Open fgervais opened 3 years ago
Thanks for raising this feature request.
@fgervais We will take this feature request but it will take some time to be available in IDF mainline.
Currently we do have support for using ATECC secure element through for TLS handshake though. https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/protocols/esp_tls.html#atecc608a-secure-element-with-esp-tls
This is a good feature request. I also look forward to the update.
I think it would be better to use mbedtls. Below is an example of integrating atecc806 into mbedtls.
Is your feature request related to a problem? Please describe.
No
Describe the solution you'd like
I'd like to be able to use a secure element (ATECC608A, SE050) to do the EAP-TLS authentication. This would prevent having to add the private key embedded in the firmware.
Describe alternatives you've considered
The alternative right now is to do like here:
https://github.com/espressif/esp-idf/blob/master/examples/wifi/wpa2_enterprise/main/wpa2_enterprise_main.c
But in this case the private key is in the firmware and could possibly be extracted and used by a malicious third party to log-in to the wifi network.
Additional context
Using a pkcs11 secure element is supported by wpa_supplicant:
Example to using this feature in linux with the SE050: https://www.nxp.com/docs/en/application-note/AN12661.pdf