OrgZephyr/zephyr
OrgZephyr
/
zephyr
mirror of https://github.com/zephyrproject-rtos/zephyr.git
1
0
Fork 0
Code Issues Releases Wiki Activity
zephyr/samples/tfm_integration/psa_protected_storage
History
Gerard Marull-Paretas 79e6b0e0f6 includes: prefer <zephyr/kernel.h> over <zephyr/zephyr.h> 
As of today <zephyr/zephyr.h> is 100% equivalent to <zephyr/kernel.h>.
This patch proposes to then include <zephyr/kernel.h> instead of
<zephyr/zephyr.h> since it is more clear that you are including the
Kernel APIs and (probably) nothing else. <zephyr/zephyr.h> sounds like a
catch-all header that may be confusing. Most applications need to
include a bunch of other things to compile, e.g. driver headers or
subsystem headers like BT, logging, etc.

The idea of a catch-all header in Zephyr is probably not feasible
anyway. Reason is that Zephyr is not a library, like it could be for
example `libpython`. Zephyr provides many utilities nowadays: a kernel,
drivers, subsystems, etc and things will likely grow. A catch-all header
would be massive, difficult to keep up-to-date. It is also likely that
an application will only build a small subset. Note that subsystem-level
headers may use a catch-all approach to make things easier, though.

NOTE: This patch is **NOT** removing the header, just removing its usage
in-tree. I'd advocate for its deprecation (add a #warning on it), but I
understand many people will have concerns.

Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>
 		2022-09-05 16:31:47 +02:00
..
src includes: prefer <zephyr/kernel.h> over <zephyr/zephyr.h> 2022-09-05 16:31:47 +02:00
CMakeLists.txt
README.rst
prj.conf
sample.yaml

README.rst 

.. psa_protected_storage:

PSA Protected Storage
#####################

Overview
********

This sample demonstrates how the Protected Storage (PS) API can be used for storing data.

Protected storage provides a key/value storage interface where data is (by default) encrypted, with
optional authentication and rollback protection. The default crypto algorithm is ``AES-128-GCM``.
The encryption key is derived from the Hardware Unique Key (HUK), which is often set via device
fuses, etc.

Using the PS API, this sample stores data to non-volatile storage. The sample shows how data can
be stored to and read from UIDs, and how overwrite protection can be enabled using flags.

TF-M includes a maximum number of PS records, set via ``PS_NUM_ASSETS`` (default 10 as of
TF-M 1.3.0), and a maximum record size, set via ``PS_MAX_ASSET_SIZE`` (default of 2048 as of
TF-M 1.3.0). These defaults may be different depending on the platform being used, the current
value will be printed by the build system during the TF-M compilation step.

More information about Protected Storage can be found in the Platform Security Architecture (PSA)
Secure Storage API: https://developer.arm.com/architectures/architecture-security-features/platform-security

This sample is available for platforms that are supported in the trusted-firmware-m repo:
https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/
See sample.yaml for a list of supported platforms.

Building and Running
********************

On Target
=========

Refer to :ref:`tfm_psa_crypto` for detailed instructions.

Note that the board needs to be completely erased before programming the sample, as the flash area
used might contain data from before. The board must also be erased between each time the sample is
run as the overwrite protection will not be removed with a power reset.

On QEMU
========

Refer to :ref:`tfm_ipc` for detailed instructions.
Following is an example based on ``west build``

   .. code-block:: bash

      $ west build samples/tfm_integration/psa_protected_storage/ -p -b mps2_an521_ns -t run

Sample Output
=============

.. code-block:: console

    *** Booting Zephyr OS build zephyr-v2.5.0-2791-g5585355dde0c  ***
    TF-M Protected Storage sample started. PSA Protected Storage API Version 1.0
    Writing data to UID1: The quick brown fox jumps over the lazy dog
    Info on data stored in UID1:
    - Size: 16
    - Capacity: 0x42
    - Flags: 0x 0
    Read and compare data stored in UID1
    Data stored in UID1: The quick brown fox jumps over the lazy dog
    Overwriting data stored in UID1 with: Lorem ipsum dolor sit amet
    Writing data to UID2 with overwrite protection: The quick brown fox jumps over the lazy dog
    Attempting to write 'The quick brown fox jumps over the lazy dog' to UID2
    Got expected error (PSA_ERROR_NOT_PERMITTED) when writing to protected UID
    Removing UID1