You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Consider psa_destroy_key on a key which is located in a secure element. The normal process is:
Create a transaction file.
Call the driver to destroy the key in the secure element.
Destroy the key metadata in internal storage.
Remove the transaction file.
If an error occurs, we normally do as much as we can anyway. But if creating the transaction file fails, we do nothing. This is undesirable because psa_destroy_key should make the best effort to destroy all key material.
In particular, it's currently impossible to destroy a key if the storage is full, because creating the transaction file fails.
Issue request type
[ ] Question
[x] Enhancement
[ ] Bug
The text was updated successfully, but these errors were encountered:
Adopt a simple method for tracking whether there was a failure: each
fallible operation sets overall_status, unless overall_status is
already non-successful. Thus in case of multiple failures, the
function always reports whatever failed first. This may not always be
the right thing, but it's simple.
This revealed a bug whereby if the only failure was the call to
psa_destroy_se_key(), i.e. if the driver reported a failure or if the
driver lacked support for destroying keys, psa_destroy_key() would
ignore that failure.
For a key in a secure element, if creating a transaction file fails,
don't touch storage, but close the key in memory. This may not be
right, but it's no wronger than it was before. Tracked in
ARMmbed#215
Description
Consider
psa_destroy_key
on a key which is located in a secure element. The normal process is:If an error occurs, we normally do as much as we can anyway. But if creating the transaction file fails, we do nothing. This is undesirable because
psa_destroy_key
should make the best effort to destroy all key material.In particular, it's currently impossible to destroy a key if the storage is full, because creating the transaction file fails.
Issue request type
The text was updated successfully, but these errors were encountered: