• State Verified Answer
  • Replies 15 replies
  • Subscribers 68 subscribers
  • Views 4596 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 231013
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

Do the AT%CMNG commands function properly for writing credentials in mfw_nrf9160_0.7.0-29.alpha

jbrzozoski

I've used the nrf_inbuilt_key_write to store certificates/keys in the past, but I am still unable to do it using the "AT%CMNG" modem command.

I can list and delete items using "AT%CMNG=1" and "AT%CMNG=3,x,x", but every attempt to write with "AT%CMNG=0,x,x,"xxx"" seems to hang forever.

Our device is providing access to a modem console for factory provisioning and debug, so it would be nice to not have to implement a special method when this should be able to handle it, but I just can't get it to work.

Is this expected to be working in mfw_nrf9160_0.7.0-29.alpha?

Parents
  • 0

    Hi Justin,
    Are you sending AT-Commands in your application with sockets or are you sending directly via e.g. a serial terminal using the %CMNG command with at_client sample?

    Note:

    • <content> in the read response is exactly what is written, including <CR>, <LF>, and other characters. The characters outside the double quotes are part of the AT response format.

    <content> String. Mandatory if <opcode> is write. An empty string is not allowed. A Privacy Enhanced Mail (PEM) file enclosed in double quotes (X.509 PEM entities). Base64-encoded string in double quotes (PSK).

    Please look at the examples in the doc page for reference.

  • 0 in reply to Martin Lesund

    I was working directly via a serial terminal at the moment, just as a proof of concept.  I was getting the same behavior with both our application and the at_client sample.

    Does CR/LF matter?  Are line breaks required in the key material or could the entire thing be concatenated to one line if desired?

    The doc page you referenced makes use of XSUDO.  Base on the note on this page I had assumed that was not necessary yet, and possibly not fully implemented, so I had not been trying it.  Am I likely to have more success if I use XSUDO?

    I will try to match my certificate types and formatting more carefully to your reference and see if that changes anything.

  • 0 in reply to Martin Lesund

    I am unable to get XPMNG to work when pushing the public key to the modem.  The CME error code is not listed in on the XPMNG documentation page.

    ***** Booting Zephyr OS v1.14.99-ncs1 *****
The AT host sample started
AT
OK
AT+CFUN=4
OK
AT+CMEE=1
OK
AT%XPMNG=0,"-----BEGIN PUBLIC KEY-----MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE0hFbFkKzORGXw5UCyFV6McEsQlH/SA+5OPTg5ff1DwQDj9LQJJ4dkcgdGI46bVho3YU7RQTVc9LojyUFNHNEew==-----END PUBLIC KEY-----"
+CME ERROR: 519

  • 0 in reply to jbrzozoski

    I now wonder if I haven't somehow put this modem's NVM into a bad state.  Just so I could continue doing other work, I used nrf_inbuilt_key_delete/nrf_inbuilt_key_write to remove all credentials and then reload a good set, and now every attempt to connect to an SSL socket fails with errno=-45. This is the same client/application code I have been using for months without issue.

    I further tried using just "openssl s_server" as the listener and disabling peer verify on both sides, and I still get -45 from mqtt_connect.  The openssl server just spits out this every time the device hits it:

    ERROR
shutting down SSL
CONNECTION CLOSED

    They never even begin key exchange.  Disappointed

  • 0 in reply to jbrzozoski

    Hi Justin,
    Could you try to list the keys (AT%CMNG=1) and delete the ones that you are not using.
    It may be that there is a memory issue.

    The error 519 is not listed in the documentation, but it means that it already exists something at that place, so you can try to delete the old one first.

Reply Children
  • 0 in reply to Martin Lesund

    I have previously listed and deleted all keys using CMNG=1 and CMNG=3.  I just tried it again and included a CFUN=0 and reboot after deleting the keys but before trying to write new keys with CMNG=0.  It exhibited the same behavior and never completed the CMNG write command.

    Regarding the XPMNG command, I tried XPMNG=2 and it does report an existing public key.  I am quite certain I have never installed one.  I happened to have a new dev kit we recently got for GPS testing, so I loaded it up with at_client and XPMNG=2 reports the exact same public key.  I assume these must be from manufacturing on Nordic's end.  There is no command I can find in the modem manual to delete the XPMNG credential, can you please tell me how to do this?

    In case anyone else ever cares, this is what the preinstalled public key looked like:

    AT%XPMNG=2
%XPMNG: "-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAErrM7SxsE9WStx+6C2TQSsiaCnDww
B6rYZe/xHP7sDuHP8SmB0uauqhWBXXy0e8xoxqAc2bniubZa4HI2Zfz7tQ==
-----END PUBLIC KEY-----
"
OK

Related