Added zenoh security documention

Signed-off-by: Alejandro Hernandez Cordero <[email protected]>
ros2 · Jan 29, 2025 · 608738d · 608738d
1 parent 147e736
commit 608738d
Showing 1 changed file with 55 additions and 0 deletions.
diff --git a/source/Tutorials/Advanced/Security/Introducing-ros2-security.rst b/source/Tutorials/Advanced/Security/Introducing-ros2-security.rst
@@ -181,6 +181,36 @@ This command uses the ``create_enclave`` feature which is covered in more detail
 
     Then re-run the commands above.
 
+If the selected rmw is Zenoh, then the Zenoh router requires it own keys and certificates too:
+
+.. tabs::
+
+  .. group-tab:: Linux
+
+    .. code-block:: bash
+
+      ros2 security create_enclave demo_keystore /zenohd
+
+  .. group-tab:: MacOS
+
+    .. code-block:: bash
+
+      ros2 security create_enclave demo_keystore /zenohd
+
+  .. group-tab:: Windows
+
+    .. code-block:: bat
+
+      ros2 security create_enclave demo_keystore /zenohd
+
+
+    If ``unable to write 'random state'`` appears then set the environment variable ``RANDFILE``.
+
+    .. code-block:: bat
+
+      set RANDFILE=C:\dev\ros2\sros2_demo\.rnd
+
+    Then re-run the commands above.
 
 4\. Configure environment variables
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
@@ -234,6 +264,31 @@ The environment variables in this terminal must be properly set as described in
 
   ros2 run demo_nodes_py listener --ros-args --enclave /talker_listener/listener
 
+If the rmw is Zenoh, in another terminal:
+
+.. tabs::
+
+  .. group-tab:: Linux
+
+    .. code-block:: bash
+
+      export ZENOH_ROUTER_CONFIG_URI=<path to route config with keys and certificates>
+      ros2 run rmw_zenoh_cpp zenohd
+
+  .. group-tab:: MacOS
+
+    .. code-block:: bash
+
+      export ZENOH_ROUTER_CONFIG_URI=<path to route config with keys and certificates>
+      ros2 run rmw_zenoh_cpp zenohd
+
+  .. group-tab:: Windows
+
+    .. code-block:: bat
+
+      set ZENOH_ROUTER_CONFIG_URI=<path to route config with keys and certificates>
+      ros2 run rmw_zenoh_cpp zenohd
+
 These nodes will be communicating using authentication and encryption!
 If you look at the packet contents (for example, using ``tcpdump`` or ``Wireshark`` as covered in another tutorial), you can see that the messages are encrypted.