The Microvisor Manufacturing Process

• A PC running Ubuntu Desktop 22.04.
• Oracle Virtual Box 6.1.50 or above installed on the PC.
• Oracle VirtualBox Expansion Pack for 6.1 installed on the PC.
• Vagrant installed on the PC.
• A Twilio account.
• A Twilio API key and API secret. These can be obtained from the Twilio Console in the Account > API keys & tokens section. We strongly recommend that you create a fresh key, of the type Restricted, and secret specifically for this purpose, and that you revoke keys when assembly is complete.If your console does not allow you to create Restricted keys, please submit a Twilio Help Center ticketAdditionally, please ensure that you record the newly created key and secret pair as it will not be possible to retrieve them later. Revoke the old one if you forget it and create a new pair.
• A local WiFi network. This must use the 2.4GHz band and be compatible with the 802.11b/g/n standards.
• A local Ethernet network (or direct connection to a spare Ethernet port on the LAN router). The router must include a DHCP server (typically part of the router).
• An Ethernet cable.
• A data-capable Micro USB cable. Choose carefully: some cheap ones support power only.
• An STMicroelectronics STM32HSMv2 HSM smartcard. This has to be programmed by KORE Wireless. Please contact support@microvisor.com to request one.
• A USB smartcard reader.
• An STMicroelectronics STLINK-V3MINIE. Widely available from electronics suppliers. You will also need a USB-C male adapter to connect this to the factory PC.

To install Virtual Box, please download version 6.1.50 and its Extension Pack from the Virtual Box downloads page and follow these instructions. Once the install has completed, run the following commands in a terminal:

1. sudo usermod -a -G vboxusers $USER
2. sudo shutdown -r now

Unlike regular application deployments, factory-provisioned application firmware is delivered via the SPI flash image copied to the DUT during the provisioning process. Your application test code is also incorporated into the image, along with Microvisor itself and the Microvisor hardware test code, both of which you can obtain from the links below.

• Download Microvisor kernel here.
• Download Microvisor hardware test bundle here.

Now use the Twilio CLI Microvisor plugin to build your SPI flash image. You will need to be signed in to the Twilio CLI on the computer used to generate the image:

1. Create an app bundle:

   Copy code block

   1
   twilio microvisor:apps:bundle /path/to/compiled/app/bin \
   2
     /path/to/app/bundle/zip

2. Sign the app bundle:

   Copy code block

   1
   twilio microvisor:apps:create /path/to/app/bundle/zip \
   2
     --bundle-out /path/to/signed/app/bundle/zip

3. Create an app test bundle:

   Copy code block

   1
   twilio microvisor:apps:bundle /path/to/compiled/app/test/bin \
   2
     /path/to/app/test/bundle/zip

4. Sign the app test bundle:

   Copy code block

   1
   twilio microvisor:apps:create /path/to/app/test/bundle/zip \
   2
     --bundle-out /path/to/signed/app/test/bundle/zip

5. Assemble the image:

   Copy code block

   1
   twilio microvisor:factory:image \
   2
     --application /path/to/signed/app/bundle \
   3
     --application-test /path/to/signed/app/test/bundle \
   4
     --microvisor /path/to/downloaded/kernel \
   5
     --microvisor-test /path/to/downloaded/test \
   6
     /path/to/write/spiflash.img.bin

You now need to send your spiflash.img.bin file to your manufacturer for use when they reach step 5 of Configure the Assembly Line PC.

This needs to be performed only once. The PC can then be used to prime multiple DUTs one after the other, across multiple production runs.

1. Connect the smartcard reader to the PC.
2. Insert the smartcard into the reader.
3. Connect the STLINK-V3MINIE to the PC via the male USB-C adapter.
4. Connect the Micro USB cable to the PC.

Steps 1 through 8 need to be performed only once. Steps 9 and up will need to be followed every time the PC is power-cycled.

1. Start up PC and log in to Ubuntu.

2. Open the Terminal application (press Ctrl-alt-t).

3. In the Terminal, run:

   Copy code block

   mkdir $HOME/factory

4. In the Terminal, run:

   Copy code block

   cd $HOME/factory

5. Download the Microvisor VM, which will be of the form microvisor_factory.tar.gz.

6. Download the accompanying Vagrantfile.

7. Copy the SPI flash image spiflash.img.bin to the $HOME/factory directory.

8. In the Terminal, run:

   Copy code block

   vagrant box add --name microvisor_factory microvisor_factory.tar.gz

9. In the Terminal, run:

   Copy code block

   lsusb

   Locate the HSM reader's two ID values and note them down.

10. Open Virtual Box and navigate to Settings > USB > USB Device Filters. There should be four devices listed, including the HSM reader. Make sure its HID/VID match the two values you noted down in step 8. If they are not, change the values to match those you noted down. IMPORTANT Restart Virtual Box to make sure the changes take effect.

11. In the Terminal, run:

    Copy code block

    vagrant up

12. Open Firefox and enter localhost:8080 into the address field, then hit Enter.

13. Under API Credentials, enter your Twilio account's restricted API key and secret, and click Save.

14. Under SPIFlash Image, click Browse..., locate the SPI flash image spiflash.img.bin on the PC, and click Upload.

15. If smartcard not present is shown under HSM Status, check that the smartcard reader is connected to the PC and that the smartcard is inserted, then click the first Refresh button. When the HSM is ready, you will see its state, firmware version and the number of remaining device licenses it contains.

This sequence will need to be followed for each DUT being provisioned.

1. Insert the Super SIM into the DUT's SIM slot.
2. Connect the STLINK-V3MINIE to the DUT's J5 header using the gray ribbon cable supplied with the STLINK-V3MINIE. On the Nucleo development board the header is also labelled SWD.
3. Join the router and the DUT with the Ethernet cable.
4. Connect the Micro USB cable to the DUT's provisioning port. This is marked as CONTROL on the Nucleo, but may be marked differently on your own product.
5. Connect the cellular antenna.
6. Connect the DUT's POWER port to the supplied USB-C power adapter.
7. Check the STLINK/Device Status section in the web browser UI. If there is no information listed, check the STLINK's connections to the PC and the DUT, and click the second Refresh button.

Expand image

The sequence must be followed for every DUT being provisioned.

1. In the web browser UI click PROGRAM DEVICE.

The installer will check that it can contact the Microvisor cloud and verify your Twilio API credentials. If these checks fail, installation will halt, the cause will be reported in the web browser UI. If the checks pass, the SPI flash image will be copied to the DUT.

Now reconnect the USB-C power cable.

An on-board hardware test will now take place, checking the cellular modem, the SIM card, and WiFi and Ethernet connectivity.

The provisioning script will communicate with the Microvisor Cloud to receive a valid device-specific certificate which will be stored on the DUT.

Next, an on-board application test will take place.

The DUT is now programmed with Microvisor and ready for packaging, shipment, and use.

The assembly line operator can now pass the DUT on to the next stage of assembly and place a new DUT in the station: start again at Set up the DUT.