1# SPDX-License-Identifier: Apache-2.0
2
3zephyr_library_sources_ifdef(CONFIG_SECURE_STORAGE_ITS_IMPLEMENTATION_ZEPHYR
4  implementation.c
5)
6
7zephyr_library_sources_ifdef(CONFIG_SECURE_STORAGE_ITS_TRANSFORM_IMPLEMENTATION_AEAD
8  transform/aead.c
9  transform/aead_get.c
10)
11if (NOT CONFIG_SECURE_STORAGE_ITS_TRANSFORM_AEAD_NO_INSECURE_KEY_WARNING)
12  if (CONFIG_SECURE_STORAGE_ITS_TRANSFORM_AEAD_KEY_PROVIDER_DEVICE_ID_HASH)
13    message(WARNING "
14      The PSA ITS encryption key provider in use generates keys by hashing the device ID
15      retrieved through the HW info API. This is not necessarily secure as the device ID may be
16      easily readable by an attacker, not unique, and/or guessable, depending on the device.
17      This means that the data and keys stored via the PSA APIs may not be secure at rest.")
18  elseif(CONFIG_SECURE_STORAGE_ITS_TRANSFORM_AEAD_KEY_PROVIDER_ENTRY_UID_HASH)
19    message(WARNING "
20      The PSA ITS encryption key provider in use is not secure.
21      It's only intended for functional support.
22      This means that the data and keys stored via the PSA APIs will not be secure at rest.
23      Use a secure key provider if possible.")
24  endif()
25endif()
26
27zephyr_library_sources_ifdef(CONFIG_SECURE_STORAGE_ITS_STORE_IMPLEMENTATION_ZMS
28  store/zms.c
29)
30zephyr_library_sources_ifdef(CONFIG_SECURE_STORAGE_ITS_STORE_IMPLEMENTATION_SETTINGS
31  store/settings.c
32)
33if (CONFIG_SECURE_STORAGE_ITS_STORE_IMPLEMENTATION_NONE)
34  message(ERROR "
35    The secure storage ITS module is enabled but has no implementation.
36    (CONFIG_SECURE_STORAGE_ITS_STORE_IMPLEMENTATION_NONE)
37    ")
38endif()
39