Manufacturer Checklist for Nabto Installation
Answers to the following are crucial if you are considering to add Nabto to a Linux based OEM / white label product (the latter denoted the device in the following).
1. Clarify it is ok to add 3rd party software to the device
Does the OEM manufacturer at all allow installation of software they do not control? Does it incur an additional cost? Are there any constraints in terms of resources available?
2. Access to the device to install 3rd party software during development
It is simplest to work with the target device if the OEM manufacturer can provide telnet / ssh access during development (service activated and credentials provided). For production such access should be disabled. If accessing through telnet, some mechanism to transfer data to the device is also necessary – ideally wget, curl, snarf or similar is pre-installed on the device.
3. Toolchain for building software for the target device.
Normally the OEM manufacturer provides a gcc toolchain to build 3rd party software. If Nabto should build the software (e.g. compile the standard tunnel for the specific target platform) or add customization, Nabto must be provided access to such toolchain.
4. Installation of software on the device for production
The OEM manufacturer should provide instructions on where to install the new software on the device and how to automatically start it. Perhaps there is an existing watchdog mechanism to integrate to. Or a custom can be installed.
5. Installation of unique device id and keys for production
The majority of Nabto devices have unique information installed at the factory: The Nabto customer provides lists of Nabto device ids and cryptographic keys obtained from Nabto to the OEM manufacturer who installs a unique pair on each device. Most manufacturers support this process as some other pieces of unique information are installed anyway on each device (e.g., mac address or serial number).
Some manufacturers do not allow installation of per device unique information and insist on shipping identical firmwares. In this scenario Nabto must be provisioned at runtime – discuss different approaches to accomplishing this with a Nabto solution architect. Also see section 9 “uNabto Device Security” in TEN036 “Security in Nabto Solutions”.
6. Factory reset
Clarify with the OEM manufacturer how factory reset affects the installed software and any id/key pair. Ideally both should be installed in a way that is not affected by the factory reset. On the other hand, also consider security issues related to the device recycling process. These issues are described in more detail in section 9.3 “Factory Reset and Device Recycling” of TEN036 “Security in Nabto Solutions”.
7. Firmware update
The OEM manufacturer should provide some way to update the firmware, specifically to install updated versions of 3rd party software like Nabto.