Arduino Forum

Products => Create => IoT Cloud Beta => Topic started by: jamesjl on Apr 12, 2019, 10:23 pm

Title: Permanently configure your ATECC508A to ECC608A crypto element
Post by: jamesjl on Apr 12, 2019, 10:23 pm
Several projects (https://create.arduino.cc/projecthub/Arduino_Genuino/securely-connecting-an-arduino-nb-1500-to-azure-iot-hub-af6470) using the MKR range of boards connect to third party IoT hubs from the likes of AWS, Google & Azure. The projects state that the crypto element has to be permanently changed to allow connection to the IoT hub.


What isn't stated is if this permanent change will prevent the MKR board from being subsequently re-programmed to wirk with the Arduino IoT Cloud. The Arduino Cloud is great for quickly experimentin with an idea and losing access to it due to having to cahnge the crypto to use an X.509 cert is something I'd like to be certain about before proceeding with an external IoT hub.

Can anyone help me to confirm if this is the case?

I'm not sure if this is the best place to post this topic but given the implication to the IoT Cloud it seemed a good a place as any.

Many thanks,

Jason.
Title: Re: Permanently configure your ATECC508A to ECC608A crypto element
Post by: endorama on Apr 16, 2019, 10:59 am
Hello Jamesjl,

let me clarify this, it's a hard topic so feel free to ask more questions!

The crypto element onboard the MKR series comes from the factory in a "clean" state. This element supports different configurations to allow its use in different situations with different outcomes (this clean state allows advanced usage which is out of scope for this use case).

However, is mandatory to configure it to be able to use it; so the configuration is flashed onto the crypto element, and it must be locked for it to behave as expected.

Note that we are talking about configuration, not data.

So what is locked and how this affect the board capabilities?


We do not lock the content of the data slots.This allows the storage to be rewritten any amount of time (both private keys and certificates).

Quote
What isn't stated is if this permanent change will prevent the MKR board from being subsequently re-programmed to wirk with the Arduino IoT Cloud. The Arduino Cloud is great for quickly experimentin with an idea and losing access to it due to having to cahnge the crypto to use an X.509 cert is something I'd like to be certain about before proceeding with an external IoT hub.
To address your question directly, this permanent change does not prevent you from using the board with different cloud providers.

Hope it's clearer now!