Hello,
We are using the nrf9160 in a custom hardware solution, with SDK v1.2.0 and modem firmware v1.1.1. There are some data items that we would like to load into NVS at the time the nrf9160 is programmed, for example if it were being flashed at the factory. Some are not security-critical, such as target server IP(s) and port(s), our in-house device IDs, and so forth. However we do have security-critical items to store -- 2 PSKs for TLS connections.
I am aware that TLS credentials can be written to/read from the modem flash using the AT command %CMNG, but only written when the modem is offline. There are certain scenarios when the application will need to refresh the PSK while maintaining an LTE connection, so I am not sure that the modem credential storage is the right solution for us. We are also rolling the wolfSSL TLS stack rather than the native TLS so we can use existing code from another cross-platform solution we've written. This means we cannot simply specify a sec_tag in the modem to use for TLS when creating a socket.
My question has 2 parts, due to the different considerations for secure and non-secure data.
1. Is there an example/guide as to how one might pre-write a set of data into NVS at the time the application processor is programmed? Is it even possible to read/write to NVS outside of runtime?
2. Are there any alternatives to modem flash for secure storage in the same vein as No. 1, that can be pre-written at the time of apps proc programming?
I appreciate any help/advice you can offer. Thank you!