Hello,
At the moment, there are no plans to develop such a conversion, assuming that TF-M major-minor versions will stay during a device's lifetime. The LTS versions recently introduced also help maintain compatibility with vulnerability and bug fixes. Could you describe a usage scenario in which such migration is useful? We can take this topic to the next technical forum to discuss the best approach to address the issue.
Thanks, and best regards, Aton
-----Original Message----- From: FLOC'H Tanguy via TF-M tf-m@lists.trustedfirmware.org Sent: Thursday, December 19, 2024 8:32 AM To: tf-m@lists.trustedfirmware.org Subject: [TF-M] Re: Backwards compatibility of Protected Storage implementation (TF-M 1.8.1 -> 2.1.1)
Hello,
We are facing the same compatibility break issues, during a TF-M 1.7.0 -> 2.1.0 migration.
- About the problem [1] (commit ffd13c3)
Is there any plan to implement a mechanism, to migrate old Protected Storage objects, to the new format?
- About the problem [2] (client id). There is also a compatibility break, on keys stored in Internal Trusted Storage (ITS). A key generated from NS, with TF-M 1.7.0, can not be read anymore after TF-M 2.1.0 migration (psa_key_attributes returns PSA_ERROR_INVALID_HANDLE).
Changing client_id_limit from value -0x3c000000 to -1 makes old keys available. Is there a cleaner option, to support backward compatibility with keys created with client id = -1?
Best regards, T. FLOC'H ________________________________ This electronic message and its attachments are confidential and transmitted for the exclusive use of their addressee. Should you receive this message by mistake, you are not authorized to use it for any purpose whatsoever; please delete it and notify the sender at once. LACROIX reserves the right to initiate any legal proceedings against any individual and organization in case of unauthorized use, without prejudice to possible criminal sanctions. ________________________________ Ce message et ses pièces jointes sont confidentiels et exclusivement transmis à l'usage de leur destinataire. Si vous recevez ce message par erreur, vous n’êtes pas autorisés à en faire une quelconque utilisation ; merci de le détruire et d'en avertir immédiatement l'expéditeur. LACROIX se réserve le droit de poursuivre toute entité, personne physique ou morale qui en ferait un usage non autorisé, sans préjudice d'éventuelles sanctions pénales. -- TF-M mailing list -- tf-m@lists.trustedfirmware.org To unsubscribe send an email to tf-m-leave@lists.trustedfirmware.org