We are developing a product based on ESP32-S3 and IDF 5.0.1 (current stable). There is also a Microchip ATECC680A-TNGTLS on board, though we will be using ATECC608B-TNGTLS in production.
I have the board up and running, and I am able to access the secure element using ESP-CRYPTOAUTHLIB 3.5.1 as a managed component, with functions such as device identification and reading of the device unique id and public key, so the interface is fully functional.
When I go to establish an MQTTS session esp_mqtt_set_ssl_transport_properties() reports the error:
Now, this turns out to be due to a missing configuration option in sdkconfig, specifically: CONFIG_ESP_TLS_USE_SECURE_ELEMENT. I tried to set that option via menuconfig but it simply wasn't there. When I checked the Kconfig for ESP-TLS I found:E (13583) mqtt_client: Secure element not enabled for esp-tls in menuconfig
Code: Select all
config ESP_TLS_USE_SECURE_ELEMENT
bool "Use Secure Element (ATECC608A) with ESP-TLS"
depends on [b]IDF_TARGET_ESP32[/b] && ESP_TLS_USING_MBEDTLS
I edited the Kconfig to:
Code: Select all
config ESP_TLS_USE_SECURE_ELEMENT
bool "Use Secure Element (ATECC608A) with ESP-TLS"
depends on ESP_TLS_USING_MBEDTLS
A related issue is that when the session is shut down the I2C driver is apparently unloaded, because subsequent accesses to our RTC on the same I2C bus report the error:
I know we are not the only ones to place an RTC on the same bus as the secure element.E (14338) i2c: i2c_master_cmd_begin(1481): i2c driver not installed
So, what I am asking for is:
- Would it be possible to modify the ESP-TLS Kconfig to not require only ESP32?
- Can ESP-CRYPTOAUTHLIB be modified to install without error if the I2C driver is already loaded at initialisation time, and to leave the driver in place on exit in such a case?
- While I am on the subject, esp_cryptoauthlib_utility has the same ESP32 only problem, so a --chip option would be good
Neil