Closed pavel808 closed 1 month ago
Hey @mulligan252 , I just revisited the provisioning_client/samples/prov_dev_client_ll_sample to make sure everything was working as it should, and it worked with no issues. No custom hsm necessary.
Here is my output:
ewertons@9c8d746a8b75:/home/ewertons/code/s1/azure-iot-sdk-c/cmake/provisioning_client/samples/prov_dev_client_ll_sample$ ./prov_dev_client_ll_sample
Provisioning API Version: 1.13.0
Iothub API Version: 1.13.0
Provisioning Status: PROV_DEVICE_REG_STATUS_CONNECTED
Provisioning Status: PROV_DEVICE_REG_STATUS_ASSIGNING
Registration Information received from service: myiothub.azure-devices.net!
Creating IoTHub Device handle
Sending 1 messages to IoTHub every 2 seconds for 2 messages (Send any message to stop)
IoTHubClient_LL_SendEventAsync accepted message [1] for transmission to IoT Hub.
IoTHubClient_LL_SendEventAsync accepted message [2] for transmission to IoT Hub.
Press any enter to continue:
ewertons@9c8d746a8b75:/home/ewertons/code/s1/azure-iot-sdk-c/cmake/provisioning_client/samples/prov_dev_client_ll_sample$
Note that in sample prov_dev_client_ll_sample
if you are using symmetric key enrollment group, you must make the following changes:
diff --git a/provisioning_client/samples/prov_dev_client_ll_sample/prov_dev_client_ll_sample.c b/provisioning_client/samples/prov_dev_client_ll_sample/prov_dev_client_ll_sample.c
index 805bc22bc..329f8a22b 100644
--- a/provisioning_client/samples/prov_dev_client_ll_sample/prov_dev_client_ll_sample.c
+++ b/provisioning_client/samples/prov_dev_client_ll_sample/prov_dev_client_ll_sample.c
@@ -65,7 +65,7 @@ MU_DEFINE_ENUM_STRINGS_WITHOUT_INVALID(PROV_DEVICE_RESULT, PROV_DEVICE_RESULT_VA
MU_DEFINE_ENUM_STRINGS_WITHOUT_INVALID(PROV_DEVICE_REG_STATUS, PROV_DEVICE_REG_STATUS_VALUES);
static const char* global_prov_uri = "global.azure-devices-provisioning.net";
-static const char* id_scope = "[ID Scope]";
+static const char* id_scope = "0ne00REDACTED";
static bool g_use_proxy = false;
static const char* PROXY_ADDRESS = "127.0.0.1";
@@ -155,8 +155,8 @@ int main(void)
{
SECURE_DEVICE_TYPE hsm_type;
//hsm_type = SECURE_DEVICE_TYPE_TPM;
- hsm_type = SECURE_DEVICE_TYPE_X509;
- //hsm_type = SECURE_DEVICE_TYPE_SYMMETRIC_KEY;
+ // hsm_type = SECURE_DEVICE_TYPE_X509;
+ hsm_type = SECURE_DEVICE_TYPE_SYMMETRIC_KEY;
bool traceOn = false;
@@ -165,7 +165,7 @@ int main(void)
// Set the symmetric key if using they auth type
// If using DPS with an enrollment group, this must the the derived device key from the DPS Primary Key
// https://docs.microsoft.com/azure/iot-dps/concepts-symmetric-key-attestation?tabs=azure-cli#group-enrollments
- //prov_dev_set_symmetric_key_info("<symm_registration_id>", "<symmetric_Key>");
+ prov_dev_set_symmetric_key_info("00-11-22-33-44-55-66", "chfrq9t+YzF6/K/oYMW5Ii6m5dxmZDMVR3OyM8fI7jE=");
PROV_DEVICE_TRANSPORT_PROVIDER_FUNCTION prov_transport;
HTTP_PROXY_OPTIONS http_proxy;
In that last line (when it calls prov_dev_set_symmetric_key_info), you must create a derived symmetric key for your device out of the enrollment group symmetric key, as described in this guide: https://learn.microsoft.com/en-us/azure/iot-dps/concepts-symmetric-key-attestation?tabs=azure-cli#group-enrollments
It literally says to:
Run this command to generate the derived symmetric key (using Azure CLI with IoT Hub module):
az iot dps enrollment-group compute-device-key --key dcepKhNSSe0PiCOzVI410A4ZjZShvvO/V/c3toc4OP9j+EDStyElidGgwp+EDE/xcfC7YBDPO8ZQPJnx/wnsRZ== --registration-id 00-11-22-33-44-55-66
The result should be something like: "chfrq9t+YzF6/K/oYMW5Ii6m5dxmZDMVR3OyM8fI7jE="
Then fill these info in the prov_dev_client_ll_sample as shown in the diff above (using your own registration ID and derived key). And compile and run the sample. The sample provisions your device and connects to the IoT Hub using the provisioning data.
Hi @mulligan252 , we will close this issue given the last update above, but please feel free to reopen it if you would like to follow up. Thanks, Azure IoT SDKs Team
I am using the Azure IoT C SDK on Debian. I provision devices on my IoT Hub via a symmetric key enrolment group from my code. Provisioning works fine and I can see my devices on the hub.
The problem I have is that I can't create a device handle for any device in my code using the function IoTHubDeviceClient_CreateFromDeviceAuth(). From studying the documentation, my code must be linked against the library built from the custom_hsm_example.
I've modified the custom_hsm_example as follows, removing any certificate-related stuff. For the SYMMETRIC_KEY, i'm putting the symmetric primary key copied from the portal, and REGISTRATION_NAME is the name of my enrolment group ( i'm not sure if this is correct ? ) :
On calling
IoTHubDeviceClient_CreateFromDeviceAuth("test-hub.azure-devices.net", "test-device", protocol)
from my application, I get the following failure as below. The provisioning is successful, but fails on creating the device handle. Would anyone be able to assist with solving this?