ZDS 2023 - Provisioning.pdf

1、ZDS 2023PROVISIONINGNRF9160 FEATHERI TOOK THE RED PILL ZEPHYR LIVE SESSIONSYOUTUBE.COM/C/CIRCUITDOJO-Make it easy to set up and deploy -Make them secure-Make them easy to maintain-Save time!PROVISIONING DEVICES#ZDS2023-Focus on generating and provisioning device certificates-Touch on device specific

2、 configuration as well-Open source tools that make the job easier-Caveats and important security implications-Will not be hitting on JITPPROVISIONING DEVICES#ZDS2023GENERATING CERTIFICATES-There are a few ways to do this:-If youre using AWS IoT you can generate certs on the AWS console-You can also

3、do it the old fashioned way using openssl or esa-rsa CLI-Pyrinas CLI will also sign and load certs directlyGENERATING CERTIFICATES#ZDS2023GENERATING CERTIFICATES#ZDS2023#Init and CAeasyrsa init-pkieasyrsa build-ca#Servereasyrsa gen-req mosquitto nopasseasyrsa sign-req server mosquitto#Clienteasyrsa

4、gen-req nrf9160 nopass batcheasyrsa sign-req client test batchGENERATING CERTIFICATES#ZDS2023GENERATING CERTIFICATES#ZDS2023-The Pyrinas CLI uses:-Rcgen crate for cert gen-Serialport crate for writing to UART/USB-It will:-Keep all certs organized per device-Generate server and CA certificates-Facili

5、tate loading certs over console shellGENERATING CERTIFICATES#ZDS2023GENERATING CERTIFICATES#ZDS2023/.pyrinas tree-L 3.certs 352656102712240 5d7d961e4c114c8d ca server config.tomlGENERATING CERTIFICATES#ZDS2023STORING CERTIFICATES#ZDS2023-Unique identifier-For the nRF9160 the IMEI is the unique ident

6、ifier-For anything else:MAC address(Ethernet,Wifi or BLE)-nRF Device ID in OTP FICR-Immutable and random enough to be unique for all devices in the fleetGENERATING CERTIFICATES#ZDS2023-nRF Cloud-Easy API that generates certificates for easy provisioning on nRF91 devices-Every nRF9160 Feather has a s