Crypto: Implement PSA builtin keys
Implement builtin key driver, and add HAL apis to load HUK and IAK into
this driver. Add necessary funtions to route PSA crypto calls into this
driver. Add fixed builtin key IDs into the interface, and a mechanism to
allow platforms to add extra keys.
Change-Id: I7ffc16eb14215dd6b323baeb53b40ccb1c0ce126
Signed-off-by: Raef Coles <raef.coles@arm.com>
diff --git a/secure_fw/partitions/crypto/crypto_init.c b/secure_fw/partitions/crypto/crypto_init.c
index 898418e..1af64cc 100644
--- a/secure_fw/partitions/crypto/crypto_init.c
+++ b/secure_fw/partitions/crypto/crypto_init.c
@@ -12,6 +12,7 @@
#include "tfm_crypto_defs.h"
#include "tfm_sp_log.h"
#include "crypto_check_config.h"
+#include "tfm_plat_crypto_keys.h"
/*
* \brief This Mbed TLS include is needed to initialise the memory allocator
@@ -345,6 +346,7 @@
psa_status_t tfm_crypto_init(void)
{
psa_status_t status;
+ enum tfm_plat_err_t plat_err;
/* Initialise other modules of the service */
status = tfm_crypto_module_init();
@@ -353,7 +355,17 @@
}
/* Initialise the engine layer */
- return tfm_crypto_engine_init();
+ status = tfm_crypto_engine_init();
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
+
+ plat_err = tfm_plat_load_builtin_keys();
+ if (plat_err != TFM_PLAT_ERR_SUCCESS) {
+ return PSA_ERROR_GENERIC_ERROR;
+ }
+
+ return PSA_SUCCESS;
}
#ifdef TFM_PSA_API