3.8. Feature File - fsl_sss_ftr.h
¶
The Plug & Trust Middleware uses a feature file to select/detect used/enabled features Within the middleware stack. When using CMake this file is automatically generated into the generated and used build directory. when not using CMake (e.g. using demo/example from the MCUExpresso KSDK package, this file is kept at the root of the source folder.
3.8.1. When Using CMake¶
Please be careful that when you’re using C Make this file is overwritten every time CMake is invoked or it re-generates the make files.
You do not have to hand modify fsl_sss_ftr.h
feature file. Selections
from CMake edit cache would automatically make relevant updates into the
generated feature file.
This file is auto generated from simw-top\sss\inc\fsl_sss_ftr.h.in
3.8.2. When Using MCUXpresso IDE¶
As mentioned in above sections this file is kept in the root folder of the imported project. The file is filled with checks and balances so that at compile time some of the invalid selections are handled up front
3.8.3. fsl_sss_ftr_default.h
¶
There is also provision to use a default fall-back file in case this feature file is not generated.
In the relevant parts the Middleware uses the following snippet to select the main or fall-back feature file:
#if defined(SSS_USE_FTR_FILE)
#include "fsl_sss_ftr.h"
#else
#include "fsl_sss_ftr_default.h"
#endif
It must be obvious that if the macro SSS_USE_FTR_FILE
is not defined by
the build system, default feature file gets used. In the reference demos
and use cases from the Middleware, SSS_USE_FTR_FILE
is always defined
and only fsl_sss_ftr.h
is used.
3.8.4. Using feature file to reduce code size¶
By setting below items to 0
, either in CMake or the fsl_sss_ftr.h
relevant
sections of the code is removed from compilation and thereby reducing the code
consumption.
3.8.4.1. SSSFTR_SW_TESTCOUNTERPART
¶
For some of the demos we use cryptography both from the secure element and the host. For example, this makes an easy check for comparison where use comparison where we ask the host crypto to encrypt something and the secure element to do the counterpart (in this case encrypt) decrypt. Similarly for sign, verify.
Setting this to Zero, removes the implementation of counterpart.
3.8.4.2. SSSFTR_SW_ECC
¶
When we set this to 1, this feature exposes the asymmetric cryptography from
the host for ECC. When using ECKey Authentication (See
Auth Objects : ECKey) this feature needs to be enabled. Please note that
SSSFTR_SW_AES
also needs to be enabled for ECKey Authentication
3.8.4.3. SSSFTR_SW_RSA
¶
When we set this to 0
, RSA related implementation from the host SW is removed.
3.8.4.4. Symmetric cryptography on Host¶
If for some reason there is no cryptography used at all on the host side then
these macros can also be set to 0
to remove relevant code from the host.
SSSFTR_SW_AES
SSSFTR_SW_KEY_GET
SSSFTR_SW_KEY_SET
3.8.4.5. SSSFTR_SE05X_AuthECKey
¶
When set to 0
the authentication using (See Auth Objects : ECKey) mode is
disabled from the Host.
3.8.4.6. SSSFTR_SE05X_AuthSession
¶
When set to 0
then only Platform SCP or default session can be used to talk to
the secure element.
3.8.4.7. SSSFTR_SE05X_AES
¶
When set to 0
then the symmetric cryptography related APIs from the Secure
Element is removed from compilation.
3.8.4.8. SSSFTR_SE05X_CREATE_DELETE_CRYPTOOBJ
¶
When we set this to zero the host never creates new crypto objects or neither delete them. under such situation crypto objects should already be created once in the lifetime of the secure element explicitly.
3.8.4.9. SSSFTR_SE05X_ECC
¶
Feature related to various elliptic curves is removed when we set this to 0
.
3.8.4.10. SSSFTR_SE05X_KEY_GET
¶
When there is no use case to fetch a key from the secure element to the host
via the SSS APIs, this can be set to 0
.
3.8.4.11. SSSFTR_SE05X_KEY_SET
¶
When there is no use case to inject a key into the secure element from the
host this can be set to 0
. note that the keys can still be provisioned
remotely for authenticated sessions this just removes the code from the host
middleware.
3.8.4.12. SSSFTR_SE05X_RSA
¶
Removes the code related to RSA features of the secure element from the
middleware when we set this to 0
.