Hi,
Now that I've got my board with an external MAC/phy working with my nRF52840 to do a TLS-secure http_get from google.com, I'm trying to learn about how to do proper security for my IoT device.
I need to figure out how to load (and in the future, update) certificates to my device and store them securely - preferably with EC encryption, and just in general I could use a lesson on how security works with embedded devices these days. What happens when a certificate expires - does every user have to figure out how to hook up a terminal program and put on new certificates, or is there some way to update them remotely via some kind of bootload? I'm afraid I don't even know what questions to ask. I'm an experienced embedded developer but security stuff like this just hasn't come up much until now.
It looks like the nRF52840 does not have a KMU. I did find a graphic in the nRF52840 datasheet v1.7 (Figure 44: Block diagram for CRYPTOCELL) that shows a CRYPTOCELL library interface to the flash - maybe there's a secure way to store things in an encrypted way via CRYPTOCELL?
I'd appreciate both general info about security in IoT devices and specific help with my hardware/application if possible.
Thanks!
Glen
