Preparing for production

To use the Cellular: LwM2M Client sample in production, you must prepare the sample for production by completing the following steps:

  1. Program the Cellular: AT Client sample to your device.

  2. Provision the identity and security credentials.

  3. Program the LwM2M Client sample.

LwM2M Client production diagram

Preparing the sample for production

The following sections provide the guidelines on setting up the sample for production using AVSystem’s Coiote Device Management server.

Programming the AT Client sample

You must program the Cellular: AT Client sample to your device to control the security tags in the modem. See the nRF91x1 AT Commands Reference Guide or nRF9160 AT Commands Reference Guide for documentation on each AT command. Also, you must provision the bootstrap credentials for the security tag (that you have specified in CONFIG_LWM2M_CLIENT_UTILS_BOOTSTRAP_TLS_TAG Kconfig option) to the nRF91 Series modem.

Provisioning the identity and security credentials

To provision the credentials, complete the following steps:

  1. Ensure that you have removed the previous security tags from the modem by issuing the AT%CMNG command:

    AT%CMNG=3,<TAG>,3
AT%CMNG=3,<TAG>,4

    See the Credential storage management %CMNG section in the nRF9160 AT Commands Reference Guide or the same section in the nRF91x1 AT Commands Reference Guide, depending on the SiP you are using.

  2. Identify the device IMEI by issuing the command AT+CGSN:

    AT+CGSN
352656100367872
OK

  3. Create an identity urn:imei:<IMEI CODE> based on the IMEI of your device. For the example in previous step, the identity of the device is urn:imei:352656100367872.

  4. Generate a secure PSK key and store that to the security tag. For example, to write the key 000102030405060708090a0b0c0d0e0f, run the following commands:

    AT%CMNG=0,<TAG>,4,"urn:imei:352656100367872"
OK
AT%CMNG=0,<TAG>,3,"000102030405060708090a0b0c0d0e0f"
OK

Automated provisioning

For automated provisioning of credentials, you can use the script provision.py that is available in the samples/cellular/lwm2m_client/scripts/ folder. If you use AVSystem’s Coiote Device Management server, you must set your username and password for the server as environment variables when you run the script. See the following code:

# Setup phase
[nrf@dev]:~/scripts# export COIOTE_PASSWD='my-password'
[nrf@dev]:~/scripts# export COIOTE_USER='my-username'

# Run
[nrf@dev]:~/scripts# ./provision.py
AT interface ready
Identity: urn:imei:352656100394546
Security tag 35724862 cleared
PSK credentials stored to sec_tag 35724862
Coiote: Deleted device urn:imei:352656100394546
Coiote: Deleted device urn:imei:352656100394546-bs
Coiote: Created device urn:imei:352656100394546 to domain /IoT/NordicSemi/Interop/

When Leshan demo server is used, script does not require password:

# Run
[nrf@dev]:~/scripts# ./provision.py --leshan
[INFO] provision.py - Identity: urn:imei:351358814369747
[INFO] device.py - Security tag 35724861 cleared
[INFO] device.py - Security tag 35724862 cleared
[INFO] device.py - PSK credentials stored to sec_tag 35724862

You can now program the device with the final sample image.

Configuring and programing the sample

To configure and program the sample, complete the following steps:

  1. Make the sample programmable to multiple devices by removing all hard coded credentials. This can be done by setting the CONFIG_APP_LWM2M_PSK Kconfig option to empty value.

  2. Enable bootstrapping using the configuration overlay file overlay-avsystem-bootstrap.conf or overlay-leshan-bootstrap.conf. Bootstrapping is required for an LwM2M Client to rotate security credentials.

  3. Prepare the production script or steps for your nRF91 Series device.

  4. Program the sample.