<![CDATA[wolfSSL - Embedded SSL Library — Separating Crypto into the secure memory with ARM TrustZone]]> https://www.wolfssl.com/forums/topic1919-separating-crypto-into-the-secure-memory-with-arm-trustzone.html Mon, 03 Oct 2022 17:26:39 +0000 PunBB <![CDATA[Re: Separating Crypto into the secure memory with ARM TrustZone]]> https://www.wolfssl.com/forums/post6775.html#p6775 Hello Jon,

Thanks for joining the wolfSSL Forums. This is not currently supported, but we could achieve this type of separation using the crypto callbacks feature. We would like to discuss this in more detail with you. Could you please send us an email to facts@wolfssl.com ?

https://github.com/wolfSSL/wolfssl-exam … cryptocb.c

Thanks,
Eric @wolfSSL Support

]]> Mon, 03 Oct 2022 17:26:39 +0000 https://www.wolfssl.com/forums/post6775.html#p6775 <![CDATA[Separating Crypto into the secure memory with ARM TrustZone]]> https://www.wolfssl.com/forums/post6774.html#p6774 I’m working on a project that uses an ARM Cortex M33 (Armv8-M) based processor with the ARM TrustZone feature. We would like to place the crypto library in the secure world but keep the TLS implementation on the non-secure side. Ideally the crypto library would a non-secure callable service that TLS implementation uses without ever knowing any private keys. WolfSSL has been identified as the only TLS library that fits our security needs and I’m new to it.

Based on what I’ve read in the documentation, this setup isn’t feasible with wolfSSL though. My understanding is that the WOLFSSL structure keeps track of the keys and certificates and then passes them to the crypto library. Is that accurate?

If the previous paragraph is accurate, is it possible to insert a shim between wolfSSL and the crypto calls or use a custom crypto library?

Thanks for any help anyone is able to provide!

]]> Sat, 01 Oct 2022 15:20:57 +0000 https://www.wolfssl.com/forums/post6774.html#p6774