psa_key_location_t

Encoding of key location indicators. If an integration of Mbed TLS can make calls to external cryptoprocessors such as secure elements, the location of a key indicates which secure element performs the operations on the key. Depending on the design of the secure element, the key material may be stored either in the secure element, or in wrapped (encrypted) form alongside the key metadata in the primary local storage. The PSA Cryptography API specification defines the following values of location indicators: - \c 0: primary local storage. This location is always available. The primary local storage is typically the same storage area that contains the key metadata. - \c 1: primary secure element. Integrations of Mbed TLS should support this value if there is a secure element attached to the operating environment. As a guideline, secure elements may provide higher resistance against side channel and physical attacks than the primary local storage, but may have restrictions on supported key types, sizes, policies and operations and may have different performance characteristics. - \c 2-0x7fffff: other locations defined by a PSA specification. The PSA Cryptography API does not currently assign any meaning to these locations, but future versions of that specification or other PSA specifications may do so. - \c 0x800000-0xffffff: vendor-defined locations. No PSA specification will assign a meaning to locations in this range.