Hi Andrej/Kevin,
Pasting the ;Secure Storage' Security Function Requirement below from the PSA Certified Level2 Protection Profile* It doesn’t specifically mention Protected Storage and Internal Trusted Storage Service as a requirement. As long as the Target of Evaluation can prove that the confidentiality and integrity of assets in Secure Storage can be maintained, the requirement can be met.
PSA defines Protected Storage (PS)** and Internal Trusted Storage (ITS)**. PS is meant to store larger data sets stored on external flash and ITS for device intimate data stored on chip flash storage. If the device doesn’t have an on chip flash storage, maybe it is still possible to just use PS implementation using external flash to ensure confidentiality and integrity of the secret assets on the platform.
@Marcus Streetsmailto:Marcus.Streets@arm.com – Could you please share your thought on this
5.3 F.SECURE_STORAGE The TOE protects the confidentiality and integrity of assets in a secure storage. The secure storage is bound to the platform. Only the TOE can retrieve and modify assets from this secure storage. This security function mitigates T.STORAGE by preventing direct and unprotected access to assets.
Regards, Shebu
* https://www.psacertified.org/app/uploads/2019/02/JSADEN002-PSA_Certified_Lev... ** https://developer.arm.com/-/media/Files/pdf/PlatformSecurityArchitecture/Imp...
-----Original Message----- From: TF-M tf-m-bounces@lists.trustedfirmware.org On Behalf Of Andrej Butok via TF-M Sent: Thursday, November 28, 2019 7:50 AM To: Kevin Peng (Arm Technology China) Kevin.Peng@arm.com Cc: tf-m@lists.trustedfirmware.org Subject: Re: [TF-M] PSA Certification without PS?
Hi Kevin,
So, platforms without internal flash memory, required by Internal Trusted Storage, may apply only for PSA L1. Right?
Thank you for your clarification, Andrej Butok
-----Original Message----- From: Kevin Peng (Arm Technology China) <Kevin.Peng@arm.commailto:Kevin.Peng@arm.com> Sent: Thursday, November 28, 2019 5:14 AM To: Andrej Butok <andrey.butok@nxp.commailto:andrey.butok@nxp.com>; tf-m@lists.trustedfirmware.orgmailto:tf-m@lists.trustedfirmware.org Cc: nd <nd@arm.commailto:nd@arm.com> Subject: RE: [TF-M] PSA Certification without PS?
A quick information: Internal Trusted Storage is mandatory by PSA for isolation level 2 and 3.
Best Regards, Kevin
-----Original Message----- From: TF-M <tf-m-bounces@lists.trustedfirmware.orgmailto:tf-m-bounces@lists.trustedfirmware.org> On Behalf Of Andrej Butok via TF-M Sent: Wednesday, November 27, 2019 7:32 PM To: tf-m@lists.trustedfirmware.orgmailto:tf-m@lists.trustedfirmware.org Subject: [TF-M] PSA Certification without PS?
Hello,
Most probably, we will port TFM to a platform with TZ and external flash, BUT without internal flash. Is it possible to certify it for PSA L1 & L2 & Dev API, without Internal Trusted Storage service and its API? Do you see any issue?
Thanks Andrej Butok
-- TF-M mailing list TF-M@lists.trustedfirmware.orgmailto:TF-M@lists.trustedfirmware.org https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.trus... -- TF-M mailing list TF-M@lists.trustedfirmware.orgmailto:TF-M@lists.trustedfirmware.org https://lists.trustedfirmware.org/mailman/listinfo/tf-m
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.