By using AWS re:Post, you agree to the Terms of Use
/Problem in installing GreenGrass V2 with HSM/

Problem in installing GreenGrass V2 with HSM

0

As HSM we are using the microchip tech ATECC608A.

We are using that in Greengrass v1 and it is properly working. Here is the configuration example:

"IoTCertificate": {
    "privateKeyPath": "pkcs11:object=device;type=private",
    "certificatePath": "file:///path-to-core-device-certificate/xxx.pem.crt"
}

In this, we are giving certificatePath that is available on the device. but in Greengrass v2 we have to specify the certificateFilePath as "pkcs11:object=device;type=cert". Example config.yaml

	certificateFilePath: "pkcs11:object=iotdevicekey;type=cert"
	privateKeyPath: "pkcs11:object=iotdevicekey;type=private"

So is there any way to use the on-device connection certificate path in "certificateFilePath" attribute or do I have to write connection certificate in chip?

1 Answers
0

Hello, Greengrass v2 does not support on-disk certificate for HSM integration. You must store the private key and certificate in the HSM. Here is the guideline: Greengrass-v2- hardware-security-requirements. I Hope it helps.

answered 22 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions