Legacy V2 TPM Provisioning and Connection

Overview

This section explains how to provision a gateway and how to connect to the Azure IoT Services using a TPM-enabled gateway.
The Provisioning section describes how to provision a gateway into the Azure Portal.
The Create a TPM cloud connection section describes how to create a new cloud connection in ESF and how to configure and use the TPM in the gateway to connect and authenticate into the selected Azure IoT Service.

Provisioning

TPM Provisioning can be accomplished in two ways:

  • Adding a new enrollment to Device Provisioning Service
  • Adding a device to IoT Central Applications

ESF TPMInfoService

The Azure cloudconnection provider has created a new service: TPMInfoService, containing the parameters of the TPM detected on the gateway.

Using Device Provisioning Service to provision device

Add a new individual enrollment to your Device Provisioning Service under Manage enrollments:

Select Mechanism = TPM, Copy/Paste the Endorsement key and the Registration ID, and enter the MAC address of the gateway in the IoT Hub Device ID

Using IoT Central Applications to provision device

Prerequisites

In order to provision your device with TPM credentials using IoT Central Applications, you must first create an application. Instructions on how to create your own IoT Central application can be found
here.

Create a device

You must Create your device in your Azure IoT Central Application before provisioning using TPM credentials.

Connect device

Click on your device from the Devices page and click Connect

Set the Connection method to "Individual enrollment" and Mechanism to "TPM".

Copy/paste theEndorsement Key from the ESF TPMInfoService.

Create a TPM cloud connection

In ESF Web interface, create a new Cloud Connection using Factory AzureTPMCloudEndpoint

There are two methods of connection using Azure IoT Portal:

  • Connect using Azure IoT Hub
  • Connect using Azure IoT Central

Configure connection using Azure IoT Hub

Select the new connection and configure TpmMqttDataTransport with the Azure Scope ID and Azure Global Endpoint from properties in your Azure Device Provisioning Service account.

Navigate to your Azure Device Provisioning Service and copy the ID Scope and Global device endpoint to the Azure Scope ID and Azure Global Endpoint of the ESF Cloud Connection TpmMqttDataTransport.

When the AzureTPMCloudEndpoint is connected, check in Azure Portal that the device has been registered.

When the gateway connects for the first time, a Device is created in the IoT Hub, your device will appear under IoT devices.

Configure connection using Azure IoT Central

Select the new connection and configure TpmMqttDataTransport with the Azure Scope ID from your Azure Device Provisioning Service and Azure Global Endpoint from your Azure IoT Central Application account.

Navigate to your Azure Device Provisioning Service account and copy the Global device endpoint to the Azure Global Endpoint of the ESF Cloud Connection TpmMqttDataTransport.

Navigate to your Azure IoT Central Application account. Select Administration -> Device connection and copy the ID Scope to the Azure Scope ID in TpmMqttDataTransport.

When the device connects for the first time, you will see a new status of "Provisioned" on the Devices page for your Device in your IoT Central Application account.