Quick Start
In order to start working with Encedo HEM, three basic steps need to be done. Here is a short guide on what and how :)
Order Encedo PPA online
Stay tuned - Order Now is scheduled to be launched soon.
Check https://encedo.com for details.
Check delivered device
The following section is a reprint of the "Acceptance procedures" from AGD_PRE.1, the Common Criteria one of the guides. Contact Encedo for more details or assistance.
Due to the physical differences between the two possible configurations of the Encedo HEM (PPA or EPA, called the TOE as follow the Common Criteria terminology), the delivery and acceptance procedure is different and looks as follow:
The Encedo PPA can be purchased online and is delivered by trackable delivery services only, including courier delivery or by post. Due to the engagement of the 3rd party in the process of delivery, it is important to involve special security measurements to guarantee correct delivery. The device (with embedded and secured TOE) is packaged into the box protected by a holographic void-type seal with a unique identification number.
As part of the delivery procedure, prior to the shipment, the buyer is informed of the seal number, the order number, and the shipment/tracking number (waybill).
After the delivery buyer can verify those numbers as part of the proof that the package has not been tampered with (opened, swapped, or misdelivered). The link to the specially-crafted website with those unique numbers is programmed into the NFC chip (the NFC is located inside the package and cannot be reprogrammed or replaced). The website itself is a single HTML file with embedded JavaScript variables holding encrypted delivery details. The access to the data is secured by a PIN code, sent to the buyer after shipment. The file is stored on an IPFS network, the special type of peer-to-peer network where each file is addressed (handle) by content hash rather than the filename. In other words, any change to the file content will change the address. By the fact, the user gets the link to validate the delivery offline (by scanning the NFC chip attached inside the package, by an ordinary smart mobile phone) the whole validation process is offline as well.
If the website is correctly displayed by the web browser (which means the file is unchanged and the PIN is correct), and the website presents valid data (e.g. order number is correct, the waybill matches the one on the envelope and the package box has a valid security sticker) and the package has no signs of been tamper with (package and security sticker is intact) the user can accept the delivered TOE hardware as genuine.
The Encedo EPA can be ordered from the Encedo sales team only.
The device case is secured by a holographic void-type seal with a unique identification number to prove the metal box has not been opened after the initial assembly and configuration on the Encedo side.
After the initial configuration, the Delivery Note is being printed and is put into the envelope secured by the security sticker. The data on the Note includes sensitive administrative data like passwords, domain names, the Ethernet MAC addresses, and details about the device model. The device and the Delivery Note are being packaged into the carton box secured by a security tape (void-type) and handover to the other member of the Encedo team for the delivery (no 3rd party is being involved in the delivery process).
On the buyer's side, the package, the Delivery Note, and the device's physical integrity can be verified to assure the delivered TOE hardware is genuine.
Initiate the device
As a happy new owner of Encedo PPA the process of initialization of the device is as simple as opening the web browser to follow the note from the device box - Enter encedo.com/start to begin.
If you are a developer and want to integrate Encedo HEM on your own, just follow the API Reference section of the Initialization to begin working with Encedo HEM API.
Validate configuration version
To validate the current version of the firmware and hardware, query the device API GET /api/system/version
endpoint to retrieve the version information. The expected values are presented in the two tables below for each configuration.
Encedo PPA version:
hwv
"PPA rev 2.2"
2.2
blv
"Encedo Secure Bootloader v1.4 (#9705ae6)"
1.4
fwv
"Encedo nGINE FW v1.0.1 (#015c63fb)"
1.0.1
Encedo EPA version:
hwv
"EPA rev 1.0 @x" (‘x’ denotes the TOE index on PCB)
1.0
blv
"Encedo Secure Bootloader v1.4-EPA (#9705ae6)"
1.4
fwv
"Encedo nGINE FW v1.0.1-EPA (#015c63fb)"
1.0.1
Last updated