Table of Contents
Advertisement
Chapter 2. API Reference
1. Extensible Protocol: The protocol is completely flexible and it offers the ability for the developers to send custom
configuration in the provisioning process. The data representation too is left to the application to decide.
2. Transport Flexibility: The protocol can work on Wi-Fi (SoftAP + HTTP server) or on BLE as a transport
protocol. The framework provides an ability to add support for any other transport easily as long as command-
response behaviour can be supported on the transport.
3. Security Scheme Flexibility: It' s understood that each use-case may require different security scheme to secure
the data that is exchanged in the provisioning process. Some applications may work with SoftAP that' s WPA2
protected or BLE with "just-works"security. Or the applications may consider the transport to be insecure
and may want application level security. The unified provisioning framework allows application to choose the
security as deemed suitable.
4. Compact Data Representation: The protocol uses
and Wi-Fi provisioning. They provide a compact data representation and ability to parse the data in multiple
programming languages in native format. Please note that this data representation is not forced on application
specific data and the developers may choose the representation of their choice.
Typical Provisioning Process
Deciding on Transport
Unified provisioning subsystem supports Wi-Fi (SoftAP+HTTP server) and BLE (GATT based) transport schemes.
Following points need to be considered while selecting the best possible transport for provisioning.
1. BLE based transport has an advantage that in the provisioning process, the BLE communication channel stays
intact between the device and the client. That provides reliable provisioning feedback.
2. BLE based provisioning implementation makes the user-experience better from the phone apps as on Android
and iOS both, the phone app can discover and connect to the device without requiring user to go out of the
phone app
3. BLE transport however consumes ~110KB memory at runtime. If the product does not use the BLE or BT
functionality after provisioning is done, almost all the memory can be reclaimed back and can be added into
the heap.
4. SoftAP based transport is highly interoperable; however as the same radio is shared between SoftAP and Station
interface, the transport is not reliable in the phase when the Wi-Fi connection to external AP is attempted. Also,
the client may roam back to different network when the SoftAP changes the channel at the time of Station
connection.
5. SoftAP transport does not require much additional memory for the Wi-Fi use-cases
6. SoftAP based provisioning requires the phone app user to go to"System Settings" to connect to Wi-Fi network
hosted by the device in case of iOS. The discovery (scanning) as well as connection API is not available for
the iOS applications.
Deciding on Security
Depending on the transport and other constraints the security scheme needs to be selected by the application devel-
opers. Following considerations need to be given from the provisioning security perspective: 1. The configuration
data sent from the client to the device and the response has to be secured. 2. The client should authenticate the device
it is connected to. 3. The device manufacturer may choose proof-of-possession - a unique per device secret to be
entered on the provisioning client as a security measure to make sure that the user can provisions the device in the
possession.
There are two levels of security schemes. The developer may select one or combination depending on requirements.
1. Transport Security: SoftAP provisioning may choose WPA2 protected security with unique per-device
passphrase. Per-device unique passphrase can also act as a proof-of-possession. For BLE, "just-works"
security can be used as a transport level security after understanding the level of security it provides.
2. Application Security: The unified provisioning subsystem provides application level security (security1) that
provides data protection and authentication (through proof-of-possession) if the application does not use the
transport level security or if the transport level security is not sufficient for the use-case.
Espressif Systems
Google Protobufs
675
Submit Document Feedback
as a data representation for session setup
Release v4.4
Advertisement
Table of Contents
Need help?
Do you have a question about the ESP32-S2 and is the answer not in the manual?
Questions and answers