Open BenBaratte opened 3 years ago
BenBaratte- thanks for reaching out. Will discuss with the team.
Plus one from me!
Despite code security, also storage of credentials in a TPM or SE is essential.
This is a blocker for us to switch from aws-iot-device-sdk-cpp-v1 to aws-iot-device-sdk-cpp-v2
V1 has openssl support, which enables us to use TPM and SE.
Is PKCS11 an option @iot-suite? https://github.com/awslabs/aws-c-io/pull/428
Problem:
S2N does not offer the possibility do use OpenSSL engine. In order to increase embedded devices security, hardware secure element like a TPM can be used to store device private key. Generally secure element provide OpenSSL engine to integrate within OpenSSL application framework.
Solution:
The solution is to add parameter to point one or more OpenSSL engine to load.
Requirements / Acceptance Criteria:
The implementation shall be able to use the TSS2 TPM engine (https://github.com/tpm2-software/tpm2-tss-engine)
Check that the ciphersuite configuration is enough to reflect the OpenSSL Engine capabilities.