Secure Key Storage Implementations#
Users can use Secure Engine Manager (SE Manager) or PSA Crypto in the following figure to access the secure key storage on HSE-SVH devices. SE Manager APIs for secure key storage and crypto are usually not considered external APIs. PSA Crypto API abstracts the entropy sources, crypto primitives, and even advanced security features like secure key storage from the calling functions.
Silicon Labs recommends using PSA Crypto API for secure key storage and cryptography whenever possible. It makes the solution more portable and hardware agnostic. In some cases, however, setting up tamper and initializing the secure boot can only be implemented by the SE Manager APIs.
| Component | Functionality |
|---|---|
EMLIB (em_se.c) | Abstracts the mailbox interface: how to construct, send and receive low-level HSE mailbox commands. |
SE Manager | On top of EMLIB, it abstracts the HSE command set: translates function calls into mailbox messages. The SE Manager also provides thread synchronization. |
PSA Accelerator Drivers | A translation layer to map the PSA Crypto HSE interface and crypto acceleration calls to SE Manager calls. |
PSA Crypto API | Platform independent cryptographic hardware acceleration support by implementing standardized APIs. |
PSA ITS Driver | The key management functionality in PSA Crypto needs access to non-volatile memory for persistent storage of plaintext or wrapped keys. NVM3 gets wrapped by this translation layer, mapping the PSA ITS (Internal Trusted Storage) interface to NVM3 calls. |
For the SE's mailbox interface, see section Secure Engine Subsystem in Series 2 Secure Debug.
For more information about NVM3, see https://docs.silabs.com/gecko-platform/latest/driver/api/group-nvm3.
For more information about PSA Crypto, see AN1311: Integrating Crypto Functionality Using PSA Crypto Compared to Mbed TLS.
SE Manager API#
The following table lists the SE Manager APIs related to Secure Key Storage operations. The SE Manager API document can be found at https://docs.silabs.com/gecko-platform/latest/service/api/group-sl-se-manager.
| SE Manager API | Usage |
|---|---|
sl_se_generate_key | Generate a new key and store it either in a volatile HSE storage slot or as a wrapped key. |
sl_se_import_key | Import a plaintext key and store it either in a volatile HSE storage slot or as a wrapped key. |
sl_se_export_key | Export a volatile or wrapped key back to plaintext if allowed. It will fail for a key that has been flagged as SL_SE_KEY_FLAG_NON_EXPORTABLE. |
sl_se_transfer_key | Transfer a volatile or wrapped key to another storage option (volatile HSE storage slot or a wrapped key) if allowed. |
sl_se_delete_key | Delete a key from a volatile HSE storage slot. |
PSA Crypto API#
The following table lists the PSA Crypto APIs related to Secure Key Storage operations. The PSA Crypto API document can be found at https://docs.silabs.com/mbed-tls/latest/.
For more information about PSA Crypto APIs on Secure Key Storage, see AN1311: Integrating Crypto Functionality Using PSA Crypto Compared to Mbed TLS.
| PSA Crypto API | Usage |
|---|---|
psa_generate_key | Generate a new plaintext or wrapped key and store it either in volatile or non-volatile memory. |
psa_import_key | Import a plaintext key and save it in plaintext or wrapped form. It can store either in volatile or non-volatile memory. |
psa_export_key | Export a key back to plaintext if allowed. The policy on the key must have the usage flag |
psa_copy_key | Copy key material from one location to another, which may have a different lifetime (e.g., volatile to non-volatile). |
psa_destroy_key | Destroy a key from both volatile memory and, if applicable, non-volatile storage. |
SE Manager API Versus PSA Crypto API#
The following table compares the SE Manager APIs with PSA Crypto APIs on Secure Key Storage.
| Item | SE Manager API | PSA Crypto API |
|---|---|---|
Availability | Only on HSE devices | Platform independent |
API | Silicon Labs proprietary | Standardized by ARM® |
Key Storage | Volatile (RAM) memory only | Volatile (RAM) or non-volatile (flash) memory |
Wrapped Key Cache | Can use a volatile HSE storage slot | Not yet implemented |
Password Protection | Can define in a key descriptor | Not yet defined in PSA Crypto |
Custom ECC Curve | Can define in a key descriptor | Not yet defined in PSA Crypto |
PSA Crypto Key Types with TrustZone Secure Key Storage#
The following tables describes the storage differences between key storage with and without TrustZone on SVM and SVH devices.
Table: TrustZone Secure Key Storage (SKS) on SVM Devices
| Key Type | Storage without TrustZone SKS | Storage with TrustZone SKS |
|---|---|---|
Volatile Plaintext | RAM | Secure RAM (2) |
Persistent Plaintext | NVM | Encrypted in NS NVM (2) |
Volatile Wrapped | Not supported | Not supported |
Persistent Wrapped | Not supported | Not supported |
Table: TrustZone Secure Key Storage (SKS) on SVH Devices
| Key Type | Storage without TrustZone SKS | Storage with TrustZone SKS |
|---|---|---|
Volatile Plaintext | Plaintext key in RAM | Plaintext key in Secure RAM |
Persistent Plaintext | Plaintext key in NVM | Encrypted plaintext key in NS NVM |
Volatile Wrapped | Wrapped key in RAM (1) | Wrapped key in Secure RAM |
Persistent Wrapped | Wrapped key in NVM (1) | Encrypted wrapped key in NS NVM |
Notes:
The NVM or NS NVM is at the last part of the main flash.
It is possible to replace the wrapped key solution on the SVH device (1) with TrustZone Secure Key Storage on the SVM device (2), but this is a less secure approach.