Error provisioning secure objects to SE050 with raspberry pi 3+

raul22520 · ‎11-03-2023

Hi,

I am trying to provision the se050 with the secure objects that have been created in edgelock2go platform. First, I followed all the necessary steps for running nxp_iot_aget in the binary files of the middleware, using a rasbperry pi 3+, but at the moment of running the binary, it throws the following error:

I followed all the necessary steps for configuring dynamic_path in openssl configurate, as the OPENSSL_CONF variable to locate the openssl engine in the following raspberry path:
/home/pi/simw-top_build/raspbian_native_se050_t1oi2c/sss/plugin/openssl/libsss_engine.so

I have also changed the dynamic_path in the following configuration file:

nano /home/pi/simw-top/nxp_iot_agent/ex/src/openssl_conf_v111.cnf

[ e4sss_section ]
dynamic_path = /home/pi/simw-top_build/raspbian_native_se050_t1oi2c/sss/plugin/openssl/libsss_engine.so
engine_id = e4sss_device
init = 1
# default_algorithms = RSA,RAND,ECDSA,ECDH
default_algorithms = RSA,RAND,EC

I saw that the file libss_engine.so exists when build simw-top_build but the binary nxp_iot_agent does not work, it does not find that openssl engine. My question is if it is possible to run this nxp_iot_agent with the raspberry or I need specifically the IMX board.

Thanks in advance,

Raúl.

Kan_Li · ‎11-05-2023

Hi @raul22520 ,

As far as I know, OPENSSL_CONF should be set as simw-top\demos\linux\common\openssl11_sss_se050.cnf , are you using a custom configure file instead? Please kindly clarify.

BTW, edgelock2go is not a mass market product supported here, please kindly contact your local NXP sales representatives for further help.

Thanks for your patience and understanding!

Have a great day,
Kan

-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

raul22520 · ‎11-06-2023

That works, I finally injected the secure objects into the se050x correctly. Now I want to create a TLS tunnel between the raspberry using that certificates returned from the se050 with ssscli commands and a cloud server in ubuntu20.04. I do not know which x509 certificates and keypair I must use in server-side, as i need to provide a reference of the pair of keys of a X509 certificate signed with the intermediate certificate. Does edgelock2go have funcionality for creating that CER certificate and PEM pair of keys for the server in order to create that TLS tunnel between the raspberry and the server without using AWS or AZURE cloud?

Thank you in advance,

R.

Kan_Li · ‎11-06-2023

Hi @raul22520 ,

Actually edgelock2go is not a mass market product supported here, please kindly refer to

https://www.nxp.com/products/security-and-authentication/secure-service-2go-platform/edgelock-2go:ED... to sign up and request the support resources.

Thanks for your patience and understanding!

Have a great day,
Kan

-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------