psa-storage-resilience.md - OpenGrok cross reference for /openthread-latest/third_party/mbedtls/repo/docs/architecture/psa-storage-resilience.md

Lines Matching refs:driver
50 **Assumption: driver calls for key management in stateful secure elements are atomic and committing…
71 …gement in a secure element with storage” in the driver interface specification](../../proposed/psa…
73 1. The core calls the driver's `"allocate_key"` entry point.
74 2. The driver allocates a unique identifier _D_ for the key. This is unrelated to the key identifie…
75 …torage to indicate that key identifier _A_ has the identifier _D_ in the driver, and that _A_ is i…
76 4. The core calls the driver's key creation entry point, passing it the driver's chosen identifier …
77 5. The driver creates the key in the secure element. When this happens, it concludes the voting pha…
89 2. The core calls the driver's `"destroy_key"` entry point.
101 Note that the analysis in this section assumes that the driver does not update its persistent state…
117 …and has its desired final content (containing the key attributes and the driver's key identifier).…
137 … require a rewind in the secure element). It may call the secure element driver's `"get_key_attrib…
140 …driver call in the key creation. This requires all the input, for example the data to import. This…
156 …he-follow-the-secure-element-strategy). This requires the secure element driver to have a `"get_ke…
158 …t always go ahead with key destruction. This requires the secure element driver to have a `"get_ke…
161 …driver to have a `"get_key_attributes"` entry point is potentially problematic because some secure…
165 …the API key identifier, the key lifetime (or at least the location), the driver key identifier (no…
167 …tore all the information that will go in the key file before calling the driver's key creation ent…
169 1. Call the driver's `"allocate_key"` entry point.
172 4. Call the driver's key creation entry point.
183 2. Call the driver's `"destroy_key"` entry point.
189 * If the key exists in the secure element, call the driver's `"destroy_key"` entry point, then remo…
194 …API key identifier, the key lifetime (or at least the location), and the driver key identifier (no…
198 1. Call the driver's `"allocate_key"` entry point.
200 3. Call the driver's key creation entry point.
208 3. Call the driver's `"destroy_key"` entry point.
214 2. Call the driver's `"destroy_key"` entry point, treating `DOES_NOT_EXIST` as a success.
219 …e secure element, then the transaction list does not need to include the driver key identifier: it…
223 1. Call the driver's `"allocate_key"` entry point.
226 4. Call the driver's key creation entry point.
232 2. Call the driver's `"destroy_key"` entry point.
238 1. Load the driver key identifier from the key file. If the key file does not exist, skip to step 4.
239 2. Call the driver's `"destroy_key"` entry point, treating `DOES_NOT_EXIST` as a success.
250 The actions of the secure element driver may themselves be non-atomic. So the driver must be given …
252 …driver, the core should guarantee that the driver will know if a transaction was in progress and t…
254 … state, the core will request a key destruction from the driver. This means that, if the driver ha…
305 …driver key identifier, or if the driver key identifier is only stored in the key file. This is bec…
327 #### Storage invariant if the transaction list contains driver key identifiers
367 …le array of key identifiers. Since the transaction list does not contain the driver key identifier:
372 This choice of algorithm does not require the secure element driver to have a `"get_key_attributes"…
413 1. Call the driver's `"allocate_key"` entry point, obtaining the driver key identifier _D_ chosen b…
431 …e whether the key is in a stateful secure element, and if so to know the driver key identifier. A …
445 1. Load the key into a key slot in memory (to get its location and the driver key identifier, altho…
468 …ly useful information in case it becomes useful later. We do not put the driver key identifier bec…
484 For the new kind of secure element driver, we pick a different file name to avoid any mixup.
494 When a stateful secure element driver is present in the build, we use this hook to verify that the …
510 When no secure element driver is present in the build, the presence of a transaction list file duri…
514 When the stateful test secure element driver is present in the build, we run test cases on a repres…
519     * Call the secure element test driver to create keys without going throught the PSA API.
522 4. Clean up the storage and the secure element test driver's state.
In current file

In project "undefined"

On Google
