Configurator enabling authentication via TPM.
If your project is using a TPM, and
the TPM Hex library, you can tell NervesHubLink to read the key
and certificate from the module and assign the SSL options for you by adding it as a dependency:
def deps() do
[
{:tpm, "~> 0.2.0"}
]
endThis allows your config to be simplified to:
config :nerves_hub_link,
host: "your.nerveshub.host"The TPM integration defaults include:
- initializing the modprobe
tpm_tis_spi - reading the private key using the path
/data/.ssh/nerves_hub_link_key - restoring the private key from the TPM, using the memory address
"0x1000000", if it isn't found on the filesystem - and reading the certificate from the memory address
"0x1000001"
You can customize these options to use a different bus and certificate pair:
config :nerves_hub_link, :tpm,
probe_name: "tpm_tis_spi",
key_path: "/data/.ssh"
key_name: "nerves_hub_link_key",
key_address: "0x1000000"
certificate_address: "0x1000001"
restore_key: true