I would like to set up an SM-DP+ server to provision my own eSIM profiles. These usually get certified by GSMA and are used for large-scale Remote SIM Provisioning, but I would want to use this for home testing only, so getting official certification would be overkill.
I understand that I will need my own mobile network to work with it, which I also want to set up at home. My main concern is that either Android or the device manufacturers impose limitations that would only allow certified eSIM profiles to be installed on a device. I was thinking of using a Google Pixel 3A for testing, so I would be installing the eSIM profiles on this phone.
I also tried to find information on what's inside a SIM profile but there isn't much on the internet. I know it contains ISMI and some shared keys which it uses to connect to the MNOs network.
I would like to know what else is needed to create a functional eSIM profile and set up a server that provisions these to a Google Pixel 3A for a mock cellular network.
Short answer: No.
Long answer: Changing your configuration and/or working in commercial space might work out.
Technical specifications regarding eSIM and Remote SIM Provisioning are provided by GSMA. They are freely available on the GSMA website.
Information regarding profiles can be found in SGP.22:
Profile - A combination of data and applications to be provisioned on an eUICC for the purpose of providing services.
Profile Component - A Profile Component is an element of the Profile, when installed in the eUICC, and MAY be one of the following:
You can get examples for test profiles from the Android Open Source Project:
Android provides downloadable test profiles for testing the radio implementation of devices supporting eSIM. For testers that need to download a test profile defined in TS.48, Android provides a mechanism in its SM-DP+ to facilitate the download of up-to-date test profiles. When a tester scans a QR code for a test profile, the SM-DP+ downloads the test profile to the target device. Because there are no download or profile policy rules implemented, there are no limits to the number of downloads or the devices that can download the profiles. The device downloading the test profiles must have a test certificate issued by a GSMA CI.
A very nice and detailed RSP overview is also given by Kigen. It shows which components are involved and how they relate to each other. In your case: Dp+ server <--> Cellular Network <--> Device (Google Pixel 3a) with Local Profile Assistant <--> eUICC (eSIM chip) already in device.
End-to-end security is built into RSP. All exchanges between the SM-DP, SM-SR, and eUICC rely on digital certificates (PKIs) or pre-shared keys (PSKs), which can be revoked at any time if security concerns arise. An eUICC receiving SMS messages uses AES encryption, and HTTPS card to server data sessions use Transport Layer Security (TLS) to protect over-the-air communication.
Usually, only the eUICC manufacturer/provider has the keys necessary to modify the concerned eUICC's content. Therefore, you will not be able to install your TLS certificate or your key(s) into it. This means that your DP+ needs to have a certificate which is issued by the GSMA Certificate Issuer in order to install a profile on your Google Pixel 3a. (This is the way the Android Open Source Project went. You ruled it out as overkill.)
Additionally, as far as I know, there are no open or free SM-DP+ server implementations available.
You might take a look at companies which offer DP+ as a cloud service and connect your mock cellular network to it.
For completeness, as far as I know, there are no open or free eSIM-capable eUICCs available. Therefore, it is not possible to circumvent the issue from that side.
A test environment matching your set-up is also described by Cellnetrix (acquired by Truphone) on Slideshare.