Hi Archanaa,

Thanks for feedbacking this.

An attribute object can contain references to auxiliary resources, for example pointers to allocated memory or indirect references to pre-calculated values. In order to free such resources, the application must call psa_reset_key_attributes().


In my personal understanding, the reset key attributes operation is not only reset (set to 0), it also includes memory free (if you check mbedtls implementation). From tfm perspective, we should do the key attributes structure translation between client and server, and let Mbed TLS help do the real reset operations.



Best Regards,

Summer





From: S Krishnan, Archanaa via TF-M <tf-m@lists.trustedfirmware.org>
Sent: Friday, July 29, 2022 7:00 AM
To: tf-m@lists.trustedfirmware.org <tf-m@lists.trustedfirmware.org>
Subject: [TF-M] Intended use of psa_reset_key_attributes()
 

Hi,

 

What was the intended usage of psa_reset_key_attribute(*attributes) which requires a PSA call from non-secure side to reset the client attributes? I am curious because the attributes to be reset comes from the non-secure memory, not directly associated with ITS/PS.

 

The current IPC setup performs a PSA call to tfm_crypto_rest_key_attributes()(https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/secure_fw/partitions/crypto/crypto_key_management.c?h=release/1.6.x#n211)

This function creates a copy of client key attribute in a secure key attribute structure. The secure key attribute is reset (set to 0) and then copied back to the client key attribute before returning to non-secure code. At first glance, this seems like a roundabout way to zeorise client side attributes.

 

Regards,

Archanaa