5.3.2. AWS Demo for iMX Linux / RaspberryPi¶
This demo demonstrates connection to AWS IoT Console using pre-provisioned device credentials and publish/subscribe procedure using MQTT.
5.3.2.1. Prerequisites¶
AWS account
SD Card image with SE050 Middleware pre-installed. The application is built on the iMX platform.
IMX6UL-EVK platform or Raspberry pi connected to the Internet
5.3.2.2. Preparing the credentials and Provisioning the secure element¶
Use ssscli tool from iMX/Rpi platform
Complete Section 9.3 Steps needed before running ssscli tool
To create certificates on imx and Raspberry Pi, call:
cd simw-top/pycli/Provisioning/ python3 GenerateAWSCredentials.py python3 ResetAndUpdate_AWS.py
Note
Provisioning of the keys is done with default policies. Refer - Section 9.9 to change the scripts to add required policies.
Certificates and Keys are generated at
simw-top/pycli/Provisioning/aws
5.3.2.2.1. Build the OpenSSL engine [Optional]¶
Note
This step is optional in case you are using a prepared SD card image from NXP.
The OpenSSL engine uses the sss abstraction layer to access the crypto services of the secure element, the implementation remains dependent on the secure element attached. The following illustrates compiling the OpenSSL engine for SE050 connected over I2C.
cd simw-top
python scripts/create_cmake_projects.py
cd ../simw-top_build/imx_native_se050_t1oi2c
cmake --build .
make install
ldconfig /usr/local/lib
Note
Replace imx_native_se050_t1oi2c
with raspbian_native_se050_t1oi2c
when building for Raspberry Pi.
5.3.2.3. Run the example¶
Clone the Code
cd /simw-top/demos/linux/aws/ git clone https://github.com/aws/aws-iot-device-sdk-cpp.git
Note
If curl is not installed - run
sudo apt-get install libcurl4-openssl-dev
Modify the
CMakeLists.txt
file undersamples/PubSub
so it ensuresOPENSSL_LOAD_CONF
is defined (see excerpt below):if (UNIX AND NOT APPLE) ADD_DEFINITIONS(-DOPENSSL_LOAD_CONF) # Prefer pthread if found set(THREADS_PREFER_PTHREAD_FLAG ON) set(CUSTOM_COMPILER_FLAGS "-fno-exceptions -Wall -Werror") elseif (APPLE) set(CUSTOM_COMPILER_FLAGS "-fno-exceptions -Wall -Werror") elseif (WIN32) set(CUSTOM_COMPILER_FLAGS "/W4") endif ()
Use ‘buildScript.sh’ script at simw-top/demos/linux/aws/ to build the mqtt application for aws call:
./buildScript.sh
- Adapt the PubSub example specific configuration file so that it refers to the reference key and the device certificate.
Update the endpoint to match your AWS account
Ensure the AmazonRootCA1.pem certificate is in place (it is used by the iMX/rpi to validate the AWS IoT counterpart
Update the configuration file (/simw-top/demos/linux/aws/aws-iot-device-sdk-cpp/build/bin/config/SampleConfig.json) with endpoint, device_certificate_relative_path, device_private_key_relative_path (Ensure the value for “endpoint” matches your setup, you must replace “xxxxiukfoyyyy-ats.iot.eu-central-1.amazonaws.com”)
Sample Json file
{ "endpoint": "xxxxiukfoyyyy-ats.iot.eu-central-1.amazonaws.com", "mqtt_port": 8883, "https_port": 443, "greengrass_discovery_port": 8443, "root_ca_relative_path": "certs/AmazonRootCA1.pem", "device_certificate_relative_path": "<UID>_device_certificate.crt", "device_private_key_relative_path": "<UID>_device_reference_key.pem", "tls_handshake_timeout_msecs": 60000, "tls_read_timeout_msecs": 2000, "tls_write_timeout_msecs": 2000, "aws_region": "", "aws_access_key_id": "", "aws_secret_access_key": "", "aws_session_token": "", "client_id": "CppSDKTesting", "thing_name": "CppSDKTesting", "is_clean_session": true, "mqtt_command_timeout_msecs": 20000, "keepalive_interval_secs": 600, "minimum_reconnect_interval_secs": 1, "maximum_reconnect_interval_secs": 128, "maximum_acks_to_wait_for": 32, "action_processing_rate_hz": 5, "maximum_outgoing_action_queue_length": 32, "discover_action_timeout_msecs": 300000 }
Search for default_algorithms in
/simw-top/demos/linux/common/openssl_sss_se050.cnf
file and set it asdefault_algorithms = RSA,RAND,ECDSA,ECDH ----- For openssl 1.0.0 default_algorithms = RSA,RAND,EC ----- For openssl 1.1.1
Set the openssl config path as call:
$ export OPENSSL_CONF=/simw-top/demos/linux/common/openssl_sss_se050.cnf
Upload the root certificate (/simw-top/pycli/Provisioning/aws/rootCA_certificate.cer) to AWS account. Refer Creating a device on AWS account
Run the application:
cd /simw-top/demos/linux/aws/aws-iot-device-sdk-cpp/build/bin ./pub-sub-sample
Note
Export the OpenSSL conf path to the exact location of the file. The above example is for illustrative purpose