Dear TF-M developers,

I am currently adapting a basic MbedTLS / PSA Crypto example such that it would run on the NS side with TF-M doing the crypto.

At the end, this is very similar to this psa_sign_verify_message_test from the NS crypto test suite :

https://git.trustedfirmware.org/TF-M/tf-m-tests.git/tree/test/secure_fw/suites/crypto/crypto_tests_common.c#n2752

But my build config of MbedTLS has MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT enabled because I have a custom mbedtls_platform_setup / mbedtls_platform_teardown.

And I can't see any place in TF-M where mbedtls_platform_setup/mbedtls_platform_teardown are called :

? -> mbedtls_platform_setup

? -> mbedtls_platform_teardown

At first, I tried to put this code into the psa_driver_wrapper_init/psa_driver_wrapper_free but I have a similar problem :

tfm_crypto_engine_init -> psa_crypto_init -> psa_driver_wrapper_init

? -> mbedtls_psa_crypto_free -> psa_driver_wrapper_free

Is there any cmake/Kconfig option or any C macros to hook TF-M initialization/shutdown with mbedtls_platform_setup/mbedtls_platform_teardown without patching TF-M ?

If not, could mbedtls_platform_setup be called here ? https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/secure_fw/partitions/crypto/crypto_library.c#n86

or is there a nicer way of doing this ?

(btw, I am currently experimenting on qemu mps2-an521)

Thanks for any advice ! 🙂

Best regards,

Rehan MALAK
Intrinsic ID