Mongoose OS + Google IoT + ESP8266 + ATECC508A
This post describes how to setup ESP8266 module with ATECC508A crypto chip to use Google IoT Core.
Please note, the process is manual at this moment. As soon as Google IoT Core goes out of beta, it is going to be more streamlined.
Prerequisites
- NodeMCU ESP8266 development board
- ECC508A crypto chip, bare bones chip or ATCRYPTOAUTH-XPRO board
- Google IoT core account
- mos tool installed
Wiring
Please read https://mongoose-os.com/blog/mongoose-esp8266-atecc508-aws/, specifically a Wiring section.
Configuration
- Set up Google IoT Core
- If you have not yet done so, please follow this guide to create your project and device registry. Do not generate the keys or create the device yet.
PROJECT=my-project
REGION=us-central1
REGISTRY=my-registry
DEVICE_ID=my-es256-device
- Initialize the device
- Run
mos flash esp8266
to install Mongoose OS on NodeMCU. - Run
mos wifi SSID PASS
to setup WiFi. - Configure ECC508A
- Run
mos config-set sys.atca.enable=true
- Make sure crypto chip is detected:
$ mos -X atca-get-config
Using port /dev/ttyUSB0
AECC508A rev 0x5000 S/N 0x012352aad1bbf378ee, config is locked, data is locked
0x01, 0x23, 0x52, 0xaa,
...
If you device's config and data zones are not yet locked
, you need to configure the chip before proceeding. See step 2 here. Here we will assume that slot 0 is configured to hold a ECC private key and key generation is enabled.
- Generate the key
$ mos -X atca-gen-key 0 ec_public.pem --dry-run=false
Using port /dev/ttyUSB0
AECC508A rev 0x5000 S/N 0x012352aad1bbf378ee, config is locked, data is locked
Generated new ECC key on slot 0
Wrote ec_public.pem
- Create a GCP device object
$ gcloud beta iot devices create $DEVICE_ID --project=$PROJECT --region=$REGION --registry=$REGISTRY --public-key path=ec_public.pem,type=es256
- Configure the device's GCP settings
mos config-set mqtt.enable=true mqtt.server=mqtt.googleapis.com:8883 mqtt.ssl_ca_cert=ca.pem sntp.enable=true gcp.enable=true gcp.project=$PROJECT gcp.region=$REGION gcp.registry=$REGISTRY gcp.device=$DEVICE_ID device.id=$DEVICE_ID gcp.key=ATCA:0 sys.atca.enable=true debug.stderr_topic=/devices/$DEVICE_ID/events/log debug.stdout_topic=/devices/$DEVICE_ID/events/log
Test
Run mos ui
to enter Web UI. Specify your device address (serial port) to connect to your device and reboot it. You should see the following messages:
...
mgos_wifi_setup_sta WiFi STA: Connecting to SSID
mgos_i2c_create I2C GPIO init ok (SDA: 12, SCL: 14)
mgos_atca_init ATECC508 @ 0x60: rev 0x5000 S/N 0x12352aad1bbf378ee, zone lock status: yes, yes; ECDH slots: 0x0c
...
mgos_gcp_init GCP client for my-project/us-central1/my-registry/my-es256-device, EC(ATCA) key in ATCA:0
...
mgos_mqtt_ev MQTT Connect (1)
ATCA:0 ECDSA sign ok
mgos_mqtt_ev MQTT CONNACK 0
mgos_mqtt_ev Subscribing to 'my-es256-device/rpc'
mgos_mqtt_ev Subscribing to 'my-es256-device/rpc/#'
...
Notice the EC(ATCA) key in ATCA:0
part - it means that slot 0 of the ATECC508A crypto chip is used. Later, during MQTT handshake, ATCA:0
is used to sign the access token.
Default firmware publishes an MQTT message whenever the "Flash" button is pressed:
Published: yes topic: /devices/my-es256-device/events message: {"free_ram":30080,"total_ram":51912}
Contact us
Questions or feedback? Send us a message or ask on the developer forum.