lib/ext/mbedcrypto/0004-Add-TF-M-builtin-key-driver.patch - sandbox/pfalcon/trusted-firmware-m - TrustedFirmware Git Browser

 From c21add49b5bb920220ab5ef67a394e1ca3d86d6d Mon Sep 17 00:00:00 2001
 From: Raef Coles <raef.coles@arm.com>
 Date: Tue, 19 Jul 2022 11:12:30 +0100
 Subject: [PATCH 4/8] Add TF-M builtin key driver

 Signed-off-by: Raef Coles <raef.coles@arm.com>
 Co-authored-by: Antonio de Angelis <antonio.deangelis@arm.com>
 ---
  library/psa_crypto.c                 | 11 +++-
  library/psa_crypto_driver_wrappers.c | 97 +++++++++++++++++++++++++++-
  2 files changed, 106 insertions(+), 2 deletions(-)

 diff --git a/library/psa_crypto.c b/library/psa_crypto.c
 index bc19ed07..df7776f3 100644
 --- a/library/psa_crypto.c
 +++ b/library/psa_crypto.c
 @@ -82,6 +82,11 @@
  #include "mbedtls/sha512.h"
  #include "hash_info.h"

 +#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
 +#include "tfm_crypto_defs.h"
 +#include "tfm_builtin_key_loader.h"
 +#endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
 +
  #define ARRAY_LENGTH(array) (sizeof(array) / sizeof(*(array)))

  #if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) ||          \
 @@ -1011,7 +1016,11 @@ static psa_status_t psa_get_and_lock_transparent_key_slot_with_policy(
          return status;
      }

 -    if (psa_key_lifetime_is_external((*p_slot)->attr.lifetime)) {
 +    if (psa_key_lifetime_is_external((*p_slot)->attr.lifetime)
 +#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
 +        && PSA_KEY_LIFETIME_GET_LOCATION((*p_slot)->attr.lifetime) != TFM_BUILTIN_KEY_LOADER_KEY_LOCATION
 +#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
 +    ) {
          psa_unlock_key_slot(*p_slot);
          *p_slot = NULL;
          return PSA_ERROR_NOT_SUPPORTED;
 diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c
 index ce26b346..38251f11 100644
 --- a/library/psa_crypto_driver_wrappers.c
 +++ b/library/psa_crypto_driver_wrappers.c
 @@ -59,6 +59,18 @@
  #include "cc3xx.h"
  #endif /* PSA_CRYPTO_DRIVER_CC3XX */

 +/* Include TF-M builtin key driver */
 +#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
 +#ifndef PSA_CRYPTO_DRIVER_PRESENT
 +#define PSA_CRYPTO_DRIVER_PRESENT
 +#endif
 +#ifndef PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT
 +#define PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT
 +#endif
 +#include "tfm_crypto_defs.h"
 +#include "tfm_builtin_key_loader.h"
 +#endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
 +
  #endif /* MBEDTLS_PSA_CRYPTO_DRIVERS */
  /* END-driver headers */

 @@ -72,6 +84,9 @@
  #if defined(PSA_CRYPTO_DRIVER_CC3XX)
  #define PSA_CRYPTO_CC3XX_DRIVER_ID (4)
  #endif /* PSA_CRYPTO_DRIVER_CC3XX */
 +#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
 +#define PSA_CRYPTO_TFM_BUILTIN_KEY_LOADER_DRIVER_ID (5)
 +#endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */

  /* END-driver id */

 @@ -93,6 +108,12 @@ psa_status_t psa_driver_wrapper_init( void )
  {
      psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;

 +#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
 +    status = tfm_builtin_key_loader_init();
 +    if (status != PSA_SUCCESS)
 +        return ( status );
 +#endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
 +
  #if defined(PSA_CRYPTO_DRIVER_CC3XX)
      status = cc3xx_init();
      if (status != PSA_SUCCESS)
 @@ -156,6 +177,9 @@ psa_status_t psa_driver_wrapper_sign_message(
      switch( location )
      {
          case PSA_KEY_LOCATION_LOCAL_STORAGE:
 +#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
 +        case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
 +#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
              /* Key is stored in the slot in export representation, so
               * cycle through all known transparent accelerators */
  #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
 @@ -244,6 +268,9 @@ psa_status_t psa_driver_wrapper_verify_message(
      switch( location )
      {
          case PSA_KEY_LOCATION_LOCAL_STORAGE:
 +#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
 +        case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
 +#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
              /* Key is stored in the slot in export representation, so
               * cycle through all known transparent accelerators */
  #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
 @@ -343,6 +370,9 @@ psa_status_t psa_driver_wrapper_sign_hash(
      switch( location )
      {
          case PSA_KEY_LOCATION_LOCAL_STORAGE:
 +#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
 +        case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
 +#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
              /* Key is stored in the slot in export representation, so
               * cycle through all known transparent accelerators */
  #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
 @@ -439,6 +469,9 @@ psa_status_t psa_driver_wrapper_verify_hash(
      switch( location )
      {
          case PSA_KEY_LOCATION_LOCAL_STORAGE:
 +#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
 +        case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
 +#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
              /* Key is stored in the slot in export representation, so
               * cycle through all known transparent accelerators */
  #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
 @@ -828,7 +861,11 @@ psa_status_t psa_driver_wrapper_get_key_buffer_size(
              return( ( *key_buffer_size != 0 ) ?
                      PSA_SUCCESS : PSA_ERROR_NOT_SUPPORTED );
  #endif /* PSA_CRYPTO_DRIVER_TEST */
 -
 +#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
 +        case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
 +            return tfm_builtin_key_loader_get_key_buffer_size(psa_get_key_id(attributes),
 +                                                              key_buffer_size);
 +#endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
          default:
              (void)key_type;
              (void)key_bits;
 @@ -868,6 +905,9 @@ psa_status_t psa_driver_wrapper_generate_key(
      switch( location )
      {
          case PSA_KEY_LOCATION_LOCAL_STORAGE:
 +#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
 +        case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
 +#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
  #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
              /* Transparent drivers are limited to generating asymmetric keys */
              if( PSA_KEY_TYPE_IS_ASYMMETRIC( attributes->core.type ) )
 @@ -960,6 +1000,9 @@ psa_status_t psa_driver_wrapper_import_key(
      switch( location )
      {
          case PSA_KEY_LOCATION_LOCAL_STORAGE:
 +#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
 +        case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
 +#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
              /* Key is stored in the slot in export representation, so
               * cycle through all known transparent accelerators */
  #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
 @@ -1046,6 +1089,9 @@ psa_status_t psa_driver_wrapper_export_key(
      switch( location )
      {
          case PSA_KEY_LOCATION_LOCAL_STORAGE:
 +#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
 +        case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
 +#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
              return( psa_export_key_internal( attributes,
                                               key_buffer,
                                               key_buffer_size,
 @@ -1111,6 +1157,9 @@ psa_status_t psa_driver_wrapper_export_public_key(
      switch( location )
      {
          case PSA_KEY_LOCATION_LOCAL_STORAGE:
 +#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
 +        case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
 +#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
              /* Key is stored in the slot in export representation, so
               * cycle through all known transparent accelerators */
  #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
 @@ -1196,6 +1245,13 @@ psa_status_t psa_driver_wrapper_get_builtin_key(


  #endif /* PSA_CRYPTO_DRIVER_TEST */
 +#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
 +        case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
 +            return( tfm_builtin_key_loader_get_builtin_key(
 +                        slot_number,
 +                        attributes,
 +                        key_buffer, key_buffer_size, key_buffer_length ) );
 +#endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
          default:
              (void) slot_number;
              (void) key_buffer;
 @@ -1281,6 +1337,9 @@ psa_status_t psa_driver_wrapper_cipher_encrypt(
      switch( location )
      {
          case PSA_KEY_LOCATION_LOCAL_STORAGE:
 +#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
 +        case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
 +#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
              /* Key is stored in the slot in export representation, so
               * cycle through all known transparent accelerators */
  #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
 @@ -1385,6 +1444,9 @@ psa_status_t psa_driver_wrapper_cipher_decrypt(
      switch( location )
      {
          case PSA_KEY_LOCATION_LOCAL_STORAGE:
 +#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
 +        case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
 +#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
              /* Key is stored in the slot in export representation, so
               * cycle through all known transparent accelerators */
  #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
 @@ -1474,6 +1536,9 @@ psa_status_t psa_driver_wrapper_cipher_encrypt_setup(
      switch( location )
      {
          case PSA_KEY_LOCATION_LOCAL_STORAGE:
 +#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
 +        case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
 +#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
              /* Key is stored in the slot in export representation, so
               * cycle through all known transparent accelerators */
  #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
 @@ -1557,6 +1622,9 @@ psa_status_t psa_driver_wrapper_cipher_decrypt_setup(
      switch( location )
      {
          case PSA_KEY_LOCATION_LOCAL_STORAGE:
 +#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
 +        case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
 +#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
              /* Key is stored in the slot in export representation, so
               * cycle through all known transparent accelerators */
  #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
 @@ -2041,6 +2109,9 @@ psa_status_t psa_driver_wrapper_aead_encrypt(
      switch( location )
      {
          case PSA_KEY_LOCATION_LOCAL_STORAGE:
 +#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
 +        case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
 +#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
              /* Key is stored in the slot in export representation, so
               * cycle through all known transparent accelerators */

 @@ -2104,6 +2175,9 @@ psa_status_t psa_driver_wrapper_aead_decrypt(
      switch( location )
      {
          case PSA_KEY_LOCATION_LOCAL_STORAGE:
 +#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
 +        case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
 +#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
              /* Key is stored in the slot in export representation, so
               * cycle through all known transparent accelerators */

 @@ -2164,6 +2238,9 @@ psa_status_t psa_driver_wrapper_aead_encrypt_setup(
      switch( location )
      {
          case PSA_KEY_LOCATION_LOCAL_STORAGE:
 +#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
 +        case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
 +#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
              /* Key is stored in the slot in export representation, so
               * cycle through all known transparent accelerators */

 @@ -2221,6 +2298,9 @@ psa_status_t psa_driver_wrapper_aead_decrypt_setup(
      switch( location )
      {
          case PSA_KEY_LOCATION_LOCAL_STORAGE:
 +#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
 +        case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
 +#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
              /* Key is stored in the slot in export representation, so
               * cycle through all known transparent accelerators */

 @@ -2618,6 +2698,9 @@ psa_status_t psa_driver_wrapper_mac_compute(
      switch( location )
      {
          case PSA_KEY_LOCATION_LOCAL_STORAGE:
 +#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
 +        case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
 +#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
              /* Key is stored in the slot in export representation, so
               * cycle through all known transparent accelerators */
  #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
 @@ -2688,6 +2771,9 @@ psa_status_t psa_driver_wrapper_mac_sign_setup(
      switch( location )
      {
          case PSA_KEY_LOCATION_LOCAL_STORAGE:
 +#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
 +        case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
 +#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
              /* Key is stored in the slot in export representation, so
               * cycle through all known transparent accelerators */
  #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
 @@ -2769,6 +2855,9 @@ psa_status_t psa_driver_wrapper_mac_verify_setup(
      switch( location )
      {
          case PSA_KEY_LOCATION_LOCAL_STORAGE:
 +#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
 +        case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
 +#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
              /* Key is stored in the slot in export representation, so
               * cycle through all known transparent accelerators */
  #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
 @@ -2997,6 +3086,9 @@ psa_status_t psa_driver_wrapper_asymmetric_encrypt(
      switch( location )
      {
          case PSA_KEY_LOCATION_LOCAL_STORAGE:
 +#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
 +        case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
 +#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
              /* Key is stored in the slot in export representation, so
               * cycle through all known transparent accelerators */
  #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
 @@ -3069,6 +3161,9 @@ psa_status_t psa_driver_wrapper_asymmetric_decrypt(
      switch( location )
      {
          case PSA_KEY_LOCATION_LOCAL_STORAGE:
 +#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
 +        case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
 +#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
              /* Key is stored in the slot in export representation, so
               * cycle through all known transparent accelerators */
  #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
 --
 2.25.1
	From c21add49b5bb920220ab5ef67a394e1ca3d86d6d Mon Sep 17 00:00:00 2001
	From: Raef Coles <raef.coles@arm.com>
	Date: Tue, 19 Jul 2022 11:12:30 +0100
	Subject: [PATCH 4/8] Add TF-M builtin key driver

	Signed-off-by: Raef Coles <raef.coles@arm.com>
	Co-authored-by: Antonio de Angelis <antonio.deangelis@arm.com>
	---
	library/psa_crypto.c \| 11 +++-
	library/psa_crypto_driver_wrappers.c \| 97 +++++++++++++++++++++++++++-
	2 files changed, 106 insertions(+), 2 deletions(-)

	diff --git a/library/psa_crypto.c b/library/psa_crypto.c
	index bc19ed07..df7776f3 100644
	--- a/library/psa_crypto.c
	+++ b/library/psa_crypto.c
	@@ -82,6 +82,11 @@
	#include "mbedtls/sha512.h"
	#include "hash_info.h"

	+#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
	+#include "tfm_crypto_defs.h"
	+#include "tfm_builtin_key_loader.h"
	+#endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
	+
	#define ARRAY_LENGTH(array) (sizeof(array) / sizeof(*(array)))

	#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) \|\| \
	@@ -1011,7 +1016,11 @@ static psa_status_t psa_get_and_lock_transparent_key_slot_with_policy(
	return status;
	}

	- if (psa_key_lifetime_is_external((*p_slot)->attr.lifetime)) {
	+ if (psa_key_lifetime_is_external((*p_slot)->attr.lifetime)
	+#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
	+ && PSA_KEY_LIFETIME_GET_LOCATION((*p_slot)->attr.lifetime) != TFM_BUILTIN_KEY_LOADER_KEY_LOCATION
	+#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
	+ ) {
	psa_unlock_key_slot(*p_slot);
	*p_slot = NULL;
	return PSA_ERROR_NOT_SUPPORTED;
	diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c
	index ce26b346..38251f11 100644
	--- a/library/psa_crypto_driver_wrappers.c
	+++ b/library/psa_crypto_driver_wrappers.c
	@@ -59,6 +59,18 @@
	#include "cc3xx.h"
	#endif /* PSA_CRYPTO_DRIVER_CC3XX */

	+/* Include TF-M builtin key driver */
	+#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
	+#ifndef PSA_CRYPTO_DRIVER_PRESENT
	+#define PSA_CRYPTO_DRIVER_PRESENT
	+#endif
	+#ifndef PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT
	+#define PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT
	+#endif
	+#include "tfm_crypto_defs.h"
	+#include "tfm_builtin_key_loader.h"
	+#endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
	+
	#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS */
	/* END-driver headers */

	@@ -72,6 +84,9 @@
	#if defined(PSA_CRYPTO_DRIVER_CC3XX)
	#define PSA_CRYPTO_CC3XX_DRIVER_ID (4)
	#endif /* PSA_CRYPTO_DRIVER_CC3XX */
	+#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
	+#define PSA_CRYPTO_TFM_BUILTIN_KEY_LOADER_DRIVER_ID (5)
	+#endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */

	/* END-driver id */

	@@ -93,6 +108,12 @@ psa_status_t psa_driver_wrapper_init( void )
	{
	psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;

	+#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
	+ status = tfm_builtin_key_loader_init();
	+ if (status != PSA_SUCCESS)
	+ return ( status );
	+#endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
	+
	#if defined(PSA_CRYPTO_DRIVER_CC3XX)
	status = cc3xx_init();
	if (status != PSA_SUCCESS)
	@@ -156,6 +177,9 @@ psa_status_t psa_driver_wrapper_sign_message(
	switch( location )
	{
	case PSA_KEY_LOCATION_LOCAL_STORAGE:
	+#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
	+ case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
	+#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
	/* Key is stored in the slot in export representation, so
	* cycle through all known transparent accelerators */
	#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
	@@ -244,6 +268,9 @@ psa_status_t psa_driver_wrapper_verify_message(
	switch( location )
	{
	case PSA_KEY_LOCATION_LOCAL_STORAGE:
	+#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
	+ case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
	+#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
	/* Key is stored in the slot in export representation, so
	* cycle through all known transparent accelerators */
	#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
	@@ -343,6 +370,9 @@ psa_status_t psa_driver_wrapper_sign_hash(
	switch( location )
	{
	case PSA_KEY_LOCATION_LOCAL_STORAGE:
	+#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
	+ case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
	+#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
	/* Key is stored in the slot in export representation, so
	* cycle through all known transparent accelerators */
	#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
	@@ -439,6 +469,9 @@ psa_status_t psa_driver_wrapper_verify_hash(
	switch( location )
	{
	case PSA_KEY_LOCATION_LOCAL_STORAGE:
	+#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
	+ case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
	+#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
	/* Key is stored in the slot in export representation, so
	* cycle through all known transparent accelerators */
	#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
	@@ -828,7 +861,11 @@ psa_status_t psa_driver_wrapper_get_key_buffer_size(
	return( ( *key_buffer_size != 0 ) ?
	PSA_SUCCESS : PSA_ERROR_NOT_SUPPORTED );
	#endif /* PSA_CRYPTO_DRIVER_TEST */
	-
	+#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
	+ case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
	+ return tfm_builtin_key_loader_get_key_buffer_size(psa_get_key_id(attributes),
	+ key_buffer_size);
	+#endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
	default:
	(void)key_type;
	(void)key_bits;
	@@ -868,6 +905,9 @@ psa_status_t psa_driver_wrapper_generate_key(
	switch( location )
	{
	case PSA_KEY_LOCATION_LOCAL_STORAGE:
	+#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
	+ case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
	+#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
	#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
	/* Transparent drivers are limited to generating asymmetric keys */
	if( PSA_KEY_TYPE_IS_ASYMMETRIC( attributes->core.type ) )
	@@ -960,6 +1000,9 @@ psa_status_t psa_driver_wrapper_import_key(
	switch( location )
	{
	case PSA_KEY_LOCATION_LOCAL_STORAGE:
	+#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
	+ case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
	+#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
	/* Key is stored in the slot in export representation, so
	* cycle through all known transparent accelerators */
	#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
	@@ -1046,6 +1089,9 @@ psa_status_t psa_driver_wrapper_export_key(
	switch( location )
	{
	case PSA_KEY_LOCATION_LOCAL_STORAGE:
	+#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
	+ case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
	+#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
	return( psa_export_key_internal( attributes,
	key_buffer,
	key_buffer_size,
	@@ -1111,6 +1157,9 @@ psa_status_t psa_driver_wrapper_export_public_key(
	switch( location )
	{
	case PSA_KEY_LOCATION_LOCAL_STORAGE:
	+#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
	+ case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
	+#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
	/* Key is stored in the slot in export representation, so
	* cycle through all known transparent accelerators */
	#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
	@@ -1196,6 +1245,13 @@ psa_status_t psa_driver_wrapper_get_builtin_key(


	#endif /* PSA_CRYPTO_DRIVER_TEST */
	+#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
	+ case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
	+ return( tfm_builtin_key_loader_get_builtin_key(
	+ slot_number,
	+ attributes,
	+ key_buffer, key_buffer_size, key_buffer_length ) );
	+#endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
	default:
	(void) slot_number;
	(void) key_buffer;
	@@ -1281,6 +1337,9 @@ psa_status_t psa_driver_wrapper_cipher_encrypt(
	switch( location )
	{
	case PSA_KEY_LOCATION_LOCAL_STORAGE:
	+#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
	+ case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
	+#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
	/* Key is stored in the slot in export representation, so
	* cycle through all known transparent accelerators */
	#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
	@@ -1385,6 +1444,9 @@ psa_status_t psa_driver_wrapper_cipher_decrypt(
	switch( location )
	{
	case PSA_KEY_LOCATION_LOCAL_STORAGE:
	+#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
	+ case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
	+#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
	/* Key is stored in the slot in export representation, so
	* cycle through all known transparent accelerators */
	#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
	@@ -1474,6 +1536,9 @@ psa_status_t psa_driver_wrapper_cipher_encrypt_setup(
	switch( location )
	{
	case PSA_KEY_LOCATION_LOCAL_STORAGE:
	+#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
	+ case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
	+#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
	/* Key is stored in the slot in export representation, so
	* cycle through all known transparent accelerators */
	#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
	@@ -1557,6 +1622,9 @@ psa_status_t psa_driver_wrapper_cipher_decrypt_setup(
	switch( location )
	{
	case PSA_KEY_LOCATION_LOCAL_STORAGE:
	+#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
	+ case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
	+#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
	/* Key is stored in the slot in export representation, so
	* cycle through all known transparent accelerators */
	#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
	@@ -2041,6 +2109,9 @@ psa_status_t psa_driver_wrapper_aead_encrypt(
	switch( location )
	{
	case PSA_KEY_LOCATION_LOCAL_STORAGE:
	+#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
	+ case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
	+#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
	/* Key is stored in the slot in export representation, so
	* cycle through all known transparent accelerators */

	@@ -2104,6 +2175,9 @@ psa_status_t psa_driver_wrapper_aead_decrypt(
	switch( location )
	{
	case PSA_KEY_LOCATION_LOCAL_STORAGE:
	+#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
	+ case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
	+#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
	/* Key is stored in the slot in export representation, so
	* cycle through all known transparent accelerators */

	@@ -2164,6 +2238,9 @@ psa_status_t psa_driver_wrapper_aead_encrypt_setup(
	switch( location )
	{
	case PSA_KEY_LOCATION_LOCAL_STORAGE:
	+#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
	+ case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
	+#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
	/* Key is stored in the slot in export representation, so
	* cycle through all known transparent accelerators */

	@@ -2221,6 +2298,9 @@ psa_status_t psa_driver_wrapper_aead_decrypt_setup(
	switch( location )
	{
	case PSA_KEY_LOCATION_LOCAL_STORAGE:
	+#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
	+ case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
	+#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
	/* Key is stored in the slot in export representation, so
	* cycle through all known transparent accelerators */

	@@ -2618,6 +2698,9 @@ psa_status_t psa_driver_wrapper_mac_compute(
	switch( location )
	{
	case PSA_KEY_LOCATION_LOCAL_STORAGE:
	+#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
	+ case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
	+#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
	/* Key is stored in the slot in export representation, so
	* cycle through all known transparent accelerators */
	#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
	@@ -2688,6 +2771,9 @@ psa_status_t psa_driver_wrapper_mac_sign_setup(
	switch( location )
	{
	case PSA_KEY_LOCATION_LOCAL_STORAGE:
	+#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
	+ case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
	+#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
	/* Key is stored in the slot in export representation, so
	* cycle through all known transparent accelerators */
	#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
	@@ -2769,6 +2855,9 @@ psa_status_t psa_driver_wrapper_mac_verify_setup(
	switch( location )
	{
	case PSA_KEY_LOCATION_LOCAL_STORAGE:
	+#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
	+ case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
	+#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
	/* Key is stored in the slot in export representation, so
	* cycle through all known transparent accelerators */
	#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
	@@ -2997,6 +3086,9 @@ psa_status_t psa_driver_wrapper_asymmetric_encrypt(
	switch( location )
	{
	case PSA_KEY_LOCATION_LOCAL_STORAGE:
	+#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
	+ case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
	+#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
	/* Key is stored in the slot in export representation, so
	* cycle through all known transparent accelerators */
	#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
	@@ -3069,6 +3161,9 @@ psa_status_t psa_driver_wrapper_asymmetric_decrypt(
	switch( location )
	{
	case PSA_KEY_LOCATION_LOCAL_STORAGE:
	+#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
	+ case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
	+#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
	/* Key is stored in the slot in export representation, so
	* cycle through all known transparent accelerators */
	#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
	--
	2.25.1