• State Verified Answer
  • Replies 16 replies
  • Subscribers 68 subscribers
  • Views 8472 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 230609
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

How to use MQTT+TLS in nRF9160?

Yusuke

I'm working on a project using nRF9160 DK.

How can you use MQTT+TLS in nRF9160?

Where should ca certificate file be stored?

I modified the code below in mqtt_simple project. What code should I modify additionaly?

<prj.conf>
CONFIG_MQTT_LIB_TLS=y

<main.c>

/**@brief Initialize the MQTT client structure
 */
static void client_init(struct mqtt_client *client)
{
	mqtt_client_init(client);

	broker_init();

        /* Add from here */
        static struct mqtt_utf8 password;
	static struct mqtt_utf8 user_name;

	password.utf8 = (u8_t *)MQTT_PASSWORD;
	password.size = strlen(MQTT_PASSWORD);
	user_name.utf8 = (u8_t *)MQTT_USERNAME;
	user_name.size = strlen(MQTT_USERNAME);
        /* to here */

	/* MQTT client configuration */
	client->broker = &broker;
	client->evt_cb = mqtt_evt_handler;
	client->client_id.utf8 = (u8_t *)CONFIG_MQTT_CLIENT_ID;
	client->client_id.size = strlen(CONFIG_MQTT_CLIENT_ID);
	client->password = &password; // Add here
	client->user_name = &user_name; // Add here
	client->protocol_version = MQTT_VERSION_3_1_0; // originally MQTT_VERSION_3_1_1

	/* MQTT buffers configuration */
	client->rx_buf = rx_buffer;
	client->rx_buf_size = sizeof(rx_buffer);
	client->tx_buf = tx_buffer;
	client->tx_buf_size = sizeof(tx_buffer);

	/* MQTT transport configuration */ 
    /* MODIFIED HERE */
    #if defined(CONFIG_MQTT_LIB_TLS)
       client->transport.type = MQTT_TRANSPORT_SECURE;
       client->transport.tls.config.peer_verify = 0;
       client->transport.tls.config.cipher_count = 0;
       client->transport.tls.config.cipher_list = NULL;
       client->transport.tls.config.sec_tag_count = 0;
       client->transport.tls.config.seg_tag_list = NULL;
       client->transport.tls.config.hostname = NULL;
    #else
       client->transport.type = MQTT_TRANSPORT_NON_SECURE;
    #endif
}

Parents
  • 0

    Hello, please refer to this commit to see how it's done. The certificates should be put in certificates.h.

  • 0 in reply to Hakon

    I modified code but it doesn't work well... Could you give me advice?

    I tested mqtt broker(mosquitto) with tls with another MQTT client and it works fine. The broker should be ok.

    The broker doesn't receive message from the client in this project.

    <console result>

Peripheral              Domain          Status
00 NRF_P0               Non-Secure      OK
01 NRF_CLOCK            Non-Secure      OK
02 NRF_RTC1             Non-Secure      OK
03 NRF_NVMC             Non-Secure      OK
04 NRF_UARTE1           Non-Secure      OK
05 NRF_UARTE2           Secure          SKIP
06 NRF_IPC              Non-Secure      OK
07 NRF_VMC              Non-Secure      OK
08 NRF_FPU              Non-Secure      OK
09 NRF_EGU1             Non-Secure      OK
10 NRF_EGU2             Non-Secure      OK
11 NRF_TWIM2            Non-Secure      OK
12 NRF_SPIM3            Non-Secure      OK
13 NRF_TIMER0           Non-Secure      OK
14 NRF_TIMER1           Non-Secure      OK
15 NRF_TIMER2           Non-Secure      OK
16 NRF_SAADC            Non-Secure      OK
17 NRF_GPIOTE1          Non-Secure      OK

SPM: NS image at 0x8000
SPM: NS MSP at 0x200238e0
SPM: NS reset vector at 0xa2b5
SPM: prepare to jump to Non-Secure image.
***** Booting Zephyr OS v1.14.99-ncs1 *****
The MQTT simple sample started
LTE Link Connecting ...
LTE Link Connected!
IPv4 Address found 0x5e7fda12
ERROR: mqtt_connect -45


    <certificates.h>

#ifndef _CERTIFICATES_H_
#define _CERTIFICATES_H_

#define NRF_CLOUD_CLIENT_PRIVATE_KEY \
    "-----BEGIN RSA PRIVATE KEY-----\n" \
    "MIIEowIBAAKCAQEAyoE5FG1Hf9DFEA1iF9enHtxNGYXI2kBjtXlz9Ckclctx2vJx\n" \
    .
    .
    .
    "QknwSFmfYXNRetEcDylKQEI3mkHxtj/jkDrOLitk0ccNQAeou/cL\n" \
    "-----END RSA PRIVATE KEY-----\n"

#define NRF_CLOUD_CLIENT_PUBLIC_CERTIFICATE \
    "-----BEGIN CERTIFICATE-----\n" \
    "MIIDkjCCAnoCFGlpDDWDAA00v8MltxDoTLzJH6EiMA0GCSqGSIb3DQEBCwUAMIGJ\n" \
    .
    .
    .
    "yQyqplp/\n" \
    "-----END CERTIFICATE-----\n"

#define NRF_CLOUD_CA_CERTIFICATE \
    "-----BEGIN CERTIFICATE-----\n" \
    "MIID9TCCAt2gAwIBAgIUSQtJI7ktYmj7qE3tDGGlDTjxrWAwDQYJKoZIhvcNAQEL\n" \
    .
    .
    .
    "agXksMq8cbMC\n" \
    "-----END CERTIFICATE-----\n"

#endif /* _CERTIFICATES_H_ */

    <prj.conf>

# General config
CONFIG_TEST_RANDOM_GENERATOR=y

# Networking
CONFIG_NETWORKING=y
CONFIG_NET_SOCKETS_OFFLOAD=y
CONFIG_NET_SOCKETS=y
CONFIG_NET_SOCKETS_POSIX_NAMES=y

# LTE link control
CONFIG_LTE_LINK_CONTROL=y
CONFIG_LTE_NETWORK_MODE_LTE_M=y
CONFIG_LTE_AUTO_INIT_AND_CONNECT=n
# CONFIG_LTE_EDRX_REQ_ACTT_TYPE="4"
# CONFIG_LTE_EDRX_REQ=y
# CONFIG_LTE_EDRX_REQ_VALUE="0110"
# 0100 81.92sec
# 0101 163.84sec
# 0110 327.68sec
# 0111 655.36sec

# LTE link control
CONFIG_LTE_LINK_CONTROL=y
CONFIG_LTE_AUTO_INIT_AND_CONNECT=n

# BSD library
CONFIG_BSD_LIBRARY=y

# AT Host
CONFIG_UART_INTERRUPT_DRIVEN=y
CONFIG_AT_HOST_LIBRARY=y

# MQTT
CONFIG_MQTT_LIB=y
CONFIG_MQTT_LIB_TLS=y

# Appliaction
CONFIG_MQTT_PUB_TOPIC="myPubTopic"
CONFIG_MQTT_SUB_TOPIC="mySubTopic"
CONFIG_MQTT_CLIENT_ID="myClientID"
CONFIG_MQTT_BROKER_HOSTNAME="xxxxxxxxxxxxxx.com"
CONFIG_MQTT_BROKER_PORT=8883
CONFIG_MQTT_KEEPALIVE=300
CONFIG_MQTT_TLS_SEC_TAG=16842753

# Main thread
CONFIG_MAIN_THREAD_PRIORITY=7
CONFIG_MAIN_STACK_SIZE=4096

CONFIG_HEAP_MEM_POOL_SIZE=1024


    <Kconfig>

menu "MQTT simple sample"

config PROVISION_CERTIFICATES
	bool "Provision of certificate"
	help
		Enable run-time provisioning of certificates from the
		certificates header file selected by using CERTIFICATES_FILE

config CERTIFICATES_FILE
	string "Certificates to use"
	depends on PROVISION_CERTIFICATES
	default "certificates.h"

config SEC_TAG
	int "Security tag to use for the connection"
	default 1

config MQTT_PUB_TOPIC
	string "MQTT publish topic"
	default "my/publish/topic"

config MQTT_SUB_TOPIC
	string "MQTT subscribe topic"
	default "my/subscribe/topic"

config MQTT_CLIENT_ID
	string "MQTT Client ID"
	default "my-client-id"

config MQTT_BROKER_HOSTNAME
	string "MQTT broker hostname"
	default "iot.eclipse.org"

config MQTT_BROKER_PORT
	int "MQTT broker port"
	default 1883

config MQTT_MESSAGE_BUFFER_SIZE
	int ""
	default 128

config MQTT_PAYLOAD_BUFFER_SIZE
	int ""
	default 128

config MQTT_KEEPALIVE
	int ""
	default 60

endmenu

menu "Zephyr Kernel"
source "$ZEPHYR_BASE/Kconfig.zephyr"
endmenu

    I copied main.c code below to my project and modified it a little bit.
    https://github.com/joakimtoe/fw-nrfconnect-nrf/commit/36532a8ca60bf7139a988b5cbb4e6cb47948a9fa

    I defined NRF_CLOUD_CLIENT_ID in main.c instedf of in certificates.h

    <main.c>

#include <zephyr.h>
#include <stdio.h>
#include <uart.h>
#include <string.h>

#include <net/mqtt.h>
#include <net/socket.h>
#include <lte_lc.h>

#define MQTT_USERNAME "username"
#define MQTT_PASSWORD "password"
#define NRF_CLOUD_CLIENT_ID CONFIG_MQTT_CLIENT_ID

#if defined(CONFIG_PROVISION_CERTIFICATES)
#if defined(CONFIG_BSD_LIBRARY)
#include "nrf_inbuilt_key.h"
#endif
#include CONFIG_CERTIFICATES_FILE
#endif

#if defined(CONFIG_MQTT_LIB_TLS)
	static sec_tag_t sec_tag_list[] = { CONFIG_SEC_TAG };
#endif

/* Buffers for MQTT client. */
static u8_t rx_buffer[CONFIG_MQTT_MESSAGE_BUFFER_SIZE];
static u8_t tx_buffer[CONFIG_MQTT_MESSAGE_BUFFER_SIZE];
static u8_t payload_buf[CONFIG_MQTT_PAYLOAD_BUFFER_SIZE];
.
.
.
/**@brief Initialize the MQTT client structure
 */
static void client_init(struct mqtt_client *client)
{
	mqtt_client_init(client);

	broker_init();

    /* Add from here */
    static struct mqtt_utf8 password;
	static struct mqtt_utf8 user_name;

	password.utf8 = (u8_t *)MQTT_PASSWORD;
	password.size = strlen(MQTT_PASSWORD);
	user_name.utf8 = (u8_t *)MQTT_USERNAME;
	user_name.size = strlen(MQTT_USERNAME);
    /* to here */

	/* MQTT client configuration */
	client->broker = &broker;
	client->evt_cb = mqtt_evt_handler;
	client->client_id.utf8 = (u8_t *)CONFIG_MQTT_CLIENT_ID;
	client->client_id.size = strlen(CONFIG_MQTT_CLIENT_ID);
	client->password = &password; // Add here
	client->user_name = &user_name; // Add here
	client->protocol_version = MQTT_VERSION_3_1_0; // originally MQTT_VERSION_3_1_1

	/* MQTT buffers configuration */
	client->rx_buf = rx_buffer;
	client->rx_buf_size = sizeof(rx_buffer);
	client->tx_buf = tx_buffer;
	client->tx_buf_size = sizeof(tx_buffer);

	/* MQTT transport configuration */ 
    /* MODIFIED HERE */
    #if defined(CONFIG_MQTT_LIB_TLS)
        struct mqtt_sec_config *tls_config = &client->transport.tls.config;
        client->transport.type = MQTT_TRANSPORT_SECURE;

        tls_config->peer_verify = 2;
        tls_config->cipher_count = 0;
        tls_config->cipher_list = NULL;
        tls_config->sec_tag_count = ARRAY_SIZE(sec_tag_list);
        tls_config->sec_tag_list = sec_tag_list;
        tls_config->hostname = CONFIG_MQTT_BROKER_HOSTNAME;
    #else
       client->transport.type = MQTT_TRANSPORT_NON_SECURE;
    #endif
}
.
.
.
static int provision_certificate(void)
{
#if defined(CONFIG_PROVISION_CERTIFICATES)
#if defined(CONFIG_BSD_LIBRARY)
	{
		int err;

		/* Delete certificates */
		nrf_sec_tag_t sec_tag = (nrf_sec_tag_t) sec_tag_list[0];

		for (nrf_key_mgnt_cred_type_t type = 0; type < 5; type++) {
			printk("Deleting certs sec_tag: %d\n", sec_tag);
			err = nrf_inbuilt_key_delete(sec_tag, type);
			printk("nrf_inbuilt_key_delete(%u, %d) => result=%d\n",
				sec_tag, type, err);
		}

#if defined(CA_CERTIFICATE)
		/* Provision CA Certificate. */
		printk("Write ca certs sec_tag: %d\n", sec_tag);
		err = nrf_inbuilt_key_write(sec_tag,
			NRF_KEY_MGMT_CRED_TYPE_CA_CHAIN,
			CA_CERTIFICATE,
			strlen(CA_CERTIFICATE));
		if (err) {
			printk("CA_CERTIFICATE err: %d\n", err);
			return err;
		}
#endif
#if defined (CLIENT_PRIVATE_KEY)
		/* Provision Private Certificate. */
		printk("Write private cert sec_tag: %d\n", sec_tag);
		err = nrf_inbuilt_key_write(
			sec_tag,
			NRF_KEY_MGMT_CRED_TYPE_PRIVATE_CERT,
			CLIENT_PRIVATE_KEY,
			strlen(CLIENT_PRIVATE_KEY));
		if (err) {
			printk("CLIENT_PRIVATE_KEY err: %d\n", err);
			return err;
		}
#endif
#if defined(CLIENT_PUBLIC_CERTIFICATE)
		/* Provision Public Certificate. */
		printk("Write public cert sec_tag: %d\n", sec_tag);
		err = nrf_inbuilt_key_write(
			sec_tag,
			NRF_KEY_MGMT_CRED_TYPE_PUBLIC_CERT,
			CLIENT_PUBLIC_CERTIFICATE,
			strlen(CLIENT_PUBLIC_CERTIFICATE));
		if (err) {
			printk("CLIENT_PUBLIC_CERTIFICATE err: %d\n",
				err);
			return err;
		}
	}
#endif
#else
	{
		int err;

		err = tls_credential_add(CONFIG_SEC_TAG,
			TLS_CREDENTIAL_CA_CERTIFICATE,
			NRF_CLOUD_CA_CERTIFICATE,
			sizeof(NRF_CLOUD_CA_CERTIFICATE));
		if (err < 0) {
			printk("Failed to register ca certificate: %d\n",
				err);
			return err;
		}
		err = tls_credential_add(CONFIG_SEC_TAG,
			TLS_CREDENTIAL_PRIVATE_KEY,
			NRF_CLOUD_CLIENT_PRIVATE_KEY,
			sizeof(NRF_CLOUD_CLIENT_PRIVATE_KEY));
		if (err < 0) {
			printk("Failed to register private key: %d\n",
				err);
			return err;
		}
		err = tls_credential_add(CONFIG_SEC_TAG,
			TLS_CREDENTIAL_SERVER_CERTIFICATE,
			NRF_CLOUD_CLIENT_PUBLIC_CERTIFICATE,
			sizeof(NRF_CLOUD_CLIENT_PUBLIC_CERTIFICATE));
		if (err < 0) {
			printk("Failed to register public certificate: %d\n",
				err);
			return err;
		}

	}
#endif /* defined(CONFIG_BSD_LIBRARY) */
#endif /* defined(CONFIG_PROVISION_CERTIFICATES) */

	return 0;
}

void main(void)
{
	int err;

	if (!IS_ENABLED(CONFIG_AT_HOST_LIBRARY)) {
		/* Stop the UART RX for power consumption reasons */
		NRF_UARTE0_NS->TASKS_STOPRX = 1;
		NRF_UARTE1_NS->TASKS_STOPRX = 1;
	}

	printk("The MQTT simple sample started\n");

	provision_certificate();

	modem_configure();

	client_init(&client);

	err = mqtt_connect(&client);
	if (err != 0) {
		printk("ERROR: mqtt_connect %d\n", err); // eror here
		return;
	}

	err = fds_init(&client);
	if (err != 0) {
		printk("ERROR: fds_init %d\n", err);
		return;
	}
	
	while (1) {
	    .
	    .
	}
}

  • 0 in reply to Kenta

    Hi, KentaM. Thanks a lot!!

    I'm still in trouble. This is the console print.

    SPM: NS image at 0x8000
SPM: NS MSP at 0x200240f0
SPM: NS reset vector at 0xb811
SPM: prepare to jump to Non-Secure image.
***** Booting Zephyr OS v1.14.99-ncs1 *****
The MQTT simple sample started
Deleting certs sec_tag: 16842753
nrf_inbuilt_key_delete(16842753, 0) => result=2
Deleting certs sec_tag: 16842753
***** BUS FAULT *****
  Precise data bus error
  BFAR Address: 0x3b61bb53
***** Hardware exception *****
Current thread ID = 0x20020410
Faulting instruction address = 0x16ad8
Fatal fault in thread 0x20020410! Aborting.
nrf_inbuilt_key_delete(16842753, 1) => result=14
Deleting certs sec_tag: 16842753
nrf_inbuilt_key_delete(16842753, 2) => result=14
Deleting certs sec_tag: 16842753
nrf_inbuilt_key_delete(16842753, 3) => result=14
Deleting certs sec_tag: 16842753
nrf_inbuilt_key_delete(16842753, 4) => result=14
Write ca certs sec_tag: 16842753
CA_CERTIFICATE err: 14
LTE Link Connecting ...
LTE Link Connected!
ERROR: getaddrinfo failed 22
ERROR: mqtt_connect -47

    This may tell me that certification files are wrong, but MQTT+TLS works fine with another MQTT client with the same three files(CLIENT_PRIVATE_KEY, CLIENT_PUBLIC_CERTIFICATE, CA_CERTIFICATE). These files are self signed and generated by openssl. 

    In my case, I don't use AWS IoT service. I implemented mosquitto MQTT broker on EC2.

    Do you have any comment?

    <certificates.h> *under the src folder

#define CLIENT_ID "myClientID"

#define CLIENT_PRIVATE_KEY \
"-----BEGIN RSA PRIVATE KEY-----\n" \
"MIIEowIBAAKCAQEAyoE5FG1Hf9DFEA1iF9enHtxNGYXI2kBjtXlz9Ckclctx2vJx\n" \
.
.
.
"QknwSFmfYXNRetEcDylKQEI3mkHxtj/jkDrOLitk0ccNQAeou/cL\n" \
"-----END RSA PRIVATE KEY-----\n"

#define CLIENT_PUBLIC_CERTIFICATE \
"-----BEGIN CERTIFICATE-----\n" \
"MIIDkjCCAnoCFGlpDDWDAA00v8MltxDoTLzJH6EiMA0GCSqGSIb3DQEBCwUAMIGJ\n" \
.
.
.
"yQyqplp/\n" \
"-----END CERTIFICATE-----\n"

#define CA_CERTIFICATE \
"-----BEGIN CERTIFICATE-----\n" \
"MIID9TCCAt2gAwIBAgIUSQtJI7ktYmj7qE3tDGGlDTjxrWAwDQYJKoZIhvcNAQEL\n" \
.
.
.
"jmLwN36BmvVGOkXHwOaBgCbFon1negAwX7bO0fXJlwySKO/gIvo1B/FZnP3TdRoD\n" \
"agXksMq8cbMC\n" \
"-----END CERTIFICATE-----\n"

  • 0 in reply to Yusuke

    Ah....

    I use AWS IoT Core without using EC2.

    Because it costs a lot for EC2 instances.

    If the MQTT_MESSAGE_BUFFER_SIZE is too long it will result in a BUS FAULT error.

    日本語でも書いておくと、EC2インスタンスではなく、AWS IoT Coreを使っています。

    EC2インスタンスだとお金いっぱいかかるので。

    AWS IoT Coreでエッジデバイスを登録して、証明書とポリシーを設定及びアタッチしてあります。

    BUS FAULTのエラーはMQTT_MESSAGE_BUFFER_SIZEが長すぎるとエラーになったように思います。

  • 0 in reply to Kenta

    I see. I'll try AWS IoT Core. BTW, Which do you select in Board Name, nrf9160_pca10090ns or nrf9160_pca10090? Since mqtt_simple works with nrf9160_pca10090ns, I choose nrf9160_pca10090ns when implementing TLS.

  • 0 in reply to Kenta

    I tried AWS IoT but I'm still stucked...

    I copied your code above based on mqtt_simple project and then changed MQTT_BROKER_HOSTNAME and MQTT_CLIENT_ID both in Kconfig and prj.conf. I attached certificates.h in src folder, which I downloaded from AWS.

    I can't solve the problem below.... 

    SPM: NS image at 0x8000
SPM: NS MSP at 0x200240d8
SPM: NS reset vector at 0xb609
SPM: prepare to jump to Non-Secure image.
***** Booting Zephyr OS v1.14.99-ncs1 *****
The MQTT simple sample started
Deleting certs sec_tag: 16842753
nrf_inbuilt_key_delete(16842753, 0) => result=2
Deleting certs sec_tag: 16842753
***** BUS FAULT *****
  Precise data bus error
  BFAR Address: 0x2800460d
***** Hardware exception *****
Current thread ID = 0x200203fc
Faulting instruction address = 0x1682c
Fatal fault in thread 0x200203fc! Aborting.
nrf_inbuilt_key_delete(16842753, 1) => result=14
Deleting certs sec_tag: 16842753
nrf_inbuilt_key_delete(16842753, 2) => result=14
Deleting certs sec_tag: 16842753
nrf_inbuilt_key_delete(16842753, 3) => result=14
Deleting certs sec_tag: 16842753
nrf_inbuilt_key_delete(16842753, 4) => result=14
Write ca certs sec_tag: 16842753
CA_CERTIFICATE err: 14
LTE Link Connecting ...
LTE Link Connected!
ERROR: getaddrinfo failed 22
ERROR: mqtt_connect -47

    - hardware: nRF9160 DK 0.8.2
    - firmware: 0.7.0-29.alpha
    - nrf ver: 0.4.0

Reply
  • 0 in reply to Kenta

    I tried AWS IoT but I'm still stucked...

    I copied your code above based on mqtt_simple project and then changed MQTT_BROKER_HOSTNAME and MQTT_CLIENT_ID both in Kconfig and prj.conf. I attached certificates.h in src folder, which I downloaded from AWS.

    I can't solve the problem below.... 

    SPM: NS image at 0x8000
SPM: NS MSP at 0x200240d8
SPM: NS reset vector at 0xb609
SPM: prepare to jump to Non-Secure image.
***** Booting Zephyr OS v1.14.99-ncs1 *****
The MQTT simple sample started
Deleting certs sec_tag: 16842753
nrf_inbuilt_key_delete(16842753, 0) => result=2
Deleting certs sec_tag: 16842753
***** BUS FAULT *****
  Precise data bus error
  BFAR Address: 0x2800460d
***** Hardware exception *****
Current thread ID = 0x200203fc
Faulting instruction address = 0x1682c
Fatal fault in thread 0x200203fc! Aborting.
nrf_inbuilt_key_delete(16842753, 1) => result=14
Deleting certs sec_tag: 16842753
nrf_inbuilt_key_delete(16842753, 2) => result=14
Deleting certs sec_tag: 16842753
nrf_inbuilt_key_delete(16842753, 3) => result=14
Deleting certs sec_tag: 16842753
nrf_inbuilt_key_delete(16842753, 4) => result=14
Write ca certs sec_tag: 16842753
CA_CERTIFICATE err: 14
LTE Link Connecting ...
LTE Link Connected!
ERROR: getaddrinfo failed 22
ERROR: mqtt_connect -47

    - hardware: nRF9160 DK 0.8.2
    - firmware: 0.7.0-29.alpha
    - nrf ver: 0.4.0

Children
  • 0 in reply to Yusuke

    Hello, KentaM!

    CONFIG_SEC_TAG may be wrong value so that the error may be caused. How do you decide the value? random value?

  • 0 in reply to Yusuke

    I used GitHub's prj.conf, which Hakon taught me, almost as it is.

    It looks like an error with CA_CERTIFICATE, but is the CA certificate correct?

    https://github.com/joakimtoe/fw-nrfconnect-nrf/blob/36532a8ca60bf7139a988b5cbb4e6cb47948a9fa/samples/nrf9160/mqtt_simple_tls/prj.conf

    By the way, I do not understand the meaning of CONFIG_SEC_TAG ... (tell me ...)

  • 0 in reply to Kenta

    About certificates, I downloaded three files from AWS IoT
    - Amazon_Root_CA_1.pem(ca crt)
    - xxxxxx-certificate.pem.crt(client crt, not public key)
    - yyyyyy-private.pem.key(client private key)

    I overwrote certificates.h put in src folder according to them.

    The following message indicates that deleting the builtin certificate files was not successful. So I don't think AWS certificate files are related to this issue.

    nrf_inbuilt_key_delete(16842753, 1) => result=14

    Could you show me the content of the prj.conf again if possible? mqtt_simple prj.conf sets a value in CONFIG_SEC_TAG while mqtt_simple_tls project prj.conf sets a value in CONFIG_MQTT_TLS_SEC_TAG.

  • 0 in reply to Yusuke

    prj.conf

    # General config
CONFIG_TEST_RANDOM_GENERATOR=y

# Networking
CONFIG_NETWORKING=y
CONFIG_NET_SOCKETS_OFFLOAD=y
CONFIG_NET_SOCKETS=y
CONFIG_NET_SOCKETS_POSIX_NAMES=y

# LTE link control
CONFIG_LTE_LINK_CONTROL=y
CONFIG_LTE_AUTO_INIT_AND_CONNECT=n

# BSD library
CONFIG_BSD_LIBRARY=y

# AT Host
CONFIG_UART_INTERRUPT_DRIVEN=y
CONFIG_AT_HOST_LIBRARY=y
#CONFIG_SPM=n

# MQTT
CONFIG_MQTT_LIB=y
CONFIG_MQTT_LIB_TLS=y

# Appliaction
#CONFIG_MQTT_PUB_TOPIC="/my/publish/topic"
#CONFIG_MQTT_SUB_TOPIC="/my/subscribe/topic"
#CONFIG_MQTT_CLIENT_ID="my-client-id"
#CONFIG_MQTT_BROKER_HOSTNAME="iot.eclipse.org"
#CONFIG_MQTT_BROKER_PORT=1883

CONFIG_MQTT_PUB_TOPIC="myTopic/publish"
CONFIG_MQTT_SUB_TOPIC="myTopic/subscribe"
CONFIG_MQTT_CLIENT_ID="nRF9160-DK"
CONFIG_MQTT_BROKER_HOSTNAME="a544w27l82h92-ats.iot.us-east-1.amazonaws.com"
CONFIG_MQTT_BROKER_PORT=8883

CONFIG_SEC_TAG=16842753

CONFIG_PROVISION_CERTIFICATES=y
CONFIG_CERTIFICATES_FILE="certificates.h"

# Main thread
CONFIG_MAIN_THREAD_PRIORITY=7
CONFIG_MAIN_STACK_SIZE=4096
CONFIG_HEAP_MEM_POOL_SIZE=1024

CONFIG_NO_OPTIMIZATIONS=y

    By the way, I will do a study session, will you come?
    Saturday.

    atnd.org/.../106150

  • 0 in reply to Kenta

    @

    I can't solve the above issue yet.
    I tried a project, which KentaM uses successfully, with two different 0.8.2 DK boards, and they throw the same error. He gave me the whole project files including certificates.h through private message and I used it. The project should be the exactly same.

    During nrf_inbuilt_key_delete, the project throws an error(14), "Bad Address."

    SPM: NS image at 0x8000
SPM: NS MSP at 0x200240d8
SPM: NS reset vector at 0xb609
SPM: prepare to jump to Non-Secure image.
***** Booting Zephyr OS v1.14.99-ncs1 *****
The MQTT simple sample started
Deleting certs sec_tag: 16842753
nrf_inbuilt_key_delete(16842753, 0) => result=2
Deleting certs sec_tag: 16842753
***** BUS FAULT *****
  Precise data bus error
  BFAR Address: 0x2800460d
***** Hardware exception *****
Current thread ID = 0x200203fc
Faulting instruction address = 0x1682c
Fatal fault in thread 0x200203fc! Aborting.
nrf_inbuilt_key_delete(16842753, 1) => result=14
Deleting certs sec_tag: 16842753
nrf_inbuilt_key_delete(16842753, 2) => result=14
Deleting certs sec_tag: 16842753
nrf_inbuilt_key_delete(16842753, 3) => result=14
Deleting certs sec_tag: 16842753
nrf_inbuilt_key_delete(16842753, 4) => result=14
Write ca certs sec_tag: 16842753
CA_CERTIFICATE err: 14
LTE Link Connecting ...
LTE Link Connected!
ERROR: getaddrinfo failed 22
ERROR: mqtt_connect -47

    I'm sure the firmware is the latest one, 0.7.0-29.alpha.
    ncs_tag is v0.4.0

    mqtt_simple project which doesn't include TLS works fine. However, when it includes TLS procedure, it throws the error.

    Any help?

Related