®️Registration of Machine ID and Attesting to the Network
Last updated
Last updated
Every piece of hardware interacting with RDDL Network needs to be attested before it can start interacting. RDDL Networks assumes that hardware comes with a hardware secure element, such as integrated into the Trust Anchor, and expects that Trust Anchors are registered to the network before the interaction starts.
Trust Anchors are identified via a public/private key pair that is provisioned to them and might never change. The public key is registered to the chain via the TrustAnchor Attestation service: https://testnet-ta.rddl.io.
The service deploys new random identities to downloaded firmware and, in the case of the testnet, allows the registration of public keys in the format of a string of characters representing the bytes of the public secp256k1 public key.
The machineID and the corresponding public-private key pair are used for the machine's onboarding onto the network. This key pair is unrelated to the key material used to interact with the chain directly (e.g., to sign transactions, hold funds, etc.).
RDDL Network expects HW OEM vendors to register their devices on the chain so that they can start interacting after attesting their machines.
The RDDL testnet allows more flexible handling of the machineID to ease the onboarding of new hardware and machines. Details about the workflows can be found at Connecting Your Machine to the Network.
If you want to work with the Testnet AND The Mainnet, you can use Machines with unique Firmware or Machines with a Secure Element. If you want to learn with the Testnet, you can simply use Machines with a self-registered Public Key. Be aware that these Machines are not supported on the Main net.
The sequence diagram below shows how a unique firmware is created. The randomly inserted private injected key makes the firmware unique. The corresponding public key is notarized on Planetmint after that.
The Tasmota reference implementation can be downloaded from
https://testnet-ta.rddl.io/firmware/esp32 for ESP32 devices
https://testnet-ta.rddl.io/firmware/esp32c3 for ESP32C3 devices.
The download will include the previously mentioned steps.
A call to https://testnet-api.rddl.io/#/Query/PlanetmintgoMachineGetTrustAnchorStatus with your machine ID, the public key of the TA, shows if your public key got properly attested and if the corresponding machine has already attested.
The machine ID of the RDDL-Tasmota devices is shown by calling PublicKeys.
Machines with self-registered Private Key
The sequence diagram below shows how the public key of the corresponding private key is registered on the testnet. The registration will enable individuals to onboard their machines easily without having a final RDDL-compatible firmware or hardware.
This process is suggested to be used during the development and evaluation phase.
An HTTP POST request to https://testnet-ta.rddl.io/register/<pub key as hex string> will let you register your public key. Here is a sample call
curl -X POST https://testnet-ta.rddl.io/register/02d52a0163ae5f0b22cf46e9c415a12024bc1e9e6833e2fe78b4f0754f3d52404a
with 02d52a0163ae5f0b22cf46e9c415a12024bc1e9e6833e2fe78b4f0754f3d52404a
being the representation of the public key.
A call to https://testnet-api.rddl.io/#/Query/PlanetmintgoMachineGetTrustAnchorStatus with your machine ID, the public key of the TA, shows if your public key got properly attested and if the corresponding machine has already attested.