Add factory entropy injection to the example #6
Conversation
Patater
force-pushed
the
factory-entropy-example
branch
from
0d588f0 to
eeaefad
Compare
main.cpp
Outdated
| /* mbedtls_psa_inject_entropy() depends on both MBEDTLS_ENTROPY_NV_SEED and | ||
| * MBEDTLS_PSA_HAS_ITS_IO being enabled by the Mbed TLS configuration | ||
| * system. */ | ||
| #if defined(MBEDTLS_ENTROPY_NV_SEED) && defined(MBEDTLS_PSA_HAS_ITS_IO) |
There was a problem hiding this comment.
This may be wrong in case of 2 cores.
for example the Psoc6:
the M4 core will not have NV_SEED (so this function will not compile) but defined but the M0 will have it. (This comment applies on both of the defined )
There was a problem hiding this comment.
Agreed. However, we may want to comment this is a generic implementation for single core systems and may need to be implemented on cases-by case basis?
| @@ -1,7 +1,8 @@ | |||
| { | |||
| "target_overrides": { | |||
| "*": { | |||
| "platform.stdio-convert-newlines": true | |||
| "platform.stdio-convert-newlines": true, | |||
| "target.extra_labels_add": ["PSA"] | |||
There was a problem hiding this comment.
currently, in addition to PSA label, you must add the MBEDTLS_PSA_CRYPTO_C.
There was a problem hiding this comment.
Added via new Mbed TLS user configuration file
main.cpp
Outdated
| seed[i] = i; | ||
| } | ||
|
|
||
| int status = mbedtls_psa_inject_entropy(seed, sizeof(seed)); |
There was a problem hiding this comment.
Extra space after = sign
| int status = mbedtls_psa_inject_entropy(seed, sizeof(seed)); | |
| int status = mbedtls_psa_inject_entropy(seed, sizeof(seed)); |
main.cpp
Outdated
| if (status) { | ||
| /* The device may already have an NV Seed injected, or another error | ||
| * may have happened during injection. */ | ||
| mbedtls_printf("warning - this attempt at entropy injection failed\n"); |
There was a problem hiding this comment.
Maybe print the error code here?
|
Looks good. |
Patater
force-pushed
the
factory-entropy-example
branch
from
eeaefad to
aaed571
Compare
Make the example demonstrate entropy injection by adding a new function, called before psa_crypto_init(), that attempts to inject some fake entropy into the system. Print a warning message if injecting entropy fails.
This example requires PSA to be enabled in order for the PSA APIs to be available for use. This example uses PSA Crypto APIs and thus requires the target to have the PSA label in order to make those PSA APIs available.
Patater
force-pushed
the
factory-entropy-example
branch
from
aaed571 to
087c018
Compare
Since this example is not useful without PSA Crypto APIs, enable PSA Crypto APIs by default via an Mbed TLS user configuration file, along with a default implmentation of the PSA Entropy Injection API that uses PSA storage (ITS).
Patater
force-pushed
the
factory-entropy-example
branch
from
087c018 to
276fde4
Compare
|
Updated so that this example should work whether being built for the NSPE of a partitioned system, or a single v7-M target. |
Add a fake factory entropy injection example and instructions in the README.
Also update the application configuration to explicitly enable PSA to enable the example to run on more targets. The example will not be very interesting if PSA is not enabled...