Instead of returning storage-related error codes, return ones which
make it clear that it's not about the storage itself.
Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
Add a bullet point for this new, relatively important deviation from
the official specification.
Also, advertise the Zephyr-specific zephyr/psa/* header files as they
are related and probably need more attention from end users.
Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
Make the storage UID type 32-bit long.
This makes it more convenient to use those UIDs as storage entry IDs
when storing the entries to NVM.
The previous 64+ bits UIDs made it incovenient to use them as such.
As Zephyr defines UID ranges to be used (see
e.g. `zephyr/psa/key_ids.h`), this guarantees that all the UIDs will
fit within the 30 bits reserved for them.
The secure storage ITS implementation API is changed to take
`psa_storage_uid_t` separately so the implementation can check
that no forbidden bits are set before they are packed into
`secure_storage_its_uid_t`.
This change breaks backward compatibility because
`secure_storage_its_uid_t`, which is used both as part of the additional
data for authentication and for generating encryption keys, changes
size from 12 to 4 bytes.
For users wanting to preserve backward compatibility (for example when
upgrading an existing installation to a newer Zephyr release) or that
for some reason want to use a 64-bit `psa_storage_uid_t`, the Kconfig
option CONFIG_SECURE_STORAGE_64_BIT_UID is added. When enabled, it
makes the implementation behave the same as previously and compatibility
with existing entries is preserved. This was tested manually.
Fixeszephyrproject-rtos/zephyr#86177.
Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
Some ITS store module implementations may make use of them.
This is the case of the custom one in the
secure_storage.psa.its.secure_storage.custom.store test.
Instead of making transform.h conditionally available, move the definitions
to common.h and simply make them available whenever the ITS transform
module is enabled.
At the same time, remove unneeded/redundant includes/build asserts.
Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
Allow replacing the default naming scheme of the stored settings by
providing a custom function that fills a name buffer based on the ITS
entry UID.
Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
It becomes the new default when the secure_storage_its_partition
devicetree chosen property is defined as it is a preferred alternative.
See the help message of the
`CONFIG_SECURE_STORAGE_ITS_STORE_IMPLEMENTATION_ZMS` Kconfig option
for more information.
Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
