> For the complete documentation index, see [llms.txt](https://docs.rddl.io/rddl-network/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.rddl.io/rddl-network/getting-started/getting-connected/onboarding-machines-to-the-rddl-network/registration-of-machine-id-and-attesting-to-the-network.md). # Registration of Machine ID and Attesting to the Network Every piece of hardware interacting with RDDL Network needs to be attested before it can start interacting. RDDL Networks assumes that hardware comes with a hardware secure element, such as integrated into the Trust Anchor, and expects that Trust Anchors are registered to the network before the interaction starts. Trust Anchors are identified via a public/private key pair that is provisioned to them and might never change. The public key is registered to the chain via the TrustAnchor Attestation service: . The service deploys new random identities to downloaded firmware and, in the case of the testnet, allows the registration of public keys in the format of a string of characters representing the [bytes of the public secp256k1 public key](https://github.com/rddl-network/ta_attest/blob/main/cmd/ta/main.go#L203). {% hint style="info" %} The machineID and the corresponding public-private key pair are used for the machine's onboarding onto the network. This key pair is unrelated to the key material used to interact with the chain directly (e.g., to sign transactions, hold funds, etc.). {% endhint %} RDDL Network expects HW OEM vendors to register their devices on the chain so that they can start interacting after attesting their machines. The RDDL testnet allows more flexible handling of the machineID to ease the onboarding of new hardware and machines. Details about the workflows can be found at Connecting Your[ Machine to the Network](/rddl-network/getting-started/getting-connected/onboarding-machines-to-the-rddl-network.md)[.](/rddl-network/getting-started/getting-connected/onboarding-machines-to-the-rddl-network.md) *** If you want to work with the Testnet **AND** The Mainnet, you can use Machines with unique Firmware or Machines with a Secure Element. If you want to learn with the Testnet, you can simply use Machines with a self-registered Public Key. Be aware that these Machines are not supported on the Main net.\\ ## Testnet + Mainnet: ### 1. Machines with unique Firmware The sequence diagram below shows how a unique firmware is created. The randomly inserted private injected key makes the firmware unique. The corresponding public key is notarized on Planetmint after that. ```mermaid sequenceDiagram participant Operator participant Machine participant TA-Attest participant Planetmint Operator->>TA-Attest: query Firmware with pre-attested MACHINE ID TA-Attest->>TA-Attest: generate new random MACHINE ID public/private keys TA-Attest->>TA-Attest: patch firmware with private key TA-Attest->>Planetmint: attest TA identity (public key) TA-Attest->>Operator: return unique firmware Operator->>Machine: flash firmware Operator->>Machine: configure Machine: Mnemonic, PublicKeys, Planetmint-API, -Denom, -ChainID alt fund machine Operator->>Planetmint: fund machine else create account Operator->>TA-Attest: create account: MachineID, MachineIDSignature, PlanetmintAddress TA-Attest->>Planetmint: request TA status Planetmint-->>TA-Attest: TA status {activated: true/false} TA-Attest->>Planetmint: fund machine for self attestation end Machine->>Planetmint: Attest machine loop Machine->>Planetmint: notarize CID/asset Machine-->Planetmint: Proof of Productivity end ``` The Tasmota reference implementation can be downloaded from * for ESP32 devices * for ESP32C3 devices. The download will include the previously mentioned steps. A call to with your machine ID, the public key of the TA, shows if your public key got properly attested and if the corresponding machine has already attested. {% hint style="info" %} The machine ID of the RDDL-Tasmota devices is shown by calling ***PublicKeys.*** {% endhint %} ### 2. Machines with Secure Element ```mermaid sequenceDiagram participant Operator participant 3rdPartyOEM participant Machine participant TA-Attest participant Planetmint 3rdPartyOEM->>TA-Attest: Attest Machine ID/public key TA-Attest->>Planetmint: attest TA identity (public key) Operator-->3rdPartyOEM: acquire machine Operator->>Machine: flash RDDL-compatible firmware Operator->>Machine: configure Machine: Mnemonic, PublicKeys, Planetmint-API, -Denom, -ChainID alt fund machine Operator->>Planetmint: fund machine else create account Operator->>TA-Attest: create account: MachineID, MachineIDSignature, PlanetmintAddress TA-Attest->>Planetmint: request TA status Planetmint-->>TA-Attest: TA status {activated: true/false} TA-Attest->>Planetmint: fund machine for self attestation end Machine->>Planetmint: Attest machine loop Machine->>Planetmint: notarize CID/asset Machine-->Planetmint: Proof of Productivity end ``` ## Testnet Only 3. Machines with self-registered Private Key The sequence diagram below shows how the public key of the corresponding private key is registered on the testnet. The registration will enable individuals to onboard their machines easily without having a final RDDL-compatible firmware or hardware. {% hint style="info" %} This process is suggested to be used during the development and evaluation phase. {% endhint %} ```mermaid sequenceDiagram participant Operator participant Machine participant TA-Attest participant Planetmint Operator-->Machine: create unique private/public key pair Operator->>TA-Attest: register public key TA-Attest->>Planetmint: attest TA identity (public key) Operator->>Machine: flash RDDL-compatible firmware Operator->>Machine: configure Machine: Mnemonic, PublicKeys, Planetmint-API, -Denom, -ChainID alt fund machine Operator->>Planetmint: fund machine else create account Operator->>TA-Attest: create account: MachineID, MachineIDSignature, PlanetmintAddress TA-Attest->>Planetmint: request TA status Planetmint-->>TA-Attest: TA status {activated: true/false} TA-Attest->>Planetmint: fund machine for self attestation end Machine->>Planetmint: Attest machine loop Machine->>Planetmint: notarize CID/asset Machine-->Planetmint: Proof of Productivity end ``` An HTTP POST request to will let you register your public key. Here is a sample call\ `curl -X POST https://testnet-ta.rddl.io/register/02d52a0163ae5f0b22cf46e9c415a12024bc1e9e6833e2fe78b4f0754f3d52404a`\ with `02d52a0163ae5f0b22cf46e9c415a12024bc1e9e6833e2fe78b4f0754f3d52404a` being the representation of the public key. A call to with your machine ID, the public key of the TA, shows if your public key got properly attested and if the corresponding machine has already attested. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://docs.rddl.io/rddl-network/getting-started/getting-connected/onboarding-machines-to-the-rddl-network/registration-of-machine-id-and-attesting-to-the-network.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.