Mbed-TLS/mbedtls-framework
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls-framework.git synced 2026-06-06 05:25:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

Revise readme to clearly state that this is only a test tool

Browse Source 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine
2023-10-05 15:37:23 +02:00
parent 001c09ded9
commit 8ef1e0b2a5
1 changed files with 22 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files
psasim/README.md
+22 -22
View File
@@ -1,11 +1,18 @@
# psasim
This is a library that simulates a PSA Firmware Framework compliant implementation.
This tool simulates a PSA Firmware Framework implementation.
It allows you to develop secure partitions and their clients on a desktop computer.
It should be able to run on all systems that support POSIX and System V IPC:
e.g. macOS, Linux, FreeBSD, and perhaps Windows 10 WSL2.
e.g. macOS, Linux, FreeBSD, and perhaps Windows 10 WSL2.
To build and run the test program make sure you have `make`, `python` and a
Please note that the code in this directory is maintained by the Mbed TLS / PSA Crypto project solely for the purpose of testing the use of Mbed TLS with client/service separation. We do not recommend using this code for any other purpose. In particular:
* This simulator is not intended to pass or demonstrate compliance.
* This code is only intended for simulation and does not have any security goals. It does not isolate services from clients.
## Building
To build and run the test program make sure you have `make`, `python` and a
C compiler installed and then enter the following commands:
```sh
@@ -15,33 +22,26 @@ make run
On Linux you may need to run `ldconfig` to ensure the library is properly installed.
An example pair of programs is included in the **test** directory.
An example pair of programs is included in the `test` directory.
The implemented API is compliant with PSA-FF 1.0.0 with the exception of
a couple of things that are a work in progress:
## Features
The implemented API is intended to be compliant with PSA-FF 1.0.0 with the exception of a couple of things that are a work in progress:
* `psa_notify` support
* "strict" policy in manifest
The only supported "interrupts" are POSIX signals, which act
as a "virtual interrupt" :-)
as a "virtual interrupt".
The standard PSA RoT APIs are not included (e.g. cryptography, attestation, lifecycle etc).
The standard PSA RoT APIs are not included (e.g. cryptography, attestation, lifecycle etc).
## Design
The code is designed to be readable rather than fast.
In this implementation only one message is delivered to a
The code is designed to be readable rather than fast or secure.
In this implementation only one message is delivered to a
RoT service at a time.
Things that need to be done to improve this implementation:
* run against the official test suite
* make thread safe
* make code more readable
* improve quality of code
* man pages
* use sockets for message passing (WSL doesn't support System V message queues)
* general robustness and hardening
The code is not thread-safe.
To debug the simulator enable the debug flag:
@@ -55,6 +55,6 @@ Because this is a simulator there are a few things that
can't be reasonably emulated:
* Manifest MMIO regions are unsupported
* Manifest priority field is ignored
* Partition IDs are in fact POSIX `pid_t`, which are only assigned at runtime,
making it infeasible to populate pid.h with correct values.
* Manifest priority field is ignored
* Partition IDs are in fact POSIX `pid_t`, which are only assigned at runtime,
making it infeasible to populate pid.h with correct values.