diff --git a/.github/scripts/atecc-sdkconfig.defaults b/.github/scripts/atecc-sdkconfig.defaults
new file mode 100644
index 00000000..a29a390a
--- /dev/null
+++ b/.github/scripts/atecc-sdkconfig.defaults
@@ -0,0 +1,11 @@
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# SPDX-License-Identifier: MIT
+
+CONFIG_FREERTOS_USE_TRACE_FACILITY=y
+CONFIG_FREERTOS_GENERATE_RUN_TIME_STATS=y
+CONFIG_AZURE_SAMPLE_USE_PLUG_AND_PLAY=y
+
+# ATECC Configuration
+CONFIG_ESP_TLS_USE_SECURE_ELEMENT=y
+CONFIG_MBEDTLS_ATCA_HW_ECDSA_SIGN=y
+CONFIG_MBEDTLS_ATCA_HW_ECDSA_VERIFY=y
diff --git a/.github/scripts/ci_tests.sh b/.github/scripts/ci_tests.sh
index d4fd2419..efcfb790 100755
--- a/.github/scripts/ci_tests.sh
+++ b/.github/scripts/ci_tests.sh
@@ -13,7 +13,7 @@ set -o pipefail # Exit if pipe failed.
TEST_SCRIPT_DIR=`dirname "$0"`
TEST_FREERTOS_SRC=`pwd`/libs/FreeRTOS
-RUN_BOARDS_BUILD=${@:-"-st -nxp -pc -esp"}
+RUN_BOARDS_BUILD=${@:-"-st -nxp -pc -esp -esp-atecc"}
FREERTOS_FETCHED=0
function exit_if_binary_does_not_exist()
@@ -40,6 +40,21 @@ function sample_build() {
idf.py build -DCMAKE_BUILD_TYPE=$buildver -C ./demos/projects/ESPRESSIF/$board
echo -e "::group::Print Size for $board $buildver"
ninja -C ./demos/projects/ESPRESSIF/$board/build size-components
+ elif [ $vendor == "ESPRESSIF-ATECC" ]
+ then
+ echo -e "::group::Cleaning Repo"
+ git clean -xdf
+ echo -e "::group::Configuring ESP32 with ATECC"
+ rm -f ./demos/projects/ESPRESSIF/$board/sdkconfig.defaults
+ cp -f ./.github/scripts/atecc-sdkconfig.defaults ./demos/projects/ESPRESSIF/$board/sdkconfig.defaults
+ echo -e "::group::IDF reconfigure - download ESP-CryptoauthLib"
+ idf.py reconfigure -C ./demos/projects/ESPRESSIF/$board
+ echo -e "::group::IDF reconfigure - configure ESP-CryptoauthLib"
+ idf.py reconfigure -C ./demos/projects/ESPRESSIF/$board
+ echo -e "::group::IDF build"
+ idf.py build -DCMAKE_BUILD_TYPE=$buildver -C ./demos/projects/ESPRESSIF/$board
+ echo -e "::group::Print Size for $board $buildver"
+ ninja -C ./demos/projects/ESPRESSIF/$board/build size-components
elif [ $vendor == "PC" ]
then
echo -e "::group::Build PC with GCC"
@@ -84,6 +99,17 @@ do
sample_build "ESPRESSIF" "aziotkit" "build" "Release"
exit_if_binary_does_not_exist "./demos/projects/ESPRESSIF/aziotkit/build" "azure_iot_freertos_esp32.bin"
;;
+ "-esp-atecc")
+ echo -e "::group::Building sample for ESPRESSIF ESP32 with ATECC608 port - Debug"
+ sample_build "ESPRESSIF-ATECC" "esp32" "build" "Debug"
+ exit_if_binary_does_not_exist "./demos/projects/ESPRESSIF/esp32/build" "azure_iot_freertos_esp32.bin"
+
+ rm -rf build
+
+ echo -e "::group::Building sample for ESPRESSIF ESP32 with ATECC608 port - Release"
+ sample_build "ESPRESSIF-ATECC" "esp32" "build" "Release"
+ exit_if_binary_does_not_exist "./demos/projects/ESPRESSIF/esp32/build" "azure_iot_freertos_esp32.bin"
+ ;;
"-nxp")
fetch_freertos
diff --git a/.github/workflows/ci_tests_linux.yml b/.github/workflows/ci_tests_linux.yml
index 6a79c6b1..03427181 100644
--- a/.github/workflows/ci_tests_linux.yml
+++ b/.github/workflows/ci_tests_linux.yml
@@ -27,3 +27,5 @@ jobs:
run: sudo bash -c ".github/scripts/ci_tests.sh -st"
- name: Build ESP32 Samples
run: docker run -v "${PWD}:/iot-middleware-freertos-samples" -w /iot-middleware-freertos-samples espressif/idf:v4.3 .github/scripts/ci_tests.sh -esp
+ - name: Build ESP32-ATECC Samples
+ run: docker run -v "${PWD}:/iot-middleware-freertos-samples" -w /iot-middleware-freertos-samples espressif/idf:v4.3 .github/scripts/ci_tests.sh -esp-atecc
diff --git a/.gitignore b/.gitignore
index 35cb1eee..267f2022 100644
--- a/.gitignore
+++ b/.gitignore
@@ -361,6 +361,7 @@ build/
# ESP-IDF config files
sdkconfig*
+dependencies.lock
# Gate build directories
/build_pc_linux
@@ -368,3 +369,7 @@ sdkconfig*
/build_st_b-l4s5i-iot01a
/build_st_b-l475e-iot01a
/build_st_stm32h745i-disco
+
+# VSCode settings
+**/settings.json
+**/c_cpp_properties.json
diff --git a/demos/projects/ESPRESSIF/esp32/.vscode/launch.json b/demos/projects/ESPRESSIF/esp32/.vscode/launch.json
new file mode 100644
index 00000000..ff99b434
--- /dev/null
+++ b/demos/projects/ESPRESSIF/esp32/.vscode/launch.json
@@ -0,0 +1,51 @@
+{
+ "version": "0.2.0",
+ "configurations": [
+ {
+ "name": "ESP32-Debug",
+ "type": "cppdbg",
+ "request": "launch",
+ "MIMode": "gdb",
+ "miDebuggerPath": "${command:espIdf.getXtensaGdb}",
+ "program": "${workspaceFolder}/build/${command:espIdf.getProjectName}.elf",
+ "windows": {
+ "program": "${workspaceFolder}\\build\\${command:espIdf.getProjectName}.elf"
+ },
+ "cwd": "${workspaceFolder}",
+ "environment": [{ "name": "PATH", "value": "${config:idf.customExtraPaths}" }],
+ "setupCommands": [
+ { "text": "target remote :3333" },
+ { "text": "set remote hardware-watchpoint-limit 2"},
+ { "text": "mon reset halt" },
+ { "text": "thb app_main" },
+ { "text": "flushregs" }
+ ],
+ "externalConsole": false,
+ "logging": {
+ "engineLogging": false
+ }
+ },
+ {
+ "name": "ESP32-Attach",
+ "type": "cppdbg",
+ "request": "launch",
+ "MIMode": "gdb",
+ "miDebuggerPath": "${command:espIdf.getXtensaGdb}",
+ "program": "${workspaceFolder}/build/${command:espIdf.getProjectName}.elf",
+ "windows": {
+ "program": "${workspaceFolder}\\build\\${command:espIdf.getProjectName}.elf"
+ },
+ "cwd": "${workspaceFolder}",
+ "environment": [{ "name": "PATH", "value": "${config:idf.customExtraPaths}" }],
+ "setupCommands": [
+ { "text": "target remote :3333" },
+ { "text": "set remote hardware-watchpoint-limit 2"},
+ { "text": "flushregs" }
+ ],
+ "externalConsole": false,
+ "logging": {
+ "engineLogging": false
+ }
+ }
+ ]
+}
diff --git a/demos/projects/ESPRESSIF/esp32/CMakeLists.txt b/demos/projects/ESPRESSIF/esp32/CMakeLists.txt
index 2e05c25d..26c0f1bb 100644
--- a/demos/projects/ESPRESSIF/esp32/CMakeLists.txt
+++ b/demos/projects/ESPRESSIF/esp32/CMakeLists.txt
@@ -7,3 +7,18 @@ cmake_minimum_required(VERSION 3.13)
include($ENV{IDF_PATH}/tools/cmake/project.cmake)
project(azure_iot_freertos_esp32)
+
+if(${CONFIG_ESP_TLS_USE_SECURE_ELEMENT})
+ if(${CONFIG_MBEDTLS_ATCA_HW_ECDSA_SIGN} AND ${CONFIG_MBEDTLS_ATCA_HW_ECDSA_VERIFY})
+ include(FetchContent)
+ if(NOT esp-cryptoauthlib_POPULATED)
+ FetchContent_Populate(esp-cryptoauthlib
+ GIT_REPOSITORY https://github.com/espressif/esp-cryptoauthlib
+ GIT_TAG 985ea960f83f67f66881e2dae57097e2a07b92a0
+ SOURCE_DIR "${CMAKE_CURRENT_SOURCE_DIR}/components/esp-cryptoauthlib"
+ )
+ endif()
+ else()
+ message(FATAL_ERROR "To use the Microchip ATECC608 secure element, refer to the README_ATECC608_Support.md !!")
+ endif()
+endif()
diff --git a/demos/projects/ESPRESSIF/esp32/README_ATECC608_Support.md b/demos/projects/ESPRESSIF/esp32/README_ATECC608_Support.md
new file mode 100644
index 00000000..05511d4a
--- /dev/null
+++ b/demos/projects/ESPRESSIF/esp32/README_ATECC608_Support.md
@@ -0,0 +1,56 @@
+# Support for Microchip ATECC608 Secure Element For ESP32 Platforms
+
+## Pre-conditions
+
+- Ensure that the project is clean. Use `rm -rf build/` to ensure a clean slate.
+- Ensure that you are using the default sdkconfig. Use `rm sdkconfig` just to be sure.
+- Ensure internet connectivity to enable successful download of `esp-cryptoauthlib` component.
+
+## Steps to add Microchip ATECC608 Secure Element support
+
+Perform the below steps **before doing any application-level configuration like Wi-Fi settings, Azure Samples configuration, etc.**
+
+### Step 1 - Kconfig configuration
+
+- Open kconfig menu using `idf.py menuconfig`
+- Navigate: `Component Config` --> `ESP-TLS`
+- Enable: `Use Secure Element (ATECC608A) with ESP-TLS`
+
+
+- Navigate: `Component Config` --> `mbedTLS`
+- Enable: `Enable hardware ECDSA Sign acceleration when using ATECC608A`
+- Enable: `Enable hardware ECDSA Verify acceleration when using ATECC608A`
+
+
+- Save configuration and exit
+
+### Step 2 - Run menuconfig again
+
+- Open kconfig menu again using `idf.py menuconfig` - observe the output, esp-cryptoauthlib should be downloaded this time since secure element support is now enabled.
+
+
+- Exit the kconfig menu - we are ready to try a build now
+- Observe that `esp-cryptoauthlib` is located inside `components/` folder and should be picked up by Ninja during the test build
+
+
+### Step 3 - Try a build
+
+- Try a build using `idf.py build` - observe the output, esp-cryptoauthlib should be built along with relevant mbedTLS support
+
+**If build is successful**, you are now ready to make application-level configurations like Wi-Fi settings, Azure Samples settings, ATECC608 pin settings, etc.
+
+**If build fails**, ensure that above steps are followed correctly. Before re-attempting the process,
+- delete the build directory using `rm -rf build/`
+- delete the sdkconfig file by using `rm sdkconfig`.
+
+## FAQ
+
+**Q:** Why do I need to open the menuconfig a second time after enabling secure element support?
+
+**A:** If this step is not done, although the esp-cryptoauthlib gets downloaded correctly during the build attempt, the build fails due to the way mbedTLS component is configured at build time. Running the menuconfig command immediately after enabling secure element support does the necessary linkages that can be picked up at the first build attempt.
+
+
+**Q:** What is the right way to remove ATECC608 support?
+
+**A:** To completely remove ATECC608 support, it is best to start with a clean slate to avoid any dependency issues. Delete the build folder (`rm -rf build/`), delete the sdkconfig (`rm sdkconfig`) and delete the esp-cryptoauthlib from components/ folder.
+
\ No newline at end of file
diff --git a/demos/projects/ESPRESSIF/esp32/components/sample-azure-iot/transport_tls_esp32.c b/demos/projects/ESPRESSIF/esp32/components/sample-azure-iot/transport_tls_esp32.c
index 192f0a4f..3a910fba 100644
--- a/demos/projects/ESPRESSIF/esp32/components/sample-azure-iot/transport_tls_esp32.c
+++ b/demos/projects/ESPRESSIF/esp32/components/sample-azure-iot/transport_tls_esp32.c
@@ -38,6 +38,184 @@
/* TLS includes. */
#include "esp_transport_ssl.h"
+#include "demo_config.h"
+
+/* For using the ATECC608 secure element if support is configured */
+#ifdef democonfigUSE_HSM
+ #include "cryptoauthlib.h"
+#endif
+
+static const char *TAG = "tls_freertos";
+
+#ifdef democonfigUSE_HSM
+
+#define tlsesp32SERIAL_NUMBER_SIZE 9
+#define tlsesp32REGISTRATION_ID_SIZE 21
+
+#if defined(CONFIG_ATECC608A_TNG)
+/**
+ * @brief [Trust&GO] Dynamically generate and write the registration ID as a
+ * string into the passed pointer
+ *
+ * @param[in,out] ppcRegistrationId Input: Pointer to a null pointer,
+ * Output: Pointer to a null-terminated string
+ * @param[in] pucHsmData Pointer to a buffer holding data to be passed
+ * (if any) to help generate the Registration ID
+ * @param[in] ulHsmDataLength Length of the buffer passed in the
+ * second parameter
+ *
+ * @return 0 if everything went through correctly
+ */
+static uint32_t getRegistrationIdFromTNG( char **ppcRegistrationId,\
+ uint8_t *pucHsmData,\
+ uint32_t ulHsmDataLength ) {
+
+ /* We don't check for NULL-ness of the input or the
+ ability to talk to the HSM - the getRegistrationId(...)
+ function does that already
+ */
+
+ *ppcRegistrationId = malloc(tlsesp32REGISTRATION_ID_SIZE);
+ if(*ppcRegistrationId == NULL) {
+ return 3;
+ }
+ sprintf(*ppcRegistrationId,"sn%02X%02X%02X%02X%02X%02X%02X%02X%02X",pucHsmData[0],pucHsmData[1],\
+ pucHsmData[2],pucHsmData[3],pucHsmData[4],pucHsmData[5],pucHsmData[6],pucHsmData[7],pucHsmData[8]);
+ *(*ppcRegistrationId + tlsesp32REGISTRATION_ID_SIZE - 1) = '\0';
+
+ return 0;
+}
+
+#elif defined(CONFIG_ATECC608A_TFLEX)
+/**
+ * @brief [TrustFLEX] Dynamically generate and write the registration ID as a
+ * string into the passed pointer
+ *
+ * @param[in,out] ppcRegistrationId Input: Pointer to a null pointer,
+ * Output: Pointer to a null-terminated string
+ * @param[in] pucHsmData Pointer to a buffer holding data to be passed
+ * (if any) to help generate the Registration ID
+ * @param[in] ulHsmDataLength Length of the buffer passed in the
+ * second parameter
+ *
+ * @return 0 if everything went through correctly
+ */
+static uint32_t getRegistrationIdFromTFLX( char **ppcRegistrationId,\
+ uint8_t *pucHsmData,\
+ uint32_t ulHsmDataLength ) {
+
+ /* We don't check for NULL-ness of the input or the
+ ability to talk to the HSM - the getRegistrationId(...)
+ function does that already
+ */
+ /* TODO: Replace the below with your own implementation - the provided
+ implementation is applicable to TFLX-PROTO devices only
+ */
+ *ppcRegistrationId = malloc(tlsesp32REGISTRATION_ID_SIZE);
+ if(*ppcRegistrationId == NULL) {
+ return 3;
+ }
+ sprintf(*ppcRegistrationId,"sn%02X%02X%02X%02X%02X%02X%02X%02X%02X",pucHsmData[0],pucHsmData[1],\
+ pucHsmData[2],pucHsmData[3],pucHsmData[4],pucHsmData[5],pucHsmData[6],pucHsmData[7],pucHsmData[8]);
+ *(*ppcRegistrationId + tlsesp32REGISTRATION_ID_SIZE - 1) = '\0';
+
+ return 0;
+}
+
+#elif defined(CONFIG_ATECC608A_TCUSTOM)
+/**
+ * @brief [TrustCUSTOM] Dynamically generate and write the registration ID as a
+ * string into the passed pointer
+ *
+ * @param[in,out] ppcRegistrationId Input: Pointer to a null pointer,
+ * Output: Pointer to a null-terminated string
+ * @param[in] pucHsmData Pointer to a buffer holding data to be passed
+ * (if any) to help generate the Registration ID
+ * @param[in] ulHsmDataLength Length of the buffer passed in the
+ * second parameter
+ *
+ * @return 0 if everything went through correctly
+ */
+static uint32_t getRegistrationIdFromTCSM( char **ppcRegistrationId,\
+ uint8_t *pucHsmData,\
+ uint32_t ulHsmDataLength ) {
+
+ /* We don't check for NULL-ness of the input or the
+ ability to talk to the HSM - the getRegistrationId(...)
+ function does that already
+ */
+ /* TODO: Replace the below with your own implementation - the provided
+ implementation is applicable to certs generated using esp-cryptoauth
+ tool only
+ */
+ *ppcRegistrationId = malloc(tlsesp32REGISTRATION_ID_SIZE - 2);
+ if(*ppcRegistrationId == NULL) {
+ return 3;
+ }
+
+ sprintf(*ppcRegistrationId,"%02X%02X%02X%02X%02X%02X%02X%02X%02X",pucHsmData[0],pucHsmData[1],\
+ pucHsmData[2],pucHsmData[3],pucHsmData[4],pucHsmData[5],pucHsmData[6],pucHsmData[7],pucHsmData[8]);
+ *(*ppcRegistrationId + tlsesp32REGISTRATION_ID_SIZE - 3) = '\0';
+ return 0;
+}
+#endif
+
+/**
+ * @brief Dynamically generate and write the registration ID as a
+ * string into the passed pointer
+ *
+ * @param[in,out] ppcRegistrationId Input: Pointer to a null pointer,
+ * Output: Pointer to a null-terminated string
+ *
+ * @return 1 if the input is not a pointer to a NULL pointer,
+ * 2 if we are not able to talk to the HSM
+ * 3 if something else went wrong (eg: memory allocation failed)
+ * 0 if everything went through correctly
+ */
+uint32_t getRegistrationId( char **ppcRegistrationId ) {
+
+ if(*ppcRegistrationId != NULL) {
+ return 1;
+ }
+ uint32_t ret = 0;
+ uint8_t sernum[tlsesp32SERIAL_NUMBER_SIZE];
+ ATCA_STATUS s;
+ s = atcab_read_serial_number(sernum);
+ if(s != ATCA_SUCCESS) {
+ ESP_LOGE( TAG, "Failed to read serial number from ATECC608" );
+ return 2;
+ }
+
+ #if defined(CONFIG_ATECC608A_TNG)
+ ret = getRegistrationIdFromTNG(ppcRegistrationId,sernum,tlsesp32SERIAL_NUMBER_SIZE);
+ if(ret != 0) {
+ ESP_LOGE(TAG, "[TNG] Registration ID Gen Error!");
+ return ret;
+ }
+
+ #elif defined(CONFIG_ATECC608A_TFLEX)
+ ret = getRegistrationIdFromTFLX(ppcRegistrationId,sernum,tlsesp32SERIAL_NUMBER_SIZE);
+ if(ret != 0) {
+ ESP_LOGE(TAG, "[TFLX] Registration ID Gen Error!");
+ return ret;
+ }
+
+ #elif defined(CONFIG_ATECC608A_TCUSTOM)
+ ret = getRegistrationIdFromTCSM(ppcRegistrationId,sernum,tlsesp32SERIAL_NUMBER_SIZE);
+ if(ret != 0) {
+ ESP_LOGE(TAG, "[TCSM] Registration ID Gen Error!");
+ return ret;
+ }
+
+ #endif
+
+ ESP_LOGI( TAG, "Registration ID is %s", *ppcRegistrationId );
+ return 0;
+ }
+
+#endif /* democonfigUSE_HSM */
+
+
/**
* @brief Definition of the network context for the transport interface
* implementation that uses mbedTLS and FreeRTOS+TLS sockets.
@@ -49,7 +227,7 @@ struct NetworkContext
uint32_t ulSendTimeoutMs;
};
-static const char *TAG = "tls_freertos";
+
/*-----------------------------------------------------------*/
TlsTransportStatus_t TLS_Socket_Connect( NetworkContext_t * pNetworkContext,
@@ -90,6 +268,28 @@ TlsTransportStatus_t TLS_Socket_Connect( NetworkContext_t * pNetworkContext,
{
esp_transport_ssl_set_cert_data_der( pNetworkContext->xTransport, ( const char * ) pNetworkCredentials->pucRootCa, pNetworkCredentials->xRootCaSize );
}
+#ifdef democonfigUSE_HSM
+
+ esp_transport_ssl_use_secure_element( pNetworkContext->xTransport );
+
+ #if defined(CONFIG_ATECC608A_TCUSTOM) || defined(CONFIG_ATECC608A_TFLEX)
+ /* This is TrustCUSTOM or TrustFLEX chip - the private key will be used from the ATECC608 device slot 0.
+ We will plug in your custom device certificate here (should be in DER format).
+ */
+ if ( pNetworkCredentials->pucClientCert )
+ {
+ esp_transport_ssl_set_client_cert_data_der( pNetworkContext->xTransport, ( const char *) pNetworkCredentials->pucClientCert, pNetworkCredentials->xClientCertSize );
+ }
+
+
+ #else
+ /* This is the Trust&GO chip - the private key will be used from ATECC608 device slot 0.
+ We don't need to add certs to the network context as the esp-tls does that for us using cryptoauthlib API.
+ */
+
+ #endif
+
+#else
if ( pNetworkCredentials->pucClientCert )
{
@@ -101,6 +301,8 @@ TlsTransportStatus_t TLS_Socket_Connect( NetworkContext_t * pNetworkContext,
esp_transport_ssl_set_client_key_data_der( pNetworkContext->xTransport, (const char *) pNetworkCredentials->pucPrivateKey, pNetworkCredentials->xPrivateKeySize );
}
+#endif
+
if ( esp_transport_connect( pNetworkContext->xTransport, pHostName, usPort, ulReceiveTimeoutMs ) < 0 )
{
ESP_LOGE( TAG, "Failed establishing TLS connection (esp_transport_connect failed)" );
diff --git a/demos/projects/ESPRESSIF/esp32/config/demo_config.h b/demos/projects/ESPRESSIF/esp32/config/demo_config.h
index 97b33fa6..1d31c0b0 100644
--- a/demos/projects/ESPRESSIF/esp32/config/demo_config.h
+++ b/demos/projects/ESPRESSIF/esp32/config/demo_config.h
@@ -496,4 +496,29 @@ static unsigned char root_cert_array[] = {
*/
#define configRAND32() (rand()/RAND_MAX)
+/**
+ * @brief Defines the macro for HSM usage depending on whether
+ * the support for ATECC608 is enabled in the kconfig menu
+ */
+#ifdef CONFIG_ESP_TLS_USE_SECURE_ELEMENT
+ #if CONFIG_MBEDTLS_ATCA_HW_ECDSA_SIGN & CONFIG_MBEDTLS_ATCA_HW_ECDSA_VERIFY
+ #define democonfigUSE_HSM
+
+ /**
+ * @brief Dynamically generate and write the registration ID as a
+ * string into the passed pointer
+ *
+ * @param[in,out] ppcRegistrationId Input: Pointer to a null pointer,
+ * Output: Pointer to a null-terminated string
+ *
+ * @return 1 if the input is not a pointer to a NULL pointer,
+ * 2 if we are not able to talk to the HSM
+ * 3 if something else went wrong (eg: memory allocation failed)
+ * 0 if everything went through correctly
+ */
+
+ uint32_t getRegistrationId( char **ppcRegistrationId );
+ #endif
+#endif /* CONFIG_ESP_TLS_USE_SECURE_ELEMENT */
+
#endif /* DEMO_CONFIG_H */
diff --git a/demos/projects/ESPRESSIF/esp32/images/Step1_ESPTLS_Config.png b/demos/projects/ESPRESSIF/esp32/images/Step1_ESPTLS_Config.png
new file mode 100644
index 00000000..50adda8f
Binary files /dev/null and b/demos/projects/ESPRESSIF/esp32/images/Step1_ESPTLS_Config.png differ
diff --git a/demos/projects/ESPRESSIF/esp32/images/Step1_mbedTLS_Config.png b/demos/projects/ESPRESSIF/esp32/images/Step1_mbedTLS_Config.png
new file mode 100644
index 00000000..e8e4777e
Binary files /dev/null and b/demos/projects/ESPRESSIF/esp32/images/Step1_mbedTLS_Config.png differ
diff --git a/demos/projects/ESPRESSIF/esp32/images/Step2_esp-cryptoauthlib_downloaded.png b/demos/projects/ESPRESSIF/esp32/images/Step2_esp-cryptoauthlib_downloaded.png
new file mode 100644
index 00000000..c4473dce
Binary files /dev/null and b/demos/projects/ESPRESSIF/esp32/images/Step2_esp-cryptoauthlib_downloaded.png differ
diff --git a/demos/projects/ESPRESSIF/esp32/images/Step2_esp-cryptoauthlib_inside_components.png b/demos/projects/ESPRESSIF/esp32/images/Step2_esp-cryptoauthlib_inside_components.png
new file mode 100644
index 00000000..da361e67
Binary files /dev/null and b/demos/projects/ESPRESSIF/esp32/images/Step2_esp-cryptoauthlib_inside_components.png differ
diff --git a/demos/sample_azure_iot/sample_azure_iot.c b/demos/sample_azure_iot/sample_azure_iot.c
index de5769e7..ddc4e6fe 100644
--- a/demos/sample_azure_iot/sample_azure_iot.c
+++ b/demos/sample_azure_iot/sample_azure_iot.c
@@ -503,13 +503,31 @@ static void prvAzureDemoTask( void * pvParameters )
xTransport.xSend = TLS_Socket_Send;
xTransport.xRecv = TLS_Socket_Recv;
+ #ifdef democonfigUSE_HSM
+
+ /* Redefine the democonfigREGISTRATION_ID macro using registration ID
+ * generated dynamically using the HSM */
+
+ /* We use a pointer instead of a buffer so that the getRegistrationId
+ * function can allocate the necessary memory depending on the HSM */
+ char * registration_id = NULL;
+ ulStatus = getRegistrationId( ®istration_id );
+ configASSERT( ulStatus == 0 );
+#undef democonfigREGISTRATION_ID
+ #define democonfigREGISTRATION_ID registration_id
+ #endif
+
xResult = AzureIoTProvisioningClient_Init( &xAzureIoTProvisioningClient,
( const uint8_t * ) democonfigENDPOINT,
sizeof( democonfigENDPOINT ) - 1,
( const uint8_t * ) democonfigID_SCOPE,
sizeof( democonfigID_SCOPE ) - 1,
( const uint8_t * ) democonfigREGISTRATION_ID,
- sizeof( democonfigREGISTRATION_ID ) - 1,
+ #ifdef democonfigUSE_HSM
+ strlen( democonfigREGISTRATION_ID ),
+ #else
+ sizeof( democonfigREGISTRATION_ID ) - 1,
+ #endif
NULL, ucMQTTMessageBuffer, sizeof( ucMQTTMessageBuffer ),
ullGetUnixTime,
&xTransport );
diff --git a/demos/sample_azure_iot_gsg/sample_azure_iot_gsg.c b/demos/sample_azure_iot_gsg/sample_azure_iot_gsg.c
index b63330cc..06781359 100644
--- a/demos/sample_azure_iot_gsg/sample_azure_iot_gsg.c
+++ b/demos/sample_azure_iot_gsg/sample_azure_iot_gsg.c
@@ -32,6 +32,7 @@
/* Board specific implementation */
#include "sample_gsg_device.h"
+
/*-----------------------------------------------------------*/
/* Compile time error for undefined configs. */
@@ -128,6 +129,7 @@ struct NetworkContext
};
/*-----------------------------------------------------------*/
+
/* Define buffer for IoT Hub info. */
#ifdef democonfigENABLE_DPS_SAMPLE
@@ -643,13 +645,31 @@ static uint32_t prvConnectToServerWithBackoffRetries( const char * pcHostName,
xTransport.xSend = TLS_Socket_Send;
xTransport.xRecv = TLS_Socket_Recv;
+ #ifdef democonfigUSE_HSM
+
+ /* Redefine the democonfigREGISTRATION_ID macro using registration ID
+ * generated dynamically using the HSM */
+
+ /* We use a pointer instead of a buffer so that the getRegistrationId
+ * function can allocate the necessary memory depending on the HSM */
+ char * registration_id = NULL;
+ ulStatus = getRegistrationId( ®istration_id );
+ configASSERT( ulStatus == 0 );
+#undef democonfigREGISTRATION_ID
+ #define democonfigREGISTRATION_ID registration_id
+ #endif
+
xResult = AzureIoTProvisioningClient_Init( &xAzureIoTProvisioningClient,
( const uint8_t * ) democonfigENDPOINT,
sizeof( democonfigENDPOINT ) - 1,
( const uint8_t * ) democonfigID_SCOPE,
sizeof( democonfigID_SCOPE ) - 1,
( const uint8_t * ) democonfigREGISTRATION_ID,
- sizeof( democonfigREGISTRATION_ID ) - 1,
+ #ifdef democonfigUSE_HSM
+ strlen( democonfigREGISTRATION_ID ),
+ #else
+ sizeof( democonfigREGISTRATION_ID ) - 1,
+ #endif
NULL, ucMQTTMessageBuffer, sizeof( ucMQTTMessageBuffer ),
ullGetUnixTime,
&xTransport );
diff --git a/demos/sample_azure_iot_pnp/sample_azure_iot_pnp.c b/demos/sample_azure_iot_pnp/sample_azure_iot_pnp.c
index 55c9cc3b..618ca85f 100644
--- a/demos/sample_azure_iot_pnp/sample_azure_iot_pnp.c
+++ b/demos/sample_azure_iot_pnp/sample_azure_iot_pnp.c
@@ -32,6 +32,7 @@
/* Data Interface Definition */
#include "sample_azure_iot_pnp_data_if.h"
+
/*-----------------------------------------------------------*/
/* Compile time error for undefined configs. */
@@ -518,13 +519,31 @@ static void prvAzureDemoTask( void * pvParameters )
xTransport.xSend = TLS_Socket_Send;
xTransport.xRecv = TLS_Socket_Recv;
+ #ifdef democonfigUSE_HSM
+
+ /* Redefine the democonfigREGISTRATION_ID macro using registration ID
+ * generated dynamically using the HSM */
+
+ /* We use a pointer instead of a buffer so that the getRegistrationId
+ * function can allocate the necessary memory depending on the HSM */
+ char * registration_id = NULL;
+ ulStatus = getRegistrationId( ®istration_id );
+ configASSERT( ulStatus == 0 );
+#undef democonfigREGISTRATION_ID
+ #define democonfigREGISTRATION_ID registration_id
+ #endif
+
xResult = AzureIoTProvisioningClient_Init( &xAzureIoTProvisioningClient,
( const uint8_t * ) democonfigENDPOINT,
sizeof( democonfigENDPOINT ) - 1,
( const uint8_t * ) democonfigID_SCOPE,
sizeof( democonfigID_SCOPE ) - 1,
( const uint8_t * ) democonfigREGISTRATION_ID,
- sizeof( democonfigREGISTRATION_ID ) - 1,
+ #ifdef democonfigUSE_HSM
+ strlen( democonfigREGISTRATION_ID ),
+ #else
+ sizeof( democonfigREGISTRATION_ID ) - 1,
+ #endif
NULL, ucMQTTMessageBuffer, sizeof( ucMQTTMessageBuffer ),
ullGetUnixTime,
&xTransport );