Wi-SUN Dynamic Data Provisioning#

Dynamic Data Provisioning (DDP) is powerful tool designed to streamline the generation and injection of Wi-SUN certificates and device keys. This innovative solution, comprising a set of Python scripts available in the wisun_applications repository, interacts seamlessly with Wi-SUN devices. The core of this tool is the Wi-SUN - DDP application that can run in RAM, to provide a robust and flexible approach to device provisioning. In the following sections, we explore the tool by providing a step by step guide to generate the Wi-SUN certificates and provision the Wi-SUN devices with the generated keys.

Prerequisites#

The following requirements are key to start using the Wi-SUN Dynamic Data Provisioning tool:

The DDP tool scripts hosted in wisun_applications.
The Wi-SUN - DDP application delivered with Simplicity Studio v5 SiSDK 2024.12.0 or later.
One Wi-SUN Compatible Radio Board.

Getting Started#

Wi-SUN - DDP project#

To start using the DDP tool, first install Simplicity Studio v5 and follow this guide to install the SiSDK Package. Once installed, create and build the Wi-SUN DDP application following the next steps:

Open Simplicity Studio v5 and plug the Wi-SUN device to your laptop.
In the Debug Adapters view, select the device that will be provisioned.
Navigate to the EXAMPLE PROJECTS & DEMOS tab and write DDP in the Filter on Keywords box.
Click Create next to the Wi-SUN - DDP project.
After creating the project, follow this guide to build your project.

Note: Don't flash the project to the Board. The built binary will be used by the the DDP scripts.

DDP Tool Scripts#

The DDP Tool scripts works in combination with the Wi-SUN - DDP project. Use the following command to clone the wisun_applications repository:

git clone https://github.com/SiliconLabs/wisun_applications.git

DDP in Action#

Example Scripts: SigningServer.py and provision.py#

The repository includes two example scripts: SigningServer.py and provision.py. These scripts serve as practical demonstrations of how to use the Dynamic Data Provisioning (DDP) tool.

SigningServer.py: This script uses OpenSSL to generate a certificate chain, including an intermediate certificate. It showcases the process of creating a secure certificate hierarchy.
provision.py: This script generates a private and public key pair, exports the public key, signs it with the previously generated certificate chain, and then loads the entire chain along with the new certificate. It illustrates the steps involved in key generation and certificate signing.

Note that these scripts are provided as examples to help you understand the usage of the DDP tool.

Start using the DDP Tool#

Now that all elements are prepared, start using the DDP tool to provision the device by following the next steps:

Use the following commands to install the DDP tool requirements:

cd wisun_applications/ddp
python3 -m pip install -r requirements.txt

Next, use the SigningServer.py script to generate the certificates chain. Following is an example using Silicon labs OID. Use the command with the parameters suiting your use case:
```
python3 SigningServer.py SetupCerts --co "Silicon Labs" --cu FR --oid 1.3.6.1.4.1.39873.1
```
- --co: The name of the OEM, Used for certificate content.
- --cu: The country of the OEM, Used for certificate content.
- --oid: The OID of the product, used for certificate content.
After generating the certificates, provision the device. In this step, use provisioning.py, which takes as arguments the device serial number and the DDP application binary that was built previously:
```
python3 provision.py --soc xg25 --jlink_ser <JLink serial number> --prov_img [path to DDP application binary]
```

Conclusion#

In conclusion, Dynamic Data Provisioning (DDP) is a valuable tool for the Wi-SUN Networks development, providing a straightforward and secure method for generating and injecting Wi-SUN certificates and device keys. Using the ddp python scripts and the Wi-SUN - DDP application, this tool ensures efficient and reliable device provisioning.