@Technovation good find. I am not familiar with the esp32 implementation of signing though. Not sure who has implemented it as using a TLS API is not anything I have been involved with. But as it is in git, hit blame will probably lead you to which developer to approach 
@Anduril Well, its all opensource, so you are free to do whatever you want. Just remember that if you are starting to alter the behaviour and use of the security infrastructure, you could potentially compromise it for yourself and those that use your code.
@Anduril if encrypted the data "cannot" be decoded. The serial is not stored in any firmware. The only exception being a personalizer sketch that will personalize for software signing.
For atsha204a based signing, serial is never stored in sketch, only in runtime.
@Anduril I'd prefer not as the serial is also considered a semi-secret to maintain the integrity of the security infrastructure. It should not be thrown around the network unprotected.
@Anduril that depend on your backend. For software signing the serial is stored in eeprom. For atsha204a it is only readable from the device itself.
@Anduril well, you can always rewrite the personalizer to not use a setup() function.
@Anduril I believe the setup() function is hijacked by the personalizer so radio is not initialized properly, nor is the library.
@Anduril There should not be anytning preventing radio startup when you have personalized a device. Have you looked at the debug output of the node/gateway, and tried with security disabled? Also, remember that the personalization has to be done on all devices that use secure communication, and if you use encryption, all devices in the entire network.
@Anduril hi! I believe @tekka has a OTA bootloader that support signing. I am unsure of there is a combination that support Ota, signing and radio with hw encryption though.
