Skip to main content Link Menu Expand (external link) Document Search Copy Copied

Amazon Sidewalk manufacturing setup and workflow

This section shows how Amazon Sidewalk manufacturing works. You’ll learn the setup required before taking your devices to factory to production, and how you can use this information to bulk provision your Sidewalk devices.


Setup for Amazon Sidewalk manufacturing

To prepare your Sidewalk-enabled products for production, you’ll need the following hardware to generate the device key pairs on it. For more information, see Setting up the host.

  • A computer, also known as line PC, used for provisioning
  • A device under test (DUT) to which the line PC is connected to, and
  • A debugging interface, such as JLink, provided with the DUT.

Mass production flow for Amazon Sidewalk

The mass production flow follows the steps described below to issue Sidewalk certificates and upload the corresponding record into Sidewalk cloud services. The CM is expected to implement the Line PC script.

  1. Line PC script generates the key pairs for the device. There is a key pair for each of the supported elliptic curves.
  2. Line PC script passes the generated keys to the Sidewalk Signing Tool to generate the device certificates. The HSM signs the device certificate with the DAK private key.
  3. Sidewalk Signing Tool constructs the full Sidewalk Certificate Chain which includes the newly created device certificates and outputs a Sidewalk control log.
  4. Line PC script converts the certificate chain to an MFG binary and writes it to the device.
  5. Line PC script saves the control logs generated by the Sidewalk Signing Tool in CM’s database or internal storage.
  6. CM collects and upload the control logs that contain Sidewalk Certificate Chain and the device related information via EDI system or SFTP endpoint.

How Amazon Sidewalk manufacturing works

This flowchart shows how bulk provisioning works.

Bulk Provisioning Flow

The following procedure illustrates the different steps in the manufacturing process.

  1. Provide DAK and factory supported profile

    Before you take your device to production, you must first create a Sidewalk device profile. The profile that you create will be a prototype profile and not qualified for production. You can use this profile to provision individual devices as described in the Create a device profile section in the AWS IoT Core for Amazon Sidewalk developer guide documentation*.

  2. Request factory support

    After you create the device profile, you can request the Amazon Sidewalk team for the HSM key and to obtain factory support for your device profile. When obtaining factory support, you’ll receive the advertised product ID (APID), which can be used for pre-production and production applications. When you’re ready to take your device to factory, request the Amazon Sidewalk team for the HSM key. For more information, see the HSM key section.

  3. Obtain DAK and factory supported profile

    The Amazon Sidewalk Support team will then provide you the product device attestation key (DAK), and the Sidewalk certificate chain. Your device profile will be updated automatically with the new DAK and certificate information, such as the certificate ID. Your device profile is now factory supported and qualified for production use. For more information, see Device attestation key (DAK).

  4. Send HSM key to contract manufacturer (CM)

    Your device is now qualified for production, so you can send your YubiHSM key to the contract manufacturer (CM). The manufacturing process is based on the mass production flow. For more information, see Mass production flow for Amazon Sidewalk.

  5. Manufacture devices and send control logs and serial numbers

    The CM manufactures the devices for production and generates control logs that are then passed to the EDI system or via SFTP. The CM also provides you a CSV file that contains a list of devices to be manufactured and their Sidewalk manufacturing serial numbers (SMSN). The following code shows a sample control log. It contains the serial numbers of the device, the APID, and the public device certificates.

       "controlLogs": [
          "version": "4-0-1",
          "device": {
             "serialNumber": "device1",
             "productIdentifier": {
                "advertisedProductId": "abCD"        
             "sidewalkData": {          
                "SidewalkED25519CertificateChain": "...",          
                "SidewalkP256R1CertificateChain": "..."        
  6. Pass control logs to Amazon Sidewalk

    Amazon’s Electronic Data Interchange (EDI) system ingests the control logs that are passed from the CM. It doesn’t perform any validation and passes this information to another master system that validates this information and checks the certificates to determine whether the control logs are valid. The control logs are then passed to Amazon Sidewalk.

  7. Retrieve control logs and create Sidewalk devices

    Amazon Sidewalk retrieves the control logs using Amazon SQS and Amazon SNS, and then creates devices with AWS IoT Core for Amazon Sidewalk along with their serial numbers by using import tasks that onboard devices onto the task for bulk provisioning. For more information, see the Bulk provisioning devices with AWS IoT Core for Amazon Sidewalk section.

Back to top

©2023, Inc. or its affiliates (collectively, “Amazon”). All Rights Reserved.