From cbecb2e94494c6e9dda76d8c2682e897309d9226 Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Thu, 25 Aug 2022 09:11:30 +0530 Subject: [PATCH] mqtt/ssl_ds: Add documentation on how to use esp-secure-cert-tool with the example --- examples/protocols/mqtt/ssl_ds/CMakeLists.txt | 7 +++++++ examples/protocols/mqtt/ssl_ds/README.md | 5 +++-- examples/protocols/mqtt/ssl_ds/partitions.csv | 2 +- examples/protocols/mqtt/ssl_ds/sdkconfig.defaults | 6 ++++++ 4 files changed, 17 insertions(+), 3 deletions(-) diff --git a/examples/protocols/mqtt/ssl_ds/CMakeLists.txt b/examples/protocols/mqtt/ssl_ds/CMakeLists.txt index e821859459..144cf8b4db 100644 --- a/examples/protocols/mqtt/ssl_ds/CMakeLists.txt +++ b/examples/protocols/mqtt/ssl_ds/CMakeLists.txt @@ -9,4 +9,11 @@ set(EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_exam include($ENV{IDF_PATH}/tools/cmake/project.cmake) project(mqtt_ssl_ds) +# Flash the custom partition named `esp_secure_cert`. +set(partition esp_secure_cert) +idf_build_get_property(project_dir PROJECT_DIR) +set(image_file ${project_dir}/esp_secure_cert_data/${partition}.bin) +partition_table_get_partition_info(offset "--partition-name ${partition}" "offset") +esptool_py_flash_target_image(flash "${partition}" "${offset}" "${image_file}") + target_add_binary_data(${CMAKE_PROJECT_NAME}.elf "main/mosquitto.org.crt" TEXT) diff --git a/examples/protocols/mqtt/ssl_ds/README.md b/examples/protocols/mqtt/ssl_ds/README.md index cbb7f0c4fd..168cfcb650 100644 --- a/examples/protocols/mqtt/ssl_ds/README.md +++ b/examples/protocols/mqtt/ssl_ds/README.md @@ -48,11 +48,12 @@ Paste the generated CSR in the [Mosquitto test certificate signer](https://test. ``` pip install esp-secure-cert-tool ``` -* The DS peripheral can be configured by executing the following command: +* ii) The DS peripheral can be configured by executing the following command: ``` -configure_esp_secure_cert.py -p /* Serial port */ --device-cert /* Device cert */ --private-key /* RSA priv key */ --target_chip /* target chip */ --configure_ds +configure_esp_secure_cert.py -p /* Serial port */ --device-cert /* Device cert */ --private-key /* RSA priv key */ --target_chip /* target chip */ --configure_ds --skip_flash ``` +This command shall generate a partition named `esp_secure_cert.bin` in the `esp_secure_cert_data` directory. This partition would be aumatically detected by the build system and flashed at appropriate offset when `idf.py flash` command is used. For this process, the command must be executed in the current folder only. In the command USB COM port is nothing but the serial port to which the ESP chip is connected. see [check serial port](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/get-started/establish-serial-connection.html#check-port-on-windows) for more details. diff --git a/examples/protocols/mqtt/ssl_ds/partitions.csv b/examples/protocols/mqtt/ssl_ds/partitions.csv index d59df069f5..0c4ad775c5 100644 --- a/examples/protocols/mqtt/ssl_ds/partitions.csv +++ b/examples/protocols/mqtt/ssl_ds/partitions.csv @@ -1,6 +1,6 @@ # ESP-IDF Partition Table # Name, Type, SubType, Offset, Size, Flags -esp_secure_cert,0x3F,,0xD000,0x2000, +esp_secure_cert,0x3F,,,0x2000, nvs,data,nvs,,24K, phy_init,data,phy,,4K, factory,app,factory,0x20000,1M, diff --git a/examples/protocols/mqtt/ssl_ds/sdkconfig.defaults b/examples/protocols/mqtt/ssl_ds/sdkconfig.defaults index 4b0421e1ab..94e282f1d6 100644 --- a/examples/protocols/mqtt/ssl_ds/sdkconfig.defaults +++ b/examples/protocols/mqtt/ssl_ds/sdkconfig.defaults @@ -1 +1,7 @@ CONFIG_PARTITION_TABLE_CUSTOM=y +# Setting partition table offset to 0xC000 would make the address of +# `esp_secure_cert` partition as 0xD000 (comes next in the sequence). +# Modules that are programmed with Espressif Secure Pre Provisioining service +# uses this offset for `esp_secure_cert` and hence this change aligns this example +# to work on those modules. +CONFIG_PARTITION_TABLE_OFFSET=0xC000