Gilles Peskine 
							
						 
					 
					
						
						
							
						
						df62f1a010 
					 
					
						
						
							
							Merge pull request  #1106  from gilles-peskine-arm/psa-shared-buffers-requirements  
						
						... 
						
						
						
						PSA shared buffers requirements 
						
						
					 
					
						2023-10-17 20:38:00 +02:00 
						 
				 
			
				
					
						
							
							
								Janos Follath 
							
						 
					 
					
						
						
							
						
						d7a39ae21e 
					 
					
						
						
							
							Add plan for 3.6 to threading design  
						
						... 
						
						
						
						Signed-off-by: Janos Follath <janos.follath@arm.com > 
						
						
					 
					
						2023-10-17 14:34:26 +01:00 
						 
				 
			
				
					
						
							
							
								Janos Follath 
							
						 
					 
					
						
						
							
						
						574100bb0d 
					 
					
						
						
							
							Add clarifications to thread safety design  
						
						... 
						
						
						
						Signed-off-by: Janos Follath <janos.follath@arm.com > 
						
						
					 
					
						2023-10-17 12:50:28 +01:00 
						 
				 
			
				
					
						
							
							
								Janos Follath 
							
						 
					 
					
						
						
							
						
						811a954383 
					 
					
						
						
							
							Add reentrancy section to thread safety design  
						
						... 
						
						
						
						Signed-off-by: Janos Follath <janos.follath@arm.com > 
						
						
					 
					
						2023-10-17 12:50:21 +01:00 
						 
				 
			
				
					
						
							
							
								Gilles Peskine 
							
						 
					 
					
						
						
							
						
						8ebeb9c180 
					 
					
						
						
							
							Test for read-read inconsistency with mprotect and ptrace/gdb  
						
						... 
						
						
						
						Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com > 
						
						
					 
					
						2023-10-16 18:37:02 +02:00 
						 
				 
			
				
					
						
							
							
								Gilles Peskine 
							
						 
					 
					
						
						
							
						
						87889ebe86 
					 
					
						
						
							
							Fix editorial error with semantic consequences  
						
						... 
						
						
						
						Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com > 
						
						
					 
					
						2023-10-16 15:40:02 +02:00 
						 
				 
			
				
					
						
							
							
								Gilles Peskine 
							
						 
					 
					
						
						
							
						
						a3ce6437bf 
					 
					
						
						
							
							Typos  
						
						... 
						
						
						
						Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com > 
						
						
					 
					
						2023-10-16 15:39:37 +02:00 
						 
				 
			
				
					
						
							
							
								Gilles Peskine 
							
						 
					 
					
						
						
							
						
						1f2802c403 
					 
					
						
						
							
							Suggest validating copy by memory poisoning  
						
						... 
						
						
						
						Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com > 
						
						
					 
					
						2023-10-13 21:49:17 +02:00 
						 
				 
			
				
					
						
							
							
								Gilles Peskine 
							
						 
					 
					
						
						
							
						
						6998721c69 
					 
					
						
						
							
							Add a section skeleton for copy bypass  
						
						... 
						
						
						
						It's something we're likely to want to do at some point.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com > 
						
						
					 
					
						2023-10-13 20:05:32 +02:00 
						 
				 
			
				
					
						
							
							
								Gilles Peskine 
							
						 
					 
					
						
						
							
						
						7bc1bb65e9 
					 
					
						
						
							
							Short explanations of what is expected in the design sections  
						
						... 
						
						
						
						Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com > 
						
						
					 
					
						2023-10-13 20:05:25 +02:00 
						 
				 
			
				
					
						
							
							
								Gilles Peskine 
							
						 
					 
					
						
						
							
						
						35de1f7a7d 
					 
					
						
						
							
							Distinguish whole-message signature from other asymmetric cryptography  
						
						... 
						
						
						
						Whole-message signature may process the message multiple times (EdDSA
signature does it).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com > 
						
						
					 
					
						2023-10-13 20:04:16 +02:00 
						 
				 
			
				
					
						
							
							
								Gilles Peskine 
							
						 
					 
					
						
						
							
						
						9cad3b3a70 
					 
					
						
						
							
							Design change for cipher/AEAD  
						
						... 
						
						
						
						There are many reasons why a driver might violate the security requirements
for plaintext or ciphertext buffers, so mandate copying.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com > 
						
						
					 
					
						2023-10-13 20:03:18 +02:00 
						 
				 
			
				
					
						
							
							
								Gilles Peskine 
							
						 
					 
					
						
						
							
						
						2859267a27 
					 
					
						
						
							
							Clarify terminology: built-in driver  
						
						... 
						
						
						
						Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com > 
						
						
					 
					
						2023-10-13 20:02:00 +02:00 
						 
				 
			
				
					
						
							
							
								Gilles Peskine 
							
						 
					 
					
						
						
							
						
						db00543b3a 
					 
					
						
						
							
							Add a section on write-read feedback  
						
						... 
						
						
						
						It's a security violation, although it's not clear whether it really needs
to influence the design.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com > 
						
						
					 
					
						2023-10-13 19:57:53 +02:00 
						 
				 
			
				
					
						
							
							
								Gilles Peskine 
							
						 
					 
					
						
						
							
						
						352095ca86 
					 
					
						
						
							
							Simplify the relaxed output-output rule  
						
						... 
						
						
						
						Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com > 
						
						
					 
					
						2023-10-13 19:56:22 +02:00 
						 
				 
			
				
					
						
							
							
								Gilles Peskine 
							
						 
					 
					
						
						
							
						
						60c453ee72 
					 
					
						
						
							
							Expand explanations of the vulnerabilities  
						
						... 
						
						
						
						Add a few more examples.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com > 
						
						
					 
					
						2023-10-13 19:07:56 +02:00 
						 
				 
			
				
					
						
							
							
								Gilles Peskine 
							
						 
					 
					
						
						
							
						
						8daedaeac9 
					 
					
						
						
							
							Fix typos and copypasta  
						
						... 
						
						
						
						Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com > 
						
						
					 
					
						2023-10-13 18:47:29 +02:00 
						 
				 
			
				
					
						
							
							
								Gilles Peskine 
							
						 
					 
					
						
						
							
						
						f7806ca782 
					 
					
						
						
							
							Analyze requirements for protection of arguments in shared memory  
						
						... 
						
						
						
						Propose a dual-approach strategy where some buffers are copied and others
can remain shared.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com > 
						
						
					 
					
						2023-10-12 16:00:11 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						f1878d8974 
					 
					
						
						
							
							Update to only serve GCM and CCM  
						
						... 
						
						
						
						Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com > 
						
						
					 
					
						2023-10-12 11:19:00 +02:00 
						 
				 
			
				
					
						
							
							
								Gilles Peskine 
							
						 
					 
					
						
						
							
						
						bb5d907aa9 
					 
					
						
						
							
							Automatically pick up all Markdown files  
						
						... 
						
						
						
						Assume GNU make. We already do with the toplevel makefile.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com > 
						
						
					 
					
						2023-10-11 20:47:44 +02:00 
						 
				 
			
				
					
						
							
							
								Janos Follath 
							
						 
					 
					
						
						
							
						
						28b4da954b 
					 
					
						
						
							
							Add PSA threading design  
						
						... 
						
						
						
						Signed-off-by: Janos Follath <janos.follath@arm.com > 
						
						
					 
					
						2023-10-10 15:15:55 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						301d2a29a7 
					 
					
						
						
							
							Update to MD light section  
						
						... 
						
						
						
						Mostly to reflect this has been implemented, and remove references to
temporary remains from the previous strategy (hash_info, legacy_or_psa)
which would probably be more confusing than helpful at this point.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com > 
						
						
					 
					
						2023-10-10 10:04:07 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						2daee0410e 
					 
					
						
						
							
							Update list of modules using hashes  
						
						... 
						
						
						
						Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com > 
						
						
					 
					
						2023-10-10 10:04:07 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						ca18b7747e 
					 
					
						
						
							
							Update definition of Cipher light  
						
						... 
						
						
						
						Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com > 
						
						
					 
					
						2023-10-10 10:04:07 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						839d3580bd 
					 
					
						
						
							
							Update details of modules using cipher operations  
						
						... 
						
						
						
						Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com > 
						
						
					 
					
						2023-10-10 09:22:59 +02:00 
						 
				 
			
				
					
						
							
							
								Gilles Peskine 
							
						 
					 
					
						
						
							
						
						32743619a2 
					 
					
						
						
							
							Merge pull request  #8114  from yanesca/threading_requirements_update  
						
						... 
						
						
						
						Refine thread safety requirements 
						
						
					 
					
						2023-10-09 11:22:59 +00:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						8c40f3dfad 
					 
					
						
						
							
							Formatting fixes  
						
						... 
						
						
						
						Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com > 
						
						
					 
					
						2023-09-28 11:06:09 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						140c08e325 
					 
					
						
						
							
							Minor clarifications.  
						
						... 
						
						
						
						Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com > 
						
						
					 
					
						2023-09-28 11:02:37 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						89ae266e5a 
					 
					
						
						
							
							Update docs/driver-only-builds.md  
						
						... 
						
						
						
						Latest changes:
- logic about the relationship between curves, key types and algs (8075)
- building without bignum is no longer "coming soon", it's there :)
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com > 
						
						
					 
					
						2023-09-28 08:53:05 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						dfa42b34ab 
					 
					
						
						
							
							Improve documentation about driver-only p256-m.  
						
						... 
						
						
						
						Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com > 
						
						
					 
					
						2023-09-28 08:53:05 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						789000b2be 
					 
					
						
						
							
							Update list of p256-m entry points  
						
						... 
						
						
						
						There was a bit of a race condition between #8041  which introduced the
new entry points, and #8203  which documented the list of entry points.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com > 
						
						
					 
					
						2023-09-28 08:51:51 +02:00 
						 
				 
			
				
					
						
							
							
								Dave Rodgman 
							
						 
					 
					
						
						
							
						
						0fc86b2ddf 
					 
					
						
						
							
							Merge pull request  #8075  from valeriosetti/issue8016  
						
						... 
						
						
						
						driver-only ECC: curve acceleration macros 
						
						
					 
					
						2023-09-27 14:39:02 +00:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						f7dc6cfef1 
					 
					
						
						
							
							Document limitation on "mixed" builds  
						
						... 
						
						
						
						Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com > 
						
						
					 
					
						2023-09-27 10:34:52 +02:00 
						 
				 
			
				
					
						
							
							
								Xiaokang Qian 
							
						 
					 
					
						
						
							
						
						db3035b8bc 
					 
					
						
						
							
							Fix a typo in psa-crypto-implementation-structure.md  
						
						... 
						
						
						
						Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com > 
						
						
					 
					
						2023-09-26 09:09:20 +00:00 
						 
				 
			
				
					
						
							
							
								Xiaokang Qian 
							
						 
					 
					
						
						
							
						
						76e55a20dd 
					 
					
						
						
							
							Change the documenti about psa_crypto_driver_wrappers.c{h}  
						
						... 
						
						
						
						Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com > 
						
						
					 
					
						2023-09-26 09:09:20 +00:00 
						 
				 
			
				
					
						
							
							
								Xiaokang Qian 
							
						 
					 
					
						
						
							
						
						1198e43644 
					 
					
						
						
							
							Change the description of auto-generated driver dispatch files  
						
						... 
						
						
						
						Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com > 
						
						
					 
					
						2023-09-26 09:09:20 +00:00 
						 
				 
			
				
					
						
							
							
								Xiaokang Qian 
							
						 
					 
					
						
						
							
						
						845693c513 
					 
					
						
						
							
							Change comments to psa_crypto_driver_wrappers.h  
						
						... 
						
						
						
						Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com > 
						
						
					 
					
						2023-09-26 09:09:20 +00:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						030f11b0b1 
					 
					
						
						
							
							Type fixes and wording improvements  
						
						... 
						
						
						
						Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com > 
						
						
					 
					
						2023-09-24 09:48:47 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						1f61b7b8ea 
					 
					
						
						
							
							Document driver-only hashes  
						
						... 
						
						
						
						Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com > 
						
						
					 
					
						2023-09-24 09:48:46 +02:00 
						 
				 
			
				
					
						
							
							
								Gilles Peskine 
							
						 
					 
					
						
						
							
						
						efaee9a299 
					 
					
						
						
							
							Give a production-sounding name to the p256m option  
						
						... 
						
						
						
						Now that p256-m is officially a production feature and not just an example,
give it a more suitable name.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com > 
						
						
					 
					
						2023-09-20 20:49:47 +02:00 
						 
				 
			
				
					
						
							
							
								Gilles Peskine 
							
						 
					 
					
						
						
							
						
						452beb9076 
					 
					
						
						
							
							Merge pull request  #8203  from gilles-peskine-arm/p256-m-production  
						
						... 
						
						
						
						Declare p256-m as ready for production 
						
						
					 
					
						2023-09-20 09:36:05 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Elliott 
							
						 
					 
					
						
						
							
						
						3d0bffb257 
					 
					
						
						
							
							Improve statement in driver-only-builds.md  
						
						... 
						
						
						
						Signed-off-by: Paul Elliott <paul.elliott@arm.com > 
						
						
					 
					
						2023-09-13 15:15:37 +01:00 
						 
				 
			
				
					
						
							
							
								Gilles Peskine 
							
						 
					 
					
						
						
							
						
						6f784dff49 
					 
					
						
						
							
							Reflect the fact p256-m has been integrated into Mbed TLS  
						
						... 
						
						
						
						Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com > 
						
						
					 
					
						2023-09-13 15:32:30 +02:00 
						 
				 
			
				
					
						
							
							
								Valerio Setti 
							
						 
					 
					
						
						
							
						
						7373a6644d 
					 
					
						
						
							
							driver-only-builds.md: fix text  
						
						... 
						
						
						
						Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no > 
						
						
					 
					
						2023-09-04 16:16:11 +02:00 
						 
				 
			
				
					
						
							
							
								Janos Follath 
							
						 
					 
					
						
						
							
						
						b4527fbd82 
					 
					
						
						
							
							Add clarifications to the threading requirements  
						
						... 
						
						
						
						Signed-off-by: Janos Follath <janos.follath@arm.com > 
						
						
					 
					
						2023-08-31 14:01:24 +01:00 
						 
				 
			
				
					
						
							
							
								Janos Follath 
							
						 
					 
					
						
						
							
						
						b6954730f0 
					 
					
						
						
							
							Fix typo  
						
						... 
						
						
						
						Co-authored-by: Ronald Cron <ronald.cron@arm.com >
Signed-off-by: Janos Follath <janos.follath@arm.com > 
						
						
					 
					
						2023-08-31 13:54:21 +01:00 
						 
				 
			
				
					
						
							
							
								Janos Follath 
							
						 
					 
					
						
						
							
						
						35633dd977 
					 
					
						
						
							
							Add threading non-requirement  
						
						... 
						
						
						
						State explicitly the non-requirement that it's ok for psa_destroy_key to
block waiting for a driver.
Signed-off-by: Janos Follath <janos.follath@arm.com > 
						
						
					 
					
						2023-08-31 08:31:19 +01:00 
						 
				 
			
				
					
						
							
							
								Janos Follath 
							
						 
					 
					
						
						
							
						
						15d9ec29be 
					 
					
						
						
							
							Improve thread safety presentation  
						
						... 
						
						
						
						- Use unique section titles so that there are unique anchors
- Make list style consistent between similar sections
Signed-off-by: Janos Follath <janos.follath@arm.com > 
						
						
					 
					
						2023-08-31 08:22:21 +01:00 
						 
				 
			
				
					
						
							
							
								Janos Follath 
							
						 
					 
					
						
						
							
						
						0385c2815c 
					 
					
						
						
							
							Tighten thread safety requirements  
						
						... 
						
						
						
						We shouldn't violate the requirement that the key identifier can be
reused. In practice, a key manager may destroy a key that's in use by
another process, and the privileged world containing the key manager and
the crypto service should not be perturbed by an unprivileged process.
With respect to blocking, again, a key manager should not be blocked
indefinitely by an unprivileged application.
These are desirable properties even in the short term.
Signed-off-by: Janos Follath <janos.follath@arm.com > 
						
						
					 
					
						2023-08-30 16:44:04 +01:00 
						 
				 
			
				
					
						
							
							
								Janos Follath 
							
						 
					 
					
						
						
							
						
						7ec993d804 
					 
					
						
						
							
							Refine thread safety requirements  
						
						... 
						
						
						
						Split and refine short term requirements for key deletion.
Signed-off-by: Janos Follath <janos.follath@arm.com > 
						
						
					 
					
						2023-08-23 16:04:48 +01:00