Using a dedicated field allows clean separatin between key attributes
and slot state. This allows us to use the same mechanics for attributes
and key content. Which in turn means lower code size and easier
maintenance.
Signed-off-by: Janos Follath <janos.follath@arm.com>
Separate design analysis from plans and make the distinction clear
between what is implemented, what is planned to be implemented soon,
what is planned to be implemented in the future, and what is ideas that
are rejected.
(The distinction between the last two categories doesn't have to be
clear, we can't and shouldn't plan that far ahead.)
Signed-off-by: Janos Follath <janos.follath@arm.com>
State explicitly the non-requirement that it's ok for psa_destroy_key to
block waiting for a driver.
Signed-off-by: Janos Follath <janos.follath@arm.com>
- Use unique section titles so that there are unique anchors
- Make list style consistent between similar sections
Signed-off-by: Janos Follath <janos.follath@arm.com>
We shouldn't violate the requirement that the key identifier can be
reused. In practice, a key manager may destroy a key that's in use by
another process, and the privileged world containing the key manager and
the crypto service should not be perturbed by an unprivileged process.
With respect to blocking, again, a key manager should not be blocked
indefinitely by an unprivileged application.
These are desirable properties even in the short term.
Signed-off-by: Janos Follath <janos.follath@arm.com>
There are two somewhat distinct aspects here: if it compiled, it still
compiles; and if it worked functionally, it still works. They're related in
that if application code currently compiles but cannot possibly work, we
could reasonably make it not compile anymore.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
