These PSA headers are different from the declarations in Mbed TLS. This is because TF-M maintains 'front-end' and 'back-end' versions of these headers. In the front-end version, exported to NS clients in interface/include/psa folder, a crypto operation is defined as an opaque handle to a context in the Crypto service. The back-end version, directly included from the Mbed TLS repo by the Crypto service, contains the full definition of the operation structs.

One of the functions of the Crypto service is to allocate the back-end operation contexts in its own partition memory (in crypto_alloc.c), and then do the mapping between front-end operation handles passed by NS clients and the corresponding back-end operation contexts. The advantage of doing it this way is that internal Mbed TLS state is never exposed to the NS client.

From: Bohdan.Hunko--- via TF-M <tf-m@lists.trustedfirmware.org>
Sent: Wednesday, January 5, 2022 5:41 PM
To: tf-m@lists.trustedfirmware.org <tf-m@lists.trustedfirmware.org>
Cc: Hennadiy.Kytsun@infineon.com <Hennadiy.Kytsun@infineon.com>; Kostiantyn.Tkachov@infineon.com <Kostiantyn.Tkachov@infineon.com>
Subject: [TF-M] PSA headers difference

Hi everyone,

While taking a look into PSA header files from interface/include/psa/ folder I have found out that they are actually slightly different from PSA headers in build_folder/lib/ext/mbedcrypto-src/include/psa/ folder.

Here is list of files that are different:

crypto.h
crypto_compat.h
crypto_extra.h
crypto_sizes.h
crypto_struct.h
crypto_types.h
crypto_values.h

My expectation was that PSA interface (header files) should be the same in both folders.

Maybe we should use only one version of those files (remove files from interface/include/psa/ and just use files from build_folder/lib/ext/mbedcrypto-src/include/psa/)?

Regards,

Bohdan Hunko

Cypress Semiconductor Ukraine

Engineer

CSUKR CSS ICW SW FW

Mobile: +38099 50 19 714
Bohdan.Hunko@infineon.com