SAMD21 + WINC1500 for MQTTS

Go To Last Post
25 posts / 0 new
Author
Message
#1
  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Hi community!

 

The documentation clearly says that the current highest version of TLS supported by that platform is 1.0, let's say that the ideal solution is aimed at 1.2 (because of Amazon's specifications).

 

  • Will the TLS be upgraded any time soon?

 

I'm importing the mbedTLS which supports TLSv1.2, hope that after finishing the proper imports and connecting scripts it works, if not, well, keep up with the solution reaching.

 

  • Will the implementation of mbedTLS make a fatal crash because of version differences?
  • Is this at a more low level than thought? (I'm a high level paradigm developer).

 

And finally...

 

  • Is this board capable of handle client certificates and private keys programatically inside of the proyect? (I know there's a bat file for embed the firmware onto WINC1500, but that's only for root certs, I need to provide client certificate - key in order to have both sides authenticated).

 

Thanks a lot for your time!

 

Yours sincerely, Jon. 

Last Edited: Wed. Jun 1, 2016 - 08:57 AM
  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Hello all,

 

Please, I need to know if the WINC1500 is capable of handle client certificates and private keys? if so, how could program my client certificate to the WINC1500 module ?

Actually I need to provide client certificate to ensure a higher security level on the server side.

 

Many thanks in advance.

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Hi Ayman!

 

There is an issue with the google forums, I pested to replies, both eliminated when hit the post button. 

 

Ok, first, memory highlights. Consider you final implementation memory (RAM) usage. That's because the solution for the MQTT secured communication leaves the SAMD21 very tight in memory. SAM4S can overcome this issue.

 

Second, main topic. No by its own. You will need to implement a combo like (SAMD21 || SAM4S) + WINC1500 + CryptoAuth Module, in order to support the mutual auth flow. Porting TLS library is also needed, Atmel recommended wolfSSL.

 

We're still getting started with that, as we have a lot of things to do, we implemented some workarounds, in order to survive this young new technology solutions growing-changing environment. So that's why we still at a starting stage when talking about the MQTT solution.

 

So, we're studying the porting of wolfSSL and the secure socket communication flow, so we can connect to AWS API Gateway configured lambda functions. That's because we need TLSv1.2, and SNI support.

 

It's a big challenge, but at the end feasible. So wish you success! 

 

Carpe diem!

 

Kind regards,

 

Jon M.

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Hello Mr. Jon M.,

 

First I would like to thank you, thank you very much for your feedback, me and my team really appreciate your support :)
 

Best Regards,

 

Ayman Rjab.

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Hi again Ayman!

 

I forgot to write, that maybe the crypto module that can fit those requirements, is the ATECC508A, we might implement those for certificate, private and public key generation. From Amazon secured MQTT communication requirements.

 

And also, consider Microchip AWS IoT fully supported products, so the learning curve leverages, and the API usage of the whole solution. Microchip now owns Atmel, I imagine, that by the time passes, they will port everything they have from AWS at microchip devices onto Atmel ones, to converge their solutions. I can say that because of what I observed in the AWS IoT keynote from October '15. You can have more details of hardware partners, and their fully supported platforms at AWS website.

 

As we got advanced in use of this platforms WINC1500 + SAMD21 + Crypto Devices, we're kinda married to them, so they're like mandatory to use, at least at this development phase, who know what happens next. But, if you're getting started, consider the memory space of SAM4S, strong learning curve for the AWS arrangement with Atmel devices, and so the Microchip solutions with AWS libraries already supported. That, as an advice. Whatever fits best, it's up to you guys. Wish you the best at it. :)

 

Sorry about the typos on last post. I was kinda in a rush.

 

Kind regards, and success!

 

Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Ayman

 

Can you please tell me what O/S you use to program the D21 with 508a under Studio 7?

I cannot see the TARGET USB under Win 10 x64.

 

What configuration of Studioo 7 & O/S work and do i go for x64 or x86 version?

 

Really want to fully play with me 508a's.

 

Thanks in advance.

 

Mark

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Hello.

 

Is there any example/project for SAMD21 + WINC1500 for Atmel Studio 7 with AWS IoT MQTT?

 

Thanks in advance.

 

Daniele

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Hi there.

 

I'm having multiple declarations of SERCOM_2Handler() and SERCOM3_Handler();

 

I'm trying to merge with this example http://www.atmel.com/Images/Atme....

Trying to and interrupts to main function and it's conflicting with winc1500 and at25dfx modules.

 

 

Any thoughts?

 

Kind regards,

Daniele.

Last Edited: Fri. Jun 2, 2017 - 01:31 PM
  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Hi,

 

I'm using winc1500 on sercom 5.

I can connect and make some configs via mqtt using mqtt_publish().

 

I manage to read from another sercom(2) using usart_enable_callback() and usart_read_callback() but when i try to publish again to mqtt (mqtt_publish()) it doesnt work.

 

Any thoughts?

 

Kind regards,

Daniele.

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

_Jon wrote:

Hi Ayman!

 

There is an issue with the google forums, I pested to replies, both eliminated when hit the post button. 

 

Ok, first, memory highlights. Consider you final implementation memory (RAM) usage. That's because the solution for the MQTT secured communication leaves the SAMD21 very tight in memory. SAM4S can overcome this issue.

 

Second, main topic. No by its own. You will need to implement a combo like (SAMD21 || SAM4S) + WINC1500 + CryptoAuth Module, in order to support the mutual auth flow. Porting TLS library is also needed, Atmel recommended wolfSSL.

 

We're still getting started with that, as we have a lot of things to do, we implemented some workarounds, in order to survive this young new technology solutions growing-changing environment. So that's why we still at a starting stage when talking about the MQTT solution.

 

So, we're studying the porting of wolfSSL and the secure socket communication flow, so we can connect to AWS API Gateway configured lambda functions. That's because we need TLSv1.2, and SNI support.

 

It's a big challenge, but at the end feasible. So wish you success! 

 

Carpe diem!

 

Kind regards,

 

Jon M.

 

 

Hello Jon,

 

i am currently beginning with AWS IOT and i am trying port AWS IOT embedded  C SDK to atmel SAM devices. i am working with SAMW25 Xplained Pro that contains SAMD21 + WINC1500. I have already ported timer functions but i don´t know how port Network functions and what resources a need use for that.

 

Did you get port Network functions for that board? 

 

Any help is appreciated.

Thanks in advance.

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Hello there,

 

I have an urgent issue.

Mqtt uses x509 certificates, in the server it can be automatically renewed but in client side it doesn't work unless we manually install it.

How can I make it be more automatic or can I send it via wifi ???

 

Any help is appreciated.

Thanks in advance.

 

Kind regards,

Daniele

 

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Hello,

 

I'm using winc1500 + samd21 xplained pro with MQTT.

Is it possible to renew ssl x509 certificate without manual maintenance.

If not can it be sent via MQTT and install automatically ?

 

 

 

Any help is appreciated.

Thanks in advance.

 

Kind regards,

Daniele

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Daniele,

 

Check out app note here posted/updated by Microchip on Nov 2017.

It describes updating the WINC1500 CA certificate for remote server; fetching via HTTPS, then saving to WINC1500 trust store via host micro SPI interface.

This can be found in the Microchip main page for the WINC1500 here.

 

Jeff