Provisioning of Cellular kits

Cellular provisioning

Cellular provisioning classes

class iotprovision.cellular.cellularprovisioner.CellularProvisioner(programmer, skip_program_provision_fw=False, port=None)

Bases: Provisioner

This class implements provisioning for AVR-IoT Cellular kit. Its subclasses mirrors the structure of the Provisioner class hierarchy.

DEVICE_CERT_SLOT = 18
DEVICE_PRIVATEKEY_SLOT = 18
ROOT_CERT_SLOT = 19
connect(function, skip_programming=False)

Implement additional steps to synchronize with Sequans modem reset after initial FW programming/reset

Parameters:

  • function – Firmware function (eg. “iotprovision”) as defined

  • skip_programming – Skip programming FW.

static create_cert_chain(certfiles, outfile=None)

Create a certificate chain, basically a concatenation of PEM files.

Parameters:

  • certfiles – List of input certificate file names in PEM format.

  • outfile – Optional output file name for saving chain

Returns:

Certificate chain

do_provision(force_new_device_certificate=False, skip_program_provision_firmware=False)

Common part of Cellular provisioning, independent of cloud provider and method. Subclasses should override this and append their specific parts of provisioning.

Parameters:

  • force_new_device_certificate – Force creation of device certificates

  • skip_program_provision_firmware – Skip programming provisioning FW. Compatible FW must be programmed previously, this is user’s responsibility

set_cellular_params(args)

Set up Cellular specific parameters that cannot be passed in constructor due to protocol

Parameters:

args – Parsed-out command-line arguments

static validate_int_list(values, valids, base=10)

Validate list of integer values and convert to integer list. It is assumed all integers in list are in same base.

Parameters:

  • values – String with comma-separated integers

  • valids – List of valid integer values

  • base – Base expected in input

Returns:

List of strings representing values in selected base. Modem expects a specific base in list as a string, depending on command, and all values must be in same base (decimal, hex, …)

Raise:

ValueError if invalid values specified

class iotprovision.cellular.cellularprovisioner.CellularProvisionerAws(programmer, skip_program_provision_fw=False, port=None)

Bases: CellularProvisioner

AWS Microchip Sandbox provisioning mechanism for Cellular

create_device_certs_ecc(device_cert_file, signer_cert_file, force=False)

Create device and signer certificate from ECC, if not already existing

Parameters:

  • device_cert_file – Device certificate filename

  • signer_cert_file – Signer certificate filename

Returns:

Thing name extracted from certificate

do_provision(force_new_device_certificate=False, skip_program_provision_firmware=False)

Sandbox provisioning for AWS

generate_certificates(force, organization_name, root_common_name, signer_common_name)

Generate CA certificates Nothing to do for AWS Sandbox

store_provisioning_data(thingname, endpoint, device_cert_file, root_ca_cert_file)

Save provisioning data to kit.

Parameters:

  • thingname – AWS thing name

  • endpoint – AWS endpoint

  • device_cert – Device certificate in PEM format

  • root_ca_cert – Root CA certificate, PEM format

class iotprovision.cellular.cellularprovisioner.CellularProvisionerAwsJitr(programmer, skip_program_provision_fw=False, port=None)

Bases: ProvisionerAwsJitr, CellularProvisionerAws

AWS JITR provisioning mechanism for Cellular

do_provision(force_new_device_certificate=False, skip_program_provision_firmware=False)

Provisioning for AWS JITR

class iotprovision.cellular.cellularprovisioner.CellularProvisionerAwsMar(programmer, skip_program_provision_fw=False, port=None)

Bases: ProvisionerAwsMar, CellularProvisionerAws

AWS MAR provisioning mechanism for Cellular

do_provision(force_new_device_certificate=False, skip_program_provision_firmware=False)

Provisioning for AWS MAR

class iotprovision.cellular.cellularprovisioner.CellularProvisionerAzure(programmer, skip_program_provision_fw=False, port=None)

Bases: CellularProvisioner

Azure provisioning mechanisms for Cellular

class iotprovision.cellular.cellularprovisioner.CellularProvisionerGoogle(programmer, skip_program_provision_fw=False, port=None)

Bases: CellularProvisioner

Google provisioning mechanism for Cellular

iotprovision.cellular.cellularprovisioner.get_cellular_provisioner(programmer, args)

Resolves the cellular provisioning algorithm requested by the user

Cellular provisioning using AT commands

IoT provisioning API for Sequans modem Protocol port must be opened in advance

class iotprovision.cellular.atprovisioner.AtProvisioner(fwinterface)

Bases: object

AtProvisioner class for Sequans modem. To manage bridge status automatically, instantiate this class using ‘with’:

with AtProvisioner(fwinterface) as atprovisioner:

FW interface’s port must be opened in advance.

Parameters:

fwinterface – Firmware interface

erase_slot(datatype, slot)

Erase a single slot.

Parameters:

  • datatype – “certificate”, “privatekey”, or “strid” (don’t know what the latter is used for)

  • slot – Slot number to erase

get_firmware_versions()

Get installed and bundled cellular modem firmware versions :return: (installed, bundled) firmware versions

set_frequency_bands(provider, frequency_bands)

Set frequency bands for given provider

Parameters:

  • provider – Network provider to select bands for

  • frequency_bands – List of frequency bands to scan

set_provider(provider)

Set network provider

set_security_profile(spid=1, ciphersuites=None, server_ca=19, client_cert=0, client_key=0, client_key_storage=1)

Set up a security profile.

TODO we can put cipher suite settings back once this is supported

Note that if no ciphers are provided nothing should be printed in the command -> no “”. This is a breaking change between 5.2 and 5.4 FW.

FW 5.2 allowed AT+SQNSPCFG=1,3,””,3,1,1,1 but FW 5.4 requires AT+SQNSPCFG=1,3,,3,1,1,1 FW 5.4.1.0-50495 for ECC support adds more parameters AT+SQNSPCFG=1,2,”0xc02c”,1,19,0,0,””,””,1

+SQNSPCFG:<spId>,<version>,<cipherSpecs>,<certValidLevel>,<caCertificateID>,<clientCertificateID>, <clientPrivateKeyID>,<psk>,??,<clientPrivateKeyStorage>

Parameters:

  • spid (int, optional) – security profile identifier(1-6), defaults to 1

  • ciphersuites (list, optional) – set of ciphersuites, 0xc02b = ECDHE-ECDSA-AES128-GCM-SHA256, defaults to none

  • server_ca (int, optional) – Server CA certificate slot [0-19], defaults to 19

  • client_cert (int, optional) – Client certificate slot [0-19], defaults to 0

  • client_key (int, optional) – Client private key slot or key ID [0-19], defaults to 0

  • client_key_storage (int, optional) – Set to 1 for storage of private key in ECC and to 0 for storage in Sequans modem, defaults to 1

Return type:

int

write_slot(datatype, cert, slot)

Write a certificate or private key to modem NVM slot.

Parameters:

  • datatype – “certificate”, “privatekey”, or “strid” (don’t know what the latter is used for)

  • cert – Certificate or private key in PEM format

  • slot – Slot number to write to

Sequans Cipher Suites

iotprovision.cellular.sequans_ciphersuites.get_ciphersuite(cipher)

Provide value and name for a ciphersuite supported by Sequans modem.

Parameters:

cipher – Name or integer value of a ciphersuite

Returns:

(value, name) tuple of strings representing found ciphersuite

iotprovision.cellular.sequans_ciphersuites.print_ciphersuites()

Print list of supported ciphersuites

iotprovision.cellular.sequans_ciphersuites.validate_ciphersuites(ciphersuites)

Validate ciphersuites given as name or numeric (hex) value.

Parameters:

ciphersuites – List of strings with ciphesrsuites (internal) or single string with comma-separated list of ciphersuites (CLI).