Reputation: 1
TPM provisioning on Windows 10 IoT Enterprise
I have a UWP background app running on Windows 10 IoT Enterprise. Currently I am in the audit mode and setting up everything. I need help with the steps to setup TPM so that I can provision my device via UWP and connect to Azure IoT Hub using Azure DPS(TPM route). My code is below BOLDED line produces an exception: Exception thrown: 'Microsoft.Azure.Devices.Provisioning.Client.ProvisioningTransportException' in System.Private.CoreLib.dll Exception when provisioning device AMQP transport exception
try
{
var provClient = ProvisioningDeviceClient.Create(GlobalDeviceEndpoint,
IdScope, security, transport);
if (provClient == null)
{
_logger.Error("Failed to create provClient.");
return false;
}
**DeviceRegistrationResult result = await provClient.RegisterAsync();**
if (result.Status != ProvisioningRegistrationStatusType.Assigned)
{
_logger.Error($"Registration failed, status {result.Status}");
return false;
}
if (DeviceId == result.DeviceId) // as expected == comp name
{
AssignedIoTHub = result.AssignedHub;
ApplicationSettings.SaveIoTConnectionParameters(AssignedIoTHub);
_logger.Info($"Device {DeviceId} registered to {AssignedIoTHub}");
}
I am expecting that since I already have configured the Individual Enrollment on Azure DPS using [https://learn.microsoft.com/en-us/azure/iot-dps/how-to-manage-enrollments?tabs=x509#create-a-tpm-individual-enrollment] I should have a Device created and connected on Azure IoT Hub but I get exception. Are there any particular settings to take care of for Windows 10 IoT Enterprise because the same thing and code works on Windows 10 IoT Core.
Upvotes: 0
Views: 91
Answers (1)
Reputation: 1243
I have tried the sample code using the document and encountered the same error of an AMQP transport exception. The main cause of this error is that the TpmEndorsementKey generated locally does not match the Azure IoT Hub Device Provisioning Service Endorsement Key (EK).
Make sure you create an enrollment with TPM attestation and use the proper key. I have noticed that using the local EndorsementKey during enrollment creation results in an error. I used the code below to create an enrollment with TPM attestation.
I followed this document to create an Azure Device Provisioning Service individual enrollment for TPM attestation.
private static string ProvisioningConnectionString = "AzureConnectionString";
private const string RegistrationId = "RegistrationId";
private const string TpmEndorsementKey =
"AToAAQALAAMAsgAgg3GXZ0SEs/gakMyNRqXXJP1S124GUgtk8qHaGzMUaaoABgCAAEMAEAgAAAAAAAEAxsj2gUS" +
"cTk1UjuioeTlfGYZrrimExB+bScH75adUMRIi2UOMxG1kw4y+9RW/IVoMl4e620VxZad0ARX2gUqVjYO7KPVt3d" +
"yKhZS3dkcvfBisBhP1XH9B33VqHG9SHnbnQXdBUaCgKAfxome8UmBKfe+naTsE5fkvjb/do3/dD6l4sGBwFCnKR" +
"dln4XpM03zLpoHFao8zOwt8l/uP3qUIxmCYv9A7m69Ms+5/pCkTu/rK4mRDsfhZ0QLfbzVI6zQFOKF/rwsfBtFe" +
"WlWtcuJMKlXdD8TXWElTzgh7JS4qhFzreL0c1mI0GCj+Aws0usZh7dLIVPnlgZcBhgy1SSDQMQ==";
private const string OptionalDeviceId = "myCSharpDevice";
private const ProvisioningStatus OptionalProvisioningStatus = ProvisioningStatus.Enabled;
static async Task Main(string[] args)
{
await RunSample();
Console.WriteLine("\nHit <Enter> to exit ...");
Console.ReadLine();
}
public static async Task RunSample()
{
Console.WriteLine("Starting sample...");
using (ProvisioningServiceClient provisioningServiceClient =
ProvisioningServiceClient.CreateFromConnectionString(ProvisioningConnectionString))
{
#region Create a new individualEnrollment config
Console.WriteLine("\nCreating a new individualEnrollment object...");
Attestation attestation = new TpmAttestation(TpmEndorsementKey);
IndividualEnrollment individualEnrollment =
new IndividualEnrollment(
RegistrationId,
attestation);
individualEnrollment.DeviceId = OptionalDeviceId;
individualEnrollment.ProvisioningStatus = OptionalProvisioningStatus;
Console.WriteLine("\nAdding the individualEnrollment to the provisioning service...");
IndividualEnrollment individualEnrollmentResult =
await provisioningServiceClient.CreateOrUpdateIndividualEnrollmentAsync(individualEnrollment).ConfigureAwait(false);
Console.WriteLine("\nIndividualEnrollment created with success.");
Console.WriteLine(individualEnrollmentResult);
}
}
Output:
Additionally, add the Azure IoT Hub Device code to the above code with simulated TPM from this GitHub repository for registering with the device provisioning service.
Output:
Upvotes: 0
Related Questions
- malformed token exception from azure provisioning service
- Authenticate IoT devices registered via DPS group enrollment using TPM
- How to send custom payload while provisioning device in Azure IoT?
- Unauthorized exception when using Azure IoT Hub Device Provisioning Service (DPS)
- How to uninstall the TPM simulator and use the real TPM chip on raspberry pi?
- Azure IOT hub provisioning error: AMQP transport exception IotHubUnauthorizedAccess 401002
- Azure IoT Hub Unauthorized Access for Additional Devices
- c# Azure IOT Edge Auto-provision with Device Provisioning Service(DPS) with x509 certificate sample needed
- Azure Provisioning service example not working for node
- Azure IoT Hub with x509 certificate and TPM