Hi,

 

It appears that ITS encryption would be required for PSA Certified Level 3.   I’m seeing that this would required a platform specific HAL implementation.   Is there some reason PSA Crypto APIs were not used like they were for attestation?

 

Encryption in ITS

=================

 

The ITS can optionally be configured to encrypt the internal trusted storage

data.

To support encryption in ITS the target platform must provide an

implementation of the APIs defined in ``platform/include/tfm_hal_its_encryption.h``::

 

    enum tfm_hal_status_t tfm_hal_its_aead_generate_nonce(uint8_t *nonce,

                                                          const size_t nonce_size);

 

    enum tfm_hal_status_t tfm_hal_its_aead_encrypt(

                                         struct tfm_hal_its_auth_crypt_ctx *ctx,

                                         const uint8_t *plaintext,

                                         const size_t plaintext_size,

                                         uint8_t *ciphertext,

                                         const size_t ciphertext_size,

                                         uint8_t *tag,

                                         const size_t tag_size);

 

    enum tfm_hal_status_t tfm_hal_its_aead_decrypt(

                                         struct tfm_hal_its_auth_crypt_ctx *ctx,

                                         const uint8_t *ciphertext,

                                         const size_t ciphertext_size,

                                         uint8_t *tag,

                                         const size_t tag_size,

                                         uint8_t *plaintext,

                                         const size_t plaintext_size);

 

 

Regards,

 

Brian Quach

SimpleLink MCU

Texas Instruments Inc.

12500 TI Blvd, MS F-4000

Dallas, TX 75243

214-479-4076