mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-01-16 13:22:11 +00:00
62 lines
2.0 KiB
Markdown
62 lines
2.0 KiB
Markdown
|
# psasim
|
||
|
|
||
|
This tool simulates a PSA Firmware Framework implementation.
|
||
|
It allows you to develop secure partitions and their clients on a desktop computer.
|
||
|
It should be able to run on all systems that support POSIX and System V IPC:
|
||
|
e.g. macOS, Linux, FreeBSD, and perhaps Windows 10 WSL2.
|
||
|
|
||
|
Please note that the code in this directory is maintained by the Mbed TLS / PSA Crypto project solely for the purpose of testing the use of Mbed TLS with client/service separation. We do not recommend using this code for any other purpose. In particular:
|
||
|
|
||
|
* This simulator is not intended to pass or demonstrate compliance.
|
||
|
* This code is only intended for simulation and does not have any security goals. It does not isolate services from clients.
|
||
|
|
||
|
## Building
|
||
|
|
||
|
To build and run the test program make sure you have `make`, `python` and a
|
||
|
C compiler installed and then enter the following commands:
|
||
|
|
||
|
```sh
|
||
|
make run
|
||
|
```
|
||
|
|
||
|
Optionally the `DEBUG=1` command line option can be enabled to increase verbosity:
|
||
|
|
||
|
```sh
|
||
|
make DEBUG=1 run
|
||
|
```
|
||
|
|
||
|
Once done with the test, it is possible to clean all the generated files with:
|
||
|
|
||
|
```sh
|
||
|
make clean
|
||
|
```
|
||
|
|
||
|
## Features
|
||
|
|
||
|
The implemented API is intended to be compliant with PSA-FF 1.0.0 with the exception of a couple of things that are a work in progress:
|
||
|
|
||
|
* `psa_notify` support
|
||
|
* "strict" policy in manifest
|
||
|
|
||
|
The only supported "interrupts" are POSIX signals, which act
|
||
|
as a "virtual interrupt".
|
||
|
|
||
|
The standard PSA RoT APIs are not included (e.g. cryptography, attestation, lifecycle etc).
|
||
|
|
||
|
## Design
|
||
|
|
||
|
The code is designed to be readable rather than fast or secure.
|
||
|
In this implementation only one message is delivered to a
|
||
|
RoT service at a time.
|
||
|
The code is not thread-safe.
|
||
|
|
||
|
## Unsupported features
|
||
|
|
||
|
Because this is a simulator there are a few things that
|
||
|
can't be reasonably emulated:
|
||
|
|
||
|
* Manifest MMIO regions are unsupported
|
||
|
* Manifest priority field is ignored
|
||
|
* Partition IDs are in fact POSIX `pid_t`, which are only assigned at runtime,
|
||
|
making it infeasible to populate pid.h with correct values.
|