Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

PSA partial initialization #6636

Draft
wants to merge 11 commits into
base: development
Choose a base branch
from

Conversation

gilles-peskine-arm
Copy link
Contributor

Implement the upcoming PSA feature psa_crypto_init_subsystem, allowing partial initialization of PSA crypto. For example, you can start calculating hashes and verifying signatures without seeding the random generator.

Status: work in progress. The feature is fully implemented, but there are known bugs and test gaps. Out there for design review.

  • The code may attempt to use accelerator drivers before they're initialized.
  • Need tests involving drivers.
  • Need tests where a subsystem's initialization fails.

Gatekeeper checklist

  • changelog TODO
  • backport no (new feature)
  • tests work in progress

Declare and implement the standard function psa_crypto_init_subsystem()
as well an extra function mbedtls_psa_crypto_is_subsystem_initialized()
which is useful for testing and likely useful inside the implementation
as well.

Write some test generic test code which will need to be filled for specific
subsystem when they're implemented.

Implement PSA_CRYPTO_SUBSYSTEM_COMMUNICATION, which is trivial because if
you can see the library, communication must already be on.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Implement and test PSA_CRYPTO_SUBSYSTEM_KEYS, i.e. keystore initialization.

Automatically include PSA_CRYPTO_SUBSYSTEM_STORAGE, i.e. access to
persistent keys. At the moment, we have no reason to delay storage
initialization, since it doesn't involve any work.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Make it possible to initialize accelerators without initializing secure
elements (and vice versa). This makes it possible to use a cipher
accelerator to communicate with a secure element on an encrypted bus, for
example.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
@gilles-peskine-arm gilles-peskine-arm added needs-design-approval component-psa PSA keystore/dispatch layer (storage, drivers, …) size-s Estimated task size: small (~2d) labels Nov 21, 2022
No expected behavior change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Implement PSA_CRYPTO_SUBSYSTEM_ACCELERATORS and
PSA_CRYPTO_SUBSYSTEM_SECURE_ELEMENTS. There are no tests yet.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Implement and test PSA_CRYPTO_SUBSYSTEM_RANDOM.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Implement PSA_CRYPTO_SUBSYSTEM_BUILTIN_KEYS. To keep things simple, don't
try to make built-in keys available separately from the key store, so it's
initialized together with PSA_CRYPTO_SUBSYSTEM_KEYS (and
PSA_CRYPTO_SUBSYSTEM_STORAGE).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Now each subsystem has its own initialization state.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The distinction between RNG_INITIALIZED and RNG_SEEDED was not useful
(RNG_INITIALIZED is only active during seeding, and during seeding we know
what's going on with the RNG).

The distinction between RNG_SEEDED and the not-ready states is now conveyed
by the RNG subsystem state.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
@gilles-peskine-arm gilles-peskine-arm force-pushed the psa_crypto_init_subsystem-init branch from 95b6ecc to d69decf Compare January 19, 2023 11:30
@mpg mpg mentioned this pull request Mar 14, 2023
3 tasks
@tom-daubney-arm tom-daubney-arm added historical-reviewed Reviewed & agreed to keep legacy PR/issue needs-work labels Jul 14, 2023
@tom-daubney-arm
Copy link
Contributor

We are now converting older PRs to draft PRs where the following conditions are met: They have not been updated in the last 3 months, and they need more than non-trivial work to complete.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
component-psa PSA keystore/dispatch layer (storage, drivers, …) historical-reviewed Reviewed & agreed to keep legacy PR/issue needs-design-approval needs-work size-s Estimated task size: small (~2d)
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants