This section lists the steps to onboard a gateway using the Trusted Platform Module based authentication method.

Prerequisites

  • You must have the CREATE DEVICE permission to perform this operation.
  • You must have installed the IoTC Agent on your gateway.
  • You must have created a device template with TPM Based as the Provider Type, and it must be available on the VMware Pulse IoT Center console.
  • You must know the name that you want to assign to your gateway in the VMware Pulse IoT Center console.
  • You must enable TPM from your gateway's BIOS settings.

Procedure

  1. From the VMware Pulse IoT Center UI, go to Inventory > Devices.
    The Devices - All Devices page is displayed.
  2. Click REGISTER.
    The Register Gateway wizard is displayed.
  3. Enter your gateway name and select the device template that has the TPM-Based authentication method enabled to associate with your gateway.
  4. Click REGISTER.
    Your gateway is registered and is listed in the Devices - All Devices page.
  5. To enroll your gateway, create a credential :
    1. Log in to your gateway and run the fingerprint command to generate the TPM Endorsement Public Key: 
      [root@localhost bin]# ./fingerprint xyz
{
"name": "xyz",
"machine.address": [
"00:01:C0:23:22:CD",
"00:01:C0:23:22:E0"
],
"tpm.ek.public": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtcjmahxIIdvvtIqgYn/xeMS3xy7MSAmD1Th9MDbDR9HVepiDD92OJwb5ARDjYnEUCRlrNfWGV5iXLZDQ7i8h4953GZhPLwK4x0MVcjPtPD8Of5fXxdPepuLFl8IPh4zPU9GAaTnY1+jkK8ccQP57iqBUDBZa2UU6z+VcWjAf7fnXzHug0meWExMFSMTi5qne7sNVbf8x54W6AceGO1KKSEKZpUWs0heTKIQBg4dZ3kWgws8HSvg07bd81CZPnaL0EHuaShboZnRXcTErN7a86bOJGUlD23CPJHk6Gt1XaqJrFthfWRWqLHbao3XxFkmh2vacXc5Ifs+CssTjbSzdNQIDAQAB",
"tpm.pcrs.sha256": [
"85749DAD791A4125477BF1454958D4647A95FC41A08219E9387F6546C4121E19",
"7B7228F53616F5E08E28408195E4185A051769910303C7CF5C5F6F424D5852DB",
"3D458CFE55CC03EA1F443F1562BEEC8DF51C75E14A9FCF9A7234A13F198E7969",
"3D458CFE55CC03EA1F443F1562BEEC8DF51C75E14A9FCF9A7234A13F198E7969",
"3B797EDC3BFB790010B485156AA52936A3D7AA87B9106D7C162C17CA1C840B5F",
"B3A66804696158C623E1793BF07FB3157269C4F10A0F09EA405683E9D4B04097",
"3D458CFE55CC03EA1F443F1562BEEC8DF51C75E14A9FCF9A7234A13F198E7969",
"B5710BF57D25623E4019027DA116821FA99F5C81E9E38B87671CC574F9281439",
"4A8DC3CBC1A0D2434FB61B103ED79A9B05702935D92C94643F84D312C100C75A",
"D01A23BE3296064075393AA584E5646B182210FF3D03594893F35542BB022B39",
"31E21E1644983F4E013CE13476AB20424362FFFCFB31CF22AE491E56E2C20A1D",
"0000000000000000000000000000000000000000000000000000000000000000",
"0000000000000000000000000000000000000000000000000000000000000000",
"0000000000000000000000000000000000000000000000000000000000000000",
"0000000000000000000000000000000000000000000000000000000000000000",
"0000000000000000000000000000000000000000000000000000000000000000"
]
}
JSON file successfully generated
    2. Copy the TPM Endorsement Public Key to your clipboard.
    3. In the VMware Pulse IoT Center console, navigate to the Inventory > Devices page and select the gateway to enroll.
    4. In the Devices -All Devices page, click the Actions drop-down menu and select Create Gateway Credentials.
    5. Paste the TPM Endorsement Public Key and click CREATE.
  6. To enroll, log in to your TPM enabled gateway and run the following command: 
    /opt/vmware/iotc-agent/bin/DefaultClient  enroll --auth-type=TPM
  7. To enable your TPM enabled gateway for an automatic enrollment, perform the following steps:
    1. Go to /opt/vmware/iotc-agent/conf/iotc-agent.cfg.
      The iotc-agent.cfg file lists the details about your gateway enrollment.
    2. Scroll down to the autoEnrollmentType parameter and change its value to 1.
      This enables your registered gateway to be enrolled automatically.
    3. You can also configure the retry interval by specifying a autoEnrollRetryIntervalSeconds value. The VMware Pulse IoT Center server tries to enroll your allowed gateway after the specified interval. The default interval value is 300 seconds.
    4. Save the configuration and restart the VMware Pulse IoTC Agent.
      The following example is a sample iotc-agent.cfg file for auto enrollment: 
      /opt/vmware/iotc-agent/conf/iotc-agent.cfg
Auto Enrollment:
# Auto enrollment of a registered gateway. 0 - No auto enrollment and 1 - TPM based
autoEnrollmentType = 1
# Enrollment retry interval in seconds, should be > 0
autoEnrollRetryIntervalSeconds = 300

Results

You have successfully enrolled a TPM enabled gateway.