Electronic – How do custom security certificates find their way onto mass manufactured products

Amazon and Microsoft both have IoT services that manage message and state brokering. These sort of services generally require machines to have unique security certificates embedded into the firmware so that they can securely authenticate with the service.

How do these sort of security certificates find their way into the firmware of mass manufactured products? Is it the manufacturers job to burn the firmware onto the microcontroller with a unique security certificate installed per machine? Or does a company hire their own workers to accept shipment on microcontrollers, load the firmware, and send them off to the manufacturers pre-loaded?

Curious how this is actually done in practice.

Best Answer

In many cases, the private key in such devices is generated by the firmware, based on some random inputs (like thermal noise). In this case, the key never exists outside the device and there's no easy way to extract it. The advantage of this method is that mass-production can be done by an external company that you don't fully trust.

Off-device key generation is also possible and used. In that case, you have to fully trust the factory which burns the firmware into the chips.

WolfSSL library documentation gives the following advice to developers using it:

1.Each device acting as a server should have a unique private key, just like in the non-embedded world.

2.If the key can't be placed onto the device before delivery, have it generated during setup.

3.If the device lacks the power to generate it's own key during setup, have the client setting up the device generate the key and send it to the device.

4.If the client lacks the ability to generate a private key, have the client retrieve a unique private key over an SSL connection from the devices known website (for example).