Workshop on our Open Source Wireless Environmental Sensor

In the coming months, we plan to unveil our latest IoT project which is an open source wireless environmental sensor. Our idea is that everything will be open source. You will get access to the schematics, PCB layout, BOM, production files etc. The back-end that collects the data and presents it in a modern web app (PWA) will be cloud agnostic and use exciting DevOps tools (all that will also be open source).

This article describes a workshop we did in Stockholm and Gothenburg just to familiarise ourselves with the upcoming project.

The Agenda

Our agenda has an accompanying GitHub repo, you will find it here. We spent roughly 2,5 hours doing the exercises. The following is what we did:

• Installed development environment
• Explored the hardware
• Explored the software

The source code

First of all, we need to clone the workshop git repo:

git clone https://github.com/HiMinds/himinds-iot-project-embedded-wireless-environmental-sensor-workshop.git hm-ws
cd hm-ws

Install the development environment

Download and install the mos tool.

For generic MacOS/Linux installation

curl -fsSL https://mongoose-os.com/downloads/mos/install.sh | /bin/bash

Close the terminal and open a new terminal and run:

mos

Note: mos starts the UI in a browser window.

Screen capture of mos tool

In order to find out the name of your device, run the following command

mos config-get device.id

Note: Getting the serial port to work in OS X can be a headache, this page is very helpful. I have tested different developmet boards and one thing I have learned is that you need to know if the board uses the FTDI or Silicon Labs USB to UART bridge driver so that you install the correct drivers. Personally I was not able to get SiLabs CP2102 to work but CP2104 works fine in OS X… If you want to be on the safe side use Linux… In Ubuntu it just works… Good luck!

Exploring the hardware

The purpose of HiMinds wireless environmental sensor project is to develop a rechargeable battery-operated wireless sensor that can measure:

• Temperature with ±1.0°C accuracy
• Barometric pressure with 1 hPa absolute accuracy
• Humidity with ±3% accuracy

Product details:

Product details about the wireless environmental sensor:

• Measures Temperature, Barometric pressure and Humidity
• WiFi for connectivity(2.4 GHz)
• Rechargeable battery and be able to read battery capacity
• Charge LED
• Micro USB connector, for charging and programming the device
• Reset button
• Uses MQTT to communicate with a back-end
• 4 user programmable LEDs (red, yellow, green, white)
• 2 user programmable push buttons
• 3.7V Lithium-Ion Polymer Battery

Anything else we should add?

We used off-the-shelf hardware for the workshop. Some soldering needed to be done to prepare the hardware for the workshop.

These are the two dev boards we used during the workshop:

• ESP32 Dev Board
• BME280 Dev Board Humidity + Barometric Pressure + Temperature Sensor Breakout

Exploring the software

GitHub repo we used for the workshop that you can find here, has the following code structure:

├── bme280
│   └── fs
├── captive
│   └── fs
├── mqtt
│   └── fs
├── mqtt-certificate
│   └── fs
└── product
└── fs

Each directory contains a subset of the product except the directory “product” that glues everything together. Just to make it convenient for our workshop participants we include our SSID and passkey; you need to change these if you want to try the code. A few words about each exercise.

bme280

A quick exercise where we test the bme280 environmental sensor via the I2C-interface (it also supports SPI). It will read the values from the sensor and print them on the console. We use GPIO pin 26 (SCL) and GPIO pin 27 (SDA), GND and VCC (3.3 V from ESP32).

Temperature, Humidity and Pressure are printed every 2 seconds.

To build the code from CLI:

cd bme280
mos build --platform esp32
mos flash --port /dev/tty.SLAB_USBtoUART (should be your port)

Or use the mos UI.

captive

The purpose of the captive exercise is to set-up WiFi for internet connectivity via a captive portal. When you run the code, you will see an AP with the

• SSID “Environmental_Sensor_Setup”
• passkey is “himinds0123456789”

To build the code from CLI:

cd captive
mos build --platform esp32
mos flash --port /dev/tty.SLAB_USBtoUART (should be your port)

Or use the mos UI.

For more info, please check “Onboarding an IoT Device with Google Cloud connectivity, Part 1 Wi-Fi-setup”.

mqtt

The mqtt exercise connects to the public broker “test.mosquitto.org” on port “1883”. It publishes the free ram of your ESP32. Each ESP32 will have a unique MQTT topic that looks like this:

“himinds/workshop/<device.id’>/mqtt”

To find out your <device.id> just run:

mos config-get device.id

Change in the file init.js the line

let message = getInfoSimple();

To the following:

let message = getInfo();

And you will get both total and available RAM.

You can use mosquitto_sub to view the published data or just check the console.

I can see in the mos console that I am posting to the following topic:

himinds/workshop/esp32_045EF8/mqtt

I can also verify it using the mosquitto_sub tool:

mosquitto_sub -h test.mosquitto.org -p 1883 -t "himinds/workshop/#" -d
Client mosqsub|9774-sudi-mac received PUBLISH (d0, q0, r0, m0, 'himinds/workshop/esp32_045EF8/mqtt', ... (6 bytes))
289168

To build the code from CLI:

cd mqtt
mos build --platform esp32
mos flash --port /dev/tty.SLAB_USBtoUART (should be your port)

Or use the mos UI.

product

This is the exercise where we put it all together except the captive portal. That is something you will have to add on your own, good luck!

To build the code from CLI:

cd product
mos build --platform esp32
mos flash --port /dev/tty.SLAB_USBtoUART (should be your port)

Or use the mos UI.

mqtt-certificate (bonus round)

In this exercise, we use TLS to secure the connection towards the public broker. First, we need to create the certificates needed to use a secure connection. Basically, we need to generate a CSR using the OpenSSL utility and then use the mosquitto.org website to create a client certificate.

Generate a private key:

openssl genrsa -out client.key

Generate the CSR:

openssl req -subj "/C=SE/ST=Stockholm/L=Kungsholmen/O=HiMinds/OU=dev/CN=test.mosquitto.org" -nodes -out client.csr -key client.key -new

Generate a TLS client certificate for test.mosquitto.org by clicking here

The web page looks like the picture below, paste your CSR into the text box; it is the content of the client.csr file you created.

Screenshot of https://test.mosquitto.org/ssl/

Copy the files so that your fs directory looks like this:

├── fs
│ ├── ca.crt
│ ├── client.crt
│ ├── client.key
│ └── init.js

Now you can run the code… but you will get this…

mg_ssl_if_mbedtls.c:35  0x3ffc9098 x509_verify_cert returned -9984
mg_ssl_if_mbedtls.c:35  0x3ffc9098   The certificate is signed with an unacceptable key (eg bad curve, RSA too short).
mg_ssl_if_mbedtls.c:35  0x3ffc9098 <= handshake
mg_ssl_if_mbedtls.c:207 0x3ffc9098 mbedTLS error: -0x2700
mgos_mqtt.c:141         MQTT TCP connect error (-3)

mbedtls refuses the default setting which is RSA-1024 for security reasons. Your client key is not okay.

Instead, do the following:

openssl genrsa -out client.key 2048
openssl req -subj "/C=SE/ST=Stockholm/L=Kungsholmen/O=HiMinds/OU=dev/CN=test.mosquitto.org" -nodes -out client.csr -key client.key -new

Verify that it works by doing the following:

mosquitto_pub --cafile ca.crt -h test.mosquitto.org -t "himinds/workshop" -m "helloWorld" -p 8884 -d --cert client.crt --key client.key
Client mosqpub|6446-sudi-mac sending CONNECT
Client mosqpub|6446-sudi-mac received CONNACK
Client mosqpub|6446-sudi-mac sending PUBLISH (d0, q0, r0, m1, 'himinds/workshop', ... (10 bytes))
Client mosqpub|6446-sudi-mac sending DISCONNECT

But the next problem you run into is:

mg_ssl_if_mbedtls.c:35  0x3ffca9a8 cert. version     : 3
mg_ssl_if_mbedtls.c:35  0x3ffca9a8 serial number     : E0:FA:DC:F9:57:8C:98:BC
mg_ssl_if_mbedtls.c:35  0x3ffca9a8 issuer name       : C=GB, ST=United Kingdom, L=Derby, O=Mosquitto, OU=CA, CN=mosquitto.org, emailAddress=roger@atchoo.org
mg_ssl_if_mbedtls.c:35  0x3ffca9a8 subject name      : C=GB, ST=United Kingdom, L=Derby, O=Mosquitto, OU=CA, CN=mosquitto.org, emailAddress=roger@atchoo.org
mg_ssl_if_mbedtls.c:35  0x3ffca9a8 issued  on        : 2012-06-29 22:11:59
mg_ssl_if_mbedtls.c:35  0x3ffca9a8 expires on        : 2022-06-27 22:11:59
mg_ssl_if_mbedtls.c:35  0x3ffca9a8 signed using      : RSA with SHA1
mg_ssl_if_mbedtls.c:35  0x3ffca9a8 RSA key size      : 1024 bits
mg_ssl_if_mbedtls.c:35  0x3ffca9a8 basic constraints : CA=true
mg_ssl_if_mbedtls.c:35  0x3ffca9a8 value of 'crt->rsa.N' (1024 bits) is:
mg_ssl_if_mbedtls.c:35  0x3ffca9a8  c6 24 2e 65 fb 4a a3 93 fe 32 42 66 84 35 35 67
mg_ssl_if_mbedtls.c:35  0x3ffca9a8  42 ae bf e9 ab 8e e6 df 1c 72 5d c2 3e 14 b1 26
mg_ssl_if_mbedtls.c:35  0x3ffca9a8  c1 b1 37 47 db cc ac 4e ac 45 b3 f6 4b cf 69 7e
mg_ssl_if_mbedtls.c:35  0x3ffca9a8  b0 ad ee 2b 88 4d 73 ca c9 ca 54 70 85 34 9a d7
mg_ssl_if_mbedtls.c:35  0x3ffca9a8  13 d4 ea b1 18 15 76 95 be 91 68 e4 f6 80 2e 69
mg_ssl_if_mbedtls.c:35  0x3ffca9a8  c7 21 9a 14 9f a1 03 e1 88 6d d6 0a 3b 72 69 ac
mg_ssl_if_mbedtls.c:35  0x3ffca9a8  fc 52 06 84 69 a2 76 49 bc 31 84 66 e3 37 37 ba
mg_ssl_if_mbedtls.c:35  0x3ffca9a8  77 4b f9 51 a2 2e c6 e7 01 b9 9a f5 26 68 4e 51
mg_ssl_if_mbedtls.c:35  0x3ffca9a8 value of 'crt->rsa.E' (17 bits) is:
mg_ssl_if_mbedtls.c:35  0x3ffca9a8  01 00 01
mgos_vfs.c:255          ca.crt -> /ca.crt pl 1 -> 1 0x3ffc0d30
mgos_vfs.c:349          ca.crt 0x0 0x1b6 => 0x3ffc0d30 ca.crt 1 => 257 (refs 1)
mgos_vfs.c:508          257 => 0x3ffc0d30:1 => 0 (size 1078)
mgos_vfs.c:382          257 => 0x3ffc0d30:1 => 0 (refs 0)
mg_ssl_if_mbedtls.c:35  0x3ffca9a8 x509_verify_cert returned -9984
mg_ssl_if_mbedtls.c:35  0x3ffca9a8   The certificate is signed with an unacceptable key (eg bad curve, RSA too short).
mg_ssl_if_mbedtls.c:35  0x3ffca9a8 <= handshake

We see that the client.crt which is generated by https://test.mosquitto.org/ssl/ is not okay. Same use, RSA-1024 is not okay due to security reasons.

Unfortunately, the RSA key size is not configurable via the web UI. Next step will be to set-up an own mosquitto broker with self-signed certificates. Stay tuned!

To build the code from CLI:

cd mqtt-certificate
mos build --platform esp32
mos flash --port /dev/tty.SLAB_USBtoUART (should be your port)

Or use the mos UI.

Summary

This article described a workshop we did in Stockholm and Gothenburg just to familiarise ourselves with our upcoming open source wireless environmental sensor project. We installed the development environment, explored the hardware and explored the software. We ran into problems with the certificates that we used when connecting to a public broker. In a future article we set-up an own mosquitto broker with self-signed certificates to learn how to communicate with an MQTT broker securely.

Thank you for reading! Take care and hope to see you soon. 🙏🏽