vDevModeKeyProvisioning() with ATECC608A chip

The JITP demo directly uses the CA and attaches a JITP template to it. I’d need to investigate to see if you could use an intermediate CA to sign your device certificate and see if it would inherit your JITP template.

What may be confusing, is here Set up JITP with AWS IoT Core deviceRootCA is equivalent to the signer-ca.crt used here amazon-freertos/vendors/microchip/secure_elements/app/example_trust_chain_tool at master · aws/amazon-freertos · GitHub.

Is the terminology mixing things up? Or are you wanting to use an intermediate certificate, signed by your root CA, for JITP?

Well I would rather not provision any type of CA certificate to the device. Also the python scripts used for creating the JITR certificates require a thingname to be specified when creating the device certificate which is not what I want with JITP since the thingname is provided by the template. I am just unsure of what certificate is suppose to be parsed in for keyJITR_DEVICE_CERTIFICATE_AUTHORITY_PEM ? Correct me if I am wrong but from what I understood, keyCLIENT_PRIVATE_KEY_PEM should be the private key of the device certificate and keyCLIENT_CERTIFICATE_PEM should be the device certificate itself and keyJITR_DEVICE_CERTIFICATE_AUTHORITY_PEM is not needed for JITP.