Key Management#
PSA Crypto key management on Silicon Labs devices.
Built-in Keys#
The PSA Crypto API provides a mechanism for accessing keys that are stored in the hardware. Available built-in key IDs vary for different family of devices. For devices vith a Virtual Secure Engine see Built-in keys on devices with a VSE , and for devices with a Hardware Secure Engine see Built-in keys on devices with a HSE .
Refer to AN1311 for more information on the usage of builtin keys through PSA Crypto.
Modules#
Built-in keys on devices with a HSE
Built-in keys on devices with a VSE
Functions#
Set the location attribute of a key in PSA Crypto according to a given persistence level, and a preferred location.
Get the 'most secure' location attribute of a key usable in this implementation of PSA Crypto.
Macros#
Location value for keys to be stored encrypted with the device-unique secret.
Location value for usage of built-in keys.
Location value for keys to be stored encrypted with the device-unique secret, or for accessing the built-in keys on Vault-High devices.
Location value for built-in keys on VSE archtectures Users should use SL_PSA_KEY_LOCATION_BUILTIN instead.
Function Documentation#
sl_psa_set_key_lifetime_with_location_preference#
void sl_psa_set_key_lifetime_with_location_preference (psa_key_attributes_t * attributes, psa_key_persistence_t persistence, psa_key_location_t preferred_location)
Set the location attribute of a key in PSA Crypto according to a given persistence level, and a preferred location.
| [out] | attributes | The attribute structure to write to. |
| [in] | persistence | The persistence level of the key. If this is #PSA_KEY_PERSISTENCE_VOLATILE, the key will be volatile, and the key identifier attribute is reset to 0. |
| [in] | preferred_location | The location of the key. Can be SL_PSA_KEY_LOCATION_WRAPPED, SL_PSA_KEY_LOCATION_BUILTIN, or PSA_KEY_LOCATION_LOCAL_STORAGE. |
If the preferred location is not available, perhaps because the device does not support this location, the primary local storage (PSA_KEY_LOCATION_LOCAL_STORAGE) will be used.
70 of file platform/security/sl_component/sl_mbedtls_support/inc/sl_psa_crypto.hsl_psa_get_most_secure_key_location#
psa_key_location_t sl_psa_get_most_secure_key_location (void )
Get the 'most secure' location attribute of a key usable in this implementation of PSA Crypto.
| N/A |
Returns
The 'most secure' usable location of a key. In order of preference, the following values can be returned: SL_PSA_KEY_LOCATION_WRAPPED, or PSA_KEY_LOCATION_LOCAL_STORAGE.
85 of file platform/security/sl_component/sl_mbedtls_support/inc/sl_psa_crypto.hMacro Definition Documentation#
SL_PSA_KEY_LOCATION_WRAPPED#
#define SL_PSA_KEY_LOCATION_WRAPPEDValue:
((psa_key_location_t)0x000001UL)
Location value for keys to be stored encrypted with the device-unique secret.
Wrapped key locations are vailable on Secure Vault High devices.
70 of file platform/security/sl_component/sl_mbedtls_support/inc/sl_psa_values.hSL_PSA_KEY_LOCATION_BUILTIN#
#define SL_PSA_KEY_LOCATION_BUILTINValue:
((psa_key_location_t)0x000001UL)
Location value for usage of built-in keys.
Built-in key locations are available on Secure Vault Mid (and higher) devices with PUF-key support.
76 of file platform/security/sl_component/sl_mbedtls_support/inc/sl_psa_values.hPSA_KEY_LOCATION_SL_SE_OPAQUE#
#define PSA_KEY_LOCATION_SL_SE_OPAQUEValue:
(SL_PSA_KEY_LOCATION_WRAPPED)
Location value for keys to be stored encrypted with the device-unique secret, or for accessing the built-in keys on Vault-High devices.
Users should use SL_PSA_KEY_LOCATION_WRAPPED or SL_PSA_KEY_LOCATION_BUILTIN instead.
89 of file platform/security/sl_component/sl_mbedtls_support/inc/sl_psa_values.hPSA_KEY_LOCATION_SL_CRYPTOACC_OPAQUE#
#define PSA_KEY_LOCATION_SL_CRYPTOACC_OPAQUEValue:
(SL_PSA_KEY_LOCATION_BUILTIN)
Location value for built-in keys on VSE archtectures Users should use SL_PSA_KEY_LOCATION_BUILTIN instead.
154 of file platform/security/sl_component/sl_mbedtls_support/inc/sl_psa_values.h