Dear author:
I have a question about CLS Provison5.4-1: Hard-coded critical security parameters in device software source code shall not be used.
It seems like sensitive security parameters such as (e.g., passwords, tokens, secret keys, etc.) must be stored in trustzones such as TEE,SE and so on. For some devices, the hardware requirements are relatively high. Are there any best practices for secure storage that are not dependent on hardware?
Dear author: I have a question about CLS Provison5.4-1: Hard-coded critical security parameters in device software source code shall not be used. It seems like sensitive security parameters such as (e.g., passwords, tokens, secret keys, etc.) must be stored in trustzones such as TEE,SE and so on. For some devices, the hardware requirements are relatively high. Are there any best practices for secure storage that are not dependent on hardware?