blob: 380a206bafc7621589d857fe595ddf7b6f8a377f [file] [log] [blame]
..
Copyright 2019,2020 NXP
.. highlight:: shell
.. _linux-demos-azure:
Azure Demo for iMX Linux / Raspberry Pi
========================================================================
This demo demonstrates connection to Azure IoTHub using pre-provisioned
device credentials and demonstrates publish/subscribe procedure using MQTT.
Prerequisites
----------------------------------
- Azure account
- SD Card image with SE050 Middleware pre-installed. The application is
built on the iMX platform.
- IMX6UL-EVK platform or Raspberry pi connected to the Internet
Preparing the credentials and Provisioning the secure element
-------------------------------------------------------------------------
Use ssscli tool from iMX/Rpi platform
1) Complete :numref:`cli-doc-pre-steps` :ref:`cli-doc-pre-steps`
#) To create certificates on imx and Raspberry Pi, call::
cd simw-top/pycli/Provisioning
python3 GenerateAZURECredentials.py
python3 ResetAndUpdate_AZURE.py
#) Certificates and Keys are generated at ``simw-top/pycli/Provisioning/azure``
Registering Device
-------------------------------------------------------------
To register the device onto the IoT Hub portal, we can either upload Root credentials manually
or we can register an individual device using ``azure_imx_register`` application. If you wish
to upload Root credentials, skip the next steps and proceed to :ref:`azure-imx-upload-root`.
.. _azure-register-device:
Create device enrollment in azure IoT Hub portal
-------------------------------------------------------------
**This step is only for individual device enrollment.**
Prerequisite: Azure IOT hub and Azure IOT HUB DPS account which are linked.
Refer: https://docs.microsoft.com/en-us/azure/iot-dps/tutorial-set-up-cloud
https://docs.microsoft.com/en-us/azure/iot-dps/quick-setup-auto-provision
Once required accounts exist we can enroll the devices.
For this we only need device certificate which we created in above steps.
Follow the steps to enroll the device: https://docs.microsoft.com/en-us/azure/iot-dps/tutorial-provision-device-to-hub
.. note:: When creating device certificates be sure to use only lower-case alphanumerics and hyphens in your device name.
Run ``azure_imx_register`` application to register the device onto your IoT Hub.
``azure_imx_register`` application can take parameters either via JSON file or via command line.
The required parameters are:
- registerid: Registration id of the device (common name of device certificate)
- keypath: Path to reference key pem file
- devcert: Path to device certificate
- rootpath: Path to azure root CA certificate
- idscope: IDScope (can found in Azure IoT-DPS account - Overview)
Run via command line as::
./azure_imx_register --registerid test-device --keypath keyref.pem --rootpath azureRootCA.pem --devcert cert.pem --idscope 0ne00068F95
Or pass JSON file as::
./azure_imx_register --json json_register_config.json
Sample JSON file::
{
"devcert": "cert.pem",
"keypath": "keyref.pem",
"id_scope": "0ne00068F95",
"registration_id": "test-device",
"rootpath": "azureRootCA.pem"
}
Upon successful registration, "DeviceID".txt file is created with DeviceID, assigned hub along with keyref, device certificate and root certificate path.
This file can be given as input to connect to device and send messages.
The device is now registered and appears on IoT Azure hub under devices tab
We can pass this JSON file to ``azure_imx_connect`` application to connect to IoT Hub. You can skip the next step and proceed to :ref:`azure-openssl-build`.
.. _azure-imx-upload-root:
Uploading root certificates to IoT Hub
-------------------------------------------------------------
1) On Azure IoT Hub portal, Navigate to ``Dashboard --> <Your IoT Hub> --> Certificates``. Click on Add
#) Enter a friendly name and upload the root certificate created in the previous step. Location - ``simw-top/pycli/Provisioning/azure/RootCA.cer`` -> Save
#) Your certificate will show in the Certificate Explorer list. Click on certificate added
#) In Certificate Details, click Generate Verification Code
#) The provisioning service creates a Verification Code that you can use to validate the certificate ownership. Copy the code to your clipboard
#) Use the verification_certificate.py to generate a verify certificate (verifyCert4.cer) ::
cd simw-top/pycli/Provisioning
python verification_certificate.py <RootCA_Certificate> <RootCA_Keypair> <Verification Code>
#) On ``Azure portal -> Certificate Details``, upload the verifyCert4.cer file generated and click Verify.
STATUS of your certificate should change to ``Verified`` in the Certificate Explorer list
.. _azure-openssl-build:
Build the OpenSSL engine [Optional]
-------------------------------------------------------------
.. note::
This step is optional in case you are using a prepared
SD card image from NXP.
The OpenSSL engine uses the sss abstraction layer to access the crypto
services of the secure element, the implementation remains dependent on
the secure element attached. The following illustrates compiling the
OpenSSL engine for SE050 connected over I2C.
::
cd simw-top
python scripts/create_cmake_projects.py
cd ../simw-top_build/imx_native_se050_t1oi2c
cmake --build .
make install
ldconfig /usr/local/lib
.. note::
Replace ``imx_native_se050_t1oi2c`` with ``raspbian_native_se050_t1oi2c``
when building for Raspberry Pi.
Run the example
---------------
1) Use 'buildScript.sh' script at simw-top/demos/linux/azure/ to download all dependencies and build the mqtt application for azure call::
cd /simw-top/demos/linux/azure
./buildScript.sh
#) Based on OpenSSL version and applicable Secure Element, select the appropriate configuration file in
``<MW_SRC_DIR>/simw-top/demos/linux/common`` directory::
openssl11_sss_a71ch.cnf ----- OpenSSL 1.1.1 and A71CH
openssl11_sss_se050.cnf ----- OpenSSL 1.1.1 and SE050
openssl_sss_a71ch.cnf ----- OpenSSL 1.0.0 and A71CH
openssl_sss_se050.cnf ----- OpenSSL 1.0.0 and SE050
#) Set the openssl config path as call::
$ export OPENSSL_CONF=/simw-top/demos/linux/common/<appropriate-cnf-file>
#) To run the application, call::
$ ./azure_imx_connect --deviceid "<devive_name>" --keypath simw-top/pycli/Provisioning/azure/<UID>_device_reference_key.pem --rootpath simw-top/demos/linux/azure/azureRootCA.pem --devcert simw-top/pycli/Provisioning/azure/<UID>_device_certificate.cer --hubname <IotHubName>.azure-devices.net --username <IotHubName> --payload "<MESSAGE>"
Or pass JSON file as::
./azure_imx_connect --json json_connect_config.json
Sample json_connect_config.json::
{
"assignedHub": "ABCD.azure-devices.net",
"deviceId": "test-device",
"registration_id": "test-device",
"status": "assigned",
"keypath": "keyref.pem",
"devcert": "cert.pem",
"rootpath": "azureRootCA.pem",
"payload": "hello message from device test-device"
}
.. note:: If you have used ``azure_imx_register`` application, ``json_connect_config.json`` is same as ``"DeviceID".txt``
.. note::
1) Export the OpenSSL conf path to the exact location of the file. The above example is for illustrative purpose
2) While executing the application, use the appropriate values for device cert, Device id, Path, hubname and username