| title | description | author | ms.author | ms.date | ms.topic | ms.service | services | manager | ms.devlang | ms.custom |
|---|---|---|---|---|---|---|---|---|---|---|
Enroll TPM device to Azure Device Provisioning Service using Node.js | Microsoft Docs |
Azure Quickstart - Enroll TPM device to Azure IoT Hub Device Provisioning Service using Node.js service SDK. This quickstart uses individual enrollments. |
wesmc7777 |
wesmc |
12/21/2017 |
quickstart |
iot-dps |
iot-dps |
timlt |
nodejs |
mvc |
[!INCLUDE iot-dps-selector-quick-enroll-device-tpm]
These steps show how to programmatically create an individual enrollment for a TPM device in the Azure IoT Hub Device Provisioning Service using the Node.js Service SDK and a sample Node.js application. You can optionally enroll a simulated TPM device to the provisioning service using this individual enrollment entry. Although these steps will work on both Windows and Linux machines, we will use a Windows development machine for the purpose of this article.
- Make sure to complete the steps in Set up the IoT Hub Device Provisioning Service with the Azure portal before you proceed.
- Make sure you have Node.js v4.0 or above installed on your machine.
- If you want to enroll a simulated device at the end of this Quickstart, follow the steps in Create and provision a simulated device up until the step where you get an endorsement key for the device. Note down the endorsement key, you will use it later in this Quickstart. Do not follow the steps to create an individual enrollment using the Azure portal.
-
From a command window in your working folder, run:
npm install azure-iot-provisioning-service -
Using a text editor, create a create_individual_enrollment.js file in your working folder. Add the following code to the file and save:
'use strict'; var provisioningServiceClient = require('azure-iot-provisioning-service').ProvisioningServiceClient; var serviceClient = provisioningServiceClient.fromConnectionString(process.argv[2]); var endorsementKey = process.argv[3]; var enrollment = { registrationId: 'first', attestation: { type: 'tpm', tpm: { endorsementKey: endorsementKey } } }; serviceClient.createOrUpdateIndividualEnrollment(enrollment, function(err, enrollmentResponse) { if (err) { console.log('error creating the individual enrollment: ' + err); } else { console.log("enrollment record returned: " + JSON.stringify(enrollmentResponse, null, 2)); } });
-
To run the sample, you need the connection string for your provisioning service.
- Sign in to the Azure portal, click on the All resources button on the left-hand menu and open your Device Provisioning service.
- Click Shared access policies, then click the access policy you want to use to open its properties. In the Access Policy window, copy and note down the primary key connection string.
-
You also need the endorsement key for your device. If you have followed the Create and provision a simulated device quickstart to create a simulated TPM device, use the key created for that device. Otherwise, to create a sample individual enrollment, you can use the following endorsement key supplied with the SDK:
AToAAQALAAMAsgAgg3GXZ0SEs/gakMyNRqXXJP1S124GUgtk8qHaGzMUaaoABgCAAEMAEAgAAAAAAAEAxsj2gUScTk1UjuioeTlfGYZrrimExB+bScH75adUMRIi2UOMxG1kw4y+9RW/IVoMl4e620VxZad0ARX2gUqVjYO7KPVt3dyKhZS3dkcvfBisBhP1XH9B33VqHG9SHnbnQXdBUaCgKAfxome8UmBKfe+naTsE5fkvjb/do3/dD6l4sGBwFCnKRdln4XpM03zLpoHFao8zOwt8l/uP3qUIxmCYv9A7m69Ms+5/pCkTu/rK4mRDsfhZ0QLfbzVI6zQFOKF/rwsfBtFeWlWtcuJMKlXdD8TXWElTzgh7JS4qhFzreL0c1mI0GCj+Aws0usZh7dLIVPnlgZcBhgy1SSDQMQ== -
To create an individual enrollment for your TPM device, run the following command (include the quotes around the command arguments):
node create_individual_enrollment.js "<the connection string for your provisioning service>" "<endorsement key>" -
On successful creation, the command window displays the properties of the new individual enrollment.
-
Verify that an individual enrollment has been created. In the Azure portal, on the Device Provisioning Service summary blade, select Manage enrollments. Select the Individual Enrollments tab and click the new enrollment entry (first) to verify the endorsement key and other properties for the entry.
Now that you've created an individual enrollment for a TPM device, if you want to enroll a simulated device, you can continue with the remaining steps in Create and provision a simulated device. Be sure to skip the steps to create an individual enrollment using the Azure portal in that Quickstart.
If you plan to explore the Node.js service samples, do not clean up the resources created in this Quickstart. If you do not plan to continue, use the following steps to delete all resources created by this Quickstart.
- Close the Node.js sample output window on your machine.
- If you created a simulated TPM device, close the TPM simulator window.
- Navigate to your Device Provisioning service in the Azure portal, click Manage enrollments, and then select the Individual Enrollments tab. Select the Registration ID for the enrollment entry you created using this Quickstart, and click the Delete button at the top of the blade.
In this Quickstart, you’ve programmatically created an individual enrollment entry for a TPM device, and, optionally, created a TPM simulated device on your machine and provisioned it to your IoT hub using the Azure IoT Hub Device Provisioning Service. To learn about device provisioning in depth, continue to the tutorial for the Device Provisioning Service setup in the Azure portal.
[!div class="nextstepaction"] Azure IoT Hub Device Provisioning Service tutorials