NervesHubLink.Configurator.TPM (nerves_hub_link v2.9.0)

View Source

Configurator enabling authentication via TPM.

If your project is using a TPM, and the TPM Hex library, you can tell NervesHubLink to read the key and certificate from the module and assign the SSL options for you by adding it as a dependency:

def deps() do
  [
    {:tpm, "~> 0.2.0"}
  ]
end

This allows your config to be simplified to:

config :nerves_hub_link,
  host: "your.nerveshub.host"

The TPM integration defaults include:

  • initializing the modprobe tpm_tis_spi
  • reading the private key using the path /data/.ssh/nerves_hub_link_key
  • and reading the certificate from the memory address "0x1000001"

You can customize these options to use a different bus and certificate pair:

config :nerves_hub_link, :tpm,
  probe_name: "tpm_tis_i2c",
  key_path: "/data/.ssh/nerves_hub_link/key",
  certificate_address: "0x1000002"