mbedtls: configurable PSA ITS provider #86184
Open
+223
−4
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
zephyrbot
requested review from
ceolin,
d3zd3z,
ithinuel,
tomi-font,
valeriosetti and
wearyzen
JordanYates
force-pushed
the
250222_psa_its
branch
2 times, most recently
from
5d32aca to
dcebefb
Compare
Make the PSA ITS provider configurable. It defaults to the Zephyr secure storage subsystem as per currently (when TF-M is disabled), but allows overriding to the the Mbed-TLS file implementations on POSIX. Signed-off-by: Jordan Yates <jordan@embeint.com>
Ensure that the mbedtls backend passes the same tests as TF-M and the zephyr backend, with minor exceptions. Signed-off-by: Jordan Yates <jordan@embeint.com>
JordanYates
force-pushed
the
250222_psa_its
branch
from
dcebefb to
3a4d05d
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Make the PSA ITS provider configurable. It defaults to the Zephyr secure storage subsystem as per currently (when TF-M is disabled), but allows overriding to the the MbedTLS file implementations on
ARCH_POSIX.Alternative implementation to #85840, nominally decoupled from the secure storage subsystem.
This is a better solution since the API being implemented by mbedtls is the PSA ITS API, not the zephyr secure storage API.
Similarly to secure storage this copies the
internal_trusted_storage.hheader from MbedTLS so that it is available to applications, but without the additions that subsystem makes.