Hi @MrMelon,
The ATECC608A is distributed with Microchip’s Cryptoauthlib library. This library handles all the communication for the device with you. Included with it, is a PKCS #11 implementation. My recommendation is for you to use PKCS #11 for all your operations with that chip.
It really depends on your use case, but I recommend that you follow either the flow outlined in Amazon FreeRTOS. An alternative approach is to use the flow found in the SESIP example project, in which the device creates a CSR, and a trusted device on the serial port sends it to IoT Core.
Note that you should avoid importing a private key into the ATECC608A. It is much more secure to use one that was generated on the device, to avoid leaking any data.
This whitepaper is also very helpful for understanding some approaches to provisioning.
Thanks,
Carl