Having a global PSK is problematic.

Address this by allowing unique PSK for each device.

• allow an external -verify /path/to/script parameter to provide pluggable verification: a user would provide their own validation logic.
• support some build it validation middleware.

https://blog.opentrust.com/?p=312