¶ LWM2M bootstrap
Below you will find information about how to use the IoT Bridge to bootstrap LWM2M devices either to itself, or to a 3rd party LWM2M server.
¶ Concepts
- The IoT Bridge can bootstrap devices to itself, or to 3rd party LWM2M servers or both depending on your configuration.
- The bootstrap process is managed in one of two ways:
- If you do not have a trigger defined on the
lwm2m-bootstrapevent, then devices will automatically bootstrap to the IoT Bridge on its public URL using the lifetime defined in the service associated with the endpoint. This means that youc an bootstrap out of the box. - If you define a trigger on the
lwm2m-bootstrapevent, you can use thetrigger.reply()function to return bootstrap information to the LWM2M server.
- If you do not have a trigger defined on the
- Bootstrapping via a trigger allows programatic configuration of devices, for example when a device bootstraps you can query information from Azure IoT Hub or another web service or database to determine how to configure the device.
- When bootstrapping a device to the IoT Bridge that handles the bootstrap, you can use
self: trueto automatically generate keys for the communications to ensure maximum security.
¶ Importing the Solution Template
- Click Solution Templates at the bottom of any page.
- Select the LWM2M Bootstrap Examples template and click Import.
- Select the option to Start Triggers this will automatically start all of the new triggers upon import.
- Click Import to create the resources in the IoT Bridge.
¶ Understanding the solution
Below you will find descriptions of the triggers that were imported, it is important to note that only a single bootstrap trigger should be started at any time, or in more-advanced solutions, only one trigger should respond to any given bootstrap request.
¶ Triggers
1. LWM2M Bootstrap to IOTB
This is the simplest example of configuring the bootstrap process to bootstrap the device to the IoT Bridge using pre-shared key authentication and set a 60 second lifetime.
var bootstrap = {
clearSecurityObjects: true,
clearServerObjects: true,
clearAclObjects: true,
servers: [
{
shortServerId: 99,
self: true,
//secMode: 'nosec',
secMode: 'psk',
lifetime: 60,
disableTimeout: 86400,
binding: 'UQ',
}
]
}
trigger.reply(bootstrap)
2. LWM2M Bootstrap to Leshan with DTLS
This trigger example shows how to use the IoT Bridge to bootstrap a device to Leshan using DTLS. You can see below the configuration of the keys for the leshan connection.
var bootstrap = {
clearSecurityObjects: true,
clearServerObjects: true,
clearAclObjects: true,
servers: [
{
shortServerId: 101,
serverUri: 'coaps://leshan.eclipseprojects.io:5684',
//secMode: 'nosec',
secMode: 'psk',
identityString: 'client',
pskHex: '22334455667788990011',
lifetime: 60,
disableTimeout: 86400,
binding: 'UQ',
}
]
}
trigger.reply(bootstrap)
3. LWM2M Bootstrap to IOTB and Leshan
This trigger shows how to perform a multiple server bootstrap, it also shows how to device ACLs to be defined on the devices such that access can be limited to different servers.
var bootstrap = {
clearSecurityObjects: true,
clearServerObjects: true,
clearAclObjects: true,
servers: [
{
shortServerId: 99,
self: true, // sets serverUri, and auto-generates identity/PSK
secMode: 'psk',
lifetime: 60,
disableTimeout: 86400,
defaultMinPeriod: 10,
defaultMaxPeriod: 30,
binding: 'UQ',
},
{
shortServerId: 101,
serverUri: 'coap://leshan.eclipseprojects.io:5683',
secMode: 'nosec',
lifetime: 60,
disableTimeout: 86400,
defaultMinPeriod: 10,
defaultMaxPeriod: 30,
binding: 'UQ',
}
]/*,
acls: [
{
objectId: 4,
instanceId: 0,
rules: {
'99': 'r',
'101': 'rwedc'
},
owner: 65535
}
]*/
}
trigger.reply(bootstrap)
4. LWM2M Object creation on bootstrap
While it is not in the examples, below you will find an example of bootstrapping a device, and defining an object instance to trigger behavior in the client.
var bootstrap = {
clearSecurityObjects: true,
clearServerObjects: true,
clearAclObjects: true,
servers: [
{
shortServerId: 99,
self: true,
//secMode: 'nosec',
secMode: 'psk',
lifetime: 60,
disableTimeout: 86400,
binding: 'UQ',
}
],
objects: {
// define which objects should be created on bootstrap
'10250': { '0': null}
}
}
trigger.reply(bootstrap)
¶ Important Notes
When using
self: truekeys are randomly generated each time the device bootstraps, this ensures that the security session for a device only lasts until the next bootstrap occurs. The flip side of this security measure is that it may be difficult to decode any packet captures due to the randomly generated keys that, by design, are not stored in any historical store.