[Announcement] AWS IoT Greengrass v2 now supports the use of hardware security modules (HSM)

We are pleased to announce that AWS IoT Greengrass v2 now supports the use of hardware security modules (HSM) through the PKCS#11 interface for secure storage and offloading of private keys. Customers can use the new PKCS#11 provider component to securely store and access private keys in HSMs, such as Trusted Platform Modules (TPM), or other cryptographic elements. AWS IoT Device Tester for AWS IoT Greengrass (IDT-GG) now also includes tests for device manufacturers to validate if their devices with Trusted Platform Modules (TPM) can run AWS IoT Greengrass and interoperate with AWS IoT services.
Managing the security of device fleets is a top priority for IoT customers, specially those with devices that are installed either outside company premises or in remote, unmanned areas. With this launch, you can configure AWS IoT Greengrass Core software to use the private key and certificate stored in a hardware security module (HSM) through the PKCS#11 interface (https://en.wikipedia.org/wiki/PKCS_11). To enable the AWS IoT Greengrass Core software to use the private key and certificate stored in the HSM, you can install and configure the PKCS#11 provider component when you install the AWS IoT Greengrass Core software.
AWS IoT Device Tester for AWS IoT Greengrass (IDT-GG) is a test automation tool for your Greengrass devices. IDT-GG now includes tests for device manufacturers to validate if their devices with Trusted Platform Modules (TPM) can run AWS IoT Greengrass and interoperate with AWS IoT services.
To learn more, refer to AWS IoT Greengrass developer guide (https://docs.aws.amazon.com/greengrass/v2/developerguide/hardware-security.html) and AWS IoT Device Tester for AWS IoT Greengrass developer guide (https://docs.aws.amazon.com/greengrass/v2/developerguide/dev-test-versions.html).