Google Git
Sign in
coral / a71ch-crypto-support / 8dc1f1434da50a4b7361d651239c1f3f4f8cc25b / . / doc / demos / linux / sss_pkcs11 / Readme.html
blob: d9abf8c69b72c58339d0f96383cda42b18f023c9 [file] [log] [blame]
<!DOCTYPE html>
<!--
Copyright 2019 NXP
This software is owned or controlled by NXP and may only be used
strictly in accordance with the applicable license terms. By expressly
accepting such terms or by downloading, installing, activating and/or
otherwise using the software, you are agreeing that you have read, and
that you agree to comply with and are bound by, such license terms. If
you do not agree to be bound by the applicable license terms, then you
may not retain, install, activate or otherwise use the software.
-->
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta charset="utf-8" />
<title>5.4.1. Greengrass Demo for Linux &#8212; Plug &amp; Trust MW v03.00.05 documentation</title>
<link rel="stylesheet" href="../../../_static/bootstrap-sphinx.css" type="text/css" />
<link rel="stylesheet" href="../../../_static/pygments.css" type="text/css" />
<link rel="stylesheet" type="text/css" href="../../../_static/graphviz.css" />
<script id="documentation_options" data-url_root="../../../" src="../../../_static/documentation_options.js"></script>
<script src="../../../_static/jquery.js"></script>
<script src="../../../_static/underscore.js"></script>
<script src="../../../_static/doctools.js"></script>
<script src="../../../_static/language_data.js"></script>
<link rel="index" title="Index" href="../../../genindex.html" />
<link rel="search" title="Search" href="../../../search.html" />
<link rel="next" title="5.4.2. OpenSSL Engine: TLS Client example for iMX/Rpi3" href="../tls_client/tls_client_demo.html" />
<link rel="prev" title="5.3.8. Azure Demo for iMX Linux / Raspberry Pi" href="../azure/readme.html" />
<meta charset='utf-8'>
<meta http-equiv='X-UA-Compatible' content='IE=edge,chrome=1'>
<meta name='viewport' content='width=device-width, initial-scale=1.0, maximum-scale=1'>
<meta name="apple-mobile-web-app-capable" content="yes">
<script type="text/javascript" src="../../../_static/js/jquery-1.11.0.min.js "></script>
<script type="text/javascript" src="../../../_static/js/jquery-fix.js "></script>
<script type="text/javascript" src="../../../_static/bootstrap-3.3.7/js/bootstrap.min.js "></script>
<script type="text/javascript" src="../../../_static/bootstrap-sphinx.js "></script>
</head><body>
<div id="navbar" class="navbar navbar-inverse navbar-default navbar-fixed-top">
<div class="container">
<div class="navbar-header">
<!-- .btn-navbar is used as the toggle for collapsed navbar content -->
<button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".nav-collapse">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="navbar-brand" href="../../../toc.html"><span><img src="../../../_static/NXP_logo_JPG.jpg"></span>
MW</a>
<span class="navbar-text navbar-version pull-left"><b>v03.00.05</b></span>
</div>
<div class="collapse navbar-collapse nav-collapse">
<ul class="nav navbar-nav">
<li class="dropdown globaltoc-container">
<a role="button"
id="dLabelGlobalToc"
data-toggle="dropdown"
data-target="#"
href="../../../toc.html">TOC <b class="caret"></b></a>
<ul class="dropdown-menu globaltoc"
role="menu"
aria-labelledby="dLabelGlobalToc"><ul class="current">
<li class="toctree-l1"><a class="reference internal" href="../../../index.html">1. NXP Plug &amp; Trust Middleware</a><ul>
<li class="toctree-l2"><a class="reference internal" href="../../../organization-of-documentation.html">1.1. Organization of Documentation</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../folder-structure.html">1.2. Folder Structure</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../sw-prerequisites.html">1.3. List of Platform Prerequisites</a></li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="../../../changes/index.html">2. Changes</a><ul>
<li class="toctree-l2"><a class="reference internal" href="../../../changes/pending.html">2.1. Pending Refactoring items</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../changes/pending.html#known-limitations">2.2. Known limitations</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../changes/v03_00_05.html">2.3. Release <code class="docutils literal notranslate"><span class="pre">v03.00.05</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../changes/v03_00_04.html">2.4. Release <code class="docutils literal notranslate"><span class="pre">v03.00.04</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../changes/v03_00_03.html">2.5. Release <code class="docutils literal notranslate"><span class="pre">v03.00.03</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../changes/v03_00_02.html">2.6. Release <code class="docutils literal notranslate"><span class="pre">v03.00.02</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../changes/v02_16_01.html">2.7. Release <code class="docutils literal notranslate"><span class="pre">v02.16.01</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../changes/v02_16_00.html">2.8. Release <code class="docutils literal notranslate"><span class="pre">v02.16.00</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../changes/v02_15_00.html">2.9. Release <code class="docutils literal notranslate"><span class="pre">v02.15.00</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../changes/v02_14_00.html">2.10. Release <code class="docutils literal notranslate"><span class="pre">v02.14.00</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../changes/v02_12_00.html">2.11. Release <code class="docutils literal notranslate"><span class="pre">v02.12.05</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../changes/v02_12_00.html#release-v02-12-04">2.12. Release <code class="docutils literal notranslate"><span class="pre">v02.12.04</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../changes/v02_12_00.html#release-v02-12-03">2.13. Release <code class="docutils literal notranslate"><span class="pre">v02.12.03</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../changes/v02_12_00.html#release-v02-12-02">2.14. Release <code class="docutils literal notranslate"><span class="pre">v02.12.02</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../changes/v02_12_00.html#release-v02-12-01">2.15. Release <code class="docutils literal notranslate"><span class="pre">v02.12.01</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../changes/v02_12_00.html#release-v02-12-00">2.16. Release <code class="docutils literal notranslate"><span class="pre">v02.12.00</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../changes/v02_11_03.html">2.17. Release <code class="docutils literal notranslate"><span class="pre">v02.11.03</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../changes/v02_11_01.html">2.18. Internal Release <code class="docutils literal notranslate"><span class="pre">v02.11.01</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../changes/v02_11_00.html">2.19. Release <code class="docutils literal notranslate"><span class="pre">v02.11.00</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../changes/v02_10_00.html">2.20. Release <code class="docutils literal notranslate"><span class="pre">v02.10.00</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../changes/v02_09_00.html">2.21. Release <code class="docutils literal notranslate"><span class="pre">v02.09.00</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../changes/v02_07_00.html">2.22. Release <code class="docutils literal notranslate"><span class="pre">v02.07.00</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../changes/v02_06_00.html">2.23. Release <code class="docutils literal notranslate"><span class="pre">v02.06.00</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../changes/v02_05_00_to_v02_03_00.html">2.24. Release <code class="docutils literal notranslate"><span class="pre">v02.05.00</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../changes/v02_05_00_to_v02_03_00.html#release-v02-04-00">2.25. Release <code class="docutils literal notranslate"><span class="pre">v02.04.00</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../changes/v02_05_00_to_v02_03_00.html#release-02-03-00">2.26. Release <code class="docutils literal notranslate"><span class="pre">02.03.00</span></code></a></li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="../../../stack/index.html">3. Plug &amp; Trust MW Stack</a><ul>
<li class="toctree-l2"><a class="reference internal" href="../../../stack/features.html">3.1. Features</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../stack/features.html#plug-trust-mw-block-diagram">3.2. Plug &amp; Trust MW : Block Diagram</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../sss-apis.html">3.3. SSS APIs</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../stack/se05xfeatures.html">3.4. SSS APIs: SE051 vs SE050</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../stack/param_checks.html">3.5. Parameter Check &amp; Conventions</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../stack/i2cm.html">3.6. I2CM / Secure Sensor</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../stack/logging.html">3.7. Logging</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../stack/feature-file.html">3.8. Feature File - <code class="docutils literal notranslate"><span class="pre">fsl_sss_ftr.h</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../stack/platf-scp-from-fs.html">3.9. Using Platform SCP Keys from File System</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../stack/auth/auth-objects.html">3.10. Auth Objects</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../stack/auth/auth-objects-userid.html">3.11. Auth Objects : UserID</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../stack/auth/auth-objects-aeskey.html">3.12. Auth Objects : AESKey</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../stack/auth/auth-objects-eckey.html">3.13. Auth Objects : ECKey</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../stack/key-id-range.html">3.14. Key Id Range and Purpose</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../stack/key-id-range.html#authentication-keys">3.15. Authentication Keys</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../stack/key-id-range.html#trust-provisioned-keyids">3.16. Trust provisioned KeyIDs</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../sss/ex/doc/puf-scp03.html">3.17. SCP03 with PUF</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../sss/doc/sss_heap_management.html">3.18. SSS Heap Management</a></li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="../../../building/index.html">4. Building / Compiling</a><ul>
<li class="toctree-l2"><a class="reference internal" href="../../../building/windows.html">4.1. Windows Build</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../building/frdm-k64f-sdk.html">4.2. Import MCUXPresso projects from SDK</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../building/frdm-k64f-cmake.html">4.3. Freedom K64F Build (CMake - Advanced)</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../building/imx6.html">4.4. i.MX Linux Build</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../building/rpi3.html">4.5. Raspberry Pi Build</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../building/cmake.html">4.6. CMake</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../scripts/cmake_options.html">4.7. CMake Options</a></li>
</ul>
</li>
<li class="toctree-l1 current"><a class="reference internal" href="../../index.html">5. Demo and Examples</a><ul class="current">
<li class="toctree-l2"><a class="reference internal" href="../../index.html#demo-list">5.1. Demo List</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../index.html#sss-api-examples">5.2. SSS API Examples</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../index.html#cloud-demos">5.3. Cloud Demos</a></li>
<li class="toctree-l2 current"><a class="reference internal" href="../../index.html#linux-specific-demos">5.4. Linux Specific Demos</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../index.html#opc-ua-example">5.5. OPC-UA Example</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../index.html#arm-psa-example">5.6. ARM PSA Example</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../index.html#se05x-examples">5.7. SE05X Examples</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../index.html#openssl-examples">5.8. OpenSSL Examples</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../index.html#tests-for-user-crypto">5.9. Tests for User Crypto</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../index.html#nxpnfcrdlib-examples">5.10. NXPNFCRDLIB examples</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../index.html#ease-of-use-examples">5.11. Ease-of-Use examples</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../index.html#semslite-examples">5.12. Semslite examples</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../index.html#puf-examples">5.13. PUF examples</a></li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="../../../edgelock2go-agent.html">6. NXP EdgeLock 2GO Agent</a><ul>
<li class="toctree-l2"><a class="reference internal" href="../../../nxp_iot_agent/doc/introduction.html">6.1. Introduction</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../nxp_iot_agent/doc/introduction.html#building-and-running-the-edgelock-2go-agent">6.2. Building and running the EdgeLock 2GO agent</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../nxp_iot_agent/doc/introduction.html#datastore-keystore">6.3. Datastore / Keystore</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../nxp_iot_agent/doc/introduction.html#connection-to-the-edgelock-2go-cloud-service">6.4. Connection to the EdgeLock 2GO cloud service</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../nxp_iot_agent/doc/introduction.html#claim-codes">6.5. Claim Codes</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../nxp_iot_agent/doc/edgelock2go_agent_apis.html">6.6. API</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../nxp_iot_agent/doc/readme_usage_examples.html">6.7. Usage Examples</a></li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="../../../semslite/doc/index.html">7. SEMS Lite Agent</a><ul>
<li class="toctree-l2"><a class="reference internal" href="../../../semslite/doc/sems_lite_overview.html">7.1. SEMS Lite Overview (Only for SE051)</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../semslite/doc/sems_lite_package.html">7.2. Update Package</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../semslite/doc/sems_lite_usage.html">7.3. SEMS Lite Agent Usage</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../semslite/doc/sems_lite_mgmt_api.html">7.4. SEMS Lite management APIs</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../semslite/doc/sems_lite_process.html">7.5. SEMS Lite Agent Package Load Process</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../semslite/doc/sems_lite_api.html">7.6. APIs</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../semslite/doc/sems_lite_known_issue.html">7.7. SEMS Lite Known Issue</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../semslite/doc/demo_update.html">7.8. SEMS Lite DEMOs</a></li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="../../../plugins/index.html">8. Plugins / Add-ins</a><ul>
<li class="toctree-l2"><a class="reference internal" href="../../../sss/plugin/openssl/scripts/readme.html">8.1. Introduction on OpenSSL engine</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../sss/plugin/mbedtls/scripts/readme.html">8.2. Introduction on mbedTLS ALT Implementation</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../sss/plugin/psa/Readme.html">8.3. Platform Security Architecture</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../plugins/akm.html">8.4. Android Key master</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../sss/plugin/open62541/readme.html">8.5. Introduction on Open62541 (OPC UA stack)</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../plugins/wifiEAP/wifiEAP.html">8.6. WiFi EAP Demo with Raspberry Pi3</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../plugins/pkcs11.html">8.7. PKCS#11 Standalone Library</a></li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="../../../cli-tool.html">9. CLI Tool</a><ul>
<li class="toctree-l2"><a class="reference internal" href="../../../pycli/doc/introduction.html">9.1. Introduction</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../pycli/doc/block-diagram.html">9.2. Block Diagram</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../pycli/doc/pre-steps.html">9.3. Steps needed before running <code class="docutils literal notranslate"><span class="pre">ssscli</span></code> tool</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../pycli/doc/running.html">9.4. Running the <code class="docutils literal notranslate"><span class="pre">ssscli</span></code> tool - Windows</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../pycli/Provisioning/readme.html">9.5. CLI Provisioning</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../pycli/doc/readme_usage_examples.html">9.6. Usage Examples</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../pycli/doc/cli_commands_list.html">9.7. List of <code class="docutils literal notranslate"><span class="pre">ssscli</span></code> commands</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../pycli/doc/cli_data_format.html">9.8. CLI Data formats</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../pycli/doc/cli_object_policy.html">9.9. Object Policies Through ssscli</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../appendix/upload_se05x_using_pycli.html">9.10. Upload keys and certificates to SE05X using ssscli tool</a></li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="../../../a71ch.html">10. A71CH</a><ul>
<li class="toctree-l2"><a class="reference internal" href="../../../a71ch/a71ch_sss.html">10.1. A71CH and SSS API</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../a71ch/a71ch_miscellaneous.html">10.2. Miscellaneous</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../a71ch/a71ch_legacy_host_api.html">10.3. A71CH Legacy API</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../a71ch/a71ch_legacy_hlse_api.html">10.4. A71CH Legacy HLSE (Generic) API</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../a71ch/a71ch_configure_tool.html">10.5. A71CH Legacy Configure Tool</a></li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="../../../appendix.html">11. Appendix</a><ul>
<li class="toctree-l2"><a class="reference internal" href="../../../appendix/glossary.html">11.1. Glossary</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../appendix/vcom.html">11.2. APDU Commands over VCOM</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../appendix/vs2019-setup.html">11.3. Visual Studio 2019 Setup</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../appendix/ide_mcux.html">11.4. Setting up MCUXPresso IDE</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../dev-platforms.html">11.5. Development Platforms</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../appendix/se_uid.html">11.6. How to get SE Platform Information and UID</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../appendix/version_info.html">11.7. Version Information</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../Certificate_Chains/Readme.html">11.8. Certificate Chains</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../appendix/rjct_server.html">11.9. JRCP_v1 Server</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../appendix/platfscp.html">11.10. Using own Platform SCP03 Keys</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../appendix/apdu_write_to_buffer.html">11.11. Write APDU to buffer</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../api/api_list.html">11.12. Plug &amp; Trust MW APIs</a></li>
</ul>
</li>
</ul>
</ul>
</li>
<li class="dropdown">
<a role="button"
id="dLabelLocalToc"
data-toggle="dropdown"
data-target="#"
href="#">Page <b class="caret"></b></a>
<ul class="dropdown-menu localtoc"
role="menu"
aria-labelledby="dLabelLocalToc"><ul>
<li><a class="reference internal" href="#">5.4.1. Greengrass Demo for Linux</a><ul>
<li><a class="reference internal" href="#prerequisites">5.4.1.1. Prerequisites</a></li>
<li><a class="reference internal" href="#preparing-the-greengrass-group">5.4.1.2. Preparing the Greengrass group</a></li>
<li><a class="reference internal" href="#provisioning-se050-and-building-pkcs-11-library">5.4.1.3. Provisioning SE050 and Building PKCS#11 library</a></li>
<li><a class="reference internal" href="#updating-greengrass-configuration">5.4.1.4. Updating Greengrass configuration</a></li>
<li><a class="reference internal" href="#running-greengrass-core">5.4.1.5. Running Greengrass Core</a></li>
<li><a class="reference internal" href="#connecting-devices-to-greengrass-core">5.4.1.6. Connecting Devices to Greengrass Core</a></li>
<li><a class="reference internal" href="#over-the-air-ota-updates">5.4.1.7. Over-The-Air (OTA) Updates</a></li>
<li><a class="reference internal" href="#troubleshooting">5.4.1.8. Troubleshooting</a></li>
</ul>
</li>
</ul>
</ul>
</li>
<li>
<a href="../azure/readme.html" title="Previous Chapter: 5.3.8. Azure Demo for iMX Linux / Raspberry Pi"><span class="glyphicon glyphicon-chevron-left visible-sm"></span><span class="hidden-sm hidden-tablet">&laquo; 5.3.8. Azure ...</span>
</a>
</li>
<li>
<a href="../tls_client/tls_client_demo.html" title="Next Chapter: 5.4.2. OpenSSL Engine: TLS Client example for iMX/Rpi3"><span class="glyphicon glyphicon-chevron-right visible-sm"></span><span class="hidden-sm hidden-tablet">5.4.2. OpenSS... &raquo;</span>
</a>
</li>
</ul>
</div>
</div>
</div>
<div class="container">
<div class="row">
<div class="col-md-3">
<div id="sidebar" class="bs-sidenav" role="complementary">
<div class="sidebar-header">
<h3>Plug &amp; Trust MW</h3>
</div>
<div class="row">
<ul class="current">
<li class="toctree-l1"><a class="reference internal" href="../../../index.html">1. NXP Plug &amp; Trust Middleware</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../changes/index.html">2. Changes</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../stack/index.html">3. Plug &amp; Trust MW Stack</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../building/index.html">4. Building / Compiling</a></li>
<li class="toctree-l1 current"><a class="reference internal" href="../../index.html">5. Demo and Examples</a><ul class="current">
<li class="toctree-l2"><a class="reference internal" href="../../index.html#demo-list">5.1. Demo List</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../index.html#sss-api-examples">5.2. SSS API Examples</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../index.html#cloud-demos">5.3. Cloud Demos</a></li>
<li class="toctree-l2 current"><a class="reference internal" href="../../index.html#linux-specific-demos">5.4. Linux Specific Demos</a><ul class="current">
<li class="toctree-l3 current"><a class="current reference internal" href="#">5.4.1. Greengrass Demo for Linux</a></li>
<li class="toctree-l3"><a class="reference internal" href="../tls_client/tls_client_demo.html">5.4.2. OpenSSL Engine: TLS Client example for iMX/Rpi3</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../../hostlib/hostLib/accessManager/doc/accessManager.html">5.4.3. Access Manager: Manage access from multiple (Linux) processes to an SE05x IoT Applet</a></li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="../../index.html#opc-ua-example">5.5. OPC-UA Example</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../index.html#arm-psa-example">5.6. ARM PSA Example</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../index.html#se05x-examples">5.7. SE05X Examples</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../index.html#openssl-examples">5.8. OpenSSL Examples</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../index.html#tests-for-user-crypto">5.9. Tests for User Crypto</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../index.html#nxpnfcrdlib-examples">5.10. NXPNFCRDLIB examples</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../index.html#ease-of-use-examples">5.11. Ease-of-Use examples</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../index.html#semslite-examples">5.12. Semslite examples</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../index.html#puf-examples">5.13. PUF examples</a></li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="../../../edgelock2go-agent.html">6. NXP EdgeLock 2GO Agent</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../semslite/doc/index.html">7. SEMS Lite Agent</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../plugins/index.html">8. Plugins / Add-ins</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../cli-tool.html">9. CLI Tool</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../a71ch.html">10. A71CH</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../appendix.html">11. Appendix</a></li>
</ul>
</div>
<div class="row">
<form class="form" action="../../../search.html" method="get">
<div class="form-group">
<label for="Search">Search:</label>
<input type="text" name="q" class="form-control" placeholder="Search" />
</div>
<input type="hidden" name="check_keywords" value="yes" />
<input type="hidden" name="area" value="default" />
</form>
</div>
</div>
</div>
<div class="body col-md-9 content" role="main">
<div class="section" id="greengrass-demo-for-linux">
<span id="linux-demos-greengrass"></span><h1><span class="section-number">5.4.1. </span>Greengrass Demo for Linux<a class="headerlink" href="#greengrass-demo-for-linux" title="Permalink to this headline"></a></h1>
<p>AWS IoT Greengrass is a software provided by AWS to extend cloud capabilities
to locally connected devices. This allows local devices to publish/subscribe
to a topic even if there is no connectivity with AWS IoT console. A Greengrass
group consists of a Greengrass core, multiple Greengrass devices connected to
that core, and lambda functions and other services running on that core. In
this, the Greengrass core performs the functions of AWS IoT console.</p>
<p>Also see <a class="reference external" href="https://docs.aws.amazon.com/greengrass/latest/developerguide/what-is-gg.html">What Is AWS IoT Greengrass</a>
for more details about AWS IoT Greengrass.</p>
<p>This demo is to demonstrate how to integrate SE050 with AWS IoT Greengrass
core and RaspberryPi as hardware security to store core specific credentials
for IoT client and MQTT server.</p>
<div class="admonition note">
<p class="admonition-title">Note</p>
<p>Hardware security feature is available only for AWS IoT Greengrass
Core v1.7 and later. We have used Greengrass core v1.10.0 for integration</p>
</div>
<div class="section" id="prerequisites">
<h2><span class="section-number">5.4.1.1. </span>Prerequisites<a class="headerlink" href="#prerequisites" title="Permalink to this headline"></a></h2>
<ul class="simple">
<li><p>AWS Greengrass account (Also see supported regions for Greengrass)</p></li>
<li><p>RaspberryPi 3 Model B+ or Model B. The architecture of your Pi must be
armv7l or later</p></li>
<li><p>Raspbian Buster operating system</p></li>
<li><p>Python 2.7</p></li>
<li><p>ssscli Tool. Refer to <a class="reference internal" href="../../../cli-tool.html#cli-tool"><span class="std std-ref">CLI Tool</span></a></p></li>
</ul>
</div>
<div class="section" id="preparing-the-greengrass-group">
<span id="prepare-greengrass"></span><h2><span class="section-number">5.4.1.2. </span>Preparing the Greengrass group<a class="headerlink" href="#preparing-the-greengrass-group" title="Permalink to this headline"></a></h2>
<ol class="arabic">
<li><p>Follow the modules 1 and 2 as described in <a class="reference external" href="https://docs.aws.amazon.com/greengrass/latest/developerguide/module1.html">Environment Setup for Greengrass</a>
to set up Greengrass group and Greengrass core.</p>
<div class="admonition note">
<p class="admonition-title">Note</p>
<p>In Module 2, if you choose Easy Group Creation, AWS will create credentials
for Greengrass IoT core and provision in the registry. Skip the next step
if you choose Easy Group Creation. You could otherwise create your
own credentials and provision AWS registry as explained in the next step.</p>
</div>
</li>
<li><p>If you wish to use your own credentials, upload the your RootCA
and verification certificate in <code class="docutils literal notranslate"><span class="pre">Secure-&gt;CAs</span></code> tab under IoT Core.</p>
<ul class="simple">
<li><p>While creating Greengrass group, choose <code class="docutils literal notranslate"><span class="pre">Advanced</span> <span class="pre">group</span> <span class="pre">creation</span></code>.</p></li>
<li><p>You can either assign IAM role or skip it for later.</p></li>
<li><p>Under Set up your security, choose <code class="docutils literal notranslate"><span class="pre">Advanced</span> <span class="pre">setup</span></code> and then
choose <code class="docutils literal notranslate"><span class="pre">Use</span> <span class="pre">my</span> <span class="pre">certificate</span></code>.</p></li>
<li><p>Select your active RootCA certificate and upload corresponding
device certificate</p></li>
</ul>
</li>
<li><p>If you used your own credentials, download sample <code class="file docutils literal notranslate"><span class="pre">config.json</span></code> file
for greengrass available at <a class="reference external" href="https://docs.aws.amazon.com/greengrass/latest/developerguide/gg-core.html#config-json">AWS IoT Greengrass Core Configuration File</a></p>
<p>After completing Module 2, store your device certificate under certs
directory where you have extracted AWS IoT Greengrass core software (by
default <code class="file docutils literal notranslate"><span class="pre">/greengrass</span></code> directory) and the downloaded
<code class="file docutils literal notranslate"><span class="pre">config.json</span></code> under config directory.</p>
</li>
<li><p>Do <strong>NOT</strong> run the daemon yet.</p></li>
</ol>
</div>
<div class="section" id="provisioning-se050-and-building-pkcs-11-library">
<h2><span class="section-number">5.4.1.3. </span>Provisioning SE050 and Building PKCS#11 library<a class="headerlink" href="#provisioning-se050-and-building-pkcs-11-library" title="Permalink to this headline"></a></h2>
<ol class="arabic">
<li><p>Before running the Greengrass daemon, you would need to
provision your SE050 and build PKCS#11 library.</p></li>
<li><p>Complete <a class="reference internal" href="../../../pycli/doc/pre-steps.html#cli-doc-pre-steps"><span class="std std-numref">Section 9.3</span></a> <a class="reference internal" href="../../../pycli/doc/pre-steps.html#cli-doc-pre-steps"><span class="std std-ref">Steps needed before running ssscli tool</span></a> for ssscli tool setup</p></li>
<li><p>Run the following steps to provision your SE050 with Greengrass core keypair:</p>
<div class="highlight-text notranslate"><div class="highlight"><pre><span></span>ssscli connect se050 t1oi2c none
ssscli se05x reset
ssscli set ecc pair 0x20181001 &lt;path-to-core-keypair&gt;
ssscli disconnect
</pre></div>
</div>
<div class="admonition note">
<p class="admonition-title">Note</p>
<p>Greengrass uses labels to address objects on tokens. To make the PKCS#11 library
use a specific keyID, the label should start with <code class="docutils literal notranslate"><span class="pre">sss:</span></code> followed by 32-bit keyID in
hexadecimal format. For example, the label for the command used above would be
<code class="docutils literal notranslate"><span class="pre">sss:20181001</span></code>.</p>
</div>
</li>
<li><p>Build and install PKCS#11 library for Greengrass core.
Refer to <a class="reference internal" href="../../../plugins/pkcs11.html#pkcs11-standalone"><span class="std std-numref">Section 8.7</span></a> <a class="reference internal" href="../../../plugins/pkcs11.html#pkcs11-standalone"><span class="std std-ref">PKCS#11 Standalone Library</span></a></p></li>
</ol>
</div>
<div class="section" id="updating-greengrass-configuration">
<h2><span class="section-number">5.4.1.4. </span>Updating Greengrass configuration<a class="headerlink" href="#updating-greengrass-configuration" title="Permalink to this headline"></a></h2>
<p>If you have successfully completed <a class="reference internal" href="#prepare-greengrass"><span class="std std-ref">Preparing the Greengrass group</span></a>, you would have
<code class="file docutils literal notranslate"><span class="pre">config.json</span></code> under config directory of AWS IoT Greengrass core software
(by default as <code class="file docutils literal notranslate"><span class="pre">/greengrass</span></code> directory). A sample of <code class="file docutils literal notranslate"><span class="pre">config.json</span></code>
is:</p>
<div class="highlight-text notranslate"><div class="highlight"><pre><span></span>{
&quot;coreThing&quot; : {
&quot;caPath&quot; : &quot;root.ca.pem&quot;,
&quot;certPath&quot; : &quot;hash.cert.pem&quot;,
&quot;keyPath&quot; : &quot;hash.private.key&quot;,
&quot;thingArn&quot; : &quot;arn:partition:iot:region:account-id:thing/core-thing-name&quot;,
&quot;iotHost&quot; : &quot;host-prefix-ats.iot.region.amazonaws.com&quot;,
&quot;ggHost&quot; : &quot;greengrass-ats.iot.region.amazonaws.com&quot;,
&quot;keepAlive&quot; : 600
},
&quot;runtime&quot; : {
&quot;cgroup&quot; : {
&quot;useSystemd&quot; : &quot;yes&quot;
}
},
&quot;managedRespawn&quot; : false,
&quot;crypto&quot; : {
&quot;principals&quot; : {
&quot;SecretsManager&quot; : {
&quot;privateKeyPath&quot; : &quot;file:///greengrass/certs/hash.private.key&quot;
},
&quot;IoTCertificate&quot; : {
&quot;privateKeyPath&quot; : &quot;file:///greengrass/certs/hash.private.key&quot;,
&quot;certificatePath&quot; : &quot;file:///greengrass/certs/hash.cert.pem&quot;
}
},
&quot;caPath&quot; : &quot;file:///greengrass/certs/root.ca.pem&quot;
}
}
</pre></div>
</div>
<p>Remove the <code class="docutils literal notranslate"><span class="pre">caPath</span></code>, <code class="docutils literal notranslate"><span class="pre">certPath</span></code>, and <code class="docutils literal notranslate"><span class="pre">keyPath</span></code> values from the <code class="docutils literal notranslate"><span class="pre">coreThing</span></code> object.</p>
<p>Update the <code class="docutils literal notranslate"><span class="pre">certificatePath</span></code> property of <code class="docutils literal notranslate"><span class="pre">IoTCertificate</span></code> object to the path of device certificate.</p>
<div class="admonition note">
<p class="admonition-title">Note</p>
<p>Currently AWS IoT Greengrass core does not support loading certificates from hardware.
These have to be provided as a path to a file on filesystem.</p>
</div>
<p>Update the values of <code class="docutils literal notranslate"><span class="pre">privateKeyPath</span></code> under <code class="docutils literal notranslate"><span class="pre">SecretsManager</span></code> and <code class="docutils literal notranslate"><span class="pre">IoTCertificate</span></code> objects
with <em>pkcs11:object=sss:20181001;type=private</em>.</p>
<p>Add the following <code class="docutils literal notranslate"><span class="pre">MQTTServerCertificate</span></code> object under <code class="docutils literal notranslate"><span class="pre">principals</span></code> object:</p>
<div class="highlight-text notranslate"><div class="highlight"><pre><span></span>&quot;MQTTServerCertificate&quot;: {
&quot;privateKeyPath&quot;: &quot;pkcs11:object=sss:20181001;type=private&quot;
}
</pre></div>
</div>
<p>Add the following <code class="docutils literal notranslate"><span class="pre">PKCS11</span></code> object under <code class="docutils literal notranslate"><span class="pre">crypto</span></code> object:</p>
<div class="highlight-text notranslate"><div class="highlight"><pre><span></span>&quot;PKCS11&quot;: {
&quot;P11Provider&quot;: &quot;/path/to/libsss_pkcs11.so&quot;,
&quot;slotLabel&quot;: &quot;SSS_PKCS11&quot;,
&quot;slotUserPin&quot;: &quot;1234&quot;
}
</pre></div>
</div>
<p>Add commas where needed to create a valid JSON document.</p>
<p>In this file, we have used a shared key for <code class="docutils literal notranslate"><span class="pre">MQTTServerCertificate</span></code>,
<code class="docutils literal notranslate"><span class="pre">IoTCertificate</span></code> and <code class="docutils literal notranslate"><span class="pre">SecretsManager</span></code> components. In <code class="docutils literal notranslate"><span class="pre">PKCS11</span></code> object, we
specify which PKCS#11 module to load and which slot to use in that module. All
PKCS#11 objects specified for different components will refer to the same
token.</p>
</div>
<div class="section" id="running-greengrass-core">
<h2><span class="section-number">5.4.1.5. </span>Running Greengrass Core<a class="headerlink" href="#running-greengrass-core" title="Permalink to this headline"></a></h2>
<p>Start the Greengrass daemon by running the following command in
<code class="file docutils literal notranslate"><span class="pre">ggc/core</span></code> directory under AWS IoT Greengrass core software directory:</p>
<div class="highlight-text notranslate"><div class="highlight"><pre><span></span>sudo ./greengrassd start
</pre></div>
</div>
<p>The Daemon should start successfully. If you face any problem while starting
the Greengrass daemon, refer to Troubleshooting section below. Also see
runtime logs under <code class="file docutils literal notranslate"><span class="pre">/greengrass/ggc/var/log/system</span></code> directory.</p>
</div>
<div class="section" id="connecting-devices-to-greengrass-core">
<h2><span class="section-number">5.4.1.6. </span>Connecting Devices to Greengrass Core<a class="headerlink" href="#connecting-devices-to-greengrass-core" title="Permalink to this headline"></a></h2>
<p>Follow steps mentioned from Module 3 to test Greengrass connectivity:
<a class="reference external" href="https://docs.aws.amazon.com/greengrass/latest/developerguide/module3-I.html">Lambda Functions on AWS IoT Greengrass</a></p>
</div>
<div class="section" id="over-the-air-ota-updates">
<h2><span class="section-number">5.4.1.7. </span>Over-The-Air (OTA) Updates<a class="headerlink" href="#over-the-air-ota-updates" title="Permalink to this headline"></a></h2>
<p>To configure your device for OTA updates, you also need additional
PKCS#11 engine for OpenSSL. You can use OpenSC’s <code class="docutils literal notranslate"><span class="pre">libp11</span></code> as
the engine. It is recommended that you build the engine manually.</p>
<p>Run the following commands:</p>
<div class="highlight-text notranslate"><div class="highlight"><pre><span></span>git clone https://github.com/OpenSC/libp11.git
cd libp11
sudo apt install pkgconf libssl-dev libtool
autoreconf --verbose --install --force
./configure &amp;&amp; make &amp;&amp; sudo make install
</pre></div>
</div>
<p>This will build the PKCS#11 engine for OpenSSL. Next, you have to
specify the paths to the engine in your OpenSSL configuration file.
Instead of editing default OpenSSL configuration file, you can
maintain two separate files.</p>
<p>Place this line at the top, before any sections are defined:</p>
<div class="highlight-text notranslate"><div class="highlight"><pre><span></span>openssl_conf = openssl_init
</pre></div>
</div>
<p>At the end of the file add the following configuration:</p>
<div class="highlight-text notranslate"><div class="highlight"><pre><span></span>[openssl_init]
engines=engine_section
[engine_section]
pkcs11 = pkcs11_section
[pkcs11_section]
engine_id = pkcs11
dynamic_path = /usr/lib/arm-linux-gnueabihf/engines-1.1/pkcs11.so
MODULE_PATH = /usr/local/lib/libsss_pkcs11.so
init = 0
</pre></div>
</div>
<p>Here, <code class="docutils literal notranslate"><span class="pre">dynamic_path</span></code> is the path to PKCS#11 engine <em>.so</em> file.
This is installed in <code class="file docutils literal notranslate"><span class="pre">/usr/lib/arm-linux-gnueabihf/</span></code> directory.
This path will also be printed out while installing <code class="docutils literal notranslate"><span class="pre">libp11</span></code> library.</p>
<p><code class="docutils literal notranslate"><span class="pre">MODULE_PATH</span></code> is the path to the PKCS#11 library installed in
<a class="reference internal" href="../../../plugins/pkcs11.html#pkcs11-standalone"><span class="std std-numref">Section 8.7</span></a> <a class="reference internal" href="../../../plugins/pkcs11.html#pkcs11-standalone"><span class="std std-ref">PKCS#11 Standalone Library</span></a>.</p>
<p>You can also test if OpenSSL is able to load the PKCS#11 library
by executing the following command:</p>
<div class="highlight-text notranslate"><div class="highlight"><pre><span></span>openssl engine dynamic -pre SO_PATH:/usr/lib/arm-linux-gnueabihf/engines-1.1/pkcs11.so -pre ID:pkcs11 -pre LOAD -pre MODULE_PATH:/usr/local/lib/libsss_pkcs11.so
</pre></div>
</div>
<p>You should be able to see the following output:</p>
<div class="highlight-text notranslate"><div class="highlight"><pre><span></span>(dynamic) Dynamic engine loading support
[Success]: SO_PATH:/usr/lib/arm-linux-gnueabihf/engines-1.1/pkcs11.so
[Success]: ID:pkcs11
[Success]: LOAD
[Success]: MODULE_PATH:/usr/local/lib/libsss_pkcs11.so
Loaded: (pkcs11) pkcs11 engine
</pre></div>
</div>
<p>Follow the steps listed in <a class="reference external" href="https://docs.aws.amazon.com/greengrass/latest/developerguide/core-ota-update.html">OTA Updates of AWS IoT Greengrass Core Software</a>
to configure the backend for OTA updates.</p>
</div>
<div class="section" id="troubleshooting">
<h2><span class="section-number">5.4.1.8. </span>Troubleshooting<a class="headerlink" href="#troubleshooting" title="Permalink to this headline"></a></h2>
<ol class="arabic">
<li><p>Error message <strong>greengrass deployment failed too many levels of symbolic links</strong></p>
<p>Check if your linux supports OverlayFS. Also confirm that the Raspberry Pi
image version matches the version specified in <a class="reference external" href="https://docs.aws.amazon.com/greengrass/latest/developerguide/setup-filter.rpi.html">Setting Up a Raspberry Pi</a>.
Currently, AWS IoT Greengrass Core has been tested on
<strong>2019-07-10-raspbian-buster</strong> image. Greengrass core might not work with
other images like Raspbian Stretch.</p>
</li>
<li><p>Error message <strong>connection reset by peer</strong>.</p>
<p>Add properties <code class="docutils literal notranslate"><span class="pre">iotHttpPort</span></code> and <code class="docutils literal notranslate"><span class="pre">ggHttpPort</span></code> to <code class="docutils literal notranslate"><span class="pre">coreThing</span></code> object as:</p>
<div class="highlight-text notranslate"><div class="highlight"><pre><span></span>&quot;iotHttpPort&quot; : 443,
&quot;ggHttpPort&quot; : 443
</pre></div>
</div>
</li>
</ol>
<p>If you face any other issue, refer to <a class="reference external" href="https://docs.aws.amazon.com/greengrass/latest/developerguide/gg-troubleshooting.html">Troubleshooting AWS IoT Greengrass</a>.</p>
</div>
</div>
</div>
</div>
</div>
<footer class="footer">
<div class="container">
<p class="pull-right">
<a href="#">Back to top</a>
</p>
<p>
&copy; Copyright 2018-2020, NXP.<br/>
Created using <a href="http://sphinx-doc.org/">Sphinx</a> 2.4.1.<br/>
</p>
</div>
</footer>
</body>
</html>