Lines Matching +full:initial +full:- +full:key
1 .. zephyr:code-sample:: tfm_psa_crypto
2 :name: TF-M PSA crypto
8 This TF-M integration example demonstrates how to use the PSA crypto API in
10 this example also demonstrates certain TF-M features that are covered as part
12 as secure storage for config data, initial attestation for device
15 Trusted Firmware (TF-M) Platform Security Architecture (PSA) APIs
17 non-secure processing environment.
20 handle secure TF-M API calls and responses.
22 The sample prints test info to the console either as a single-thread or
23 multi-thread application.
26 https://www.psacertified.org/security-certification/psa-certified-level-1/
28 Key Files
36 - Generate/import a persistent key: secp256r1 (usage: ecdsa-with-SHA256)
37 - Display the public key based on the private key data above
38 - Calculate the SHA256 hash of a payload
39 - Sign the hash with the persistent key
40 - Verify the signature using the public key
41 - Destroy the key
45 - Generate/import a persistent key: secp256r1 (usage: ecdsa-with-SHA256)
46 - Set subject name in device CSR
47 - Generate device CSR in PEM format
48 - Encode device CSR as JSON
50 Importing/generating the persistent key is based on config option
52 the key data can be static if ``PRIVATE_KEY_STATIC`` is set or key data
59 Demonstrates how to request an initial attestation token (IAT) from the TF-M
71 - macOS Mojave using QEMU 4.2.0 with gcc-arm-none-eabi-7-2018-q2-update
72 - macOS Mojave with gcc-arm-none-eabi-7-2018-q2-update
73 - Ubuntu 18.04 using Zephyr SDK 0.11.2
75 TF-M BL2 logs
78 Add the following to ``prj.conf`` to see the logs from TF-M BL2:
80 .. code-block:: cfg
88 1. Build Zephyr with a non-secure configuration
89 (``-DBOARD=mps2/an521/cpu0/ns``).
93 .. code-block:: bash
96 west build -p -b mps2/an521/cpu0/ns samples/tfm_integration/psa_crypto
100 .. code-block:: bash
103 rm -rf build
105 cmake -GNinja -DBOARD=mps2/an521/cpu0/ns ..
110 .. code-block:: bash
113 rm -rf build
115 cmake -DBOARD=mps2/an521/cpu0/ns ..
124 .. code-block:: bash
135 IMAGE1FILE: \SOFTWARE\tfm_sign.bin ; TF-M with application binary blob
142 Build Zephyr with a non-secure configuration (``-DBOARD=mps2/an521/cpu0/ns``)
147 .. code-block:: bash
150 west build -p -b mps2/an521/cpu0/ns samples/tfm_integration/psa_crypto -t run
154 .. code-block:: bash
157 rm -rf build
159 cmake -GNinja -DBOARD=mps2/an521/cpu0/ns ..
164 .. code-block:: bash
167 rm -rf build
169 cmake -DBOARD=mps2/an521/cpu0/ns ..
175 Build Zephyr with a non-secure configuration:
177 .. code-block:: bash
179 $ west build -p -b lpcxpresso55s69_ns samples/tfm_integration/psa_crypto/ --
181 Make sure your board is set up with :ref:`lpclink2-jlink-onboard-debug-probe`,
185 J-Link as follows:
187 .. code-block:: console
189 JLinkExe -device lpc55s69 -if swd -speed 2000 -autoconnect 1
190 J-Link>r
191 J-Link>erase
192 J-Link>loadfile build/tfm_merged.bin
202 Build Zephyr with a non-secure configuration
203 (``-DBOARD=nrf5340dk/nrf5340/cpuapp/ns`` or ``-DBOARD=nrf9160dk/nrf9160/ns``).
207 .. code-block:: bash
210 rm -rf build
212 cmake -GNinja -DBOARD=nrf9160dk/nrf9160/ns ..
219 .. code-block:: bash
221 nrfjprog -f NRF91 --program tfm/bin/bl2.hex --sectorerase
223 Finally, flash the concatenated TF-M + Zephyr binary.
227 .. code-block:: bash
234 Build Zephyr with a non-secure configuration
235 (``-DBOARD=bl5340_dvk/nrf5340/cpuapp/ns``).
239 .. code-block:: bash
242 rm -rf build
244 cmake -GNinja -DBOARD=bl5340_dvk/nrf5340/cpuapp/ns ..
246 Flash the concatenated TF-M + Zephyr binary.
250 .. code-block:: bash
252 west flash --hex-file tfm_merged.hex
257 .. code-block:: console
262 *** Booting Zephyr OS build v2.7.99-1102-gf503ba9f1ab3 ***
305 [00:00:01.905,000] <inf> app: Persisting SECP256R1 key as #1
306 [00:00:02.458,000] <inf> app: Retrieving public key for key #1
315 [00:00:03.020,000] <inf> app: Calculating SHA-256 hash of value
327 [00:00:03.032,000] <inf> app: Signing SHA-256 hash
335 [00:00:03.658,000] <inf> app: Verifying signature for SHA-256 hash
337 [00:00:06.349,000] <inf> app: Destroyed persistent key #1
345 00000040 92 FF F2 A3 22 4D 2D F6 62 39 6D A5 DD E1 E1 C4 ...."M-.b9m.....
360 [00:00:06.387,000] <inf> app: Persisting SECP256R1 key as #1
361 [00:00:06.938,000] <inf> app: Retrieving public key for key #1
372 [00:00:07.497,000] <inf> app: Adding EC key to PK container
373 [00:00:07.499,000] <inf> app: Adding EC key to PK container completed
378 -----BEGIN CERTIFICATE REQUEST-----
384 -----END CERTIFICATE REQUEST-----
390 …-----BEGIN CERTIFICATE REQUEST-----\nMIHrMIGQAgEAMC4xDzANBgNVBAoMBkxpbmFybzEbMBkGA1UEAwwSRGV2aWNlI…