Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ATECC608B-TNGTLS #396

Open
Jeroen-Lardot-ACA opened this issue Nov 21, 2024 · 1 comment
Open

ATECC608B-TNGTLS #396

Jeroen-Lardot-ACA opened this issue Nov 21, 2024 · 1 comment

Comments

@Jeroen-Lardot-ACA
Copy link

Jeroen-Lardot-ACA commented Nov 21, 2024

Hey everyone,

I'm trying to get the ATECC608B working on greengrass through cryptoauthlib, but am running into some issues with authentication when running greengrass that I can't seem to get around. I tried changing pins etc, but that doesn't seem possible on the TNG variant. Does anyone have any idea on the underlying issue? AWS certificates and policies have been attached to the thing through the manifest file as provided by Microchip.

This is the module setup:

root@blox-rema:\~# p11tool --provider=/usr/lib/libcryptoauth.so --list-tokens
Token 0:
URL: pkcs11:model=ATECC608B;manufacturer=Microchip%20Technology%20Inc;serial=ABCDEFGH;token=MCHP
Label: MCHP
Type: Hardware token
Flags: RNG, uPIN uninitialized
Manufacturer: Microchip Technology Inc
Model: ATECC608B
Serial: ABCDEFGH
Module:

root@blox-rema:\~# p11tool --provider=/usr/lib/libcryptoauth.so --list-all
Object 0:
URL: pkcs11:model=ATECC608B;manufacturer=Microchip%20Technology%20Inc;serial=ABCDEFGH;token=MCHP;id=ABCDEFGH;object=device;type=private
Type: Private key (EC/ECDSA-SECP256R1)
Label: device
Flags: CKA_PRIVATE; CKA_NEVER_EXTRACTABLE; CKA_SENSITIVE;
ID: ABCDEFGH

Object 1:
URL: pkcs11:model=ATECC608B;manufacturer=Microchip%20Technology%20Inc;serial=ABCDEFGH;token=MCHP;id=ABCDEFGH;object=device;type=public
Type: Public key (EC/ECDSA-SECP256R1)
Label: device
ID: ABCDEFGH

The greengrass config (without nucleus):

system:
  certificateFilePath: "pkcs11:object=device;type=cert"
  privateKeyPath: "pkcs11:object=device;type=private"
  rootCaPath: "/greengrass/v2/config/AmazonRootCA1.pem"
  rootpath: "/greengrass/v2"
  thingName: "thingname"
services:
  aws.greengrass.crypto.Pkcs11Provider:
    configuration:
      library: "/usr/lib/libcryptoauth.so"
      name: "lybcryptauth_pkcs11"
      slot: 0
      userPin: 1234
    dependencies: []
    version: "0.0.0"

The error I'm getting:

24-11-21T16:33:44.921Z [INFO] (pool-3-thread-14) com.aws.greengrass.security.SecurityService: Register crypto key service provider. {keyType=pkcs11}
2024-11-21T16:33:44.921Z [INFO] (pool-3-thread-14) com.aws.greengrass.security.SecurityService: Register MQTT connection security provider. {keyType=pkcs11}
2024-11-21T16:33:44.922Z [INFO] (aws.greengrass.crypto.Pkcs11Provider-lifecycle) com.aws.greengrass.security.provider.pkcs11.PKCS11CryptoKeyService: service-set-state. {serviceName=aws.greengrass.crypto.Pkcs11Provider, currentState=STARTING, newState=RUNNING}
2024-11-21T16:33:44.923Z [INFO] (main-lifecycle) com.aws.greengrass.lifecyclemanager.GenericExternalService: service-set-state. {serviceName=main, currentState=INSTALLED, newState=STARTING}
2024-11-21T16:33:44.924Z [INFO] (main-lifecycle) com.aws.greengrass.lifecyclemanager.GenericExternalService: service-set-state. {serviceName=main, currentState=STARTING, newState=FINISHED}
2024-11-21T16:33:44.924Z [INFO] (pool-3-thread-8) com.aws.greengrass.lifecyclemanager.GenericExternalService: generic-service-finished. Nothing done. {serviceName=main, currentState=STARTING}
2024-11-21T16:33:44.927Z [INFO] (main-lifecycle) com.aws.greengrass.lifecyclemanager.GenericExternalService: service-set-state. {serviceName=main, currentState=FINISHED, newState=STOPPING}
2024-11-21T16:33:44.927Z [INFO] (pool-3-thread-8) com.aws.greengrass.lifecyclemanager.GenericExternalService: Shutdown initiated. {serviceName=main, currentState=STOPPING}
2024-11-21T16:33:44.927Z [INFO] (pool-3-thread-8) com.aws.greengrass.lifecyclemanager.GenericExternalService: generic-service-shutdown. {serviceName=main, currentState=STOPPING}
2024-11-21T16:33:44.928Z [INFO] (main-lifecycle) com.aws.greengrass.lifecyclemanager.GenericExternalService: service-set-state. {serviceName=main, currentState=STOPPING, newState=FINISHED}
2024-11-21T16:33:45.533Z [ERROR] (pool-3-thread-6) com.aws.greengrass.mqttclient.MqttClient: Error subscribing. {topic=$aws/things/thingname/jobs/$next/namespace-aws-gg-deployment/get/accepted}
java.util.concurrent.CompletionException: software.amazon.awssdk.crt.mqtt.MqttException: Error during getting mqtt connection builder
	at java.base/java.util.concurrent.CompletableFuture.encodeThrowable(CompletableFuture.java:331)

Thanks a lot for anyone providing any insights!

@majh
Copy link

majh commented Dec 10, 2024

this issue may be relevant.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants