From 5ab82907d928a998c45ea84a7f0901b6065830bf Mon Sep 17 00:00:00 2001 From: Arnout Vandecappelle Date: Fri, 6 Oct 2023 19:23:53 +0200 Subject: [PATCH 1/3] el2g: add documentation for GENERIC_KEYPAIRS lmp-el2go-auto-register was extended with support for generic keypairs. Document this new feature, in particular that GENERIC_KEYPAIRS has to be set in /etc/default/lmp-el2go-auto-register. Signed-off-by: Arnout Vandecappelle Signed-off-by: Arnout Vandecappelle --- source/user-guide/el2g.rst | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/source/user-guide/el2g.rst b/source/user-guide/el2g.rst index cfaab7cb4..f52ca822f 100644 --- a/source/user-guide/el2g.rst +++ b/source/user-guide/el2g.rst @@ -231,6 +231,21 @@ EdgeLock 2GO Concepts * **Subdomain** — Every EdgeLock 2GO account has a "device-link" subdomain that a device's ``nxp_iot_agent_demo`` binary connects to. This is the service where secure objects will be exchanged. +Installing additional Secure Objects +------------------------------------ + +Any additional Secure Objects that are defined in EdgeLock 2GO and provisioned into the secure element when the device registers. +Additionally, keypairs and certificates are loaded into PKCS#11 so they are accessible to e.g. OpenSSL. +The convention is that the keypair secure object has an even-numbered OID (e.g. 0x10000010) and the corresponding certificate has an OID one higher (e.g. 0x10000011). +To enable automatic loading of the keypair and certificate, the `GENERIC_KEYPAIRS` variable must be set in `/etc/default/lmp-el2go-auto-register`. E.g. + + # recipes-support/lmp-el2go-auto-register/lmp-el2go-auto-register/default.env + REPOID= + GENERIC_KEYPAIRS="0x10000010" + +`GENERIC_KEYPAIRS` defaults to 0X83000044 which is the OID used by AWS IoT. + + Further Details --------------- From f98943abc015999fc80edf691f946c5a50e9817c Mon Sep 17 00:00:00 2001 From: arnout Date: Wed, 11 Oct 2023 16:45:04 +0200 Subject: [PATCH 2/3] Apply suggestions from code review Co-authored-by: Katrina Prosise --- source/user-guide/el2g.rst | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/source/user-guide/el2g.rst b/source/user-guide/el2g.rst index f52ca822f..2a983d5eb 100644 --- a/source/user-guide/el2g.rst +++ b/source/user-guide/el2g.rst @@ -231,20 +231,20 @@ EdgeLock 2GO Concepts * **Subdomain** — Every EdgeLock 2GO account has a "device-link" subdomain that a device's ``nxp_iot_agent_demo`` binary connects to. This is the service where secure objects will be exchanged. -Installing additional Secure Objects +Installing Additional Secure Objects ------------------------------------ Any additional Secure Objects that are defined in EdgeLock 2GO and provisioned into the secure element when the device registers. Additionally, keypairs and certificates are loaded into PKCS#11 so they are accessible to e.g. OpenSSL. The convention is that the keypair secure object has an even-numbered OID (e.g. 0x10000010) and the corresponding certificate has an OID one higher (e.g. 0x10000011). -To enable automatic loading of the keypair and certificate, the `GENERIC_KEYPAIRS` variable must be set in `/etc/default/lmp-el2go-auto-register`. E.g. +To enable automatic loading of the keypair and certificate, the ``GENERIC_KEYPAIRS`` variable must be set in ``/etc/default/lmp-el2go-auto-register`` e.g., +:: # recipes-support/lmp-el2go-auto-register/lmp-el2go-auto-register/default.env REPOID= GENERIC_KEYPAIRS="0x10000010" -`GENERIC_KEYPAIRS` defaults to 0X83000044 which is the OID used by AWS IoT. - +``GENERIC_KEYPAIRS`` defaults to 0X83000044 which is the OID used by AWS IoT. Further Details --------------- From 510531987c0e4cec207d493c95664fd738161bd6 Mon Sep 17 00:00:00 2001 From: arnout Date: Wed, 25 Oct 2023 18:06:08 +0200 Subject: [PATCH 3/3] Apply suggestions from code review Co-authored-by: Katrina Prosise --- source/user-guide/el2g.rst | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/source/user-guide/el2g.rst b/source/user-guide/el2g.rst index 2a983d5eb..59887383e 100644 --- a/source/user-guide/el2g.rst +++ b/source/user-guide/el2g.rst @@ -234,8 +234,9 @@ EdgeLock 2GO Concepts Installing Additional Secure Objects ------------------------------------ -Any additional Secure Objects that are defined in EdgeLock 2GO and provisioned into the secure element when the device registers. -Additionally, keypairs and certificates are loaded into PKCS#11 so they are accessible to e.g. OpenSSL. +Additional Secure Objects can be defined in EdgeLock 2GO through the API. +These objects are provisioned into the Secure Element when the device registers. +On top of this, keypairs and certificates are loaded into PKCS#11 so they are accessible, e.g., OpenSSL. The convention is that the keypair secure object has an even-numbered OID (e.g. 0x10000010) and the corresponding certificate has an OID one higher (e.g. 0x10000011). To enable automatic loading of the keypair and certificate, the ``GENERIC_KEYPAIRS`` variable must be set in ``/etc/default/lmp-el2go-auto-register`` e.g.,