Mongoose OS + Google IoT + ESP8266 + ATECC508A

This post describes how to setup ESP8266 module with ATECC508A crypto chip to use Google IoT Core.
Please note, the process is manual at this moment. As soon as Google IoT Core goes out of beta, it is going to be more streamlined.

Prerequisites

Wiring

Please read https://mongoose-os.com/blog/mongoose-esp8266-atecc508-aws/, specifically a Wiring section.

Configuration

  • Set up Google IoT Core
    • If you have not yet done so, please follow this guide to create your project and device registry. Do not generate the keys or create the device yet.
PROJECT=my-project  
REGION=us-central1  
REGISTRY=my-registry  
DEVICE_ID=my-es256-device  
  • Initialize the device
    • Run mos flash esp8266 to install Mongoose OS on NodeMCU.
    • Run mos wifi SSID PASS to setup WiFi.
  • Configure ECC508A
    • Run mos config-set sys.atca.enable=true
  • Make sure crypto chip is detected:
$ mos -X atca-get-config
Using port /dev/ttyUSB0

AECC508A rev 0x5000 S/N 0x012352aad1bbf378ee, config is locked, data is locked

0x01, 0x23, 0x52, 0xaa,  
...

If you device's config and data zones are not yet locked, you need to configure the chip before proceeding. See step 2 here. Here we will assume that slot 0 is configured to hold a ECC private key and key generation is enabled.

  • Generate the key
$ mos -X atca-gen-key 0 ec_public.pem --dry-run=false
Using port /dev/ttyUSB0

AECC508A rev 0x5000 S/N 0x012352aad1bbf378ee, config is locked, data is locked

Generated new ECC key on slot 0  
Wrote ec_public.pem  
  • Create a GCP device object
$ gcloud beta iot devices create $DEVICE_ID --project=$PROJECT --region=$REGION --registry=$REGISTRY --public-key path=ec_public.pem,type=es256
  • Configure the device's GCP settings
mos config-set mqtt.enable=true mqtt.server=mqtt.googleapis.com:8883 mqtt.ssl_ca_cert=ca.pem sntp.enable=true gcp.enable=true gcp.project=$PROJECT gcp.region=$REGION gcp.registry=$REGISTRY gcp.device=$DEVICE_ID device.id=$DEVICE_ID gcp.key=ATCA:0 sys.atca.enable=true debug.stderr_topic=/devices/$DEVICE_ID/events/log debug.stdout_topic=/devices/$DEVICE_ID/events/log  

Test

Run mos ui to enter Web UI. Specify your device address (serial port) to connect to your device and reboot it. You should see the following messages:

...
mgos_wifi_setup_sta  WiFi STA: Connecting to SSID  
mgos_i2c_create      I2C GPIO init ok (SDA: 12, SCL: 14)  
mgos_atca_init       ATECC508 @ 0x60: rev 0x5000 S/N 0x12352aad1bbf378ee, zone lock status: yes, yes; ECDH slots: 0x0c  
...
mgos_gcp_init        GCP client for my-project/us-central1/my-registry/my-es256-device, EC(ATCA) key in ATCA:0  
...
mgos_mqtt_ev         MQTT Connect (1)  
ATCA:0 ECDSA sign ok  
mgos_mqtt_ev         MQTT CONNACK 0  
mgos_mqtt_ev         Subscribing to 'my-es256-device/rpc'  
mgos_mqtt_ev         Subscribing to 'my-es256-device/rpc/#'  
...

Notice the EC(ATCA) key in ATCA:0 part - it means that slot 0 of the ATECC508A crypto chip is used. Later, during MQTT handshake, ATCA:0 is used to sign the access token.

Default firmware publishes an MQTT message whenever the "Flash" button is pressed:

Published: yes topic: /devices/my-es256-device/events message: {"free_ram":30080,"total_ram":51912}  

Contact us

Questions or feedback? Send us a message or ask on the developer forum.