psasim/README.md - third_party/github/Mbed-TLS/mbedtls-framework - Git at Google

 # psasim

 This tool simulates a PSA Firmware Framework implementation.
 It allows you to develop secure partitions and their clients on a desktop computer.
 It should be able to run on all systems that support POSIX and System V IPC:
 e.g. macOS, Linux, FreeBSD, and perhaps Windows 10 WSL2.

 Please note that the code in this directory is maintained by the Mbed TLS / PSA Crypto project solely for the purpose of testing the use of Mbed TLS with client/service separation. We do not recommend using this code for any other purpose. In particular:

 * This simulator is not intended to pass or demonstrate compliance.
 * This code is only intended for simulation and does not have any security goals. It does not isolate services from clients.

 ## Building

 To build and run the test program make sure you have `make`, `python` and a
 C compiler installed and then enter the following commands:

 ```sh
 make install
 make run
 ```

 On Linux you may need to run `ldconfig` to ensure the library is properly installed.

 An example pair of programs is included in the `test` directory.

 ## Features

 The implemented API is intended to be compliant with PSA-FF 1.0.0 with the exception of a couple of things that are a work in progress:

 * `psa_notify` support
 * "strict" policy in manifest

 The only supported "interrupts" are POSIX signals, which act
 as a "virtual interrupt".

 The standard PSA RoT APIs are not included (e.g. cryptography, attestation, lifecycle etc).

 ## Design

 The code is designed to be readable rather than fast or secure.
 In this implementation only one message is delivered to a
 RoT service at a time.
 The code is not thread-safe.

 To debug the simulator enable the debug flag:

 ```sh
 make DEBUG=1 install
 ```

 ## Unsupported features

 Because this is a simulator there are a few things that
 can't be reasonably emulated:

 * Manifest MMIO regions are unsupported
 * Manifest priority field is ignored
 * Partition IDs are in fact POSIX `pid_t`, which are only assigned at runtime,
   making it infeasible to populate pid.h with correct values.
	# psasim

	This tool simulates a PSA Firmware Framework implementation.
	It allows you to develop secure partitions and their clients on a desktop computer.
	It should be able to run on all systems that support POSIX and System V IPC:
	e.g. macOS, Linux, FreeBSD, and perhaps Windows 10 WSL2.

	Please note that the code in this directory is maintained by the Mbed TLS / PSA Crypto project solely for the purpose of testing the use of Mbed TLS with client/service separation. We do not recommend using this code for any other purpose. In particular:

	* This simulator is not intended to pass or demonstrate compliance.
	* This code is only intended for simulation and does not have any security goals. It does not isolate services from clients.

	## Building

	To build and run the test program make sure you have `make`, `python` and a
	C compiler installed and then enter the following commands:

	```sh
	make install
	make run
	```

	On Linux you may need to run `ldconfig` to ensure the library is properly installed.

	An example pair of programs is included in the `test` directory.

	## Features

	The implemented API is intended to be compliant with PSA-FF 1.0.0 with the exception of a couple of things that are a work in progress:

	* `psa_notify` support
	* "strict" policy in manifest

	The only supported "interrupts" are POSIX signals, which act
	as a "virtual interrupt".

	The standard PSA RoT APIs are not included (e.g. cryptography, attestation, lifecycle etc).

	## Design

	The code is designed to be readable rather than fast or secure.
	In this implementation only one message is delivered to a
	RoT service at a time.
	The code is not thread-safe.

	To debug the simulator enable the debug flag:

	```sh
	make DEBUG=1 install
	```

	## Unsupported features

	Because this is a simulator there are a few things that
	can't be reasonably emulated:

	* Manifest MMIO regions are unsupported
	* Manifest priority field is ignored
	* Partition IDs are in fact POSIX `pid_t`, which are only assigned at runtime,
	making it infeasible to populate pid.h with correct values.