'Azure FreeRtos middleware and DPS, on ESP32

I am working on a project, where I am using the Azure FreeRTOS Middleware Stack on ESP32.

I would like to introduce DPS to provision all my 3K upcoming devices.

The Stack has got a DPS option, but I would like some advice as I would like to generate one global bin file, for all 3K devices. I would like DPS to create the device on IoT Hub and also provide the necessary keys to the device so it can generate the SAS token for each device id.

The device ID will be either the serial number or mac number of the ESP32 device.

What i want to avoid is creating a seperate bin file for each device.

Can this be possible? or am i miss understanding DPS?

esp32azure-iot-hubazure-iot-dps


Solution 1:[1]

DPS will not provide you neccessary keys for each device. To work with Azure IoT (either DPS or Hub), you must have per-device credential flash to your device, this is usually done during manufacturing phase.

When you use DPS group enrollment, you get a group key from DPS and use a formula to generate per-device key (hash the group key and enrollment/device id), you need a method to flash 3k keys to 3k devices on production line.

Solution 2:[2]

DPS do actually provision a device AUTOMATICALLY. You don't extra step.

Let me explain how.

Step 1: Things you have to do once from the Azure portal:

  • You create/you have an Azure IoT Hub up and running;
  • Your create/you have azure DPS up and running;
  • You create/you have a group enrolment with symmetric key from within DPS;
  • You keep the primary key of your group enrolment for use in a bit. Let’s call the primary key “KEY”

Step 2: programming

From your firmware source code:

  1. Write a code function that returns a device ID that’s unique for a device. You can use a string followed by the device MAC address, that you usually get from the Wifi interface (or Ethernet interface). For example: “3Kdevice-3454e210228c” the prefix will be the same for all devices you’ll have, but the hex numeric suffix will be different for each device. Let’s call this string REG_ID.
  2. Write a code function that creates for the device it runs on, the symmetric key from both the primary key (aka KEY) of your enrolment and the registration ID (aka REG_ID). You do that by doing a SHA256 (see DPS doc for that). Let’s call the computed symmetric key “SYM_KEY”;
  3. Use the azure SDK to get the credentials from DPS by presenting the registration ID (aka REG_ID) and the computed symmetric key (SYM_KEY) to it;
  4. You can connect to the IoT Hub with the credentials you got at point 3.

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Neo
Solution 2

Related Questions

How to set Microsoft.Azure.Devices.Client.DeviceClient KeepAliveInSeconds to a higher number than 30

Node Red - Could not connect: getaddrinfo ENOTFOUND xxx-device-hub.azure-devices.net"

How to add ZScaler certificate to edgeHub and edgeAgent?

Azure IOT Asset inventory track

Azure IOT Asset inventory track

KepServerEx connection to Azure IoT Central

CMAKE Esp32 using azure iot samples - what to check in into my repository

Partial data loss in JSON deserialization between IoT Hub and ASA Input

Azure Message Routing: JSON message in wrong format

How do we change the TLS version of Azure IoT Hub which is already created and deployed?

convert uint8_t array to string in c++

ESP32-NODEMCU V1.1

MCP3464 Micropython

ESP32 board_POST_Error_[E][WiFiClient.cpp:258] connect(): socket error on fd 56, errno: 113, "Software caused connection abort"

ESP32 AWS IoT transportStatus=-1