Provide incremental by-subsystem initialization for the crypto library by athoelke · Pull Request #202 · ARM-software/psa-api

athoelke · 2024-07-15T15:23:50Z

See #16 for discussion of this API, which enables partial initialization of the library. This is useful in constrained contexts, for example during early boot, when not all library functionality is required to support the application use case.

Fixes #16

gilles-peskine-arm

This design was prototyped in Mbed-TLS/mbedtls#6636 and I consider that prototype to be sufficient validation for the API design.

The specification looks good to me except for a few places where some Mbed TLS specific history remains.

doc/crypto/api/keys/attributes.rst

doc/crypto/api/library/library.rst

athoelke · 2024-11-05T09:59:21Z

Rebased and updated this PR

gilles-peskine-arm

I've reviewed up to 5360369. Ok so far. Still to be addressed:

athoelke · 2024-11-05T16:06:56Z

I've reviewed up to 5360369. Ok so far. Still to be addressed:

I think I've covered all except the need for some discussion of accelerators, secure elements, and built-in keys within the document.

I plan to deal with that in a separate PR, unless you would prefer to keep it coupled with this one?

athoelke · 2024-11-05T16:09:06Z

Ah, I realise that this one still needs a change to the PR.

gilles-peskine-arm · 2024-11-05T17:12:33Z

Ok for a separate PR. But I don't think considerations around “drivers” and “built-in keys” should leak outside the specification of subsystem initialization for now.

athoelke · 2024-11-06T10:09:30Z

Ok for a separate PR. But I don't think considerations around “drivers” and “built-in keys” should leak outside the specification of subsystem initialization for now.

I think I could reword the text for the subsystem definitions to avoid talking about 'drivers' - which suggests a specific way of a portable implementation providing support for varied hardware. I just need to review the spec for a mention of 'secure element' and 'accelerator', and add/amend if necessary.

athoelke · 2024-11-06T14:35:17Z

I've added a couple more commits.

In one I add some terms to the glossary for accelerators, secure elements and built-int keys - using these in appropriate places.
I have removed 'registering drivers' from the text in the subsystem initialization
In the other, I add a recommendation for implementation of 'all subsystem' initialization.

I think this addresses all of the outstanding comments.

athoelke · 2024-12-17T09:56:32Z

This is will not be in the next release of mbed TLS (4.0), and we prefer to only include new API when there is an implementation of the interface,

athoelke · 2026-01-28T21:03:43Z

I've rebased this for possible inclusion into v1.5

athoelke added enhancement New feature or request API design Related the design of the API Crypto API Issue or PR related to the Cryptography API labels Jul 15, 2024

athoelke added this to the Crypto API 1.3 milestone Jul 15, 2024

athoelke requested review from MarcusJGStreets and gilles-peskine-arm July 15, 2024 15:23

athoelke force-pushed the crypto-partial-init branch from 314871a to a4b7323 Compare September 4, 2024 12:47

gilles-peskine-arm requested changes Nov 4, 2024

View reviewed changes

athoelke force-pushed the crypto-partial-init branch from a4b7323 to 5360369 Compare November 5, 2024 09:59

gilles-peskine-arm reviewed Nov 5, 2024

View reviewed changes

athoelke force-pushed the crypto-partial-init branch from 74df62f to 0ad77a5 Compare December 16, 2024 14:09

athoelke marked this pull request as draft December 17, 2024 09:55

athoelke modified the milestones: Crypto API 1.3, Crypto API 1.x Dec 17, 2024

gilles-peskine-arm mentioned this pull request Jun 26, 2025

PSA Crypto API results in larger binary size compared to direct mbedTLS API - seeking guidance on optimization Mbed-TLS/mbedtls#10254

Open

MarcusJGStreets approved these changes Jan 6, 2026

View reviewed changes

athoelke force-pushed the crypto-partial-init branch from 0fa957c to 9445f62 Compare January 28, 2026 20:56

crypto: provide incremental by-subsystem initialization for the library

8bc59ab

athoelke force-pushed the crypto-partial-init branch from 9445f62 to 8bc59ab Compare February 4, 2026 16:11

athoelke requested a review from gilles-peskine-arm February 4, 2026 16:16

Conversation

athoelke commented Jul 15, 2024

Uh oh!

gilles-peskine-arm left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

athoelke commented Nov 5, 2024

Uh oh!

gilles-peskine-arm left a comment • edited by athoelke Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

athoelke commented Nov 5, 2024

Uh oh!

athoelke commented Nov 5, 2024

Uh oh!

gilles-peskine-arm commented Nov 5, 2024

Uh oh!

athoelke commented Nov 6, 2024

Uh oh!

athoelke commented Nov 6, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

athoelke commented Dec 17, 2024

Uh oh!

athoelke commented Jan 28, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

gilles-peskine-arm left a comment •

edited by athoelke

Loading

athoelke commented Nov 6, 2024 •

edited

Loading