Enable owner labelling of keys in Mbed TLS
This change modifies the build configuration for Mbed TLS when it is
used as a backend for the crypto provider to enable labelling of key IDs
using an externally provided identifier. This allows the key store to be
partitioned to protect keys from unauthorized access. Currently, the
partitioning is based on the caller ID that identifies a calling client.
For FF-A deployments, this is the source partition ID. Because the
configuration change alters the PSA Crypto API exposed by mbedcrypto, a
number of changes were needed to allow the modified API to coexist in
builds alongside clients that depend on the standard API. Some old unit
test cases that were not practical to modify have been removed. From a
coverage perspective, most of the same areas are covered by the
extensive set of service level tests.
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>
Signed-off-by: Julian Hall <julian.hall@arm.com>
Change-Id: I2762c91bba2dba0a6305aefe61f256355defaf3a
diff --git a/deployments/platform-inspect/platform-inspect.cmake b/deployments/platform-inspect/platform-inspect.cmake
index dc65184..aa3c523 100644
--- a/deployments/platform-inspect/platform-inspect.cmake
+++ b/deployments/platform-inspect/platform-inspect.cmake
@@ -49,6 +49,9 @@
include(${TS_ROOT}/external/MbedTLS/MbedTLS.cmake)
target_link_libraries(platform-inspect PRIVATE MbedTLS::mbedcrypto)
+# Use Mbed TLS to provide the psa crypto api interface files
+set(PSA_CRYPTO_API_INCLUDE "${MBEDTLS_PUBLIC_INCLUDE_PATH}")
+
# Qcbor
include(${TS_ROOT}/external/qcbor/qcbor.cmake)