3.8. Feature File - fsl_sss_ftr.h

The Plug & Trust Middleware uses a feature file to select/detect used/enabled features Within the middleware stack. When using CMake this file is automatically generated into the generated and used build directory. when not using CMake (e.g. using demo/example from the MCUExpresso KSDK package, this file is kept at the root of the source folder.

3.8.1. When Using CMake

Please be careful that when you’re using C Make this file is overwritten every time CMake is invoked or it re-generates the make files.

You do not have to hand modify fsl_sss_ftr.h feature file. Selections from CMake edit cache would automatically make relevant updates into the generated feature file.

This file is auto generated from simw-top\sss\inc\fsl_sss_ftr.h.in

3.8.2. When Using MCUXpresso IDE

As mentioned in above sections this file is kept in the root folder of the imported project. The file is filled with checks and balances so that at compile time some of the invalid selections are handled up front

3.8.3. fsl_sss_ftr_default.h

There is also provision to use a default fall-back file in case this feature file is not generated.

In the relevant parts the Middleware uses the following snippet to select the main or fall-back feature file:

#if defined(SSS_USE_FTR_FILE)
#include "fsl_sss_ftr.h"
#else
#include "fsl_sss_ftr_default.h"
#endif

It must be obvious that if the macro SSS_USE_FTR_FILE is not defined by the build system, default feature file gets used. In the reference demos and use cases from the Middleware, SSS_USE_FTR_FILE is always defined and only fsl_sss_ftr.h is used.

3.8.4. Using feature file to reduce code size

By setting below items to 0, either in CMake or the fsl_sss_ftr.h relevant sections of the code is removed from compilation and thereby reducing the code consumption.

3.8.5. SSS_HAVE_APPLET_A71CH

When we set to 1 can compile with this applet support(A71CH-ECC)

3.8.6. SSS_HAVE_APPLET_SE05X_A

When we set to 1 can compile with this applet support(SE050 Type A (ECC))

3.8.7. SSS_HAVE_APPLET_SE05X_B

When we set to to 1 can compile with SE05X_B applet support(SE050 Type A (RSA))

3.8.8. SSS_HAVE_APPLET_SE05X_C

When we set to 0 cannot compile with this applet support (SE050 (Super set of A + B))

Enable at-least one of ‘PTMW_Applet’ Not more than 1

3.8.8.1. SSSFTR_SW_TESTCOUNTERPART

For some of the demos we use cryptography both from the secure element and the host. For example, this makes an easy check for comparison where use comparison where we ask the host crypto to encrypt something and the secure element to do the counterpart (in this case encrypt) decrypt. Similarly for sign, verify.

Setting this to Zero, removes the implementation of counterpart.

3.8.8.2. SSSFTR_SW_ECC

When we set to 1, this feature exposes the asymmetric cryptography from the host for ECC. When using ECKey Authentication (See Auth Objects : ECKey) this feature needs to be enabled. Please note that SSSFTR_SW_AES also needs to be enabled for ECKey Authentication

3.8.8.3. SSSFTR_SW_RSA

When we set to 0, RSA related implementation from the host SW is removed.

3.8.8.4. Symmetric cryptography on Host

If for some reason there is no cryptography used at all on the host side then these macros can also be set to 0 to remove relevant code from the host.

  • SSSFTR_SW_AES

  • SSSFTR_SW_KEY_GET

  • SSSFTR_SW_KEY_SET

3.8.8.5. SSSFTR_SE05X_AuthECKey

When set to 0 the authentication using (See Auth Objects : ECKey) mode is disabled from the Host.

3.8.8.6. SSSFTR_SE05X_AuthSession

When set to 0 then only Platform SCP or default session can be used to talk to the secure element.

3.8.8.7. SSSFTR_SE05X_AES

When set to 0 then the symmetric cryptography related APIs from the Secure Element is removed from compilation.

3.8.8.8. SSSFTR_SE05X_CREATE_DELETE_CRYPTOOBJ

When we set to zero the host never creates new crypto objects or neither delete them. under such situation crypto objects should already be created once in the lifetime of the secure element explicitly.

3.8.8.9. SSSFTR_SE05X_ECC

Feature related to various elliptic curves is removed when we set to 0.

3.8.8.10. SSSFTR_SE05X_KEY_GET

When there is no use case to fetch a key from the secure element to the host via the SSS APIs, this can be set to 0.

3.8.8.11. SSSFTR_SE05X_KEY_SET

When there is no use case to inject a key into the secure element from the host this can be set to 0. note that the keys can still be provisioned remotely for authenticated sessions this just removes the code from the host Middleware.

3.8.8.12. SSSFTR_SE05X_RSA

Removes the code related to RSA features of the secure element from the Middleware when we set to 0.

3.8.8.13. SSS_HAVE_ECC

When we set to 1, this feature exposes the ECC asymmetric cryptography. When we set to 0 the feature will Disable.

3.8.8.14. SSS_HAVE_RSA

When we set to 1, this feature exposes the RSA asymmetric cryptography. When we set to 0 the feature will Disable.

3.8.8.15. SSS_HAVE_TPM_BN

When we set to 0 TPM BARRETO_NAEHRIG Curve is Disabled. If we set to 1 the curve will be Enabled.

3.8.8.16. SSS_HAVE_EC_ED

When we set to 0 Edwards curve is Disabled. If we set to 1 curve will be Enabled.

3.8.8.17. SSS_HAVE_EC_MONT

when we set to 0 Montgomery Curve is Disabled. If we set to 1 the curve will be Enabled.

3.8.8.18. SSS_HAVE_MIFARE_DESFIRE

When we set to 0 MIFARE DESFire is Disabled. If we set to 1 MIFARE_DESFIRE will be Enabled.

3.8.8.19. SSS_HAVE_PBKDF2

When we set to 0 PBKDF2 will be Disabled. If we set to 1 PBKDF2 will be Enabled.

3.8.8.20. SSS_HAVE_TLS_HANDSHAKE

When we set to 0 TLS handshake APIs will be Disabled. If we set to 1 TLS handshake APIs will be Enabled.

3.8.8.21. SSS_HAVE_IMPORT

when we set to 0 import and export keys are Disabled. If we set 1 import export key are Enabled.