mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2024-12-29 09:21:19 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
9d51a54ba2
mbedtls/tests/psa-client-server/psasim/README.md
Valerio Setti 4f4ade9c34 psa-client-server: move psasim from framework repo to the mbedtls one 
This is a temporary fix that will be reverted once the framework
repository will have CI checks.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-05-03 17:28:04 +02:00

62 lines
2.0 KiB
Markdown
Raw Blame History

# psasim
This tool simulates a PSA Firmware Framework implementation.
It allows you to develop secure partitions and their clients on a desktop computer.
It should be able to run on all systems that support POSIX and System V IPC:
e.g. macOS, Linux, FreeBSD, and perhaps Windows 10 WSL2.
Please note that the code in this directory is maintained by the Mbed TLS / PSA Crypto project solely for the purpose of testing the use of Mbed TLS with client/service separation. We do not recommend using this code for any other purpose. In particular:
* This simulator is not intended to pass or demonstrate compliance.
* This code is only intended for simulation and does not have any security goals. It does not isolate services from clients.
## Building
To build and run the test program make sure you have `make`, `python` and a
C compiler installed and then enter the following commands:
```sh
make run
```
Optionally the `DEBUG=1` command line option can be enabled to increase verbosity:
```sh
make DEBUG=1 run
```
Once done with the test, it is possible to clean all the generated files with:
```sh
make clean
```
## Features
The implemented API is intended to be compliant with PSA-FF 1.0.0 with the exception of a couple of things that are a work in progress:
* `psa_notify` support
* "strict" policy in manifest
The only supported "interrupts" are POSIX signals, which act
as a "virtual interrupt".
The standard PSA RoT APIs are not included (e.g. cryptography, attestation, lifecycle etc).
## Design
The code is designed to be readable rather than fast or secure.
In this implementation only one message is delivered to a
RoT service at a time.
The code is not thread-safe.
## Unsupported features
Because this is a simulator there are a few things that
can't be reasonably emulated:
* Manifest MMIO regions are unsupported
* Manifest priority field is ignored
* Partition IDs are in fact POSIX `pid_t`, which are only assigned at runtime,
making it infeasible to populate pid.h with correct values.
Reference in New Issue View Git Blame Copy Permalink