Skip to content

Latest commit

 

History

History
179 lines (114 loc) · 12.7 KB

README.md

File metadata and controls

179 lines (114 loc) · 12.7 KB

FreeRTOS IoT B-U585I-IOT02A STM32CubeMX AWS Reference

1. Introduction

This project demonstrates how to integrate modular FreeRTOS kernel and libraries . The project is pre-configured to run on the STM32U585 IoT Discovery Kit which includes an kit which includes an STM32U5 microcontroller.

The Project is a Non-TrustZone project which demonstrate connecting to AWS IoT Core and utilizing many of the services available via the MQTT protocol.

This includes demonstration tasks for the following AWS services:

The demo project connect to AWS IoT core via the included Wi-Fi module and use the CoreMQTT-Agent library to share a single MQTT connection among multiple tasks. These tasks publish data from a PubSub task, and demonstrate use of the AWS IoT Device Shadow and Device Defender services.

You can provision devices at scale using AWS Fleet Provisioning by Claim or Multi-Account Registration to automatically onboard IoT devices to AWS IoT Core.

With these methods, you can streamline the process of registering and managing a large number of IoT devices, ensuring they are securely connected and properly configured for AWS IoT Core. This automation helps reduce the time and effort required for device provisioning, especially when dealing with extensive IoT deployments.

This project is based on the iot-reference-stm32u5 with three major differences:

  • Generated using STM32CubeMX and use CMSIS packs
  • Enables Fleet provisioning.
  • Enables STSAFE and device registration with AWS using Multi-Account Registration, JITP and JITR

2. AWS IoT Core Demo Tasks

  • MQTT Agent
  • IoT Defender
  • OTA Update
  • Fleet Provisionong
  • Publish and Subscribe
  • EnvironmentSensor
  • MotionSensors
  • ShadowDevice

3. Board provisioning

There are multiple methods to provision your board with AWS

3.1 Single Thing Provisioning

Single Thing Provisioning, is a method used to provision individual IoT devices in AWS IoT Core. This method is ideal for scenarios where you need to provision devices one at a time.

3.2 Fleet Provisioning

Fleet Provisioning is a feature of AWS IoT Core that automates the end-to-end device onboarding process. It securely delivers unique digital identities to devices, validates device attributes via Lambda functions, and sets up devices with all required permissions and registry metadata. This method is ideal for large-scale device deployments.

3.3 Multi-Account Registration

Multi-Account Registration (MAR) registration method uses a secure element (STSAFE) for added security. The device certificate, private key, and configuration parameters are saved on (STSAFE). This method simplifies device registration and allows for easy movement of devices between multiple AWS accounts. It eliminates the need for a Certificate Authority (CA) to be registered with AWS IoT. The secure element provides additional security by storing sensitive information securely on the device. This method is ideal for large-scale device deployments.

3.4 Just-in-Time Provisioning

Just-in-Time Provisioning (JITP) is a method used to automatically provision IoT devices when they first attempt to connect to AWS IoT Core. The (STSAFE) module stores the device certificate, private key, and configuration parameters securely, ensuring that the registration process is secure and reliable. This additional layer of security provided by the STSAFE module ensures that sensitive information is kept safe, making it a valuable asset for provisioning IoT devices with AWS IoT Core. This method is ideal for large-scale device deployments.

4.5 Just-in-Time Registration

Just-in-Time Registration (JITR) is a method used by AWS IoT Core to automatically register device certificates when a device first connects to AWS IoT. The (STSAFE) module stores the device certificate, private key, and configuration parameters securely, ensuring that the registration process is secure and reliable. This additional layer of security provided by the STSAFE module ensures that sensitive information is kept safe, making it a valuable asset for provisioning IoT devices with AWS IoT Core. This method is ideal for large-scale device deployments.

4. Key Software Components

LWIP 2.3.0 TCP/IP Stack

See lwIP for details.

Mbedtls 3.1.1 TLS and Cryptography library

See MbedTLS for details.

Command Line Interface (CLI)

The CLI interface located in the Common/cli directory is used to provision the device. It also provides other Unix-like utilities. See Common/cli for details.

Key-Value Store

The key-value store located in the Common/kvstore directory is used to store runtime configuration values in STM32's internal flash memory. See Common/kvstore for details.

PkiObject API

The PkiObject API takes care of some of the mundane tasks in converting between different representations of cryptographic objects such as public keys, private keys, and certificates. See Common/crypto for details.

Mbedtls Transport

The Common/net/mbedtls_transport.c file contains a transport layer implementation for coreMQTT and coreHTTP which uses mbedtls to encrypt the connection in a way supported by AWS IoT Core.

5. Get started with the project

5.1 Cloning the Repository

To clone using HTTPS:

git clone https://github.com/SlimJallouli/b_u585_iota02_aws_iot.git --recurse-submodules

Using SSH:

git clone [email protected]:SlimJallouli/b_u585_iota02_aws_iot.git --recurse-submodules

If you have downloaded the repo without using the --recurse-submodules argument, you should run:

git submodule update --init --recursive

5.2 Build the project

  • Import the project with STM32CubeIDE
  • Select the provisioning configuration using the drop-down menu
  • Build the project
  • Flash the board

NOTE: You might get a build error the first time you build the project. Just build a second time and the error will be resolved.

NOTE: The MAR option can be used with JITP and JITR provisioning options.

alt text

5.3 Provision your board

There are multiple methods to provision your board with AWS. This also depends on the project configurarion you have selected.

Single Thing Provisioning

In this method you have two options. Automated using Python script or manual.

  1. Provision automatically with provision.py

This method involves using a Python script (provision.py) to automate the onboarding process of IoT devices to AWS IoT Core. It simplifies the process by handling the device identity creation, registration, and policy attachment automatically. follow this link for instructions

  1. Provision Manually via CLI

This method requires manually provisioning devices using the AWS Command Line Interface (CLI). It involves creating device identities, registering them with AWS IoT Core, and attaching the necessary policies for device communication. Follow this link for instructions.

Fleet Provisioning

This method is ideal for large-scale device deployments. Follow this link for instructions

Multi-Account Registration (MAR)

This method is ideal for large-scale device deployments with added security. Follow this link for instructions

Just-in-Time Provisioning (JITP)

Follow this link for instructions

Just-in-Time Registration (JITR)

Follow this link for instructions

6. CMSIS Packs

If you need to regenerate the project with STM32CubeMX, then you need to dowload and install the following CMSIS packs.

lwIP 2.3.0

mbedTLS 3.1.1

AWS_IoT_Over-the-air_Update 5.0.1

AWS_IoT_Device_Defender 4.1.1

AWS_IoT_Device_Shadow 5.0.1

AWS_IoT_Fleet_Provisioning 1.0.1

backoffAlgorithm 4.1.1

coreJSON 4.1.1

coreMQTT 5.0.1

coreMQTT_Agent 5.0.1

The following packs are automatically downloaded by STM32CubeMX

X-CUBE-MEMS1

X-CUBE-SAFEA1

X-CUBE-FREERTOS

7. Git submodules

corePKCS11

littlefs

tinycbor

8. Generate the project using STM32CubeMX

After making changes with STM32CubeMX, be sure to run the update.sh script. Failure to do so will result in build errors.