Thales' cellular IoT products business is now part of Telit Cinterion, find out more.

You are here

Telit Cinterion IoT Developer Community

IoT SDK Bootcamp

Showcase, December 8, 2022 - 3:30am, 3068 views

A Series of Embedded Processing Modem Modules

PLS83/63, ELS82/62 and TX82/62 modules have a capability to run user applications. It's runtime environment is ThreadX+Cinterion libraries, and you can use the IoT SDK to create applications for it. In this article, you'll learn how to create certificate for the SDK, how to sign the compiled binary, and run the application.

You can find all files mentioned in this cloud storage:

https://files.c-wm.net/index.php/s/LmanWArMjBqwT5p

Password: Thales2022

Needed Software

IoT SDK itself: SDKv5.tgz

OpenSSL for Windows
https://slproweb.com/download/Win64OpenSSL_Light-3_0_1.exe

Python 2.7.18
https://www.python.org/downloads/release/python-2718/

Python libraries: Pyserial, Numpy

cmd_IpCertMgr from plsx3_an62_tls_v01.pdf

TAR, GZIP, 7zip
https://www.7-zip.org/

TeraTerm
https://ttssh2.osdn.jp/index.html.en

VSCode
https://code.visualstudio.com/

Java 1.8
https://java.com/en/download/windows_offline.jsp

You should install all mentioned software packages, and use python -m pip install pyserial numpy to configure the python runtime prior to use the IoT SDK itself.

Test Run the IoT SDK

Let's assume you unpack the IoT SDK in c:\SDK, and connected PLS83-W to the USB; assuming the modem port of PLS83 is enumerated in COM57. You can run these commands under Windows Command Prompt:

C:\Users\<USERNAME>>cd c:\SDK\tools

c:\SDK\tools>python connect.py -p COM57
Connection with the target on COM57 at 115200
Done !

c:\SDK\tools>python firmware.py info
Modem version (rev): 02.000
Applicative version (arn): 01.000.00
Bootloader version (sbl): SBL1_005

Setup App Root Certificate

You need to have root certificate to sign app before testing it inside the modem. To achieve this, use the openssl software installed previously; let's assum we decide to store the certificate and key pairs inside c:\SDK\key, to setup app root certificate, run these commands in Windows Command Prompt:

C:\SDK>md key
C:\SDK>cd key

C:\SDK\key>openssl ecparam -name secp384r1 -out secp384r1.param.pem
C:\SDK\key>openssl ecparam -in secp384r1.param.pem -genkey -noout -out app_rot.key
C:\SDK\key>openssl ec -in app_rot.key -out app_rot.pub -pubout
C:\SDK\key>openssl req -new -sha384 -x509 -out app_rot.der -outform DER -key app_rot.key -days 7300 -set_serial 1 -subj /C=DE/ST=Berlin/L=Berlin/O="THALES DIS AIS Deutschland GmbH"/OU="R&D"/CN="Demo App Root of Trust"
openssl x509 -in app_rot.der -inform DER -pubkey -noout > app_rot.pub

We have the certificate now, but we need to convert the files into something suitable to install to PLS83. Let's assume we store the cmd_IpCertMgr.jar tool in z:\projs\pls83\pls63-w_pls83- w_tls_tools\Tools\bin\win-x86\cmd_IpCertMgr.jar, run these commands to create certificate files for PLS83 modem:

C:\SDK\key>java -jar "z:\projs\pls83\pls63-w_pls83- w_tls_tools\Tools\bin\win-x86\cmd_IpCertMgr.jar" -mode app_rot -cmd WriteCert -certfile app_rot.der -certindex 0 -sigType NONE -file LoadAppRotCert.bin
Java version: 32-bit
1.8.0_162
signature skipped

c:\SDK\key>java -jar "z:\projs\pls83\pls63-w_pls83- w_tls_tools\Tools\bin\win-x86\cmd_IpCertMgr.jar" -mode app_rot -cmd DelCert -certfile app_rot.der -certindex 0 -sigType NONE -file DelAppRotCert.bin
Java version: 32-bit
1.8.0_162
signature skipped

Now we have certificate files for modem, it's time to install them to the PLS83-W. Use tool like TeraTerm to connect to PLS83's modem port, and run these commands to install and check the certificate installation status:

at^SSECUC="SEC/MODE"
^SSECUC: "SEC/MODE",0

OK

AT^SBNW="app_rot",1
CONNECT

SECURE CMD READY: SEND COMMAND ...

SECURE CMD END OK

OK
AT^SBNR="app_rot"
^SBNR: 0, size: "661", issuer: "/C=DE/ST=Berlin/L=Berlin/O=THALES DIS AIS Deutschland GmbH/OU=R&D/CN=Demo App Root of Trust", serial number: "01", subject: "/C=DE/ST=Berlin/L=Berlin/O=THALES DIS AIS Deutschland GmbH/OU=R&D/CN=Demo App Root of Trust", signature: "sha384ECDSA", thumbprint algorithm: "sha1", thumbprint: "ECB24246F23C3FF6D59F7C1EC90E9E84A68FF478", expiry date: "2042,1,17"

OK

Test the IoT SDK

Now the foundation has laid out, we can test run any apps inside the modem. Use Windows Command Prompt to run these commands and have run and happy codding:

cd ..\tools

C:\SDK\tools>python build.py -p pls ..\examples\helloworld\

C:\SDK\tools>python app.py sign --key ..\key\app_rot.key ..\examples\helloworld\build\helloworld.bin
Signed application available: C:\SDK\examples\helloworld\build\signed\helloworld.bin

C:\SDK\tools>python app.py verify --pubkey ..\key\app_rot.pub --keyform pem ..\examples\helloworld\build\signed\helloworld.bin
Verification OK

C:\SDK\tools>python app.py download ..\examples\helloworld\build\signed\helloworld.bin
Sent 100 %
Done !

C:\SDK\tools>python fs.py ls a:/
ginauwconf/
helloworld.bin
ipoverat/

C:\SDK\tools>python app.py install helloworld
Done !

C:\SDK\tools>python app.py info
Applications in A disk:
Name                Version     Size      Location

Installed applications:
Name                Version     Size      Status
helloworld          7370        14.2 KB   stopped

1 application on target, 0 running
Autostart config: disabled
Secure boot: enabled
App signature config: ECC with sha384

C:\SDK\tools>python app.py start helloworld
Done !

C:\SDK\tools>python app.py stop helloworld
Done !

C:\SDK\tools>python log.py read -d COM56
COM56
Cinterion Logging Tool ++++++++++++++++++++++++++++++++++++++++++++++++++++++
Start logging on dedicated logging port (COM56,115200) at 2022-01-21 20:11:15... (use Control-C to exit)
Hello World!
03:09:21:734 CRIT:..\examples\helloworld\helloworld.c,74: cleanup: MY CLEANUP
Hello World!
03:09:31:113 CRIT:..\examples\helloworld\helloworld.c,74: cleanup: MY CLEANUP

C:\SDK\tools>python app.py logstart helloworld
Cinterion Logging Tool ++++++++++++++++++++++++++++++++++++++++++++++++++++++
Start logging on dedicated logging port (COM56,115200) at 2022-01-21 20:14:33... (use Control-C to exit)
Hello World!

Thank you for this tutorial!

You mentioned the ELS62 as well. Does this mean that the SDK and corresponding FW are available for the ELS62? Is MicroEJ available, as well?

Thanks, 

Felix

Hi Felix,

MicroEJ is applicable to all Cinterion ThreadX modules.

For ELS62 the threadx SDK is still in development, when it's done, user should be able to use threadx or microej on it.

Best Regards,
Antony Shen

On Mac OSX I get the following error, running the cmd_IpCertMgr application:
"You are using: 64-bit version. You have to use 32-bit version. Change the environment and try again."

Seemingly Apple abandoned Java as an Apple preinstalled language, and the latest version is now 64 bit (which has been installed on my M1 MacBook Pro).

Is there a 64 bit version of cmd_IpCertMgr available? If not, is it possible to distribute such a version? If not, where can I get a 32 bit compatible JVM running on a M1?

 

Author

antonyshen's picture
antonyshen