We are bringing support for DPS's Symmetric Key attestation shortly (https://docs.microsoft.com/en-us/azure/iot-dps/how-to-legacy-device-symm-key). We are trying to get this in the February release. This method does not require a TPM.

The x.509 certificate attestation is also in the plan, but requires some changes in the IoT Hub service to work effectively. At this point, the best guidance I can give is after February and before July. I'll update the thread here if this changes or becomes more concrete.

from iotedge.

Hello @nhuurnink,

I am not sure there is a way to do this on the IoTHub. Symmetric keys and X.509 authentication seems to be an either/or propostion.

Ideally, we'd want to provide you with X.509 DPS support on IoT Edge, which is a feature we very much want to support. One of the things I can do is make sure to communicate the need for it during planning.

from iotedge.

Thank you, that would be great, otherwise there isn't much use for IoT Edge in production scenarios where a TPM module is not guaranteed.

I'm not going to provision 100k devices by hand :)

from iotedge.

@ilyas-it83 This support will be available in 1.0.9 release we're targeting for release by end of Sep. You can watch the azure-iotedge releases repo to get notified when the release goes live.

from iotedge.

Hey @darobs ,
I'm working on automatic provisioning for IoT Edge devices too and had the same question as @nhuurnink .

I would highly appreciate any update or a tentative date on release of X. 509 certificate attestation for IOT Edge devices to enable automatic device provisioning.

from iotedge.

Hey @darobs
Any update to this issue ? I really need to provision an edge device without TPM automatically (using DPS).
Thanks a lot

from iotedge.

Hi @myagley ,
Does azure iot edge support Symmetric Key dps Provisioning now.
When I change the provisioning type, I can't start azure iot edge.

the iot edge status
`
pi@raspberrypi:/etc/iotedge $ systemctl status iotedge
● iotedge.service - Azure IoT Edge daemon
Loaded: loaded (/lib/systemd/system/iotedge.service; enabled; vendor preset: enabled)
Active: inactive (dead) (Result: exit-code) since Fri 2019-06-28 16:55:06 CST; 17min ago
Docs: man:iotedged(8)
Process: 16015 ExecStart=/usr/bin/iotedged -c /etc/iotedge/config.yaml (code=exited, status=1/FAILURE)
Main PID: 16015 (code=exited, status=1/FAILURE)
CPU: 13ms

6月 28 16:55:06 raspberrypi systemd[1]: iotedge.service: Unit entered failed state.
6月 28 16:55:06 raspberrypi systemd[1]: iotedge.service: Failed with result 'exit-code'.
6月 28 16:55:06 raspberrypi systemd[1]: iotedge.service: Service hold-off time over, scheduling restart.
6月 28 16:55:06 raspberrypi systemd[1]: Stopped Azure IoT Edge daemon.
6月 28 16:55:06 raspberrypi systemd[1]: Dependency failed for Azure IoT Edge daemon.
6月 28 16:55:06 raspberrypi systemd[1]: iotedge.service: Job iotedge.service/start failed with result 'dependency'.
the /etc/iotedge/config.yaml file

DPS symmetric key provisioning configuration

provisioning:
source: "dps"
global_endpoint: "https://global.azure-devices-provisioning.net"
scope_id: "0ne00xxxxxxx68"
attestation:
method: "symmetric_key"
registration_id: "dps-iotedgedevice-002"
symmetric_key: "Pk8v+zaUQIg0dQxxxxxxxxxxsXKlZwWw3WCqWk2GE="
`

from iotedge.

Whats the status of X509 support for IoT Edge with DPS?

from iotedge.

@ilyas-it83 @nhuurnink closing issue, please re-open if necessary.

from iotedge.