Type Alias esp_idf_sys::psa_key_location_t
source ยท pub type psa_key_location_t = u32;
Expand description
Encoding of key location indicators.
If an integration of Mbed TLS can make calls to external cryptoprocessors such as secure elements, the location of a key indicates which secure element performs the operations on the key. Depending on the design of the secure element, the key material may be stored either in the secure element, or in wrapped (encrypted) form alongside the key metadata in the primary local storage.
The PSA Cryptography API specification defines the following values of location indicators:
- \c 0: primary local storage. This location is always available. The primary local storage is typically the same storage area that contains the key metadata.
- \c 1: primary secure element. Integrations of Mbed TLS should support this value if there is a secure element attached to the operating environment. As a guideline, secure elements may provide higher resistance against side channel and physical attacks than the primary local storage, but may have restrictions on supported key types, sizes, policies and operations and may have different performance characteristics.
- \c 2-0x7fffff: other locations defined by a PSA specification. The PSA Cryptography API does not currently assign any meaning to these locations, but future versions of that specification or other PSA specifications may do so.
- \c 0x800000-0xffffff: vendor-defined locations. No PSA specification will assign a meaning to locations in this range.
\note Key location indicators are 24-bit values. Key management interfaces operate on lifetimes (type ::psa_key_lifetime_t) which encode the location as the upper 24 bits of a 32-bit value.
\note Values of this type are encoded in the persistent key store. Any changes to existing values will require bumping the storage format version and providing a translation when reading the old format.