Problem in installing GreenGrass V2 with HSM

Question

As HSM we are using the microchip tech ATECC608A.

We are using that in Greengrass v1 and it is properly working.
Here is the configuration example:
	
```
"IoTCertificate": {
    "privateKeyPath": "pkcs11:object=device;type=private",
    "certificatePath": "file:///path-to-core-device-certificate/xxx.pem.crt"
}
```

In this, we are giving certificatePath that is available on the device.
but in Greengrass v2 we have to specify the certificateFilePath as "pkcs11:object=device;type=cert".
Example config.yaml
	
```
	certificateFilePath: "pkcs11:object=iotdevicekey;type=cert"
	privateKeyPath: "pkcs11:object=iotdevicekey;type=private"
```

So is there any way to use the on-device connection certificate path in "certificateFilePath" attribute or do I have to write connection certificate in chip?

Answer

Hello,
Greengrass v2 does not support on-disk certificate for HSM integration. You must store the private key and certificate in the HSM. Here is the guideline: [Greengrass-v2- hardware-security-requirements](https://docs.aws.amazon.com/greengrass/v2/developerguide/hardware-security.html#hardware-security-requirements:~:text=You%20must%20store%20the%20private%20key%20and%20certificate%20in%20the%20HSM%20in%20the%20same%20slot%2C%20and%20they%20must%20use%20the%20same%20object%20label%20and%20object%20ID%2C%20if%20the%20HSM%20supports%20object%20IDs.). I Hope it helps.

Problem in installing GreenGrass V2 with HSM

関連するコンテンツ