Update Submodule Pointers, Remove OTA and Update Demo Instructions in Readme Files

.gitmodules

@@ -33,10 +33,6 @@
 	path = libraries/standard/backoffAlgorithm
 	branch = main
 	url = https://github.com/FreeRTOS/backoffAlgorithm.git
-[submodule "libraries/aws/ota-for-aws-iot-embedded-sdk"]
-	path = libraries/aws/ota-for-aws-iot-embedded-sdk
-	branch = main
-	url = https://github.com/aws/ota-for-aws-iot-embedded-sdk.git
 [submodule "demos/jobs/jobs_demo_mosquitto/libmosquitto"]
 	path = demos/jobs/jobs_demo_mosquitto/libmosquitto
 	url = https://github.com/eclipse/mosquitto.git

README.md

@@ -143,7 +143,7 @@ See memory requirements for the latest release [here](https://aws.github.io/aws-
 
 The [AWS IoT Over-the-air Update](https://github.com/aws/ota-for-aws-iot-embedded-sdk) (OTA) library enables you to manage the notification of a newly available update, download the update, and perform cryptographic verification of the firmware update. Using the OTA library, you can logically separate firmware updates from the application running on your devices. You can also use the library to send other files (e.g. images, certificates) to one or more devices registered with AWS IoT. More details about OTA library can be found in [AWS IoT Over-the-air Update documentation](https://docs.aws.amazon.com/freertos/latest/userguide/freertos-ota-dev.html).
 
-The AWS IoT Over-the-air Update library has a dependency on [coreJSON](https://github.com/FreeRTOS/coreJSON) for parsing of JSON job document and [tinyCBOR](https://github.com/intel/tinycbor.git) for decoding encoded data streams, other than the standard C library. It can be used with any MQTT library, HTTP library, and operating system (e.g. Linux, FreeRTOS) (see [demos](demos/ota) with coreMQTT and coreHTTP over Linux).
+The AWS IoT Over-the-air Update library has a dependency on [coreJSON](https://github.com/FreeRTOS/coreJSON) for parsing of JSON job document and [tinyCBOR](https://github.com/intel/tinycbor.git) for decoding encoded data streams, other than the standard C library. It can be used with any MQTT library, HTTP library, and operating system (e.g. Linux, FreeRTOS).
 
 See memory requirements for the latest release [here](https://aws.github.io/aws-iot-device-sdk-embedded-C/202211.00/libraries/aws/ota-for-aws-iot-embedded-sdk/docs/doxygen/output/html/index.html#ota_memory_requirements).
 
@@ -443,7 +443,7 @@ cmake -S . -Bbuild -DAWS_IOT_ENDPOINT="<your-aws-iot-endpoint>" -DROOT_CA_CERT_P
 
 An Amazon Root CA certificate can be downloaded from [here](https://www.amazontrust.com/repository/).
 
-To create a provisioning template and claim credentials, sign into your AWS account and visit [here][create_provtemplate]. Make sure to enable the "Use the AWS IoT registry to manage your device fleet" option. Once
+To create a provisioning template and claim credentials, sign into your AWS account and follow the steps given in the [readme.md in the demo folder](./demos/fleet_provisioning/readme.md) and visit [here][create_provtemplate]. Make sure to enable the "Use the AWS IoT registry to manage your device fleet" option. Once
 you have created the template and credentials, modify the claim certificate's policy to match the [sample policy][sample_claim_policy].
 
 In order to set these configurations manually, edit `demo_config.h` in the demo folder to `#define` the following:
@@ -505,6 +505,20 @@ The following creates a job that specifies a Linux Kernel link for downloading.
         --targets arn:aws:iot:us-west-2:<account-id>:thing/<thing-name> \
         --document '{"url":"https://cdn.kernel.org/pub/linux/kernel/v5.x/linux-5.8.5.tar.xz"}'
 ```
+3. After this we need to run the demo using the command:
+```
+/build/bin/jobs_demo_mosquitto
+```
+the above command will give all he instructions on how to run the demo. It will ask you to run the following command to run the demo:
+
+```
+./build/bin/jobs_demo_mosquitto \
+-n <thing-name> \
+-h <aws-iot endpoint> \
+--certfile <device certificate of the thing> \
+--keyfile <private key of the thing>
+```
+
 
 #### Setup for the Greengrass local auth demo
 
@@ -629,6 +643,7 @@ Any version after 1.6.14 will drop privileges as soon as the configuration file
     openssl req -x509 -nodes -sha256 -days 365 -newkey rsa:2048 -keyout ca.key -out ca.crt
     ```
 
+    When asked for the Common Name (CN) after running the following command enter the same value as was added for the macro `BROKER_ENDPOINT` in the demo_config.h file, which in our case is just `localhost`
     ```sh
     # Generate server key and certificate.# Provide the Subject field information as appropriate for Server certificate. Make sure the Common Name (CN) field is different from the root CA certificate.
     openssl req -nodes -sha256 -new -keyout server.key -out server.csr # Sign with the CA cert.

demos/fleet_provisioning/readme.md

@@ -0,0 +1,39 @@
+## Setup for Fleet Provisioning Demos
+
+### Creating the Provisioning Policy
+
+1. Login to your AWS account and open AWS IoT Core. On the side bar click on security > policies > create policy
+2. Set a relevant policy name
+3. Copy the contents in the demos/fleet_provisioning/fleet_provisioning_with_csr(or fleet_provisioning_keys_cert_demo)/example_claim_policy.json and paste it in the policy document on the AWS console.
+4. Create the policy
+
+
+### Creating the Claim Certificate
+
+1. On the side bar of the AWS IoT Core click on security > certificates > add certificate. Make the “Certificate Status” active and download the certificate files from the prompt given.
+2. Set the value of the macro CLAIM_CERT_PATH in the democonfig.h file to the path of the certificate downloaded and set the value of the macro CLAIM_PRIVATE_KEY_PATH in the democonfig.h file to the path of the private key downloaded. Alternatively you can set the values of these through command line parameters.
+3. Now click on the certificate > attach policies > select your provisioning policy made in the previous section and select attach policy.
+
+
+### Creating the IAM role for AWS IoT to create resources
+
+1. Go to the IAM Identity center and create a new IAM role
+2. Select AWS IoT when asked to select a service
+
+
+### Creating Fleet Provisioning Template
+
+1. Go to AWS IoT Core > Connect many devices > Connect many devices > create provisioning template.
+2. Select Provisioning devices with claim certificates > next
+3. Set the status to active
+4. Enter template name
+5. Enter the IAM role you created in the previous section or you can create a new one if you have not yet created it
+6. Enter the provisioning policy that you made in the very first section or create a new one if you havn’t already
+7. We do not need to do any pre-provisioning stuff hence we will select “Don’t use a pre-provisioning action”
+8. Turn the automatic thing creation option on and click next
+9. Select a policy that you wish your device should have when it is running (Permissions to connet to IoT, subscribe to some topic, publish to some topic extra) or make a new one if you do not have one already.
+10. Click next, review and create.
+
+### Configuring the demo
+Set all the necessary macro values in the demo_config.h file or alternatively you can set the values of these through command line parameters.
+

demos/greengrass/greengrass_demo_local_auth/README.md

@@ -50,13 +50,50 @@ For setting up the Greengrass core, see [the Greengrass getting started guide](h
 
 Next you will need to set up a Root CA for your Greengrass device.
 
-On the Greengrass core, run the following command:
+On the Greengrass core, run the following:
 
+1. Create private key for the CA certificate 
 ```sh
-openssl req -x509 -new -nodes -key ca.key -sha256 -days 1826 -out ca.crt
+openssl genrsa -out ca.key 2048
 ```
+2. Use the private key of CA to generate a self signed certificate
+```sh
+openssl req -x509 -new -nodes \
+-key ca.key \
+-sha256 -days 1024 \
+-out ca.pem
+```
+3. Create a private key for the Thing device.
+```sh
+openssl genrsa -out thing_private.key 2048
+```
+4. Using the private key, create a certificate signing request
+```sh
+openssl req -new \
+-key thing_private.key \
+-out thing_csr.csr
+```
+5. Using the CSR, root CA and private key of root CA , create the client certificate
+```sh
+openssl x509 -req \
+-in thing_csr.csr \
+-CA ca.pem \
+-CAkey ca.key \
+-CAcreateserial \
+-out thing_cert.pem \
+-days 500 -sha256
+```
+6. Register the CA certificate to AWS IoT by going to AWS console → AWS IoT → Security → Certificates authorities → Register CA certificate. Upload the CA certificate and CA status to active, leave other settings as default. Click on Register.
+
+7. Register the Device certificate to AWS IoT
+
+    * Go to console → AWS IoT → Security → Certificates → Add certificate → Register certificates.
+    * Select your Registered CA from the dropdown.
+    * Upload your device certificate (thing_cert.pem) and Activate it by selecting the certificate and clicking on the Activate button
+
+8. Create a new thing and link it with this new certificate thing_cert.pem and set the value of the macro `THING_NAME` in demo_config.h file to the name of this new thing
 
-This will create a custom CA cert ca.crt and private key ca.key.
+9. Set the value of the macro `CLIENT_CERT_PATH` to the path of  thing_cert.pem and the value of the macro `CLIENT_PRIVATE_KEY_PATH` thing_private.key
 
 ### Configuring the GG core for local auth and MQTT
 
@@ -68,7 +105,7 @@ Deploy the following components to your Greengrass core:
 
 Set the configuration for the aws.greengrass.clientdevices.Auth component based
 off the [provided config](./greengrass_auth_conf.json). Ensure the certificate
-paths match the files created for your custom CA above.
+paths match the files created for your custom CA above and their absolute paths are written after `file://`
 
 This config will allow associated Things to publish and subscribe to any topic
 on the Greengrass core broker.

demos/http/common/include/http_demo_s3_utils.h

@@ -91,12 +91,6 @@ extern size_t securityTokenLen;
  */
 extern const char * pExpiration;
 
-/**
- * @brief Length of expiration time for the temporary credentials retrieved
- * from AWS IoT credential provider service.
- */
-size_t expirationLen;
-
 /**
  * @brief Retrieve the temporary credentials from AWS IOT Credential Provider.
  *