Without atecc608b

main/main.c

@@ -2,9 +2,15 @@
  * keypitecc – door controller
  *
  * Hardware:
+ *   ESP32-C5 with ECDSA key stored in eFuse
  *   GPIO  9  – Boot button (active-low, press = GND)
  *   GPIO 15  – User LED   (active-high, 1 = on)
  *
+ * Provisioning:
+ *   On first boot, if no ECDSA key is present in eFuse, a random P-256
+ *   private key is generated and burned.  The derived public key is
+ *   printed to the console each boot in SSH authorized_keys format.
+ *
  * Button state machine (5-second window):
  *   IDLE
  *     └─ press ──► PENDING_OPEN  (slow blink, will run SSH open command)
@@ -17,13 +23,14 @@
  *   WiFi disconnected → LED OFF
  */
 
-#include "atecc608a.h"
+#include "efuse_ecdsa.h"
 #include "ssh_client.h"
 #include "wifi.h"
 
 #include "sdkconfig.h"
 #include <driver/gpio.h>
 #include <esp_log.h>
+#include <esp_random.h>
 #include <freertos/FreeRTOS.h>
 #include <freertos/queue.h>
 #include <freertos/task.h>
@@ -251,12 +258,22 @@ void app_main(void)
     }
     ESP_ERROR_CHECK(ret);
 
-    /* ATECC608B */
-    if (!atecc608B_init()) {
-        ESP_LOGW(TAG, "ATECC608B init failed – SSH authentication will not work");
+    /* eFuse ECDSA key provisioning / public key export */
+    if (!efuse_ecdsa_key_provisioned()) {
+        ESP_LOGW(TAG, "No ECDSA key in eFuse – generating and burning a new key");
+        uint8_t privkey[32];
+        esp_fill_random(privkey, sizeof(privkey));
+        if (!efuse_ecdsa_provision_key(privkey)) {
+            ESP_LOGE(TAG, "Key provisioning FAILED – SSH authentication will not work");
+        }
+        /* Wipe the RAM copy immediately */
+        memset(privkey, 0, sizeof(privkey));
+    }
+
+    if (efuse_ecdsa_key_provisioned()) {
+        ssh_print_public_key();
     } else {
-        atecc608B_print_config();
-        ssh_print_public_key(); /* print key for authorized_keys setup */
+        ESP_LOGW(TAG, "ECDSA key not available – SSH authentication will not work");
     }
 
     /* WiFi */