PSA Certified
Secure Storage API 1.0¶
Document number: |
IHI 0087 |
Release Quality: |
Final |
Issue Number: |
4 |
Confidentiality: |
Non-confidential |
Date of Issue: |
23/09/2025 |
Abstract
This document is part of the PSA Certified API specifications. It defines interfaces to provide secure storage services.
Contents
- 1 Introduction
- 2 Architecture
- 3 Requirements
- 4 Theory of Operation
- 5 API Reference
- 5.1 Status codes
- 5.2 General Definitions
- 5.2.1
psa_storage_info_t(struct) - 5.2.2
psa_storage_create_flags_t(typedef) - 5.2.3
psa_storage_uid_t(typedef) - 5.2.4
PSA_STORAGE_FLAG_NONE(macro) - 5.2.5
PSA_STORAGE_FLAG_WRITE_ONCE(macro) - 5.2.6
PSA_STORAGE_FLAG_NO_CONFIDENTIALITY(macro) - 5.2.7
PSA_STORAGE_FLAG_NO_REPLAY_PROTECTION(macro) - 5.2.8
PSA_STORAGE_SUPPORT_SET_EXTENDED(macro)
- 5.2.1
- 5.3 Internal Trusted Storage API
- 5.4 Protected Storage API
- 5.4.1
PSA_PS_API_VERSION_MAJOR(macro) - 5.4.2
PSA_PS_API_VERSION_MINOR(macro) - 5.4.3
psa_ps_set(function) - 5.4.4
psa_ps_get(function) - 5.4.5
psa_ps_get_info(function) - 5.4.6
psa_ps_remove(function) - 5.4.7
psa_ps_create(function) - 5.4.8
psa_ps_set_extended(function) - 5.4.9
psa_ps_get_support(function)
- 5.4.1
- A Example header files
- B Security Risk Assessment
- B.1 About this assessment
- B.2 Feature definition
- B.3 Threats
- B.3.1 T.INTERFACE_ABUSE: Illegal inputs to the API
- B.3.2 T.SPOOF_READ: Use the API to read another caller’s data
- B.3.3 T.SPOOF_WRITE: Use the API to modify another caller’s data
- B.3.4 T.EAVESDROPPING: Eavesdropping
- B.3.5 T.MITM: Man In The Middle
- B.3.6 T.DIRECT_READ: Bypassing the API to directly read data
- B.3.7 T.DIRECT_WRITE: Bypassing the API to directly modify data
- B.3.8 T.REPLACE: Physical replacement of the storage medium
- B.3.9 T.GLITCH_READ: Glitching during a read
- B.3.10 T.GLITCH_WRITE: Glitching during a write
- B.4 Mitigation Summary
- C Document history