3.8. Feature File - fsl_sss_ftr.h
¶
The Plug & Trust Middleware uses a feature file to select/detect used/enabled features Within the middleware stack. When using CMake this file is automatically generated into the generated and used build directory. when not using CMake (e.g. using demo/example from the MCUExpresso KSDK package, this file is kept at the root of the source folder.
3.8.1. When Using CMake¶
Please be careful that when you’re using C Make this file is overwritten every time CMake is invoked or it re-generates the make files.
You do not have to hand modify fsl_sss_ftr.h
feature file. Selections
from CMake edit cache would automatically make relevant updates into the
generated feature file.
This file is auto generated from simw-top\sss\inc\fsl_sss_ftr.h.in
3.8.2. When Using MCUXpresso IDE¶
As mentioned in above sections this file is kept in the root folder of the imported project. The file is filled with checks and balances so that at compile time some of the invalid selections are handled up front
3.8.3. fsl_sss_ftr_default.h
¶
There is also provision to use a default fall-back file in case this feature file is not generated.
In the relevant parts the Middleware uses the following snippet to select the main or fall-back feature file:
#if defined(SSS_USE_FTR_FILE)
#include "fsl_sss_ftr.h"
#else
#include "fsl_sss_ftr_default.h"
#endif
It must be obvious that if the macro SSS_USE_FTR_FILE
is not defined by
the build system, default feature file gets used. In the reference demos
and use cases from the Middleware, SSS_USE_FTR_FILE
is always defined
and only fsl_sss_ftr.h
is used.
3.8.4. Using feature file to reduce code size¶
By setting below items to 0
, either in CMake or the fsl_sss_ftr.h
relevant
sections of the code is removed from compilation and thereby reducing the code
consumption.
3.8.5. SSS_HAVE_APPLET_A71CH¶
When we set to 1
can compile with this applet support(A71CH-ECC)
3.8.6. SSS_HAVE_APPLET_SE05X_A¶
When we set to 1
can compile with this applet support(SE050 Type A (ECC))
3.8.7. SSS_HAVE_APPLET_SE05X_B¶
When we set to to 1
can compile with SE05X_B applet support(SE050 Type A (RSA))
3.8.8. SSS_HAVE_APPLET_SE05X_C¶
When we set to 0
cannot compile with this applet support (SE050 (Super set of A + B))
Enable at-least one of ‘PTMW_Applet’ Not more than 1
3.8.8.1. SSSFTR_SW_TESTCOUNTERPART
¶
For some of the demos we use cryptography both from the secure element and the host. For example, this makes an easy check for comparison where use comparison where we ask the host crypto to encrypt something and the secure element to do the counterpart (in this case encrypt) decrypt. Similarly for sign, verify.
Setting this to Zero, removes the implementation of counterpart.
3.8.8.2. SSSFTR_SW_ECC
¶
When we set to 1, this feature exposes the asymmetric cryptography from
the host for ECC. When using ECKey Authentication (See
Auth Objects : ECKey) this feature needs to be enabled. Please note that
SSSFTR_SW_AES
also needs to be enabled for ECKey Authentication
3.8.8.3. SSSFTR_SW_RSA
¶
When we set to 0
, RSA related implementation from the host SW is removed.
3.8.8.4. Symmetric cryptography on Host¶
If for some reason there is no cryptography used at all on the host side then
these macros can also be set to 0
to remove relevant code from the host.
SSSFTR_SW_AES
SSSFTR_SW_KEY_GET
SSSFTR_SW_KEY_SET
3.8.8.5. SSSFTR_SE05X_AuthECKey
¶
When set to 0
the authentication using (See Auth Objects : ECKey) mode is
disabled from the Host.
3.8.8.6. SSSFTR_SE05X_AuthSession
¶
When set to 0
then only Platform SCP or default session can be used to talk to
the secure element.
3.8.8.7. SSSFTR_SE05X_AES
¶
When set to 0
then the symmetric cryptography related APIs from the Secure
Element is removed from compilation.
3.8.8.8. SSSFTR_SE05X_CREATE_DELETE_CRYPTOOBJ
¶
When we set to zero the host never creates new crypto objects or neither delete them. under such situation crypto objects should already be created once in the lifetime of the secure element explicitly.
3.8.8.9. SSSFTR_SE05X_ECC
¶
Feature related to various elliptic curves is removed when we set to 0
.
3.8.8.10. SSSFTR_SE05X_KEY_GET
¶
When there is no use case to fetch a key from the secure element to the host
via the SSS APIs, this can be set to 0
.
3.8.8.11. SSSFTR_SE05X_KEY_SET
¶
When there is no use case to inject a key into the secure element from the
host this can be set to 0
. note that the keys can still be provisioned
remotely for authenticated sessions this just removes the code from the host
Middleware.
3.8.8.12. SSSFTR_SE05X_RSA
¶
Removes the code related to RSA features of the secure element from the
Middleware when we set to 0
.
3.8.8.13. SSS_HAVE_ECC
¶
When we set to 1
, this feature exposes the ECC asymmetric cryptography. When we set to 0
the feature will Disable.
3.8.8.14. SSS_HAVE_RSA
¶
When we set to 1
, this feature exposes the RSA asymmetric cryptography. When we set to 0
the feature will Disable.
3.8.8.15. SSS_HAVE_TPM_BN
¶
When we set to 0
TPM BARRETO_NAEHRIG Curve is Disabled. If we set to 1
the curve will be Enabled.
3.8.8.16. SSS_HAVE_EC_ED
¶
When we set to 0
Edwards curve is Disabled. If we set to 1
curve will be Enabled.
3.8.8.17. SSS_HAVE_EC_MONT
¶
when we set to 0
Montgomery Curve is Disabled. If we set to 1
the curve will be Enabled.
3.8.8.18. SSS_HAVE_MIFARE_DESFIRE
¶
When we set to 0
MIFARE DESFire is Disabled. If we set to 1
MIFARE_DESFIRE will be Enabled.
3.8.8.19. SSS_HAVE_PBKDF2
¶
When we set to 0
PBKDF2 will be Disabled. If we set to 1
PBKDF2 will be Enabled.
3.8.8.20. SSS_HAVE_TLS_HANDSHAKE
¶
When we set to 0
TLS handshake APIs will be Disabled. If we set to 1
TLS handshake APIs will be Enabled.
3.8.8.21. SSS_HAVE_IMPORT
¶
when we set to 0
import and export keys are Disabled. If we set 1
import export key are Enabled.
3.8.8.22. SSS_PFSCP_ENABLE
¶
See Section 3.9.1.1 Configuring for OEF specific Platform SCP keys