mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-01-03 23:43:40 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
cd89c1ffc8
mbedtls/tests/psa-client-server/psasim
History
Valerio Setti cd89c1ffc8 crypto-client: simplify build of mbedtls static libraries 
Instead of copying the entire library & include folders twice
to build libraries for client and server:

- change the main config file (mbedtls_config.h)
- build in the root library folder
- move the generated library in the psasim folder
- use those library for linking the client/server binaries

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-05-10 11:23:30 +02:00
..
include crypto-client: simplify build of mbedtls static libraries 2024-05-10 11:23:30 +02:00
src crypto-client: reorganize source files/folders 2024-05-10 07:59:22 +02:00
test crypto-client: reorganize source files/folders 2024-05-10 07:59:22 +02:00
tools crypto-client: reorganize source files/folders 2024-05-10 07:59:22 +02:00
.gitignore
Makefile crypto-client: simplify build of mbedtls static libraries 2024-05-10 11:23:30 +02:00
README.md

README.md

psasim

This tool simulates a PSA Firmware Framework implementation. It allows you to develop secure partitions and their clients on a desktop computer. It should be able to run on all systems that support POSIX and System V IPC: e.g. macOS, Linux, FreeBSD, and perhaps Windows 10 WSL2.

Please note that the code in this directory is maintained by the Mbed TLS / PSA Crypto project solely for the purpose of testing the use of Mbed TLS with client/service separation. We do not recommend using this code for any other purpose. In particular:

  • This simulator is not intended to pass or demonstrate compliance.
  • This code is only intended for simulation and does not have any security goals. It does not isolate services from clients.

Building

To build and run the test program make sure you have make, python and a C compiler installed and then enter the following commands:

make run

Optionally the DEBUG=1 command line option can be enabled to increase verbosity:

make DEBUG=1 run

Once done with the test, it is possible to clean all the generated files with:

make clean

Features

The implemented API is intended to be compliant with PSA-FF 1.0.0 with the exception of a couple of things that are a work in progress:

  • psa_notify support
  • "strict" policy in manifest

The only supported "interrupts" are POSIX signals, which act as a "virtual interrupt".

The standard PSA RoT APIs are not included (e.g. cryptography, attestation, lifecycle etc).

Design

The code is designed to be readable rather than fast or secure. In this implementation only one message is delivered to a RoT service at a time. The code is not thread-safe.

Unsupported features

Because this is a simulator there are a few things that can't be reasonably emulated:

  • Manifest MMIO regions are unsupported
  • Manifest priority field is ignored
  • Partition IDs are in fact POSIX pid_t, which are only assigned at runtime, making it infeasible to populate pid.h with correct values.