Factory provisioning overview
Factory provisioning is the process of injecting IoT devices with certificates, keys, and device and cloud-related configuration to enable the devices to connect to your Pelion Device Management account securely.
While the device and cloud-related configuration might be identical for large batches of manufactured devices, the certificates and keys you inject onto each device are unique and - particularly the private key of the device - must be secured.
Factory Configurator Utility (FCU) is a Python package you can integrate with the tool you use in the factory to inject data onto your devices.
FCU enables you to pre-configure general device and cloud-related configuration for large batches of devices using a configuration template, and then generate device-specific keys and certificates on the factory floor.
To enhance security, Factory Configurator Client (FCC), which is part of Device Management Client, enables generating device keys directly on the device so that the private key is never exposed to any other people or devices.
Using FCU to create and bundle all provisioning information
We recommend using the full functionality provided by FCU to create and bundle all certificates, keys and configuration.
To do so, set up FCU as your factory CA and upload the FCU CA certificate to Device Management so that FCU can sign your device certificates and Device Management can authenticate your IoT devices based on your FCU CA certificate.
Using FCU with device keys and certificates provided by an external certificate authority
You can also use FCU with keys and certificates supplied by an external CA, or with a pre-provisioned ATECC608A secure element.
In this case, you use FCU to templatize your device and cloud-related configuration and create bundles of all of the data that your factory tool must inject onto each device.
Factory provisioning without FCU
You can use your own tools to provision the required configuration and credentials onto your IoT devices in the correct format.
Setting up FCU
Integrating FCU with a factory tool
Setting up a factory CA
Integrating Device Management Client APIs into your device application for provisioning
- Writing a device application for provisioning using FCU
- Writing a device application for provisioning without FCU
- Working with the reference implementation of the Device Management Client provisioning APIs (factory-configurator-client-example)
End-to-end tutorials: using FCU with a factory tool for factory provisioning
- Factory tool demo
- End-to-end factory provisioning, including setting up your devices for firmware updates