This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

Do the AT%CMNG commands function properly for writing credentials in mfw_nrf9160_0.7.0-29.alpha

I've used the nrf_inbuilt_key_write to store certificates/keys in the past, but I am still unable to do it using the "AT%CMNG" modem command.

I can list and delete items using "AT%CMNG=1" and "AT%CMNG=3,x,x", but every attempt to write with "AT%CMNG=0,x,x,"xxx"" seems to hang forever.

Our device is providing access to a modem console for factory provisioning and debug, so it would be nice to not have to implement a special method when this should be able to handle it, but I just can't get it to work.

Is this expected to be working in mfw_nrf9160_0.7.0-29.alpha?

Parents
  • Yeah, I strongly suspect my modem NVM is in bad shape.  Is there a way using nrf9160_mdm_dfu or some other tool that I can check or reset the credential storage?

    It is now in a state where if I try to store credentials even using nrf_inbuilt_key_write some writes succeed and others hang.  After one pass where it had written the CA cert successfully but then hung during the private key write, I reflashed to at_client and poked around a bit:

    The AT host sample started
    AT
    OK
    AT+CFUN=4
    OK
    AT+CMEE=1
    OK
    AT%CMNG=1
    %CMNG: 64738,0,"0000000000000000000000000000000000000000000000000000000000000000"
    %CMNG: 64738,1,"0101010101010101010101010101010101010101010101010101010101010101"
    %CMNG: 64738,2,"0202020202020202020202020202020202020202020202020202020202020202"
    OK
    AT%CMNG=2,64738,0
    %CMNG: 64738,0,"0000000000000000000000000000000000000000000000000000000000000000","-----BEGIN CERTIFICATE-----
    MIIFLjCCBBagAwIBAgIJANuSwPfghLXlMA0GCSqGSIb3DQEBCwUAMIG7MQswCQYD
    VQQGEwJVUzEWMBQGA1UECAwNTWFzc2FjaHVzZXR0czEUMBIGA1UEBwwLTWFybGJv
    cm91Z2gxJjAkBgNVBAoMHVNpZ25hbEZpcmUgV2lyZWxlc3MgVGVsZW1ldHJ5MRMw
    EQYDVQQLDApNUVRUIENsb3VkMRwwGgYDVQQDDBNTaWduYWxGaXJlIENsb3VkIENB
    MSMwIQYJKoZIhvcNAQkBFhRpbmZvQHNpZ25hbC1maXJlLmNvbTAeFw0xOTA0MDMx
    NjE1MDhaFw0zOTAzMjkxNjE1MDhaMIG7MQswCQYDVQQGEwJVUzEWMBQGA1UECAwN
    TWFzc2FjaHVzZXR0czEUMBIGA1UEBwwLTWFybGJvcm91Z2gxJjAkBgNVBAoMHVNp
    Z25hbEZpcmUgV2lyZWxlc3MgVGVsZW1ldHJ5MRMwEQYDVQQLDApNUVRUIENsb3Vk
    MRwwGgYDVQQDDBNTaWduYWxGaXJlIENsb3VkIENBMSMwIQYJKoZIhvcNAQkBFhRp
    bmZvQHNpZ25hbC1maXJlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
    ggEBAO9Kf1ufbdkCdIB9hJ5iZ1z9OyUB8Ddaal7uGFUh1j2y/Fk+gbO69YXUAX/8
    CbZKiZ4VJmCcbCS9jRU7jNbF85oeJofkoiCpWB0supKtGk+GK6dMBK84TSJL5x29
    qdGqu2x/em5UD9PfqSMQtdPpcCraPTekRAWJnUd3BNeYqZ3uixOWVIpytGWDLeZP
    PU3UcIJIRSCbunVSzoafTrQI/FNh7azx9RTpJexEhLYRqKB54i8oaKdUQHfve9sD
    M4b
    
    
    
    AT
    OK
    AT%CMNG=3,64738,0
    OK
    AT%CMNG=1
    %CMNG: 64738,1,"0101010101010101010101010101010101010101010101010101010101010101"
    %CMNG: 64738,2,"0202020202020202020202020202020202020202020202020202020202020202"
    OK
    AT%CMNG=3,64738,1
    OK
    AT%CMNG=3,64738,2
    OK
    AT%CMNG=1
    OK
    AT%CMNG=0,64738,0,"TEST"
    

    The CMNG=1 listed that the CA, key, and cert all existed, even though it had hung during the key write and the cert write had not been written. When trying to read the CA, it didn't have the whole CA certificate.  I then deleted all three certificates and tried to write a super-short string to the CA as a test and that hung and never returned...

    (EDIT: The truncated output on CMNG=2 was due to a too-small buffer in the AT driver, which can be remedied by increasing AT_HOST_SOCKET_BUF_SIZE in prj.conf)

Reply
  • Yeah, I strongly suspect my modem NVM is in bad shape.  Is there a way using nrf9160_mdm_dfu or some other tool that I can check or reset the credential storage?

    It is now in a state where if I try to store credentials even using nrf_inbuilt_key_write some writes succeed and others hang.  After one pass where it had written the CA cert successfully but then hung during the private key write, I reflashed to at_client and poked around a bit:

    The AT host sample started
    AT
    OK
    AT+CFUN=4
    OK
    AT+CMEE=1
    OK
    AT%CMNG=1
    %CMNG: 64738,0,"0000000000000000000000000000000000000000000000000000000000000000"
    %CMNG: 64738,1,"0101010101010101010101010101010101010101010101010101010101010101"
    %CMNG: 64738,2,"0202020202020202020202020202020202020202020202020202020202020202"
    OK
    AT%CMNG=2,64738,0
    %CMNG: 64738,0,"0000000000000000000000000000000000000000000000000000000000000000","-----BEGIN CERTIFICATE-----
    MIIFLjCCBBagAwIBAgIJANuSwPfghLXlMA0GCSqGSIb3DQEBCwUAMIG7MQswCQYD
    VQQGEwJVUzEWMBQGA1UECAwNTWFzc2FjaHVzZXR0czEUMBIGA1UEBwwLTWFybGJv
    cm91Z2gxJjAkBgNVBAoMHVNpZ25hbEZpcmUgV2lyZWxlc3MgVGVsZW1ldHJ5MRMw
    EQYDVQQLDApNUVRUIENsb3VkMRwwGgYDVQQDDBNTaWduYWxGaXJlIENsb3VkIENB
    MSMwIQYJKoZIhvcNAQkBFhRpbmZvQHNpZ25hbC1maXJlLmNvbTAeFw0xOTA0MDMx
    NjE1MDhaFw0zOTAzMjkxNjE1MDhaMIG7MQswCQYDVQQGEwJVUzEWMBQGA1UECAwN
    TWFzc2FjaHVzZXR0czEUMBIGA1UEBwwLTWFybGJvcm91Z2gxJjAkBgNVBAoMHVNp
    Z25hbEZpcmUgV2lyZWxlc3MgVGVsZW1ldHJ5MRMwEQYDVQQLDApNUVRUIENsb3Vk
    MRwwGgYDVQQDDBNTaWduYWxGaXJlIENsb3VkIENBMSMwIQYJKoZIhvcNAQkBFhRp
    bmZvQHNpZ25hbC1maXJlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
    ggEBAO9Kf1ufbdkCdIB9hJ5iZ1z9OyUB8Ddaal7uGFUh1j2y/Fk+gbO69YXUAX/8
    CbZKiZ4VJmCcbCS9jRU7jNbF85oeJofkoiCpWB0supKtGk+GK6dMBK84TSJL5x29
    qdGqu2x/em5UD9PfqSMQtdPpcCraPTekRAWJnUd3BNeYqZ3uixOWVIpytGWDLeZP
    PU3UcIJIRSCbunVSzoafTrQI/FNh7azx9RTpJexEhLYRqKB54i8oaKdUQHfve9sD
    M4b
    
    
    
    AT
    OK
    AT%CMNG=3,64738,0
    OK
    AT%CMNG=1
    %CMNG: 64738,1,"0101010101010101010101010101010101010101010101010101010101010101"
    %CMNG: 64738,2,"0202020202020202020202020202020202020202020202020202020202020202"
    OK
    AT%CMNG=3,64738,1
    OK
    AT%CMNG=3,64738,2
    OK
    AT%CMNG=1
    OK
    AT%CMNG=0,64738,0,"TEST"
    

    The CMNG=1 listed that the CA, key, and cert all existed, even though it had hung during the key write and the cert write had not been written. When trying to read the CA, it didn't have the whole CA certificate.  I then deleted all three certificates and tried to write a super-short string to the CA as a test and that hung and never returned...

    (EDIT: The truncated output on CMNG=2 was due to a too-small buffer in the AT driver, which can be remedied by increasing AT_HOST_SOCKET_BUF_SIZE in prj.conf)

Children
  • Yeah, I was finally able to do a CMNG write command...  The basic CMNG write is working, but something is hanging in the modem firmware during most writes.

    I had loaded the test string "BEEPBEEP" as a CA using nrf_inbuilt_key_write, rebooted into at_client, and was able to read "BEEPBEEP" back using CMNG=2.  I then set the CA to "HONKHONK" using CMNG=0 and read *that* back using CMNG=2.  (Yay! Proves that it's not an XPMNG issue for that credential at least)

    Enthused by that success, I immediately tried to use CMNG=0 to write a real certificate into the same slot, and that command hung.  After rebooting the 9160, CMNG=2 still reads back "HONKHONK".  I was able to change it to something short again using CMNG=0 and read that back okay.  (This final test I also used a multi-line payload to prove that wasn't the issue...)

    Is there a size limit on certificates/keys?  I don't think mine are excessive in any way.  A quick check at the command line puts all three credential files I'm trying to load in the area of 1600-1900 bytes.

Related