PSA Certified
Secure Storage API 1.0

Document number:	IHI 0087
Release Quality:	Final
Issue Number:	3
Confidentiality:	Non-confidential
Date of Issue:	22/01/2024

Contents

• About this document
  • Release information
  • License
  • References
  • Terms and abbreviations
  • Potential for change
  • Conventions
  • Feedback

• 1. Introduction
  • 1.1. About Platform Security Architecture
  • 1.2. About the Secure Storage API
• 2. Architecture
  • 2.1. Use Cases and Rationale
  • 2.2. Technical Background
  • 2.3. The Protected Storage API
  • 2.4. The Internal Trusted Storage API
  • 2.5. UIDs
  • 2.6. Atomicity of Operations
  • 2.7. Components
• 3. Requirements
  • 3.1. Protected Storage requirements
  • 3.2. Internal Trusted Storage requirements
• 4. Theory of Operation
  • 4.1. Internal Trusted Storage API
  • 4.2. Memory access errors
• 5. API Reference
  • 5.1. Status codes
  • 5.2. General Definitions
    • 5.2.1. psa_storage_info_t (struct)
    • 5.2.2. psa_storage_create_flags_t (typedef)
    • 5.2.3. psa_storage_uid_t (typedef)
    • 5.2.4. PSA_STORAGE_FLAG_NONE (macro)
    • 5.2.5. PSA_STORAGE_FLAG_WRITE_ONCE (macro)
    • 5.2.6. PSA_STORAGE_FLAG_NO_CONFIDENTIALITY (macro)
    • 5.2.7. PSA_STORAGE_FLAG_NO_REPLAY_PROTECTION (macro)
    • 5.2.8. PSA_STORAGE_SUPPORT_SET_EXTENDED (macro)
  • 5.3. Internal Trusted Storage API
    • 5.3.1. PSA_ITS_API_VERSION_MAJOR (macro)
    • 5.3.2. PSA_ITS_API_VERSION_MINOR (macro)
    • 5.3.3. psa_its_set (function)
    • 5.3.4. psa_its_get (function)
    • 5.3.5. psa_its_get_info (function)
    • 5.3.6. psa_its_remove (function)
  • 5.4. Protected Storage API
    • 5.4.1. PSA_PS_API_VERSION_MAJOR (macro)
    • 5.4.2. PSA_PS_API_VERSION_MINOR (macro)
    • 5.4.3. psa_ps_set (function)
    • 5.4.4. psa_ps_get (function)
    • 5.4.5. psa_ps_get_info (function)
    • 5.4.6. psa_ps_remove (function)
    • 5.4.7. psa_ps_create (function)
    • 5.4.8. psa_ps_set_extended (function)
    • 5.4.9. psa_ps_get_support (function)

• A. Example header files
  • A.1. psa/storage_common.h
  • A.2. psa/internal_trusted_storage.h
  • A.3. psa/protected_storage.h
• B. Security Risk Assessment
  • B.1. About this assessment
    • B.1.1. Subject and scope
    • B.1.2. Risk assessment methodology
  • B.2. Feature definition
    • B.2.1. Introduction
    • B.2.2. Lifecycle
    • B.2.3. Operation and trust boundaries
    • B.2.4. Deployment models
    • B.2.5. Assumptions, constraints, and interacting entities
    • B.2.6. Stakeholders and Assets
    • B.2.7. Goals
    • B.2.8. Adversarial models
  • B.3. Threats
    • B.3.1. T.INTERFACE_ABUSE: Illegal inputs to the API
    • B.3.2. T.SPOOF_READ: Use the API to read another caller’s data
    • B.3.3. T.SPOOF_WRITE: Use the API to modify another caller’s data
    • B.3.4. T.EAVESDROPPING: Eavesdropping
    • B.3.5. T.MITM: Man In The Middle
    • B.3.6. T.DIRECT_READ: Bypassing the API to directly read data
    • B.3.7. T.DIRECT_WRITE: Bypassing the API to directly modify data
    • B.3.8. T.REPLACE: Physical replacement of the storage medium
    • B.3.9. T.GLITCH_READ: Glitching during a read
    • B.3.10. T.GLITCH_WRITE: Glitching during a write
  • B.4. Mitigation Summary
    • B.4.1. Architecture level mitigations
    • B.4.2. Implementation-level mitigations
    • B.4.3. User-level mitigations
    • B.4.4. Mitigations required by each deployment model
• C. Document history