NCS v2.3.0
NRF5340DK nrf5340 cpuapp
I'm trying to understand how I would configure and use the PSA functions to store a key in the KMU and then perform an encryption operation using the key directly from the kmu without loading into memory.
I saw this sample developer.nordicsemi.com/.../README.html which shows generating a random key and persisting it some place. Its unclear to me if this is actually stored in the kmu or if its stored in a secure partition. This example also does not demonstrate how to use a key that was previously created and persisted.
If I have multiple persistent keys that were previously created, how do I get the key_handle to them?
I noticed in crypto_extra.h there is an api to specify a slot number: psa_set_key_slot_number
and also an API for registering an already loaded key: mbedtls_psa_register_se_key
However I cannot figure out how to get these APIs enabled in my build.. it requires MBEDTLS_PSA_CRYPTO_SE_C which does not seem to have an existing KCONFIG flag.
Is the PSA a supported way to perform crypto operations with persistent keys? Do I need to use nrf3x and mbedtls functions directly as in this sample github.com/.../main.c ?
It would be great if the persistent key usage sample actually showed retrieving key and using it.
