Introduction

RainMaker uses the concept of digital signatues in OTA. RainMaker OTA service enables the devices to get the firmware updates.

The communication between device and RainMaker cloud happens over MQTT protocol.

The Certificates of devices are pre registred to AWS IoT through RainMaker and it is established that only these devices are able to connect over MQTT and will receive the firmware updates from RainMaker.

Although the communication between device and RainMaker cloud is secure but to add more on that RainMaker has Secure Signing service. This service enables the Signed firmware to be delivered to devices so that the authenticity and integrity of the firmware can be verified by device and the device can trust the firmware.

As a customer, this gives you a peace of mind that the firmware delivered to my devices is secured for man in the middle attack.

Getting Started

The ultimate goal of secure signing is to enable RainMaker OTA job API to have ability to deliver signed firmware.

To enable Secure Signing, RainMaker has introduced new APIs like Key Management APIs, Signing APIs.

Usage is fairly easy,

- Upload Firmware
- Create Signing Keys
- Sign the firmware
- Create Ota Job by specifying firmware file and Signing key

Advance scenarios

- Auto select the Signing Key based on device's digest
- Signing Key revocation
- Key Import???? TODO: Add Support for customer deployment

Monitoring

- Key modification notifications