Secure Key-Value Storage

Executive Summary

The Configuration Store (CFSTORE) is a secure, associative key-value (KV) store C-Language Hardware Abstraction Layer. CFSTORE provides the secure and persistent storage for:

• Storing encryption keys data.
• Storing configuration data.
• Storing firmware, firmware updates and incremental firmware blocks for assembling into a firmware update.

These services are presented to clients with:

• A conceptually simple, file-like interface for storing and managing data using (key, value) pairs in persistent storage media.
• A simple, hardware-independent API to promote portability across multiple platforms and a low attack surface.
• A very small code/memory footprint so CFSTORE is capable of running on highly-constrained memory systems (~10kB free memory) where typically available SRAM << NV storage.
• A simple (low complexity) storage capability at the expense of features. For example, CFSTORE only supports the storage of binary blobs rather than a rich set of data types.

Current support includes:

• NV-backed support. Integration with Flash Abstraction (Flash Journal Strategy Sequential) for persistent storage on the Freescale FRDM K64F target.
• SRAM backed support.
• More than 60 test cases with >80% test coverage.
• Comprehensive documentation including doxygen generated API and test case documentation.

Configuration-Store Software Architecture

    
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+     
    |  Configuration Store Client   |     
    |  e.g. FOTA                    |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+     

    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |  Configuration Store          |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |  Flash Abstraction Layer      |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |  Flash Driver Layer           |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

    SW
    -----------------------------------------------------------------------
    HW

    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |  NV Storage Media e.g. Flash  |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

    Configuration Store Software Architecture

The above figure shows the following entities (from top to bottom):

• A Configuration Store client e.g. FOTA.
• Configuration Store, the associative KV pair store.
• Flash Abstraction Layer, portable across the driver layer.
• Flash Driver layer e.g. CMSIS-Driver.
• NV Storage Media. These are the physical storage media.

Providing Feedback

If you would like to make a contribution to CFSTORE, please provide feedback/designs/comments/code in one of the following ways:

• By logging an issue in the CFSTORE repo.
• By submitting a Pull Request to the CFSTORE repo.
• By sending an email to: -- simon.hughes@arm.com -- milosch.meriac@arm.com

Further Reading

• The CFSTORE Getting Started Guide including examples.
• The CFSTORE Engineering Requirements.
• The CFSTORE High Level Design Document.
• The CFSTORE Low Level Design Document.
• The CFSTORE Test Plan.
• The CFSTORE Application Note 0001: NXP Freescale Kinetis FRDM-K64F Flash Memory Usage.
• The CFSTORE Releases provides requirements tracking by listing the requirements supported for a CFSTORE version.

20160714