Golioth helps engineers build big fleets, from the first day of prototyping, past when their millionth unit rolls off the production line. For engineers who haven’t gone through every step of the manufacturing process, it can be hard to understand each step that is required.
We simulated manufacturing a ‘mini-fleet’ of devices (10 Thingy91’s) and showed how to provision and reprogram the devices for the field. Many of these steps approximate what you will experience when your device is ready to leave your manufacturing facility.
The video above shows you how to program a ‘bootstrap image’, how to generate and program certificates, how to add devices to a cohort, and how to roll out a new ‘production grade’ image to the finished products. It pulls together many elements of the Golioth Firmware SDK, and some recently released updates to our platform like Cohorts. Let’s take a look a how these steps can improve your production line.
Bootstrap image
After your board or product is manufactured, you want to test it using a default firmware image. This might be code that exercises different parts of the design or enables features and test modes unavailable to your end user. We refer to this as a “bootstrap image”. In addition to the testing capabilities you will want to include, you’ll also want to be able to use this firmware to provision your device onto the Golioth cloud. That’s what the example in the video above shows.
The bootstrap image that Mike created combines the certificate provisioning example from the Golioth Firmware SDK and adds on the AT client example from Nordic semiconductor that will allow us to communicate with the modem using AT commands. That’s how we’ll add certificates to the key storage part of the modem.
Generate and Program Certificates
There is helper code in the Golioth Firmware SDK that generates self-signed certificates and device certificates using openssl. Not shown in the video, we had previously created a project on the Golioth console and used the helper code to generate a root certificate. On camera we use upload the Root CA public certificate to Golioth, and use the helper code with the private root key to sign device certificates. These signed device certificates are how the server knows to trust the device, and where to send device data once it connects through the Golioth CoAP gateway.
Mike created a Python helper script to pass certificates over the USB to serial link. The device uses AT commands to securely store them directly in the modem key store.
Add to a Cohort
Golioth launched Cohorts back in October of 2024, as a new way to organize and deploy updates to your fleet of devices. This is a major upgrade to how our users can interact with a growing number of connected products.
Once the 10 devices have connected to the Golioth Cloud and their device record is created, we can add them to a cohort. We show the process manually using the Console, but it’s also possible to do this programmatically using the Golioth REST API. This will add the device records to a particular group and ready them for an Over-The-Air update. While we show just one Cohort in the video, you may add different cohorts to group devices, for instance, to push different firmware to each Cohort.
Program new image using Over-The-Air (OTA) Updates
Now that all 10 devices are in a cohort, we upload an artifact with the “production grade” firmware, in the video above as notated with 1.4.0. This represents what would be the ‘latest and greatest’ firmware you have available, to ensure all the latest features and bug fixes for your device are included on the new devices rolling off the line. Hopefully you have also implemented Hardware-In-The-Loop testing on your range of devices to ensure your firmware builds are compatible across different versions and configurations of hardware (highly recommended!).
Once we uploaded the new 1.4.0 firmware version, we were able to create a deployment with a single firmware image (though multiples can be bundled). We watched the devices getting notified and as they started downloading the image and sending back logs of the received block numbers. As the devices rebooted into their production grade firmware, new features were unlocked, namely all the features on our Thingy91 demo firmware (which now also supports the Thingy91X).
Build your own
Your custom hardware and firmware will have its own unique set of challenges. Golioth Solutions can help you to stand up an efficient end-of-line test setup, including getting your devices provisioned onto the Golioth Cloud without any hassle. Please get in touch if you’d like help, or hop over to our forum if you’re following the same steps as shown in the video and you’d like help with your custom setup.
No comments yet! Start the discussion at forum.golioth.io