Mistake on this page? Email us

Integrating Secure Factory CLI with your factory tool

Secure Factory CLI authenticates provisioning requests from the factory floor to Secure Factory Service, and delivers encrypted credentials and other parameters, which Secure Factory Service provisions, to the device. To this end, you must integrate Secure Factory CLI with a factory tool that can communicate with devices on your factory floor.

To provision a device, your factory tool must perform a series of operations in sequence:

  1. Generate a new device initialization request:

    factory_tool new_device DEVICE_SESSION_ID
    

    Secure Factory CLI returns a response in hexadecimal format.

  2. Send the response, in bytes, as a request to the device.

  3. Collect the response from the device and pass it, in hexadecimal format, to Secure Factory CLI to generate a device provisioning request:

    factory_tool get_device_configuration DEVICE_SESSION_ID RESPONSE
    
  4. Send a request to the device, and collect the response.

  5. Collect the response from the device and pass it, in hexadecimal format, to finalize device manufacturing:

    factory_tool handle_device_response DEVICE_SESSION_ID RESPONSE
    

For more information about Secure Factory CLI commands, see Using the Secure Factory CLI commands.

Flow example

This is an example of a successful provisioning flow:

  1. The factory tool generates a new device initialization request:

    factory_tool new_device e78d9c272156fb9b1a5c
    

    Where e78d9c272156fb9b1a5c is the identifier used for this device (DEVICE_SESSION_ID).

    Secure Factory CLI returns a response:

    SCP 256
    PAYLOAD 01810000
    

    The factory tool sends the payload to the device.

  2. The factory tool generates a device provisioning request with the response from the device:

    factory_tool get_device_configuration e78d9c272156fb9b1a5c 010497124c2079e6083adc302d878d038ef18fec6c3b1b9047da0fa143367243c145da88f2a056a2667a0deb2b96eaa40f85ef282a0bed6700e2a10eec45911e141316002ed5a683fc34337763513ab01b12e491dae270de82df
    

    Secure Factory CLI returns a response:

    SCP 257
    PAYLOAD 353d3153a9f224b0449c89267849856fd41611062654f17c28e949e73e88869a97cd2e7ebdeed27704071b1fcd097f7ae9a47b0fa63005a2907386a5cca38dfbbd50be77c30d61e8088fd89a26414841daaad28e3cb4dcaaef664ecbe46c4d10819f29e029d35c6dc4450d731eddd328fb24d190fa3c0516892f0b762a2a89dd0bcb4d040892ad6266612b8f19e8e5516c74b899ea5094d0a19bd2b0bd65edf08e07cac59d02a4d4ea06ab3ff438a67d2b5cf4d9fda07d132c54b56b62c406e62a0d1657f5856f065bfd88f846a804b5e2de07114022311f40fd539c317c2694fbeccd0d15db23ea8bd2b5eae67ab29793ed31195fce13af0347fb3f8b86996b30d3f887336448f421f3bf8aa4148f680afe79d8cd3984a77b7dacb4033e8ae5ef0543f33d338e9ebcd39fee3c6d56066ca7169930c2ccea8d749607f67ba74c3c9527e90c5897880b698d2829e6d29408228d04b46fa09c78e8bf5647afcbb00a912e74988ec2acf6bc1ea6e8139bdac63b89ea1bae0ae904af5af2d771d3c335c508d272171ab1365eae7f0a524ab597edd99a9645d3dc92ca6b4bde893789196b7952541d6f39c15a7cf7477d8041696101a3d35a221cdd14dbad404293f9277bbcb5d75ac7569a84b84cb3ecede9fad6aebaf698b0d39d0272ae8098db54c5c6eef0f6f7c5e7ab38abf07e6bd24584c0ae43b056bda08d255add43d6185a8f15f15c3c1b18d9d2f360674faa8be2b6fb5bc1bd87d3c24de7756bf34f7c281b6766c874803ba0103c8b3b2b841566c2a45f1638c32575f4e515f89854b20d528d09046f3e3b2edd082f670efe9c9a450dd26db688fa19566c513a27f3ebf8c69feee8587a588f04c8138db4284b27b653118c7038bb233aacf6381e60609f45115eaea5a95e0ca3749e7e5731fadf245cd8fd2a245c86b3e8709788ea51ec595fe432a536a3063dc2a6418df1f272ce5d98b1719eb7e64ddce466685952a7d723b5885c57ba0f4d0fbf5f034efa9c2c3a4dffccc7fc1f7b654bb6d9dbb60e6f158ff6f8b90d8989bdfc45d7b86db7af1547274f433ca9d11961fd7c9350d26e1f279aec3afd403fb82b265deb32987d0240e6a6342cac81d727932f481300ba1ad278706b1369f0c008ae1be936d3f4471fa86fc6b85850722173ba9fadb8a90a1202326086ad46b939ae0c05388918cef0be0d4f8a4150a99d71f0ca5850dbcc6f22ee8df108d11af00d4f0e17f0af2941f4ed54b2889c80e46d6b6781cf55a90cca05e19f1c3f8adad790ac06247fc5a353824de0d07446637dc06d6cc84bc13a904a945d01d3648ce2ef0b0d90fc91fc69d09c69dbe1d2be51dddb955f7c8ca02af0b7bbf642a50f632dc03ca526438600c656588e481458965169dcd20c42495765a4d293d3931ddf2d2de4dca4e76fd59a12a8948ceac77079d767da5e4975e503790ff13e3e7f0b1b9f26d82a9571e2e8860198ec10b1d7a1760a7922a92058dc1eb6652164a3974209d788c434ecb187e12c7b9338150cbb9c2282299887d22db9e2218df7957571f9632cf0e6efc80d0538180395ca6d60d70fb69a3b5b24b6ec10aaf993e614f49e2df99dd368f1111027fa68a849cb3e75169b6847fa1db3fb7e42b97055f7f611047e7db4968940ec0b1b9272a129d25cd3d6d57e8a891cf96192b51e2efdbc24001f87d5bbf80da66989d2da5e2175c76d579b7c5db5f7a49c8a8d203453e1fcd78d26bd4300246c59c6e1f044e2b8e66344081cb4dca152d25292fd2ffcc5a68833dc90775990e24544dfbe2d5b990519f7603e7b058d31e52362b344a19f50312956777ffa8a08e1a83f846bfaf15a4fad53a98bbf7721355a676876754095ca0ae79f5b3de274cb596df047d74a6c0cc8b59f6ec24492ba50f0f58cd4bb44cfe75144379e94aa381a6d5aa1bfeeac89f55caa27494eb3f39e1933ef41f7e57058d3be5ee9e3dcdcd9ebe21d661717a9ada84e447bd72d08f64cd4b0a7a197f6fbe08f4ec9c96bfad17507166601296715c4ee7af4ed63161a963ab80a100a72c2abf97a807de94380b2db0713f377b0f711418897edb48cd4961e1046bdbd30b60c78f3470d84e9b664004c82a119a6ea0e1e740212e50b2d74003ae02706d8486e2bea7131922c2e6b1301a2a912dd99a49dbcf71cd64b152980a335e9c419123b05a88fadfaee54840380b254b2093b0a40df6814aa5c94e9cc7cfec97033a21bd5a7226900d312888d71354cc237376943f37a292cec9e94383949534ec66ee80bc9b405fe0ece2546f844c19a7f953be835ae6042b2b6106b5b12a92b6453c8d6a5a6cf685d93cc24c03de6d8157e4a7e73f82e08f047a4d6f6607dc6ceb5d0449444467806b0efd1738f0eac87543e15e78ed121f46ddcd61148f3b7fa78d7ae0ac3f984f5a6e9ebd7ae66825f6b5c060127abe1d08b083718ede159605ea3ea8e9ba777bbba34f6112028760838a8680fcaecf7315637e8311c282be4be1fd78654186a0173ed201cb2564621def92dbb0ac94179439db5e15af23e9a807d3ebbdb6b3aaf45a2c0a088d4f9190d2cd5479858b529f48ef18a45dad1923d561e0a8594a423369feb6c9c7d3f51bbbbc32d8a78a55a81d5243c18e136f0e08c11121ac6032f29b042349758e1cea2f6d80aa9baecd57f370234cb6b17f67cef128dff55116e34af8c2a3bf8875381ea7a634feccff0770cd850bf741c79ba418866e04fc9ab8a2b0b7ff8193360e697f6596270017fca7d58816338a17df239ae0fd2088bc2469876ca7745a1f7b2
    

    The factory tool sends the payload to the device.

  3. The factory tool finalizes device manufacturing with the response from the device:

    factory_tool handle_device_response e78d9c272156fb9b1a5c 0a00fcedf4fc51e662058ab2000000000000000000000000
    

    Secure Factory CLI returns:

    FINGERPRINT e603eb9d1cb55d2288cb639fccf30e1687f5bb90
    

    Where FINGERPRINT is the device certificate fingerprint. The factory tool can log the fingerprint for future reference.

Factory tool and device error scenarios

Errors in the communication between the factory tool and the device can occur for various reasons, including:

  • Connectivity issues.
  • Device firmware issues; for example, if the device firmware is not aware of a command or cannot parse the provided message.
  • Factory tool-related issues.

A Factory Init command to the device might fail for various reasons, including:

  • Device cannot generate a key pair.
  • Device firmware does not recognize factory ID to resolve its public key.

A Factory Provisioning command to the device might fail for various reasons, including:

  • Device cannot allocate memory to handle the provisioning request.
  • Device cannot decrypt message.

If an error occurs after the device initialization request, the factory tool must report a device malfunction:

factory_tool report_error DEVICE_SESSION_ID ERROR_CODE ERROR_REASON

Rerun the new_device command after resolving the error.