Bootstrap Interface
The Bootstrap Interface is used to provision essential information into the LWM2M Client to enable the LWM2M Client to perform the operation “Register” with one or more LWM2M Servers.
There are four bootstrap modes supported by the LWM2M Enabler:
- Factory Bootstrap
- Bootstrap from Smartcard
- Client Initiated Bootstrap
- Server Initiated Bootstrap
The LWM2M Client MUST support at least one bootstrap mode specified in the Bootstrap Interface.
The LWM2M Server MUST support Client Initiated Bootstrap and Server Initiated Bootstrap modes specified in the Bootstrap Interface.
This section describes what information is conveyed across the Bootstrap Interface, where the LWM2M Client puts that information and how to provision the Bootstrap Information for each of these bootstrap modes.
Bootstrap Information
This section specifies the information that needs to be configured in LWM2M Client for connecting to the LWM2M Server(s) or the LWM2M Bootstrap Server. This Bootstrap Information can be available before performing the Bootstrap Sequence described in Section 5.1.3 or obtained as a result of the Bootstrap Sequence.
Bootstrap Information can be categorized into two types:
- LWM2M Server Bootstrap Information
- LWM2M Bootstrap Server Bootstrap Information
The LWM2M Client MUST have the LWM2M Server Bootstrap Information after the Bootstrap Sequence specified in Section 5.1.3.
The LWM2M Client SHOULD have the LWM2M Bootstrap Server Bootstrap Information.
The LWM2M Server Bootstrap Information is used by the LWM2M Client to register and connect to the LWM2M Server
The LWM2M Server Bootstrap Information MUST contain at least a LWM2M Server Account. The LWM2M Server Bootstrap Information MAY additionally contain further Object Instances (e.g., Access Control, Connectivity Object).
The LWM2M Client MAY be configured to use one or more LWM2M Server Account(s).
The LWM2M Bootstrap Server Bootstrap Information is used by the LWM2M Client to contact the LWM2M Bootstrap Server in order to get the LWM2M Server Bootstrap Information.
The LWM2M Bootstrap Server Bootstrap Information MUST be a LWM2M Bootstrap Server Account.
| Bootstrap Information Type | Entity | Required |
|---|---|---|
| The LWM2M Server Bootstrap Information | LWM2M Server Account | Yes* |
| Additional Object Instances (e.g., Access Control, Connectivity Object) | No | |
| The LWM2M Bootstrap Server Bootstrap Information | LWM2M Bootstrap Server Account | No |
Table 2: Bootstrap Information List
*the LWM2M Client MUST have at least one LWM2M Server Account after Bootstrap Sequence specified in 5.1.3
Please note that the LWM2M Client MUST accept Bootstrap Information sent via Bootstrap Interface without processing authorization process specified in Section 7.3.2 Authorization.
Bootstrap Modes
This section of the specification provides description and further information for each of the following Bootstrap Modes:
- Factory Bootstrap
- Bootstrap from Smartcard
- Client Initiated Bootstrap
- Server Initiated Bootstrap
Factory Bootstrap
In this mode, the LWM2M Client has been configured with the necessary Bootstrap Information prior to deployment of the device.
Bootstrap from Smartcard
When the Device supports a Smartcard, the LWM2M Client MUST retrieve and process the bootstrap data contained in the Smartcard as described in Appendix F. When the bootstrap data retrieval is successful, the LWM2M Client MUST process the bootstrap data from the Smartcard and MUST apply the Bootstrap Information to its configuration.
Due to the sensible nature of the Bootstrap Information, a secure channel SHOULD be established between the Smartcard and the LWM2M Device.
When such a secure channel is established between the Smartcard and the LWM2M Device, this secure channel MUST be based on [GLOBALPLATFORM] procedure, mainly described in Appendix G.
In this mode, the LWM2M Client MUST also ensure that the Bootstrap Information previously retrieved from the Smartcard is unchanged within the Smartcard. If Bootstrap Information is changed, the previous Bootstrap Information MUST be disabled in the LWM2M Client and the LWM2M Client MUST apply the new Bootstrap Information from Smartcard to its configuration.
Disabling the bootstrap data (e.g. removing the Smartcard) within the LWM2M Client requires the Bootstrap Information created from the bootstrap data of the previous Smartcard MUST be deleted.
Checking for Smartcard change and disabling MUST be performed by LWM2M Client, each time a “Register” or “Update” operation take place, with a LWM2M Server provisioned from Smartcard. As usual, the Bootstrap security rules (5.1.4) then apply.
NOTE: Bootstrap Information in Smartcard can be updated by using Smartcard OTA protocol as specified in ETSI TS 102 225 [ETSI TS 102.225] / TS 102 226 [ETSI TS 102 226] and extensions such as 3GPP TS 31.115 [3GPP TS 31.115] / TS 31.116 [3GPP TS 31.116] and 3GPP2 C.S0078-0 [3GPP2 C.S0078-0] / C.S0079-0 [3GPP2 C.S0079-0].
Client Initiated Bootstrap
As defined in Section 5.1.3 Bootstrap Sequence, scenarios exist when the LWM2M Server is not configured within the LWM2M Client or attempts to perform the “Register” operation with LWM2M Servers have failed.
When these conditions occur, the Client Initiated Bootstrap mode provides a mechanism for the LWM2M Client to retrieve the Bootstrap Information from a LWM2M Bootstrap Server.
The Client Initiated Bootstrap mode requires having a LWM2M Boostrap Server Account.
The figure below depicts the Client Initiated Bootstrap flow.
Figure 7: Procedure of Client Initiated Bootstrap
Step #1: Request bootstrap to bootstrap URI
The LWM2M Client sends a “Request Bootstrap” operation to LWM2M Bootstrap Server URI which has been pre-provisioned. When requesting the bootstrap, the LWM2M Client sends the LWM2M Client’s “Endpoint Client Name” as a parameter in order to allow the LWM2M Bootstrap Server to provision the proper Bootstrap Information for the LWM2M Client.
Step #2: Configure Bootstrap Information
The LWM2M Bootstrap Server configures the LWM2M Client with the Bootstrap Information using the “Write” and/or “Delete” operation.
The Client Initiated Bootstrap MAY be used to configure some Resources of the Bootstrap Information in the LWM2M Client after initial bootstrap to update Bootstrap Information. In this case, all the Bootstrap Information is OPTIONAL.
Server Initiated Bootstrap
In this mode, the LWM2M Bootstrap Server configures the Bootstrap Information in the LWM2M Client without the LWM2M Client sending a bootstrap request to the LWM2M Bootstrap Server.
As the LWM2M Client does not initiate the “Request Bootstrap” operation to the LWM2M Bootstrap Server, the LWM2M Bootstrap Server needs to know if a LWM2M Device is ready for bootstrapping before the LWM2M Client can be configured by the LWM2M Bootstrap Server. The mechanism that a LWM2M Bootstrap Server gains this knowledge is implementation specific. A common scenario is that elements in the Network Provider’s network informs the LWM2M Bootstrap Server of the LWM2M Device when the LWM2M Device connects to the Network Provider’s network.
Once the LWM2M Bootstrap Server has been notified that the LWM2M Device is ready to receive the Bootstrap Information, the LWM2M Bootstrap Server configures the LWM2M Client with the Bootstrap Information using the “Write” and/or “Delete” operation.
The Server Initiated Bootstrap mode requires having the Bootstrap Information for the LWM2M Bootstrap Server.
The figure below depicts the Server Initiated Bootstrap flow.
Figure 8: Procedure of Server Initiated Bootstrap
Step #1: Configure Bootstrap Information
The LWM2M Bootstrap Server configures the Bootstrap Information in the LWM2M Client using the “Write” and/or “Delete” operation.
The Server Initiated Bootstrap MAY be used to configure some Resources of the Bootstrap Information in the LWM2M Client after initial bootstrap to update Bootstrap Information. In this instance, all the Bootstrap Information are OPTIONAL.
Bootstrap Sequence
The LWM2M Client MUST follow the procedure specified as below when attempting to bootstrap a LWM2M Device:
- If the LWM2M Device has Smartcard, the LWM2M Client tries to obtain Bootstrap Information from the Smartcard using the Bootstrap from Smartcard mode.
- If the LWM2M Client is not configured using the Bootstrap from Smartcard mode, the LWM2M Client tries to obtain the Bootstrap Information by using Factory Bootstrap mode.
- If the LWM2M Client has any LWM2M Server Object Instances from the previous steps, the LWM2M Client tries to register to the LWM2M Server(s) configured in the LWM2M Server Object Instance(s).
- If LWM2M Client fails to register to all the LWM2M Servers or the Client doesn’t have any LWM2M Server Object Instances, and the LWM2M Client hasn’t received a Server Initiated Bootstrap within the ClientHoldOffTime, the LWM2M Client performs the Client Initiated Bootstrap.
Bootstrap Security
The information conveyed through the Bootstrap Interface is sensitive and requires that communication session, security mechanisms and/or keys MUST be different instances from the one that is used for the other LWM2M Interfaces.
If the LWM2M Client or the LWM2M Bootstrap Server needs to convey Bootstrap Information across the Bootstrap Interface, the LWM2M Client or the LWM2M Bootstrap Server MUST establish a new secure communication session.
If security materials (e.g. LWM2M Server URI, Security Mode, and Security Key), are changed in the LWM2M Client, the LWM2M Client MUST disconnect the existing communication session between the LWM2M Server and LWM2M Client and establish a new secure communication session between the LWM2M Server and LWM2M Client using the security mechanism and/or keys which have been configured by Bootstrap Interface.