This may not be the right place for this question, but I suspect you guys will tell me that

We are using the ATECC508A to support WolfSSL on a Renesas RX600 CPU (sorry - customer spec).  We are trying to do TLS 1.3 on an IoT device.  Software ECC mode using WolfSSL - works fine.  ATECC hardware supported mode - fails with error -248 (0xF4 in cryptoauthlib).
Traced the program in debugger down to the Pre-Master Secret step of the TLS 1.3 handshake, where it fails doing a read from a slot of the ATECC chip.  We are using MicroChip's default provision configuration for ATECC508A.
It looks like the Pre-Master Secret is calculated using private keys internally, and gets returned by encrypted read from ATECC slot3.  However, the default ATECC configuration has slot 3 set to "Never Read" mode.  So, no surprise that it errors.

But, this is using default configuration of the ATECC508A slots, default setting from the cryptoauthib library, and unchanged code in WolfSSL (except for added debugs).  Am I missing something here?

Any suggestions as to other things to look at?  I can provide user_settings.h, all the logs you could possibly want, etc.
Thanks in advance for any ideas.

Kit Taylor
Embedded Software Engineer
Mitsubishi