Comments (10)
xedbg
commented on August 23, 2024
Logged internally as DSG-5942
from iotprovision-bin.
SharxRobotics
commented on August 23, 2024
Thanks for super quick internal logging of the issue. Just a quick comment that Sept 15 is approaching fast.
To avoid service disruption it must be migrated by September 15th 2023
from iotprovision-bin.
xedbg
commented on August 23, 2024
Hi @SharxRobotics,
We are unfortunately not going to be able to meet this deadline for a full iotprovision binary release which will make this transition seamless.
We do however have some tools available which will allow you to get the job done.
-
The iotprovision-bin is a composite of several utilities, one of which is is "pywinc", which allows you to manipulate the WINC module via a bridge firmware on the MCU. To read more about this, run:
iotprovision-bin.exe --skin=pywinc --help
This tool allows you to build, read and write certificates. -
Build a new certificate bundle by using:
iotprovision-bin.exe --skin=pywinc build -m root-certs -i directory-with-root-certs -o root-certs.bin -
Upload the bundle to the WINC using
iotprovision-bin.exe --skin=pywinc write -m root-certs -i root_certs.bin
Certificates are stored compressed, so it is not possible to just "append" a new one -a new bundle must be built and uploaded.
Do you think you would be able to follow this process? I can share the bundle we have in RC status to allow you to skip step 2, but we are not finished testing this RC yet.
from iotprovision-bin.
SharxRobotics
commented on August 23, 2024
Tried it but running into some kind of file protection failure.
Here's the previous result of running iotprovision successfully (except for the 2 errors at the end that are expected)
C:\Users\XP\Desktop\AVR-IoT_WG_Azure\iotprovision-bin-2.10.7.12.134\windows64>.\iotprovision-bin.exe -c azure
***** AVR-IoT, PIC-IoT and SAM-IoT provisioning utility 'iotprovision' *****
Start processing 'AVR-IoT WG' kit for use with azure
Check if WINC firmware needs upgrade...
Firmware 'iotprovision' version: 0.4.8
Querying current WINC firmware version
WINC firmware version: 19.7.6
WINC driver version: 19.3.0
WINC firmware is already up to date.
Skipping upgrade.
Generate certificates if required...
Creating root of trust...
Provisioning AVR-IoT WG for azure ...
Firmware 'iotprovision-azure' version: 0.4.8
Loading root CA certificate
Loading from C:\Users\XP\.microchip-iot\root-ca.crt
Loading signer CA certificate
Loading from C:\Users\XP\.microchip-iot\signer-ca.crt
Erase WINC TLS certificate sector
WINC erase TLS certificate sectors
WINC Erase sector at address 0x005000
WINC Erase sector at address 0x006000
Provisioning device with credentials
Send Device Certificate
Send Signer Certificate
Transfer certificates to WINC
WINC write 1469 bytes to address 0x5000
Replacing click-me link for 'azure'
Done provisioning device 'sn0123A6728ACE1CE5FE'
Programming application: Bundled Demo for azure...
pykitcommander.kitmanager - ERROR - Unable to locate firmware for 'demo-azure'
ERROR - Operation failed with ProgrammingError: No application information for 'demo-azure'`
In the same command line window, and in another one opened with admin privileges, I get this error when trying your step 2:
C:\Users\XP\Desktop\AVR-IoT_WG_Azure\iotprovision-bin-2.10.7.12.134\windows64>iotprovision-bin.exe --skin=pywinc build -m root-certs -i C:\Users\XP\.microchip-iot -o root-certs.bin
Building certificate store
Adding certificate C:\Users\XP\.microchip-iot\ATML3203071800000934
Adding certificate C:\Users\XP\.microchip-iot\ATML3203071800001724
Adding certificate C:\Users\XP\.microchip-iot\root-ca.crt
Adding certificate C:\Users\XP\.microchip-iot\root-ca.key
Adding certificate C:\Users\XP\.microchip-iot\root-ca.pem
Adding certificate C:\Users\XP\.microchip-iot\signer-ca.crt
Adding certificate C:\Users\XP\.microchip-iot\signer-ca.csr
Adding certificate C:\Users\XP\.microchip-iot\signer-ca.key
Adding certificate C:\Users\XP\.microchip-iot\signer-ca.pem
9 certificates added to storage
Traceback (most recent call last):
File "mcu8tools.py", line 165, in <module>
File "mcu8tools.py", line 156, in main
File "mcu8tools.py", line 102, in run
File "iotprovision\winc\pywinc.py", line 122, in main
File "iotprovision\winc\pywinc_main.py", line 351, in pywinc
File "iotprovision\winc\pywinc_main.py", line 156, in build_root_certs
File "iotprovision\winc\winc_certs.py", line 104, in add_certificates
File "iotprovision\winc\winc_certs.py", line 114, in add_certificate
PermissionError: [Errno 13] Permission denied: 'C:\\Users\\XP\\.microchip-iot\\ATML3203071800000934'
[1240] Failed to execute script mcu8tools
C:\Users\XP\Desktop\AVR-IoT_WG_Azure\iotprovision-bin-2.10.7.12.134\windows64>dir
Volume in drive C is OS
Volume Serial Number is 54EE-230A
Directory of C:\Users\XP\Desktop\AVR-IoT_WG_Azure\iotprovision-bin-2.10.7.12.134\windows64
08/22/2023 06:13 PM <DIR> .
08/22/2023 06:13 PM <DIR> ..
08/22/2023 06:13 PM 32,727,904 iotprovision-bin.exe
1 File(s) 32,727,904 bytes
2 Dir(s) 963,106,164,736 bytes free
C:\Users\XP\Desktop\AVR-IoT_WG_Azure\iotprovision-bin-2.10.7.12.134\windows64>dir C:\Users\XP\.microchip-iot
Volume in drive C is OS
Volume Serial Number is 54EE-230A
Directory of C:\Users\XP\.microchip-iot
08/26/2023 02:09 PM <DIR> .
08/26/2023 02:09 PM <DIR> ..
08/22/2023 07:38 PM <DIR> ATML3203071800000934
08/26/2023 02:18 PM <DIR> ATML3203071800001724
08/22/2023 07:17 PM 603 root-ca.crt
08/22/2023 07:17 PM 241 root-ca.key
08/22/2023 07:17 PM 603 root-ca.pem
08/22/2023 07:17 PM 680 signer-ca.crt
08/22/2023 07:17 PM 562 signer-ca.csr
08/22/2023 07:17 PM 241 signer-ca.key
08/22/2023 07:17 PM 680 signer-ca.pem
7 File(s) 3,610 bytes
4 Dir(s) 963,106,070,528 bytes free
C:\Users\XP\Desktop\AVR-IoT_WG_Azure\iotprovision-bin-2.10.7.12.134\windows64>
And here's what in that directory:
C:\Users\XP\Desktop\AVR-IoT_WG_Azure\iotprovision-bin-2.10.7.12.134\windows64>dir C:\Users\XP\.microchip-iot\ATML3203071800000934
Volume in drive C is OS
Volume Serial Number is 54EE-230A
Directory of C:\Users\XP\.microchip-iot\ATML3203071800000934
08/22/2023 07:38 PM <DIR> .
08/22/2023 07:38 PM <DIR> ..
08/24/2023 06:52 PM 20 azure-device-id.txt
08/22/2023 07:17 PM 660 device.crt
08/22/2023 07:17 PM 444 device.csr
08/22/2023 07:17 PM 660 device.pem
4 File(s) 1,784 bytes
2 Dir(s) 963,088,515,072 bytes free
from iotprovision-bin.
xedbg
commented on August 23, 2024
Hmm. Looks like it doesn't have access to that folder - but also, the root certificate folder should only contain root certificates.
You could try with the bundle here (unzip):
tls_root_cert.zip
from iotprovision-bin.
SharxRobotics
commented on August 23, 2024
OK I thought you wanted me to re-use the folder from the initial successful iotprovision run.
Now I created a new blank folder and ran your step 2 and it finished successfully
C:\Users\XP\Desktop\AVR-IoT_WG_Azure\iotprovision-bin-2.10.7.12.134\windows64>iotprovision-bin.exe --skin=pywinc build -m root-certs -i C:\Users\XP\.microchip-iot_root -o root-certs.bin
Building certificate store
0 certificates added to storage
Writing root certificate storage to: root-certs.bin
Root CA storage size is 20
Max storage size in WINC is 4096 (4076 bytes left)
Proceeding to step 3, there's still some issue there.
C:\Users\XP\Desktop\AVR-IoT_WG_Azure\iotprovision-bin-2.10.7.12.134\windows64>iotprovision-bin.exe --skin=pywinc write -m root-certs -i C:\Users\XP\.microchip-iot_root\root_certs.bin
ERROR - Provisioning unable to start - no suitable IoT kits found
Actually 2 IoT kits are connected by USB to this PC, and both are actively uploading to Azure. How does the command in step 3 try to find them ? Is there perhaps a command option missing to tell it where to look for the IoT kits ?
from iotprovision-bin.
xedbg
commented on August 23, 2024
In this case you will have to give the serial port to use with the -p option.
Look in the device manager, or use:
iotprovision-bin.exe --skin=pykitinfo
to list the available kits.
Then iotprovision-bin.exe --skin=pywinc write -p <COMx> ...
from iotprovision-bin.
randywu763
commented on August 23, 2024
Please download and extract the attached ZIP file and start with the PPT file which walks you through a procedure that has worked for me when updating the PIC-IoT and SAM-IoT development boards for adding the DigiCert Global G2 root certificate to the WINC's trusted root store. I have not actually tested this on an AVR-IoT board, but the procedure should be exactly the same for the AVR-IoT development board as well.
As mentioned previously, you will need to identify the Virtual COM port associated with the AVR-IoT's USB connection and pass in the COM port value (e.g. COM4, COM11, etc.) as part of the -p command line option for the "write" and "read" instructions. Basically the sequence of command line instructions goes like this:
$ pip install iotprovision
$ pywinc build -m root-certs -i ./cert_store -o root-certs.bin
$ pywinc decode -m root-certs -i ./root-certs.bin
$ pywinc write -p <COM_PORT> -m root-certs -i root-certs.bin
$ pywinc read -p <COM_PORT> -m root-certs -o azure-ca-read.bin
$ pywinc decode -m root-certs -i ./azure-ca-read.bin
from iotprovision-bin.
SharxRobotics
commented on August 23, 2024
Even though the 2 IoT devices were actively uploading to Azure, I unplugged them and plugged them back in, now your command can see both of them
C:\Users\XP\Desktop\AVR-IoT_WG_Azure\iotprovision-bin-2.10.7.12.134\windows64>iotprovision-bin.exe --skin=pywinc write -m root-certs -i root_certs.bin
ERROR - Provisioning unable to start - multiple kits found.
ERROR - Please specify serial number ending digits for the one you want
ERROR - Tool: nEDBG CMSIS-DAP Serial: ATML3203071800000934 Device: ATmega4808
ERROR - Tool: nEDBG CMSIS-DAP Serial: ATML3203071800001724 Device: ATmega4808
And I can get the port numbers correctly now:
C:\Users\XP\Desktop\AVR-IoT_WG_Azure\iotprovision-bin-2.10.7.12.134\windows64>iotprovision-bin.exe --skin=pykitinfo
Looking for Microchip kits...
Compatible kits detected: 2
Kit ATML3203071800000934: 'AVR-IoT WG' (ATmega4808) on COM4
Kit ATML3203071800001724: 'AVR-IoT WG' (ATmega4808) on COM6
But after following step 3, I bricked the IoT device. So perhaps it's worth to back up one step for clarification of exactly how to use your step 2.
iotprovision-bin.exe --skin=pywinc build -m root-certs -i directory-with-root-certs -o root-certs.bin
Prior to running this command, what exactly should be in the folder you refer to with "directory-with-root-certs" ?
Or should it be a blank folder ?
I have the folder previously created with iotprovision, and it has these files:
C:\Users\XP\Desktop\AVR-IoT_WG_Azure\iotprovision-bin-2.10.7.12.134\windows64>dir c:\users\xp\.microchip-iot
Volume in drive C is OS
Volume Serial Number is 54EE-230A
Directory of c:\users\xp\.microchip-iot
08/26/2023 02:09 PM <DIR> .
08/26/2023 02:09 PM <DIR> ..
08/22/2023 07:38 PM <DIR> ATML3203071800000934
08/26/2023 02:18 PM <DIR> ATML3203071800001724
08/22/2023 07:17 PM 603 root-ca.crt
08/22/2023 07:17 PM 241 root-ca.key
08/22/2023 07:17 PM 603 root-ca.pem
08/22/2023 07:17 PM 680 signer-ca.crt
08/22/2023 07:17 PM 562 signer-ca.csr
08/22/2023 07:17 PM 241 signer-ca.key
08/22/2023 07:17 PM 680 signer-ca.pem
7 File(s) 3,610 bytes
4 Dir(s) 962,870,226,944 bytes free
Running your step 2 with this folder generates an error. Running it with a blank folder succeeds but creates a suspiciously small root-certs.bin which is only 20 bytes. Copying only the 2 PEM files into a blank folder allowed the command to finish, but then the IoT device isn't working any more, even after re-programming.
from iotprovision-bin.
SharxRobotics
commented on August 23, 2024
@randywu763 thanks for the ZIP file with the PPT and @xedbg , thanks for all your help. It's fully functional now.
I was able to restore my bricked Avr-IoT device by going through the old iotprovision work flow to get it working again on Azure using the old root cert. Then I used the certificates you provided, and re-programmed the IoT devices, and migrated the Azure resources to the new root certificates, and now it's working and the warning is gone. Many thanks.
from iotprovision-bin.
Related Issues (1)
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from iotprovision-bin.