DMS provisioning supplies a device with the credentials to allow access to the DMS.
DMS provisioning can taken place after the device is programmed with the manufacturing image and the debug interface is locked.
At this point, the device:
- is running full Gecko OS
- has only the DMS server certificate and platform public key
- does NOT have a device cert/key or product AES key
The device cannot access the DMS in this state. Credentials required for DMS access include a device certificate and key and a device UUID.
To provision the device for the DMS, obtain a DMS provisioning token.
A DMS provisioning token can supply the device with a certificate and key, and optionally a UUID.
If the token does not supply a UUID, but is configured to require a UUID, configure the device UUID with the system.uuid variable:
set system.uuid <uuid>
The next time the device attempts to connect to the DMS, the device attempts to verify with the DMS:
- the device provisioning token
- the device certificate and key
If the token is valid and the device certificate and key are missing or invalid, the device issues a provision request to the DMS.
The provision request provisions the device with the certificate and key and other configured credentials. The devices stores the credentials to NVM.
The procedure in pseudo-code is as follows:
- IF device has valid device cert/key THEN
Device already provisioned
- ELIF device does NOT have provisioning token THEN
No provisioning token
- Bring up dms.interface network interface
POST /provisionto DMS
- Save credentials from provision request response to NVM
PUT /provisionto DMS
- Erase provisioning token
DMS Provisioning API
- dms_provision - explicitly start the provisioning process
- dms.provision.token - supply the provisioning token to the device
- dms.provision.status - determine device provisioning status
The variable dfu.status has additional error codes,
148, to indicate provisioning status.
The variable system.uuid can now be set with a custom UUID.