Hi,
Please also let me know the features of PSA in MbedTLS. I found this related document - https://mbed-tls.readthedocs.io/en/latest/getting_started/psa/.
Is PSA related to Platform Security Architecture or is related to TLS security?
How will the inclusion and non-inclusion of PSA will differ in terms of security?
Thanks in advance.
Regards, Prakash
Hi,
Can someone please let me know features of PSA in MbedTLS. I found this related document - https://mbed-tls.readthedocs.io/en/latest/getting_started/psa/.
Is PSA related to Platform Security Architecture or is related to TLS security?
How will the inclusion and non-inclusion of PSA will differ in terms of security?
Regards, Prakash
On Sat, Mar 16, 2024 at 10:59 AM Satya Prakash Prasad satyaprakash.developer.unix@gmail.com wrote:
Hi,
Please provide the details as requested : features of PSA in MbedTLS. I found this related document - https://mbed-tls.readthedocs.io/en/latest/getting_started/psa/.
Is PSA related to Platform Security Architecture or is related to TLS security?
How will the inclusion and non-inclusion of PSA will differ in terms of security?
Regards, Prakash
On Sun, Mar 17, 2024 at 10:02 AM Satya Prakash Prasad satyaprakash.developer.unix@gmail.com wrote:
Hello,
PSA is indeed Platform Security Architecture. Mbed TLS can be used to implement the cryptographic mechanisms in a PSA platform. The PSA specifications include a cryptography API, and “PSA” in Mbed TLS refers to this API. The PSA cryptography API is the “modern” API of Mbed TLS for cryptography, and the next major version of Mbed TLS will remove many non-PSA cryptography APIs.
Merely enabling PSA API support does not change anything with respect to security. Using the PSA API rather than the legacy API makes no /direct/ difference for security, but PSA APIs have indirect advantages. One advantage is that PSA APIs allow more isolation (e.g. separating the TLS stack and the cryptographic primitives in different processes/partitions/worlds, using keys in a secure element); this is only an advantage if your platform uses this capability. Another advantage of PSA APIs is that they are more protected against accidental misuse (e.g. if an output buffer is too small, you'll get an error, not a buffer overflow like some legacy APIs).
Best regards,
mbed-tls@lists.trustedfirmware.org
-
Gilles Peskine -
Satya Prakash Prasad