CPS STM32 Bench Node (USB serial)

This runbook brings up the STM32F401 access node on a bare WeAct Blackpill over USB CDC-ACM serial, with a host bridge that republishes its events into the existing MQTT ingest path. See ADR 042 for the rationale (no W5500 or PN532 on the bench, so the architecture's W5500/MQTT transport is replaced by USB serial).

Hardware

WeAct STM32F401CCU6 Blackpill (256 KB flash), connected by USB-C.
ST-Link V2 on the SWD header (SWDIO, SWCLK, GND, 3V3) for flashing and logs.
No external peripherals. The onboard PC13 LED and PA0 KEY button are used.

What the firmware does

Presents a USB serial port and emits one line per event as <topic>\t<payload> using the shared aurora-firmware-contracts format.
PC13 LED reflects the lock state: off when Locked, on when Unlocked, blinking under Lockdown.
PA0 KEY button simulates a badge read (cycling a small UID table) and requests an unlock.
Publishes periodic status (every 30 s) and real MCU die-temperature telemetry (every 10 s) read from the ADC internal temperature sensor.
Accepts commands written back over serial: unlock, lock, lockdown, lockdown_clear, keepalive. A fail-secure watchdog relocks the door if the host link goes silent for 70 s.

Flash and observe

From firmware/embassy-stm32/projects/stm32f401_access_node:

export DEVICE_ID="stm32f401-access-01"
cargo run --release        # probe-rs flashes via ST-Link and streams defmt RTT

The RTT log shows boot, status, telemetry, and a line per button press. A /dev/ttyACM* serial port also appears for the USB CDC interface. To watch the raw framed lines directly:

cat /dev/ttyACM0      # topic<TAB>payload lines on the status/telemetry interval

Run the host bridge

Start Mosquitto (from infra/), then run the bridge so its lines reach the backend. The bridge is opt-in:

export SERIAL_BRIDGE_ENABLED=true
export SERIAL_BRIDGE_PORT=/dev/ttyACM0
export SERIAL_BRIDGE_DEVICE_ID=stm32f401-access-01
python -m aurorasoc.tools.cps.serial_bridge

When the API runs with SERIAL_BRIDGE_ENABLED=true, the bridge also starts automatically in the API lifespan, so a separate process is not required.

End-to-end check

Press the KEY button. A badge event publishes on aurora/access/stm32f401-access-01/badge_event and an access event appears in the console CPS overview.
Telemetry on aurora/sensors/stm32f401-access-01/telemetry lands as temperature_c readings.
Publish a command to drive the lock:
```
mosquitto_pub -t aurora/access/stm32f401-access-01/command -m unlock
```
The PC13 LED turns on for the unlock window, then auto-relocks.

Notes

The bench node has no secure element wired, so attestation requests are not answered and the device stays in the PENDING attestation state by design.
For a node with a real PN532 reader and a solenoid lock, see the CPS STM32 Door Node runbook. It uses the same USB serial bridge and the pn532-async driver crate, and adds backend-authorized unlock.

Hardware​

What the firmware does​

Flash and observe​

Run the host bridge​

End-to-end check​

Notes​