1 /* 2 * Copyright (c) 2021, Arm Limited. All rights reserved. 3 * 4 * SPDX-License-Identifier: BSD-3-Clause 5 * 6 */ 7 8 #ifndef STORAGE_FACTORY_H 9 #define STORAGE_FACTORY_H 10 11 #include <service/secure_storage/backend/storage_backend.h> 12 13 #ifdef __cplusplus 14 extern "C" { 15 #endif 16 17 /** 18 * Defines a common interface for creating storage backends to 19 * decouple a client from the environment and platform specifics 20 * of any particular storage backend. Allows new storage backends 21 * to be added without impacting client implementations. The 22 * factory method uses PSA storage classifications to allow a 23 * client to specify the security characteristics of the backend. 24 * How those security characteristics are realized will depend 25 * on the secure processing environment and platform. 26 * 27 * A concrete storage factory may exploit any of the following 28 * to influence how the storage backend is constructed: 29 * - Environment and platform specific factory component used in deployment 30 * - Runtime configuration e.g. from Device Tree 31 * - Client specified parameters 32 */ 33 34 /** 35 * \brief Security characteristics of created backend 36 * 37 * Allows a client to request the security characteristics of 38 * a constructed backend, using PSA storage classification. How 39 * well a platform meets the requested security characteristics 40 * will depend on available hardware features. 41 */ 42 enum storage_factory_security_class { 43 44 /** 45 * On-die or in-package persistent storage 46 * that is exclusively accessible from secure world. 47 */ 48 storage_factory_security_class_INTERNAL_TRUSTED, 49 50 /** 51 * External persistent storage with security measures 52 * such as encryption, integrity protection and replay 53 * protection, based on device root-of-trust trust anchors. 54 */ 55 storage_factory_security_class_PROTECTED 56 }; 57 58 /** 59 * \brief Factory method to create an initialised storage backend 60 * 61 * Should use the correseponding destroy method when the storage backend 62 * is no longer needed. 63 * 64 * \param[in] security_class The requested security class 65 * 66 * \return A pointer to the initialised storage_backend or NULL on failure 67 */ 68 struct storage_backend *storage_factory_create( 69 enum storage_factory_security_class security_class); 70 71 /** 72 * \brief Destroys a created backend 73 * 74 * Allows a concrete factory to adopt its own allocation scheme for 75 * objects used to implement the created backend. 76 * 77 * \param[in] backend Storage backend to destroy 78 */ 79 void storage_factory_destroy(struct storage_backend *backend); 80 81 #ifdef __cplusplus 82 } 83 #endif 84 85 #endif /* STORAGE_FACTORY_H */ 86