c3e5899658
This is a first step towards demonstrating provisioning of X.509 certificates. The device certificate signing request is created using Mbed TLS X.509 APIs. The elliptic curve key `SECP256R1` used to sign the CSR is generated inside TF-M and Mbed TLS is configured to use TF-M for crypto services. This approach will ensure that private key never leaves secure side. The CSR is encoded in JSON and is printed on the console. Signed-off-by: Devaraj Ranganna <devaraj.ranganna@linaro.org>
23 lines
892 B
YAML
23 lines
892 B
YAML
sample:
|
|
description: This app provides an example of using PSA crypto APIs
|
|
to generate device certificate signing request in Zephyr
|
|
using IPC mode.
|
|
name: PSA crypto example
|
|
tests:
|
|
sample.psa_crypto:
|
|
tags: introduction tfm crypto csr
|
|
platform_allow: mps2_an521_ns lpcxpresso55s69_ns nrf5340dk_nrf5340_cpuapp_ns
|
|
nrf9160dk_nrf9160_ns nucleo_l552ze_q_ns v2m_musca_s1_ns stm32l562e_dk_ns
|
|
bl5340_dvk_cpuapp_ns
|
|
harness: console
|
|
harness_config:
|
|
type: multi_line
|
|
regex:
|
|
- "Retrieving public key for key #1"
|
|
- "Signature verified"
|
|
- "Destroyed persistent key #1"
|
|
- "Generating 256 bytes of random data."
|
|
- "Create device Certificate Signing Request completed"
|
|
- "BEGIN CERTIFICATE REQUEST"
|
|
- "END CERTIFICATE REQUEST"
|