Prepare your boards
This recipe is a proof of concept and developers guideline for those who want to start to use the A71CH with Watson IoT.
Follow the instructions in the NXP A71CH Product Support Package (PSP) to connect the boards and prepare and load the software.
Use the Quick start guide under documentation with title: A71CH Quick start guide for OM3710A71CHARD and i.MX6 UltraLite.
A71CH credential preparation and injection
To prepare and inject the credentials for the A71CH, ensure you have a working combination of MCIMX6UL-EVKB and A71CH boards.
OpenSSL (openssl) is used to create the credentials.
The A71CH Configure tool (a71chConfig_i2c_imx) is used to retrieve the UID from the A71CH and to inject key pair and client certificate.
The unix command line utilities grep and awk are used to extract bytes forming the UID part of the client certificate’s Common Name.
All these tools come pre-installed on the SD card image made available for the MCIMX6UL-EVKB board on the A71CH website (https://www.nxp.com/A71CH).
The instructions explains how to create a CA, how to create device credentials and how to inject the device credentials into the A71CH. These provisioning steps needs to be done only for the current generic sample A71CH. It is planned to release a A71CH for WIoT with preloaded credentials.
The detailed instructions are available in the github entry referred to in step 3.
Prepare the software stack of your device and connect to WIoT
The A71CH is the secure element in your device. You as a device vendor / device developer will use the secure eelment together with your device specific code. For this recipe we use the i.MX board as were it your device.
Prepare the device software on the i.MX board using the instructions in the github entry related to this recipe:
Watson IoT Platform C Client Library for NXP i.MX Platform with IC A71CH Secure Element
In summary you find those steps in the github readme.md:
- Download C client library source
- Build and install steps
- Verify build by connecting to Quickstart
- Connect A71CH to your own organization
Verify build by connecting to Watson IoT Quickstart
Both the IBM Cloud and Watson IoT platform make use of the concept: ORGANIZATION.
An Organization on IBM Cloud and Watson IoT is an administrative grouping of resources and services. For fast use and fast access a generic organization is created in Watson IoT platform: QUICKSTART. This is an open public pool where devices can be quickly registered and tested. In all other cases you always register and use your own defined organization.
Follow the steps in the github readme.md referred to in step 3.
Connect A71CH to your own Watson IoT organization
Follow the steps in the github readme.md.
Use the following steps to register CA certificate, device type, and device ID with Watson IoT Platform, configure device and connect to Watson IoT Platform using your own Watson IoT organization.
- Register Certificate Authority
- Configure Connection Security Policy
- Register Device Types and Devices
- Configure device or gateway
- Connect device or gateway
Next you can add your applications and integrations with the backend e.g. try to integrate an app on the i.MX with a Node-Red application on IBM Cloud, using the Node-Red WIoT connector. Use the IBM Cloud Watson IoT Platform Starter boilerplate for a fast start.
Use the A71CH Ready for IBM Watson IoT in your product
In the testing and prototyping design phases this A71CH Customer Programmable secure element is used.
When a product is manufactured it will contain the A71CH secure element that NXP pre-provisioned with credentials for the IBM Watson IoT Platform.
The NXP A71CH Ready for IBM Watson IoT version comes pre-provisioned with the credentials needed, avoiding expensive Public Key Infrastructure at IoT product manufacturing facilities.
Now you are ready with a first programmed prototype you can further develop the real device that holds the A71CH that is Ready for IBM Watson IoT.
Please refer to the detailed material available at the NXP website and follow the Application Note to build your product with the NXP A71CH that is Ready for IBM Watson IoT:
- Introductory BLOG at IBM: Partnering for Chip to Cloud Security
- General information on the product is provided at the NXP website
- Short overview movie how to prepare for a product containing the A71CH Ready for IBM Watson IoT
- Application note with detailed instructions how to implement the A71CH Ready for IBM Watson IoT
Authors: Marc Masschelein (NXP), Ranjan Dasgupta (IBM), Giuseppe Guagliardo (NXP), Bartho Dröge (IBM)