Lines Matching refs:transaction

67 Accomplishing a transaction across system boundaries is a well-known problem in database management…
99 …re needs to perform a transaction recovery. When a power loss happens, the core decides whether to…
111 …in storage: an ITS call can only access one file identifier. Therefore transaction recovery cannot…
113 #### Minimum effort for a transaction
119 For a key that is not in a stateful element, the transaction consists of a single write operation. …
121transaction in progress. The file `id` cannot be used for this purpose because there is no way to …
127 …-elements) follow this pattern, with `t` being the file containing the transaction list that the r…
133transaction(s) that need to be resumed. This information will be stored in a persistent “transacti…
137 …ur cases for recovery when a transaction is in progress. In each case, the core can either decide …
143 … update of the core's persistent state, as would have been done if the transaction had not been in…
146 … update of the core's persistent state, as would have been done if the transaction had not been in…
149 … update of the core's persistent state, as would have been done if the transaction had not been in…
157 …y special precautions to preserve information about the key during the transaction. It simplifies …
165 Each entry in the transaction list contains the API key identifier, the key lifetime (or at least t…
170 2. Add the key to the transaction list, indicating that it is being created.
173 5. Remove the key from the transaction list.
175 During recovery, for each key in the transaction list that was being created:
177 * If the key exists in the secure element, just remove it from the transaction list.
178 …element, first remove the key file if it is present, then remove the key from the transaction list.
182 1. Add the key to the transaction list, indicating that it is being destroyed.
185 4. Remove the key from the transaction list.
187 During recovery, for each key in the transaction list that was being created:
189 …_key"` entry point, then remove the key file, and finally remote the key from the transaction lits.
190 …element, remove the key file if it is still present, then remove the key from the transaction list.
194 Each entry in the transaction list contains the API key identifier, the key lifetime (or at least t…
199 2. Add the key to the transaction list.
202 5. Remove the key from the transaction list.
206 1. Add the key to the transaction list.
209 4. Remove the key from the transaction list.
211 … on the transaction list. This means following the destruction process, starting after the point w…
215 3. Remove the key from the transaction list.
217 #### Always-destroy strategy with a simpler transaction file
219 … make the transaction file simpler: if we ensure that the key file always exists if the key exists…
224 2. Add the key to the transaction list.
227 5. Remove the key from the transaction list.
231 1. Add the key to the transaction list.
234 4. Remove the key from the transaction list.
236 … on the transaction list. This means following the destruction process, starting after the point w…
241 4. Remove the key from the transaction list.
245 * The transaction file handling is simpler since its entries have a fixed size.
252 …f the driver, the core should guarantee that the driver will know if a transaction was in progress…
268 …ons: storage modification (start transaction), creation on the secure element, storage modificatio…
270 * Start transaction, restart, recovery.
271 * Start transaction, secure element operation, restart, recovery.
272 * Start transaction, secure element operation, commit transaction.
276 * Start transaction, restart, recovery step 1, restart, recovery step 1, recovery step 2.
277 * Start transaction, restart, recovery step 1, restart, recovery step 1, restart, recovery step 1, …
278 * Start transaction, restart, recovery step 1, restart, recovery step 1, restart, recovery step 1, …
280 * Start transaction, secure element operation, restart, ...
281 * Start transaction, secure element operation, commit transaction.
285 ### Splitting normal behavior and transaction recovery
287 We introduce an abstraction level in transaction recovery:
295 * Testing of transaction recovery is independent of how the system state was reached. We only need …
297 … the library is updated on a device with leftovers from an interrupted transaction. We will requir…
301transaction list file. The name of the transaction list file does not depend on the identifiers of…
303transaction is in progress, the transaction list does not exist, or is empty. The empty case must …
305transaction list file contains the driver key identifier, or if the driver key identifier is only …
307transaction list contains only key identifiers, and one where it also contains the secure element'…
309 #### Storage invariant if the transaction list contains application key identifiers only
313 …ing to that key are in a secure element. This holds whether `id` is in the transaction list or not.
314 * If `id` is not in the transaction list and the file `id` exists and references a key in a statefu…
316 If `id` is in the transaction list and the file `id` exists, the key may or may not be present in t…
322 …st, then nothing needs to be done for recovery, other than removing `id` from the transaction list.
327 #### Storage invariant if the transaction list contains driver key identifiers
331 * If `id` is not in the transaction list and the file `id` does not exist, then no resources corres…
332 * If `id` is not in the transaction list and the file `id` exists, then the key is present in the s…
334 If `id` is in the transaction list, neither the state of `id` in the internal storage nor the state…
349 * Whether the key is in the transaction list.
353 In addition, testing should adequately cover the case of multiple keys in the transaction list. How…
355 ### Choice of a transaction design
357 #### Chosen transaction algorithm
359 …sactions”](#optimization-considerations-for-transactions), we choose a transaction algorithm that …
361 1. Add the key identifier to the transaction list.
363 3. Remove the key identifier from the transaction list.
367 …k the simplest possible layout for the transaction list: a simple array of key identifiers. Since …
376 The [storage invariant](#storage-invariant-if-the-transaction-list-contains-application-key-identif…
378 …ing to that key are in a secure element. This holds whether `id` is in the transaction list or not.
379 * If `id` is not in the transaction list and the file `id` exists and references a key in a statefu…
380 * If `id` is in the transaction list and a key exists by that identifier, the key's location is a s…
384 …s-destroy recovery strategy with a simple transaction file](#always-destroy-strategy-with-a-simple…
386 …st, then nothing needs to be done for recovery, other than removing `id` from the transaction list.
391 …) and the specific choices justified in [“Choice of a transaction design”](choice-of-a-transaction
395 The transaction list is a simple array of key identifiers.
399 1. Load the current list from the transaction list if it exists and it is not already cached in mem…
407 3. If the list is now empty, remove the transaction list file. Otherwise write the updated list to …
414 2. Add _A_ [to the transaction list file](#transaction-list-file-manipulation).
417 5. Remove _A_ [from the transaction list file](#transaction-list-file-manipulation).
423 * Remove the key from the transaction list.
425 …is process is identical to key destruction, except that the key is already in the transaction list.
433 1. Add _A_ [to the transaction list file](#transaction-list-file-manipulation).
436 4. Remove _A_ [from the transaction list file](#transaction-list-file-manipulation).
443 For each key _A_ in the transaction list file, if the file _A_ exists in the internal storage:
445 …ation and the driver key identifier, although we could get the location from the transaction list).
448 4. Remove _A_ [from the transaction list file](#transaction-list-file-manipulation).
451 The transaction list file can be processed in any order.
453 It is correct to update the transaction list after recovering each key, or to only delete the trans…
455 ### Concrete format of the transaction list file
457 The transaction list file contains a [fixed header](#transaction-list-header-format) followed by a …
463 … the first two bytes of a [dynamic secure element transaction file](#dynamic-secure-element-transa…
468 In practice, there will rarely be more than one active transaction at a time, so the size of an ele…
480 #### Dynamic secure element transaction file
482transaction file” (`PSA_CRYPTO_ITS_TRANSACTION_UID` = 0xffffff54), used by dynamic secure elements…
501 * When invoked from the test hook on the transaction file: on all the keys listed in the transactio…
508 ### Testing of transaction recovery
510 When no secure element driver is present in the build, the presence of a transaction list file duri…
514 …f the internal storage and the test secure element. Each test case for transaction recovery has th…
517     * Create a transaction list file with a certain content.
530 * Key in the transaction file: no, creation (import), destruction.