Giter Site home page Giter Site logo

erwin-ms / iot-edge-1.2-tpm Goto Github PK

View Code? Open in Web Editor NEW

This project forked from arlotito/iot-edge-1.2-tpm

0.0 1.0 0.0 2.49 MB

How to to provision an IoT Edge 1.2 via DPS, using identity certs issued by a CA via EST and keys stored in an HSM (TPM/PKCS11)

Shell 100.00%

iot-edge-1.2-tpm's Introduction

Overview

This guide explains how to provision an IoT Edge 1.2 via DPS, using an Identity Certificate dynamically issued by a CA via EST, with all the keys securely stored in an HSM implemented with a TPM and PKCS11.

All the required components (including a simulated TPM if needed) are installed running few scripts included in this repo.

Disclaimer

Samples in this repo are for demonstration purposes only! This is not a guidance or best practices on IoT Edge security.

Get started

Install git if you haven't it:

sudo apt-get install git -y

Grab the scripts from this repo:

cd ~
git clone https://github.com/arlotito/iot-edge-1.2-tpm.git
cd iot-edge-1.2-tpm/scripts
chmod +x *.sh

Once you have the scripts:

  1. install using either a one-click or step-by-step approach:
  2. troubleshoot if needed
  3. experiment

I deployed/performed all the steps, now what?

If everything went fine, you should now have an IoT Edge provisioned via DPS, using an Identity Certificate dynamically issued by a CA via EST, with private keys securely stored in the TPM/PKCS11.

If you want, you can now inspect the content of the PKCS11 store and see the private keys generated by IoT Edge:

export TPM2_PKCS11_STORE='/opt/tpm2-pkcs11'
export PKCS11_LIB_PATH='/usr/local/lib/libtpm2_pkcs11.so'
sudo pkcs11-tool --module "$PKCS11_LIB_PATH" -IOT

NOTE: the 'pkcs11-tool' is installed by script 3-install-pkcs11-tool.sh

...and make sure you have 'device-id' and 'aziot-edged-ca': picture 1

If you don't see any key or just the 'device-id', try with:

sudo iotedge system reprovision

Look at this for additional troubleshooting.

Tested configurations

This guide has been tested on:

References

iot-edge-1.2-tpm's People

Contributors

vslepakov avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.