Skip to main content

TrustEdge agent - Conceptual

The TrustEdge agent is a compiled, binary agent that allows Device Trust Manager to communicate with a registered device. At a high level, the agent acts as a client to Device Trust Manager.

The agent:

  • Runs on IoT devices that run on a supported operating system.

  • Is responsible for communication between the IoT device and Device Trust Manager.

  • Uses MQTT for all communications.

  • Is powered by DigiCert’s TrustCore SDK.

Supporting device lifecycle activities

The agent is responsible for provisioning a device, as well as ongoing device lifecycle activities, such as:

  • Authenticating the device with the Device Trust Manager rendezvous service

  • Interfacing with the device's secure elements, such as a TPM

  • Exchanging the device’s bootstrap credential for an operational certificate

  • Automatically renewing the device’s operational certificate

  • Checking for, downloading, and installing software updates

Agent communication and configuration

The agent includes an MQTT 3.1.1 and 5.0 client that IoT applications running on the device can use to communicate with an MQTT broker endpoint.

  • Additionally, the agent also uses this MQTT client to communicate with the Device Trust Manager rendezvous service.

The agent includes an API for applications running on the device to interact with the agent and to use the MQTT client.

Agent configuration

The agent runs as a Linux daemon and contains a minimal command line interface for:

  • Configuring logins and

  • Specifying the path to the bootstrap configuration file.

By design, the agent is generic and extensible while providing default setup and configurations that will work in most environments.

本节内容如下: