1.. _secure_storage:
2
3Secure storage
4##############
5
6| The secure storage subsystem provides an implementation of the functions defined in the
7  `Platform Security Architecture (PSA) Secure Storage API <https://arm-software.github.io/psa-api/storage/>`_.
8| It can be enabled on :term:`board targets<board target>`
9  that don't already have an implementation of the API.
10
11Overview
12********
13
14The secure storage subsystem makes the PSA Secure Storage API available on all board targets with
15non-volatile memory support.
16As such, it provides an implementation of the API on those that don't already have one, ensuring
17functional support for the API.
18Board targets with :ref:`tfm` enabled (ending in ``/ns``), for instance,
19cannot enable the subsystem because TF-M already provides an implementation of the API.
20
21| In addition to providing functional support for the API, depending on
22  device-specific security features and the configuration, the subsystem
23  may secure the data stored via the PSA Secure Storage API at rest.
24| Keep in mind, however, that it's preferable to use a secure processing environment like TF-M when
25  possible because it's able to provide more security due to isolation guarantees.
26
27Limitations
28***********
29
30The secure storage subsystem's implementation of the PSA Secure Storage API:
31
32* does not aim at full compliance with the specification.
33
34  | Its foremost goal is functional support for the API on all board targets.
35  | See below for important ways the implementation deviates from the specification.
36
37* does not guarantee that the data it stores will be secure at rest in all cases.
38
39  This depends on device-specific security features and the configuration.
40
41* does not yet provide an implementation of the Protected Storage (PS) API as of this writing.
42
43  Instead, the PS API directly calls into the Internal Trusted Storage (ITS) API
44  (unless a `custom implementation <#whole-api>`_ of the PS API is provided).
45
46Below are some ways the implementation deviates from the specification
47and an explanation why. This is not an exhaustive list.
48
49* The data stored in the ITS is by default encrypted and authenticated (Against ``1.`` in
50  `3.2. Internal Trusted Storage requirements <https://arm-software.github.io/psa-api/storage/1.0/overview/requirements.html#internal-trusted-storage-requirements>`_.)
51
52  | The specification considers the storage underlying the ITS to be
53    ``implicitly confidential and protected from replay``
54    (`2.4. The Internal Trusted Storage API <https://arm-software.github.io/psa-api/storage/1.0/overview/architecture.html#the-internal-trusted-storage-api>`_)
55    because ``most embedded microprocessors (MCU) have on-chip flash storage that can be made
56    inaccessible except to software running on the MCU``
57    (`2.2. Technical Background <https://arm-software.github.io/psa-api/storage/1.0/overview/architecture.html#technical-background>`_).
58  | This is not the case on all MCUs. Thus, additional protection is provided to the stored data.
59
60  However, this does not guarantee that the data stored will be secure at rest in all cases,
61  because this depends on device-specific security features and the configuration.
62  It requires a random entropy source and especially a secure encryption key provider
63  (:kconfig:option:`CONFIG_SECURE_STORAGE_ITS_TRANSFORM_AEAD_KEY_PROVIDER`).
64
65  In addition, the data stored in the ITS is not protected against replay attacks,
66  because this requires storage that is protected by hardware.
67
68* The data stored via the PSA Secure Storage API is not protected from direct
69  read/write by software or debugging. (Against ``2.`` and ``10.`` in
70  `3.2. Internal Trusted Storage requirements <https://arm-software.github.io/psa-api/storage/1.0/overview/requirements.html#internal-trusted-storage-requirements>`_.)
71
72  It is only secured at rest. Protecting it at runtime as well
73  requires specific hardware mechanisms to support this.
74
75Configuration
76*************
77
78To configure the implementation of the PSA Secure Storage API provided by Zephyr, have a look at the
79``CONFIG_SECURE_STORAGE_.*`` Kconfig options. They are defined in the various Kconfig files found
80under ``subsys/secure_storage/``.
81
82Customization
83*************
84
85Custom implementations can also replace those of Zephyr at different levels
86if the functionality provided by the existing implementations isn't enough.
87
88Whole API
89=========
90
91If you already have an implementation of the whole ITS or PS API and want to make use of it, you
92can do so by enabling the following Kconfig option and implementing the relevant functions:
93
94* :kconfig:option:`CONFIG_SECURE_STORAGE_ITS_IMPLEMENTATION_CUSTOM`, for the ITS API.
95* :kconfig:option:`CONFIG_SECURE_STORAGE_PS_IMPLEMENTATION_CUSTOM`, for the PS API.
96
97ITS API
98=======
99
100Zephyr's implementation of the ITS API
101(:kconfig:option:`CONFIG_SECURE_STORAGE_ITS_IMPLEMENTATION_ZEPHYR`)
102makes use of the ITS transform and store modules, which can be configured and customized separately.
103Have a look at the ``CONFIG_SECURE_STORAGE_ITS_(STORE|TRANSFORM)_.*_CUSTOM``
104Kconfig options to see the different customization possibilities.
105
106It's especially recommended to implement a custom encryption key provider
107(:kconfig:option:`CONFIG_SECURE_STORAGE_ITS_TRANSFORM_AEAD_KEY_PROVIDER_CUSTOM`)
108that is more secure than the available options, if possible.
109
110Samples
111*******
112
113* :zephyr:code-sample:`persistent_key`
114* :zephyr:code-sample:`psa_its`
115
116PSA Secure Storage API reference
117********************************
118
119.. doxygengroup:: psa_secure_storage
120