberry Pi

5.11.1.4. Update cloud example

In file demos/ksdk/ibm_watson/ibm_watson_iot_config.h, update the broker endpoint and client ID according to your account, and keyIDs of Trust provisioned keys and certificates used (as obtained from Trust provisioned KeyIDs):

#define WATSONIOT_MQTT_BROKER_ENDPOINT "leohx6.messaging.internetofthings.ibmcloud.com"
#define WatsonechoCLIENT_ID \
    "d:leohx6:NXP-SE050-EC-D:377813914287991534125055" ///< MQTT client ID should be unique for every device
#define SSS_KEYPAIR_INDEX_CLIENT_PRIVATE 0x20181003 //keyID of device keypair
#define SSS_CERTIFICATE_INDEX 0x20181004            //keyID of device certificate

5.11.1.5. Build and run the demo.

Build and run cloud_ibm_watson.

CMake configurations:

  • RTOS_FreeRTOS: ON

  • SSS_HAVE_HOSTCRYPTO_MBEDTLS: ON

  • SSS_HAVE_MBEDTLS_ALT_SSS: ON