Hi,
I am currently working with Trusted Firmware-M (TF-M) on an nRF device and trying to understand the design difference between Internal Trusted Storage (ITS) and Protected Storage (PS) services.
From my understanding:
ITS and PS are both secure storage services.
The main difference is that ITS is used internally by secure services, while PS can be accessed by non-secure applications through PSA APIs.
PS data is encrypted and authenticated by default,and for ITS optional.
However, I’ve noticed that ITS cannot store large data objects, while PS can handle larger data sizes.
- I would like to understand why this design limitation exists.What is the architectural or design reason that limits ITS from storing large data objects?
Apart from the fact that Protected Storage (PS) is callable from the Non-Secure region and Internal Trusted Storage (ITS) is callable only from the Secure region, is there any other difference between them in terms of working mechanism, internal modules used, or hardware linkage?
From my observation, both seem to operate using the same underlying backend modules (such as flash storage and crypto services), so I would like to understand whether there are any functional or architectural differences beyond just the calling domain.
- Is the limitation due to flash allocation, static buffer size, or the design intent of ITS being a lightweight internal storage?
- Does Nordic’s TF-M implementation allow increasing the ITS storage capacity safely (for example, via configuration), or is it strongly discouraged?
- Any clarification on how Nordic recommends handling larger secure data — whether via PS or by extending ITS — would be really helpful.
