Hi,
I'm working on provisioning a Pre-Shared Key (PSK) during manufacturing for an nRF5340 device. The device needs access to the PSK at runtime to generate authentication tokens with various nonces.
Setup:
- Device: nRF5340
- SDK: nRF Connect SDK v2.5.3
- Architecture: TF-M with secure/non-secure partitions
- Programming method: nrfjprog via JTAG during manufacturing
I've been exploring the Key Management Unit (KMU) as a potential solution. I can successfully write to the KMU destination and configuration registers, but encounter firmware crashes when attempting to read from the KMU location following the documentation guidelines
I am on nRF SDK v2.5.3 which blocks _ns application reading from the UICR as default, do I need to add the ranges as suggested for reading UICR OTP in this post RE: Programming and reading OTP ?
.
Even if this way works I feel its not an optimal solution as we're moving the key from secure storage to the application. Is there another way this functionality can be achieved?
Is there a recommended secure method for provisioning and accessing PSKs at manufacturing time with TF-M?
Thanks,
