PSA Crypto persistent key
Overview
This sample demonstrates usage of persistent keys in the PSA Crypto API.
Requirements
In addition to the PSA Crypto API, an implementation of the PSA Internal Trusted Storage (ITS) API (for storage of the persistent keys) must be present for this sample to work. It can be provided by:
Trusted Firmware-M (TF-M), for
*/nsboard targets.The secure storage subsystem, for the other board targets.
Building
This sample is located in samples/psa/persistent_key.
Different configurations are defined in the sample.yaml file.
You can use them to build the sample, depending on the PSA ITS provider, as follows:
For board targets with TF-M:
# From the root of the zephyr repository west build -b <ns_board_target> -T sample.psa.persistent_key.tfm samples/psa/persistent_key
For board targets without TF-M.
If the board target to compile for has an entropy driver (preferable):
# From the root of the zephyr repository
west build -b <board_target> -T sample.psa.persistent_key.secure_storage.entropy_driver samples/psa/persistent_key
Or, to use an insecure entropy source (only for testing):
# From the root of the zephyr repository
west build -b <board_target> -T sample.psa.persistent_key.secure_storage.entropy_not_secure samples/psa/persistent_key
To flash it, see Flashing: west flash.