Replies: 1 comment 1 reply
-
|
There is the tls_credentials library for storing the credential data. See https://github.com/zephyrproject-rtos/zephyr/tree/main/subsys/net/lib/tls_credentials for details. |
Beta Was this translation helpful? Give feedback.
-
|
Hi, thanks for the reply. Indeed it seems that that is the way the API is structured, but it requires me to either use a board that has Trusted Firmware-M support, or use the Secure Storage functionality (https://docs.zephyrproject.org/latest/services/storage/secure_storage/index.html). However, I want to use a hardware security module because it never exposes the private key to the MCU/RAM. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Dear Community,
To establish a secure connection to a server, I would like to use mutual TLS. Currently, it seems that the only way to do this is to have the device private key in memory. Since that is not an option for me, I want to use a hardware security module.
Since the TLS socket is quite abstracted away from the underlying MbedTLS, I am not sure how I can get things like a custom sign function callback.
In the end I would like to use an ATECC608B chip (i2c), for which there is also no crypto driver (although the cryptauthlib should work with Zephyr), although a more general solution would be preferred.
What is the way to go here?
Beta Was this translation helpful? Give feedback.
All reactions