This post describes how to setup ESP8266 module with ATECC508A crypto chip to use Google IoT Core.
Please note, the process is manual at this moment. As soon as Google IoT Core goes out of beta, it is going to be more streamlined.



Please read, specifically a Wiring section.


  • Set up Google IoT Core
  • If you have not yet done so, please follow this guide to create your project and device registry. Do not generate the keys or create the device yet.
  • Initialize the device
  • Run mos flash esp8266 to install Mongoose OS on NodeMCU.
  • Run mos wifi SSID PASS to setup WiFi.
  • Configure ECC508A
  • Run mos config-set sys.atca.enable=true
  • Make sure crypto chip is detected:
$ mos -X atca-get-config
Using port /dev/ttyUSB0

AECC508A rev 0x5000 S/N 0x012352aad1bbf378ee, config is locked, data is locked

0x01, 0x23, 0x52, 0xaa, 

If you device's config and data zones are not yet locked, you need to configure the chip before proceeding. See step 2 here. Here we will assume that slot 0 is configured to hold a ECC private key and key generation is enabled.

  • Generate the key
$ mos -X atca-gen-key 0 ec_public.pem --dry-run=false
Using port /dev/ttyUSB0

AECC508A rev 0x5000 S/N 0x012352aad1bbf378ee, config is locked, data is locked

Generated new ECC key on slot 0
Wrote ec_public.pem
  • Create a GCP device object
$ gcloud beta iot devices create $DEVICE_ID --project=$PROJECT --region=$REGION --registry=$REGISTRY --public-key path=ec_public.pem,type=es256
  • Configure the device's GCP settings
mos config-set mqtt.enable=true mqtt.ssl_ca_cert=ca.pem sntp.enable=true gcp.enable=true gcp.project=$PROJECT gcp.region=$REGION gcp.registry=$REGISTRY gcp.device=$DEVICE_ID$DEVICE_ID gcp.key=ATCA:0 sys.atca.enable=true debug.stderr_topic=/devices/$DEVICE_ID/events/log debug.stdout_topic=/devices/$DEVICE_ID/events/log


Run mos ui to enter Web UI. Specify your device address (serial port) to connect to your device and reboot it. You should see the following messages:

mgos_wifi_setup_sta  WiFi STA: Connecting to SSID
mgos_i2c_create      I2C GPIO init ok (SDA: 12, SCL: 14)
mgos_atca_init       ATECC508 @ 0x60: rev 0x5000 S/N 0x12352aad1bbf378ee, zone lock status: yes, yes; ECDH slots: 0x0c
mgos_gcp_init        GCP client for my-project/us-central1/my-registry/my-es256-device, EC(ATCA) key in ATCA:0
mgos_mqtt_ev         MQTT Connect (1)
ATCA:0 ECDSA sign ok
mgos_mqtt_ev         MQTT CONNACK 0
mgos_mqtt_ev         Subscribing to 'my-es256-device/rpc'
mgos_mqtt_ev         Subscribing to 'my-es256-device/rpc/#'

Notice the EC(ATCA) key in ATCA:0 part - it means that slot 0 of the ATECC508A crypto chip is used. Later, during MQTT handshake, ATCA:0 is used to sign the access token.

Default firmware publishes an MQTT message whenever the "Flash" button is pressed:

Published: yes topic: /devices/my-es256-device/events message: {"free_ram":30080,"total_ram":51912} 

Contact us

Questions or feedback? Send us a message or ask on the developer forum.