sys/psa_crypto: Update documentation

RIOT-OS · Oct 19, 2023 · 8ef66db · 8ef66db
1 parent ae895cc
commit 8ef66db
Showing 1 changed file with 15 additions and 9 deletions.
diff --git a/sys/psa_crypto/doc.txt b/sys/psa_crypto/doc.txt
@@ -315,13 +315,14 @@
  *
  * ### Secure Elements
  * Base:
- *
  * - psa_secure_element
  * - psa_secure_element_multiple
  *
  * #### SE Types
  * - psa_secure_element_ateccx08a
+ * - psa_secure_element_ateccx08a_cipher_aes_128
  * - psa_secure_element_ateccx08a_ecc_p256
+ * - psa_secure_element_ateccx08a_hmac_sha256
  *
  * Random Number Generation {#rng}
  * ===
@@ -371,7 +372,7 @@
  * @code
  * CONFIG_PSA_SECURE_ELEMENT=y
  * CONFIG_PSA_SECURE_ELEMENT_ATECCX08A=y        // device example
- * CONFIG_PSA_SECURE_ELEMENT_ATECCX08A_ECC=y
+ * CONFIG_PSA_SECURE_ELEMENT_ATECCX08A_ECC_P256=y
  * @endcode
  *
  * or added to the the Makefile:
@@ -438,10 +439,10 @@
  * In RIOT, module names are generated from path names, so if you create a directory for
  * your sourcefiles, the module name will be the same as the directory name. It is possible
  * to change that by declaring a new module name in the Makefile by adding the line
- * your_module_name`.
+ * `MODULE := your_module_name`.
  *
  * If you leave it like this, all sourcefiles in the path corresponding to the module name will be
- * built (e.g. if you choose to module `hashes`, all files in `sys/hashes` will be included).
+ * built (e.g. if you choose the module `hashes`, all files in `sys/hashes` will be included).
  * For better configurability it is possible to add submodules (see
  * `sys/hashes/psa_riot_hashes` for example).
  * In that case the base module name will be the directory name and each file inside the directory
@@ -959,11 +960,14 @@
  * key, which requires a lot less memory space.
  *
  * **BUT:** If your secure element supports asymmetric cryptography and exports a public key part
- * during key generation, that key part must be stored somewhere. This is why there needs to be
- * an option to tell PSA Crypto that an application is going to perform asymmetric operations.
- * Only if that option is selected, the protected key slots will have the space to store a public
+ * during key generation, that key part must be stored somewhere. So when you choose an
+ * asymmetric operation, the protected key slots will have the space to store a public
  * key.
  *
+ * #### Dependencies
+ * Secure Element operations also depend on the PSA modules. E.g. when you want to use an ECC
+ * operation, you need to make sure that you also build the asymmetric PSA functions.
+ *
  * For this we need to add the following to the `superSE` menu:
  * @code
  * config MODULE_PSA_SECURE_ELEMENT_SUPERSE_ECC_P256
@@ -996,7 +1000,9 @@
  * ifneq (,$(filter psa_secure_element_superse_ecc_p256, $(USEMODULE)))
  *   USEMODULE += psa_asymmetric
  * endif
- *
- * Now the secure element should be available for use with PSA Crypto.
  * @endcode
+ * This needs to be done for all other supported operations (e.g. ATECCX08 operations in
+ * `pkg/cryptoauthlib/Makefile.include`, `pkg/cryptoauthlib/Makefile.dep` and
+ * `sys/psa_crypto/psa_se_mgmt/Kconfig` Now the secure element should be available for use
+ * with PSA Crypto.
  */