we are currently evaluating to use Pelion Device Management in our product. At the moment we are planing a custom board using the STM32H743 which is supported by mbed. After reading the Client hardware requirements for Mbed OS which can be found in the Pelion Device Management docs I have a few questions regarding the security aspect.
In the reference designs shown in the blog entry Pelion Device Ready Reference Designs – Production ready hardware needed security features seem to be addressed by connecting the Microchip IC ATECC608A to the MCU. Do we also need the ATECC608A or a similar chip? If yes for which features?
I did the Pelion Device Management Quick Start Guide and most of the boards listed there don’t seem to have a chip like the ATECC608A.
The STM32H743 has a TRNG. On-die flash for the root of trust is also available. I am not sure what would be needed for secure boot.
If a Cryptographic processor and Hash processor are recommended we could also switch to the STM32H753.
Lastly is a 32.768 kHz clock recommended for the Real Time Clock or would the internal 32 kHz clock also be sufficient for use with Pelion Device Management?