xedbg
commented
1 year ago Logged internally as DSG-5942
Closed SharxRobotics closed 1 year ago
xedbg
commented
1 year ago Logged internally as DSG-5942
SharxRobotics
commented
1 year ago Thanks for super quick internal logging of the issue. Just a quick comment that Sept 15 is approaching fast.
To avoid service disruption it must be migrated by September 15th 2023
xedbg
commented
1 year ago Hi @SharxRobotics, We are unfortunately not going to be able to meet this deadline for a full iotprovision binary release which will make this transition seamless. We do however have some tools available which will allow you to get the job done.
The iotprovision-bin is a composite of several utilities, one of which is is "pywinc", which allows you to manipulate the WINC module via a bridge firmware on the MCU. To read more about this, run:
iotprovision-bin.exe --skin=pywinc --help
This tool allows you to build, read and write certificates.
Build a new certificate bundle by using:
iotprovision-bin.exe --skin=pywinc build -m root-certs -i directory-with-root-certs -o root-certs.bin
Upload the bundle to the WINC using
iotprovision-bin.exe --skin=pywinc write -m root-certs -i root_certs.bin
Certificates are stored compressed, so it is not possible to just "append" a new one -a new bundle must be built and uploaded.
Do you think you would be able to follow this process? I can share the bundle we have in RC status to allow you to skip step 2, but we are not finished testing this RC yet.
SharxRobotics
commented
1 year ago Tried it but running into some kind of file protection failure.
Here's the previous result of running iotprovision successfully (except for the 2 errors at the end that are expected)
C:\Users\XP\Desktop\AVR-IoT_WG_Azure\iotprovision-bin-2.10.7.12.134\windows64>.\iotprovision-bin.exe -c azure
***** AVR-IoT, PIC-IoT and SAM-IoT provisioning utility 'iotprovision' *****
Start processing 'AVR-IoT WG' kit for use with azure
Check if WINC firmware needs upgrade...
Firmware 'iotprovision' version: 0.4.8
Querying current WINC firmware version
WINC firmware version: 19.7.6
WINC driver version: 19.3.0
WINC firmware is already up to date.
Skipping upgrade.
Generate certificates if required...
Creating root of trust...
Provisioning AVR-IoT WG for azure ...
Firmware 'iotprovision-azure' version: 0.4.8
Loading root CA certificate
Loading from C:\Users\XP\.microchip-iot\root-ca.crt
Loading signer CA certificate
Loading from C:\Users\XP\.microchip-iot\signer-ca.crt
Erase WINC TLS certificate sector
WINC erase TLS certificate sectors
WINC Erase sector at address 0x005000
WINC Erase sector at address 0x006000
Provisioning device with credentials
Send Device Certificate
Send Signer Certificate
Transfer certificates to WINC
WINC write 1469 bytes to address 0x5000
Replacing click-me link for 'azure'
Done provisioning device 'sn0123A6728ACE1CE5FE'
Programming application: Bundled Demo for azure...
pykitcommander.kitmanager - ERROR - Unable to locate firmware for 'demo-azure'
ERROR - Operation failed with ProgrammingError: No application information for 'demo-azure'`In the same command line window, and in another one opened with admin privileges, I get this error when trying your step 2:
C:\Users\XP\Desktop\AVR-IoT_WG_Azure\iotprovision-bin-2.10.7.12.134\windows64>iotprovision-bin.exe --skin=pywinc build -m root-certs -i C:\Users\XP\.microchip-iot -o root-certs.bin
Building certificate store
Adding certificate C:\Users\XP\.microchip-iot\ATML3203071800000934
Adding certificate C:\Users\XP\.microchip-iot\ATML3203071800001724
Adding certificate C:\Users\XP\.microchip-iot\root-ca.crt
Adding certificate C:\Users\XP\.microchip-iot\root-ca.key
Adding certificate C:\Users\XP\.microchip-iot\root-ca.pem
Adding certificate C:\Users\XP\.microchip-iot\signer-ca.crt
Adding certificate C:\Users\XP\.microchip-iot\signer-ca.csr
Adding certificate C:\Users\XP\.microchip-iot\signer-ca.key
Adding certificate C:\Users\XP\.microchip-iot\signer-ca.pem
9 certificates added to storage
Traceback (most recent call last):
File "mcu8tools.py", line 165, in <module>
File "mcu8tools.py", line 156, in main
File "mcu8tools.py", line 102, in run
File "iotprovision\winc\pywinc.py", line 122, in main
File "iotprovision\winc\pywinc_main.py", line 351, in pywinc
File "iotprovision\winc\pywinc_main.py", line 156, in build_root_certs
File "iotprovision\winc\winc_certs.py", line 104, in add_certificates
File "iotprovision\winc\winc_certs.py", line 114, in add_certificate
PermissionError: [Errno 13] Permission denied: 'C:\\Users\\XP\\.microchip-iot\\ATML3203071800000934'
[1240] Failed to execute script mcu8tools
C:\Users\XP\Desktop\AVR-IoT_WG_Azure\iotprovision-bin-2.10.7.12.134\windows64>dir
Volume in drive C is OS
Volume Serial Number is 54EE-230A
Directory of C:\Users\XP\Desktop\AVR-IoT_WG_Azure\iotprovision-bin-2.10.7.12.134\windows64
08/22/2023 06:13 PM <DIR> .
08/22/2023 06:13 PM <DIR> ..
08/22/2023 06:13 PM 32,727,904 iotprovision-bin.exe
1 File(s) 32,727,904 bytes
2 Dir(s) 963,106,164,736 bytes free
C:\Users\XP\Desktop\AVR-IoT_WG_Azure\iotprovision-bin-2.10.7.12.134\windows64>dir C:\Users\XP\.microchip-iot
Volume in drive C is OS
Volume Serial Number is 54EE-230A
Directory of C:\Users\XP\.microchip-iot
08/26/2023 02:09 PM <DIR> .
08/26/2023 02:09 PM <DIR> ..
08/22/2023 07:38 PM <DIR> ATML3203071800000934
08/26/2023 02:18 PM <DIR> ATML3203071800001724
08/22/2023 07:17 PM 603 root-ca.crt
08/22/2023 07:17 PM 241 root-ca.key
08/22/2023 07:17 PM 603 root-ca.pem
08/22/2023 07:17 PM 680 signer-ca.crt
08/22/2023 07:17 PM 562 signer-ca.csr
08/22/2023 07:17 PM 241 signer-ca.key
08/22/2023 07:17 PM 680 signer-ca.pem
7 File(s) 3,610 bytes
4 Dir(s) 963,106,070,528 bytes free
C:\Users\XP\Desktop\AVR-IoT_WG_Azure\iotprovision-bin-2.10.7.12.134\windows64>And here's what in that directory:
C:\Users\XP\Desktop\AVR-IoT_WG_Azure\iotprovision-bin-2.10.7.12.134\windows64>dir C:\Users\XP\.microchip-iot\ATML3203071800000934
Volume in drive C is OS
Volume Serial Number is 54EE-230A
Directory of C:\Users\XP\.microchip-iot\ATML3203071800000934
08/22/2023 07:38 PM <DIR> .
08/22/2023 07:38 PM <DIR> ..
08/24/2023 06:52 PM 20 azure-device-id.txt
08/22/2023 07:17 PM 660 device.crt
08/22/2023 07:17 PM 444 device.csr
08/22/2023 07:17 PM 660 device.pem
4 File(s) 1,784 bytes
2 Dir(s) 963,088,515,072 bytes freeHmm. Looks like it doesn't have access to that folder - but also, the root certificate folder should only contain root certificates. You could try with the bundle here (unzip): tls_root_cert.zip
SharxRobotics
commented
1 year ago OK I thought you wanted me to re-use the folder from the initial successful iotprovision run.
Now I created a new blank folder and ran your step 2 and it finished successfully
C:\Users\XP\Desktop\AVR-IoT_WG_Azure\iotprovision-bin-2.10.7.12.134\windows64>iotprovision-bin.exe --skin=pywinc build -m root-certs -i C:\Users\XP\.microchip-iot_root -o root-certs.bin
Building certificate store
0 certificates added to storage
Writing root certificate storage to: root-certs.bin
Root CA storage size is 20
Max storage size in WINC is 4096 (4076 bytes left)Proceeding to step 3, there's still some issue there.
C:\Users\XP\Desktop\AVR-IoT_WG_Azure\iotprovision-bin-2.10.7.12.134\windows64>iotprovision-bin.exe --skin=pywinc write -m root-certs -i C:\Users\XP\.microchip-iot_root\root_certs.bin
ERROR - Provisioning unable to start - no suitable IoT kits foundActually 2 IoT kits are connected by USB to this PC, and both are actively uploading to Azure. How does the command in step 3 try to find them ? Is there perhaps a command option missing to tell it where to look for the IoT kits ?
xedbg
commented
1 year ago In this case you will have to give the serial port to use with the -p iotprovision-bin.exe --skin=pykitinfo
to list the available kits.
Then iotprovision-bin.exe --skin=pywinc write -p <COMx> ...
randywu763
commented
1 year ago Please download and extract the attached ZIP file and start with the PPT file which walks you through a procedure that has worked for me when updating the PIC-IoT and SAM-IoT development boards for adding the DigiCert Global G2 root certificate to the WINC's trusted root store. I have not actually tested this on an AVR-IoT board, but the procedure should be exactly the same for the AVR-IoT development board as well.
As mentioned previously, you will need to identify the Virtual COM port associated with the AVR-IoT's USB connection and pass in the COM port value (e.g. COM4, COM11, etc.) as part of the -p command line option for the "write" and "read" instructions. Basically the sequence of command line instructions goes like this:
$ pip install iotprovision
$ pywinc build -m root-certs -i ./cert_store -o root-certs.bin
$ pywinc decode -m root-certs -i ./root-certs.bin
$ pywinc write -p
SharxRobotics
commented
1 year ago Even though the 2 IoT devices were actively uploading to Azure, I unplugged them and plugged them back in, now your command can see both of them
C:\Users\XP\Desktop\AVR-IoT_WG_Azure\iotprovision-bin-2.10.7.12.134\windows64>iotprovision-bin.exe --skin=pywinc write -m root-certs -i root_certs.bin
ERROR - Provisioning unable to start - multiple kits found.
ERROR - Please specify serial number ending digits for the one you want
ERROR - Tool: nEDBG CMSIS-DAP Serial: ATML3203071800000934 Device: ATmega4808
ERROR - Tool: nEDBG CMSIS-DAP Serial: ATML3203071800001724 Device: ATmega4808And I can get the port numbers correctly now:
C:\Users\XP\Desktop\AVR-IoT_WG_Azure\iotprovision-bin-2.10.7.12.134\windows64>iotprovision-bin.exe --skin=pykitinfo
Looking for Microchip kits...
Compatible kits detected: 2
Kit ATML3203071800000934: 'AVR-IoT WG' (ATmega4808) on COM4
Kit ATML3203071800001724: 'AVR-IoT WG' (ATmega4808) on COM6But after following step 3, I bricked the IoT device. So perhaps it's worth to back up one step for clarification of exactly how to use your step 2.
iotprovision-bin.exe --skin=pywinc build -m root-certs -i directory-with-root-certs -o root-certs.bin
Prior to running this command, what exactly should be in the folder you refer to with "directory-with-root-certs" ?
Or should it be a blank folder ?
I have the folder previously created with iotprovision, and it has these files:
C:\Users\XP\Desktop\AVR-IoT_WG_Azure\iotprovision-bin-2.10.7.12.134\windows64>dir c:\users\xp\.microchip-iot
Volume in drive C is OS
Volume Serial Number is 54EE-230A
Directory of c:\users\xp\.microchip-iot
08/26/2023 02:09 PM <DIR> .
08/26/2023 02:09 PM <DIR> ..
08/22/2023 07:38 PM <DIR> ATML3203071800000934
08/26/2023 02:18 PM <DIR> ATML3203071800001724
08/22/2023 07:17 PM 603 root-ca.crt
08/22/2023 07:17 PM 241 root-ca.key
08/22/2023 07:17 PM 603 root-ca.pem
08/22/2023 07:17 PM 680 signer-ca.crt
08/22/2023 07:17 PM 562 signer-ca.csr
08/22/2023 07:17 PM 241 signer-ca.key
08/22/2023 07:17 PM 680 signer-ca.pem
7 File(s) 3,610 bytes
4 Dir(s) 962,870,226,944 bytes freeRunning your step 2 with this folder generates an error. Running it with a blank folder succeeds but creates a suspiciously small root-certs.bin which is only 20 bytes. Copying only the 2 PEM files into a blank folder allowed the command to finish, but then the IoT device isn't working any more, even after re-programming.
SharxRobotics
commented
1 year ago @randywu763 thanks for the ZIP file with the PPT and @xedbg , thanks for all your help. It's fully functional now.
I was able to restore my bricked Avr-IoT device by going through the old iotprovision work flow to get it working again on Azure using the old root cert. Then I used the certificates you provided, and re-programmed the IoT devices, and migrated the Azure resources to the new root certificates, and now it's working and the warning is gone. Many thanks.
Here is the exact message from Azure:
This resource uses a certificate on the Baltimore CyberTrust Root which will expire in 2025 and must be migrated to the DigiCert Global G2 root. To avoid service disruption it must be migrated by September 15th 2023Please advise on how to fix this. This came up when we converted 2 of our AVR-iot-WG to Azure using your AzureDemo_AVR-IoT_W migration which uses iotprovision-bin