Provisioning

Before using the SoftBank FOTA library with nRF Cloud, you must provision the device. The modem allows a device to issue JSON Web Tokens (JWT) at runtime that are signed with a public and private key pair. You must generate this key pair beforehand, and the public key must be provisioned to nRF Cloud.

Prerequisites

Before you start provisioning, make sure that the following prerequisites are fulfilled:

• nRF Connect SDK is installed.

• nRF Cloud utils is installed in ~/ncs/nrf_cloud_utils.

• You have an nRF Cloud account.

Provisioning by certificate

The following section refers to the APIs and procedures from the nRF Cloud Utilities documentation.

1. Make sure the required python packages are installed:

   cd ~ncs/nrf_cloud_utils/python/modem-firmware-1.3+/
   pip install -r requirements.txt
   

2. Copy the API_Key from the nRF Cloud User Account page:

   export API_KEY="aabbccddeeff00112233445566778899aabbccdd"
   

3. Create certificates.

   Note

   Only do this once (or remove the old certificates if you create new ones).

   python3 create_ca_cert.py -c NO -o "My Company" -p ./my_ca -f my_company-
   

4. Provision each device. Here, the default value of the CONFIG_SB_FOTA_JWT_SECURITY_TAG Kconfig option 50, is used.

   cd ~/ncs/nrf/samples/cellular/at_client/
   west build -b nrf9160dk/nrf9160/ns
   west flash
   cd -
   python3 device_credentials_installer.py -d --sectag 50 --ca $(ls my_ca/*_ca.pem) --ca_key $(ls my_ca/*_prv.pem) --fwtypes "MODEM" --append --verify
   

5. Upload the list of provisioned devices to nRF Cloud.

   python3 nrf_cloud_onboard.py --apikey $API_KEY --csv onboard.csv
   

You can now proceed to test that the provisioning was successful by using the SoftBank FOTA sample.

Note

As the device uses only JWT and a keypair to authenticate, you do not need to provision that certificate back to the device. Similarly, nRF Cloud extracts the public key from a certificate when it verifies the JWT.