Implement transaction recovery for SE key creation/destruction

[gilles-peskine-arm]

Description

If a power failure (or more generally a reset of the cryptography subsystem) happens during the creation or destruction of a key, on the next start, a transaction file may be present in storage. Recovering the interrupted transaction (in psa_crypto_recover_transaction) is currently not implemented, which prevents psa_crypto_init from succeeding.

Issue request type

[ ] Question
[ ] Enhancement
[x] Bug

[ciarmcom]

Internal Jira reference: https://jira.arm.com/browse/IOTCRYPT-862

[gilles-peskine-arm]

This only concerns keys in a secure element that has its own key storage, not transparent keys or keys in a secure element whose keys are stored in wrapped form in the internal storage.

This issue only tracks dynamically registered secure element drivers enabled with MBEDTLS_PSA_CRYPTO_SE_C, which are deprecated. We are not going to implement transaction recovery for dynamic secure element drivers.

See Mbed-TLS/mbedtls#7646 and follow-up issues for the same problem with the new kind of secure element driver (“unified driver model”).

[gilles-peskine-arm]

Now tracked (for new-style drivers) at Mbed-TLS/mbedtls#8431