Abstract
這場由 FreeRTOS 創始人 Richard Barry 所帶來的議程,有助於快速理解,當要面對大量規模開發與部屬物聯網邊緣裝置 (IoT edge device) 所會面對的重點架構、流程與細節。
當然所有架構、流程與細節我們都可以選擇自己實作,或是選擇市場上既有的方案,例如像是 FreeRTOS 這樣的開源專案,且 FreeRTOS 專案已與 AWS IoT 各種服務(如建立加密金鑰、建立加密通訊通道、資料傳輸)等基本服務完成串接。在技術選型的過程中,讓產品開發團隊有更多選項與彈性。
這場議程推薦給「想要快速掌握物聯網邊緣裝置 (IoT edge device) 開發選項與部屬架構、流程 」的大家。
內容大綱
Topic
Developing and deploying modern edge applications at scale
Speaker
- Richard Barry, AWS Speaker (Senior Principal Engineer, IoT, AWS) (FreeRTOS Founder!)
Content
What to expect from this session
- Learn about AWS options for device software
- Understand the value AWS provides to the FreeRTOS user base
- Look at the functionality of new libraries
- See how to use that functionality in your projects
- See how to use that functionality at a huge scale
AWS IoT
Device and cloud software
Options for device software
在邊緣裝置 (edge device) 上頭開發軟體有這幾種選項,
- AWS IoT Device SDKs
- FreeRTOS
- AWS IoT Greengrass
- (自己生一個也是可以的:)
FreeRTOS
Growing user base over 18 years
The yellow line indicates switching to GitHub repo base.
Amazon’s contributions to the community
- Global presence
- New functionality
- Kernel ports and enhancements
- Simplified licensing so open with no lock-in
- Professional incidence response processes
- Security expertise
- Long-term support
Free RTOS: Latest capabilities
IoT reference integrations (devices.amazonaws.com)
Reference integrations: Internal view
Refactoring for distribution from FreeRTOS.org
- AWS IoT Device SDK for Embedded C (used by reference integrations)
- Standard protocols
- MQTT
- HTTP
- PKCS #11
- Etc.
- AWS IoT Device SDK for Embedded C
- Shadow client
- Job client
- OTA
- Etc.
- Standard protocols
Libraries in FreeRTOS and AWS GitHub accounts
- Use cases
- Mix-and-match functionality and runtime model
- Partner distributions, CMSIS pack, etc.
- “Classic” FreeRTOS distribution
- FreeRTOS IoT reference integrations
Creating and updateing connected applications
Use case 1: Updating brownfield applications
coreMQTT network interface
static MQTTStatus_t prvCreateMQTTConectionWithBroker( MQTTContext_t * pxMQTTContext,
NetworkContext_t * pxNetworkContext )
{
MQTTStatus_t xResult;
MQTTConnectionInfo_t xConnectInfo;
TransportInterface_t xTransport;
/* Fill in Transport Interface send and receive function pointers. */
xTransport.pNetworkContext = pxNetworkContext;
xTransport.send = my_tls_send_function;
xTransport.recv = my_tls_recv_function;
/* Initialize MQTT library. */
xResult = MQTT_Init( pxMQTTContext, &xTransport, prvGetTimeMs, prvEventCallback, &xBuffer );
return xResult;
}
Single-threaded code example: Publish()
static void prvMQTTPublishToTopic( MQTTContext_t * pxMQTTContext )
{
MQTTStatus_t xResult;
MQTTPublishInfo_t xMQTTPublishInfo;
/* Some fields are not used by this demo so start with everything at 0. */
memset( (void * ) &xMQTTPublishInfo, 0x00, sizeof( xMQTTPublishInfo ) );
/* This demo use QoS0. */
xMQTTPublishInfo.qos = MQTTQoS1;
xMQTTPublishInfo.retain = false;
xMQTTPublishInfo.pTopicName = mqttexampleTOPIC;
xMQTTPublishInfo.topicNameLength = ( uint16_t ) strlen( mqttexampleTOPIC );
xMQTTPublishInfo.pPayload = mqttexampleMESSAGE;
xMQTTPublishInfo.payloadLength = strlen( mqttexampleMESSAGE );
/* Send PUBLISH packet. Packet ID is not used for a QoS0 publish. */
xResult = MQTT_Publish( pxMQTTContext, &xMQTTPublishInfo, 0U );
assert( xResult == MQTTSuccess );
}
Single-threaded code example: ProcessLoop()
/* Publish messages with Qos0, send and process keep alive messages. */
LogInfo( ( "Publish to the MQTT topic %s.", mqttexampeTOPIC ) );
prvMQTTPublishToTopic ( &xMQTTContext );
/* Process incoming publish echo, since application subscribed to the same
* topic the broker will send publish message back to the application. */
LogInfo( ( "Attempt to receive publish message from broker." ) );
xMQTTStatus = MQTT_ProcessLoop( &xMQTTContext, mqttexamplePROCESS_LOOP_TIMEOUT_MS );
assert( xMQTTStatus == MQTTSuccess );
Use case 2: Multithreaded integration
Making coreMQTT thread safe
Structure of the agent (daemon) task
static void prvMQTTAgentTask( void *pvParameters )
{
for( ;; )
{
/* Wait with timeout for next command. */
xCommand.xCommandType = NONE;
xQueueReceive( xCommandQueue, &xCommand, exampleTICKS_TO_WAIT );
switch( xCommand.xCommandType )
{
case PUBLISH:
pxPublishInfo = xCommand.pxCmdContext->pxPublishInfo;
MQTT_Publish( &globalMqttContext, pxPublishInfo, usPacketId );
break;
case /* Etc. for all other command types. */
}
MQTT_ProcessLoop( &globalMqttContext, 0 );
}
}
Scaling secure IoT applications
Reference integrations: TLS
Authentication (AuthN): Proving your identity
Reference integrations: Provisioning
- Key storage method!
corePKCS #11: API to cryptographic tokens
- Standard: PKCS #11
| FreeRTOS functionality | Required PKCS #11 API family |
|---|---|
| Any | Initialize, Finalize, Open/Close Session, GetSlotList, Login |
| TLS | Random, Sign, FindObject, GetAttributeValue |
| FreeRTOS+TCP | Random |
| Over-the-air update | Verify, Digest, FindObject, GetAttributeValue |
| Provisioning | GenerateKeyPair, CreateObject, DestroyObject, InitToken, GetTokenInfo |
How to do this efficiently at AWS IoT scale?
Provisioning IoT devices at scale
Provisioning and registration options
- Docs: Device provisioning
Just-in-time provisioning
Conclusions
- AWS device software makes secure cloud connectivity easier and faster
- AWS’s stewardship of FreeRTOS has tangible and intangible benefits for all FreeRTOS users
- Device onboarding at AWS scale is challenging; AWS’s provisioning options help overcome that challenge
- Resources