Components that are used in this user’s guide are listed below:
- Raspberry Pi Model B (Figure 1)
- Shield2Go Dual Adapter V2.0 for WEMOS D1 mini + Trust X (Figure 2)
- Wemos board, building upon ESP32 microcontroller (Figure 3)
Figure 2: Shield2Go Dual Adapter, backside (left) and frontside (right)
Figure 3: Wemos board, backside (left) and frontside (right)
The first step is to set up the AWS account. For creating an AWS account go to https://aws.amazon.com/. Choose Complete Sign up and then choose Create a new AWS account. When creating of the AWS account is completed, you need to:
- Create an AWS IoT Policy, which is a set of rules that specify AWS IoT behavior
- Create a Thing, which is a representation of a specific device
- Generate certificate
The Thing contains the AWS IoT Policy and device certificate. AWS IoT uses X.509 certificates for an asymmetric-key based authentication. In this user’s guide is used a type of X.509 certificate model in which AWS IoT generates a certificate with Certificate Signing Request (CSR). This means that device certificate is generated by uploading the CSR to AWS IoT during creation of the Thing. After generating, this certificate will be loaded into Trust X. The secret private key is also stored on Trust X. Therefore, it is necessary to generate CSR first.
Generating of CSR and loading the certificate into Trust X will be done using Raspberry Pi 3 and Trust X. Figure 4 explains the electrical connection between Trust X and Raspberry Pi 3.
Figure 4: Connection of Raspberry Pi 3 to Trust X
It is recommended to update the software used on Raspberry Pi. This is done by using the following command after connecting the Pi to an internet connection:
$ sudo apt-get update && sudo apt-get upgrade
Now, to set up the I2C interface to communicate with Trust X, go into Raspberry Configuration Tool with:
$ sudo raspi-config
Then, select Interfacing options, I2C, and yes. Save the settings with ok, and finish and reboot the Pi to aplly them. You can change the baudrate of the I2C-Bus to 1 MHz by opening the file /boot/config.txt and adding the line dtparam=i2c_arm_baudrate=1000000 under dtparam=i2c_arm=on. Reboot the Pi again to apply changes.
The last step of updating software is to update OpenSSL to the latest version for security reasons. With:
$ openssl version
you can check the installed version. If it differs from the latest version found at https://www.openssl.org/source/, you should update it by applying each of the following commands:
$ wget http://www.openssl.org/source/openssl-version.tar.gz --no-check-certificate
$ tar -xvzf openssl-version.tar.gz
$ cd openssl-version
$ sudo ./config --prefix=/usr --openssldir=usr/local/openssl shared
$ sudo make
$ sudo make test
$ sudo make install
The field version has to be replaced with the current OpenSSL version.
To generate CSR, download the program optiga_generate_csr from link: https://github.com/Infineon/personalize ... nerate_csr and copy it to the Pi. This program uses three parameters:
-o: it defines where the CSR will be stored
-f: specify the device driver
Call the function from the Pi:
$ ./optiga_generate_csr -i config.json -f /dev/i2c-1 -o <name>.csr
Copy CSR from the Pi to your host machine. Now you can create your Thing. From the navigation plane choose Manage > Things and click on the top right Create button. Then choose Create a single thing. Enter a name of your Thing and click on the Next button. After that you need to add a certificate for your Thing. Choose option Create with CSR and upload your .csr file. After that click on Upload file button. Next you need to add a policy for your Thing. Choose from the list the policy that you created and click on Register Thing button.
After these steps, from navigation plane choose Manage > Thing and click on your Thing. Then choose Security and click on the created certificate. Then click on top right Actions button and choose Download to download the device certificate. This certificate
needs to be written in Trust X.
Convert the certificate in DER format, because the program for uploading requires that format:
$ openssl x509 -in <certificate_name>.pem -out <certificate_name>.der -outform DER
Download the program optiga_upload_crt from this link: https://github.com/Infineon/personalize ... upload_crt in order to write the certificate in the memory of Trust X. Copy it to the Pi. Call the function from the Pi:
$ ./optiga_upload_crt -f /dev/i2c-1 -c <PATH_TO_THE_CERT>/<certificate_name>.der
Now you have all that is necessary to connect your device to the AWS IoT Cloud, therefore you can develop an application on the selected hardware platform. Clone or download the Amazon FreeRTOS from GitHub: https://github.com/Infineon/amazon-free ... ga-trust-x. Unzip the package. Open:
where BASE_FOLDER represents the path to the amazon-freertos-optiga-trust-x directory that you downloaded from GitHub. In this file you can set name of the Thing that you use, endpoint, the SSID, password and security type for your Wi-Fi network. To get the endpoint of your Thing go to the AWS IoT console: https://signin.aws.amazon.com/signin?re ... obileApp=0. Choose from the navigation plane Manage > Things and click on your Thing. Then choose Interact. In the first field is located the endpoint.
This user’s guide provides instructions for getting started with the Espressif ESP32-DevKitC board. A code of user’s application is located in:
You need a toolchain to build the application for ESP32 microcontroller. Follow the instructions for your host machine’s operating system:
$ export PATH=<PATH_TO_THE_ESP_DIRECTORY>/esp/xtensa-esp32-elf/bin:$PATH
Now you can build and run the Amazon FreeRTOS Project. Complete system is shown in Figure 5. Go to the:
Figure 5: Connection of Wemos board to Trust X
Run command make menuconfig to set up your board's configuration and then run make flash monitor to build and flash firmware, and to monitor serial console output.
In AWS IoT console you can use the MQTT client to monitor the messages that device sends to the AWS Cloud. Sign in to the AWS IoT console. In the navigation plane choose Test to open the MQTT client. In Subscription topic enter the name of the topic on which device sends messages and then click on Subscribe to the topic. Received messages will be shown on the MQTT client page.
Note: If you have problem with connection to the AWS Cloud, maybe your endpoint contains string “-ats”. Delete “-ats” part from endpoint and try again.