playbooks

home / skills / plurigrid / asi / iot-device-provisioning

iot-device-provisioning skill

/skills/iot-device-provisioning

This skill securely provisions TizenRT/ARTIK IoT devices by coordinating certificate installation, key management, and network onboarding.

npx playbooks add skill plurigrid/asi --skill iot-device-provisioning

Review the files below or copy the command above to add this skill to your agents.

Files (1)
SKILL.md
2.3 KB
---
name: iot-device-provisioning
description: Secure provisioning for TizenRT/ARTIK IoT devices. Coordinates certificate installation, key management, and network onboarding.
category: tizen-iot
author: Tizen Community
source: tizen/iot
license: Apache-2.0
trit: 0
trit_label: ERGODIC
verified: true
featured: true
---

# Iot Device Provisioning Skill

**Trit**: 0 (ERGODIC)
**Category**: tizen-iot
**Author**: Tizen Community
**Source**: tizen/iot
**License**: Apache-2.0

## Description

Secure provisioning for TizenRT/ARTIK IoT devices. Coordinates certificate installation, key management, and network onboarding.

## When to Use

This is a Tizen security/IoT skill. Use when:
- Developing Tizen applications (web, native, .NET)
- Auditing Tizen app security
- Provisioning TizenRT/ARTIK IoT devices
- Implementing Tizen compliance
- Analyzing SMACK policies or Cynara access control

## Tizen Security Model

### SMACK (Simplified Mandatory Access Control Kernel)
- Linux kernel 3.12+ mandatory access control
- Process isolation via labels
- Prevent inter-app resource access

### Cynara
- Fast privilege access control service
- Policy-based permission checking
- External agent integration

### KeyManager
- Central secure storage repository
- Password-protected data access
- Certificate and key management

### Tizen Manifest
- Privilege declarations (public, partner, platform)
- App sandboxing configuration
- Resource access specifications

## Related Skills

- manifest-privilege-validator
- smack-policy-auditor
- tizen-cve-scanner
- sandbox-escape-detector
- cynara-policy-checker
- iot-device-provisioning

## References

- Tizen Official Docs: https://docs.tizen.org/
- Samsung Security Manager: https://github.com/Samsung/security-manager
- Samsung Cynara: https://github.com/Samsung/cynara
- TizenRT: https://github.com/Samsung/TizenRT


## SDF Interleaving

This skill connects to **Software Design for Flexibility** (Hanson & Sussman, 2021):

### Primary Chapter: 10. Adventure Game Example

**Concepts**: autonomous agent, game, synthesis

### GF(3) Balanced Triad

```
iot-device-provisioning (−) + SDF.Ch10 (+) + [balancer] (○) = 0
```

**Skill Trit**: -1 (MINUS - verification)

### Secondary Chapters

- Ch6: Layering

### Connection Pattern

Adventure games synthesize techniques. This skill integrates multiple patterns.

Overview

This skill provides secure provisioning for TizenRT and ARTIK IoT devices, coordinating certificate installation, key management, and network onboarding. It is designed for device fleets and single-device workflows where secure identity, credential storage, and policy-based access are required. The implementation focuses on repeatable, auditable steps to bring devices from factory state to operational status.

How this skill works

The skill automates certificate generation or enrollment, installs device keys into a secure KeyManager store, and configures SMACK and Cynara policies as needed. It also performs network onboarding steps (Wi‑Fi/SSID, credentials) and verifies boot-time security artifacts. Logs and verification outputs support audits and compliance checks.

When to use it

  • Provisioning new TizenRT or ARTIK devices before deployment
  • Automating fleet onboarding and certificate rotation
  • Performing security audits or compliance checks for Tizen devices
  • Integrating device identity into an existing PKI or MDM flow
  • Testing SMACK and Cynara policy deployments in CI pipelines

Best practices

  • Generate keys in hardware-backed stores where available and avoid exporting private keys
  • Automate provisioning with idempotent scripts to ensure repeatability and easy recovery
  • Enforce least-privilege SMACK labels and minimal Cynara privileges per app
  • Rotate certificates and keys on a defined schedule and track revocations centrally
  • Keep provisioning logs and verification artifacts for audit and incident response

Example use cases

  • Factory setup: preload device certificates and network credentials before shipment
  • Field replacement: reprovision replacement units with existing fleet PKI
  • CI security test: deploy fresh device images, apply provisioning, and run policy audits
  • Compliance audit: verify installed certificates, KeyManager entries, and Cynara policies
  • Remote reprovisioning: update keys and network onboarding information securely over management channel

FAQ

Does this skill support hardware-backed keys?

Yes — it is designed to use hardware-backed KeyManager stores when available; otherwise it falls back to software-protected storage with password protection.

Can it integrate with an external PKI or MDM?

Yes — the provisioning flows support enrolling with external PKI endpoints and can export certificates and enrollment state for MDM integration.