Tip / Sign in to post questions, reply, level up, and achieve exciting badges. Know more

PSoC™ 6 Forum Discussions

Sachin_Patel
Level 2
10 sign-ins 5 questions asked 5 replies posted
Level 2

Hi  @AlenAn14  currently i am running the AWS_OTA using the MQTT example in that I run the "reprov_helper.py"  script and found the below issue.

 

key: {'crv': 'P-256', 'kty': 'EC', 'use': 'sig', 'kid': '1', 'x': 'UR9hgEqcFo14PbkuvIgSpJA0pncbktCZGInvjo0bgbk', 'y': 'Tm3vNOIh8dRBmaj_VS4UyWRfuwf4Whs9CTOqarcczuI'} Device public key has been read successfully. Device certificate generated successfully. 2022-08-02 15:46:56,158 : C : WARN  : There is gap between regions 269926400:270254080 and 270303232:270336000 (49152 bytes) 2022-08-02 15:46:56,158 : C : WARN  : Policy validation finished with warnings Traceback (most recent call last):   File "reprov_helper.py", line 305, in <module>     main(sys.argv[1:])   File "reprov_helper.py", line 297, in main     create_provisioning_packet()   File "reprov_helper.py", line 166, in create_provisioning_packet     cytools.create_provisioning_packet()   File "C:\Users\Engibrains\ModusToolbox\tools_2.4\python\lib\site-packages\cysecuretools\main.py", line 250, in create_provisioning_packet     image_cert=image_cert, dev_cert=dev_certs)   File "C:\Users\Engibrains\ModusToolbox\tools_2.4\python\lib\site-packages\cysecuretools\core\strategy_context\prov_packet_strategy_ctx.py", line 54, in create     return self._strategy.create(**kwargs)   File "C:\Users\Engibrains\ModusToolbox\tools_2.4\python\lib\site-packages\cysecuretools\execute\provisioning_packet_mxs40v1.py", line 176, in create     complete=True)   File "C:\Users\Engibrains\ModusToolbox\tools_2.4\python\lib\site-packages\cysecuretools\execute\provisioning_lib\cyprov_hsm.py", line 57, in pack_provision_cmd     x509.load_pem_x509_certificate(barr, default_backend())   File "C:\Users\Engibrains\ModusToolbox\tools_2.4\python\lib\site-packages\cryptography\x509\base.py", line 514, in load_pem_x509_certificate     return rust_x509.load_pem_x509_certificate(data) TypeError: argument 'data': 'bytearray' object cannot be converted to 'PyBytes'

 

Thanks.

0 Likes
4 Replies
ninadwaingankar
Moderator
Moderator 25 sign-ins 10 replies posted 5 solutions authored
Moderator

Hi @Sachin_Patel ,

 

Could you please tell us which PSoC 6 board you are using in this example code?

Also please share the example code link or send the example project file.

 

Thank you!

 

Best regards,

Ninad

0 Likes
Sachin_Patel
Level 2
10 sign-ins 5 questions asked 5 replies posted
Level 2

Hi @ninadwaingankar ,

I am using "CY8CKIT-064S0S2-4343W" EVK.

Please find example code in below link.

https://github.com/Infineon/mtb-example-aws-iot-ota-mqtt

Thanks.

 

0 Likes
AlenAn14
Moderator
Moderator 500 replies posted 100 solutions authored 250 replies posted
Moderator

HI @Sachin_Patel ,

Can you please let me know if you are running the "reprov_helper.py" script manually or are you using some cysecure tools commands?

Can you also let me know if you made any modifications in the policy file in the project as well?

Warm Regards
Alen

0 Likes
Sachin_Patel
Level 2
10 sign-ins 5 questions asked 5 replies posted
Level 2

Hi @AlenAn14,

I ran it in Modus-shell1.3.0 at this project folder "mtb_shared\trusted-firmware-m\release-v1.3.3\security".

yes, I did some changes as per provisioning steps by readme. md  , You can see below are provisioning steps in readme.md 

 

 

 

  1. Open a CLI terminal.

    On Linux and macOS, you can use any terminal application. On Windows, open the "modus-shell" app from the Start menu.

  2. Navigate the terminal to the <mtb_shared>/trusted-firmware-m/<tag>/security folder.

  3. Run the following command.

    cysecuretools --target CY8CKIT-064S0S2-4343W init
    
  4. In the same directory create a folder called certificates and navigate the terminal to the new directory.

    mkdir certificates
    cd certificates
    
  5. Create a root CA key pair.

    openssl genrsa -out rootCA.key 2048 
    
  6. Create a root CA certificate. When you run the following command you will be asked to enter some fields, fill them. You can leave the Common Name and Email Address fields empty.

    openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.pem
    
  7. Download the Amazon Root CA certificate and place it in the certificates directory. Keep the file name as AmazonRootCA1.pem.

  8. Open the file <mtb_shared>/trusted-firmware-m/<tag>/security/policy/policy_multi_CM0_CM4_tfm_dev_certs.json in a text editor.

  9. Edit the value of set_img_ok key to false.

  10. Edit the value of chain_of_trust key to ["../certificates/device_cert.pem", "../certificates/AmazonRootCA1.pem"]. Save the file and close it.

  11. If you already have a provisined kit, skip to step 13.

  12. Run the following commands in the modus-shell from <mtb_shared>/trusted-firmware-m/<tag>/security directory.

    cysecuretools -t CY8CKIT-064S0S2-4343W -p policy/policy_multi_CM0_CM4_tfm.json create-keys
    cysecuretools -t CY8CKIT-064S0S2-4343W -p policy/policy_multi_CM0_CM4_tfm.json provision-device
    
  13. Run the following command in the modus-shell from <mtb_shared>/trusted-firmware-m/<tag>/security directory, to re-provision the device. Select yes for all the questions asked.

    python reprov_helper.py
    

    Note that this step generates a device_cert.pem certificate file in the certificates folder that you created in step 4. This is a self-signed device certificate. This certificate should be attached to the AWS IoT Thing when it is created; do not let AWS create ceritficates for you.

    The device_cert.pem file will be regenerated every time you run the reprov_helper.py python file. Take care to update the new device certificate to the AWS IoT Thing.

 

 

0 Likes