I am developing an AWS IOT product based on the ESP32s3. I am trying to figure out how securely provision my device with TLS certificates in mass production. I want to avoid having to program each device with a unique AWS provided cert or having to keep records of the public key generated for each device when initializing the ds_peripheral.
If I do provisioning by claim certificate, that claim certificate will be common to all devices, which is good for mass production. However, it seems to me that if I program the ds_peripheral with the claim certificates (burn the key digest into efuse), that will be useless once the device is registed becuase the unique device credential will be end up being stored in NVS.
The question is, how do I effectively leverage the ds_peripheral for security in combination with some form of AWS fleet provisioning (JITP or provisioning by claim certificate)?
To put it another way, if I ordered my esp32s pre provisioned, is there a way to connect them to AWS without having to store a bunch of certificate data and upload it to AWS to get TLS authentication working?
IOT provisioning with esp_secure_cert_mgr and ds_peripheral
-
wysoczanskim
- Posts: 1
- Joined: Tue Jan 21, 2025 11:21 am
Re: IOT provisioning with esp_secure_cert_mgr and ds_peripheral
Hi, did you figured it out? I have the same problem 
Who is online
Users browsing this forum: No registered users and 11 guests