Hi all,
I'm wondering why client API is build with tfm_sprt target (Secure Partition Runtime Library)? Client API is used by non-secure clients and secure clients. It means that static library is built once, but used with two different images. And it's expected that such images can use different types of cores, compilation settings, etc...
Probably it make sense to build this target in scope of psa_interface.
Regards,
Roman.
Dear TF-M developers,
I am currently adapting a basic MbedTLS / PSA Crypto example such that it would run on the NS side with TF-M doing the crypto.
At the end, this is very similar to this psa_sign_verify_message_test from the NS crypto test suite :
https://git.trustedfirmware.org/TF-M/tf-m-tests.git/tree/test/secure_fw/sui…
But my build config of MbedTLS has MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT enabled because I have a custom mbedtls_platform_setup / mbedtls_platform_teardown.
And I can't see any place in TF-M where mbedtls_platform_setup/mbedtls_platform_teardown are called :
? -> mbedtls_platform_setup
? -> mbedtls_platform_teardown
At first, I tried to put this code into the psa_driver_wrapper_init/psa_driver_wrapper_free but I have a similar problem :
tfm_crypto_engine_init -> psa_crypto_init -> psa_driver_wrapper_init
? -> mbedtls_psa_crypto_free -> psa_driver_wrapper_free
Is there any cmake/Kconfig option or any C macros to hook TF-M initialization/shutdown with mbedtls_platform_setup/mbedtls_platform_teardown without patching TF-M ?
If not, could mbedtls_platform_setup be called here ? https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/secure_fw/…
or is there a nicer way of doing this ?
(btw, I am currently experimenting on qemu mps2-an521)
Thanks for any advice ! 🙂
Best regards,
Rehan MALAK
Intrinsic ID
