nrf_security: Add key policy for the Cracen builtin keys

Add logic which allows to specifically define who can use the builtin
keys (IKG and KMU one) for Cracen when used with TF-M.

This includes a list of specifically allowed users for the builtin keys
and any other access is denied.

This is only relevant for a TF-M enabled application since that is
currently the only way to encode ownership in the key attributes.

Ref: NCSDK-35736

Signed-off-by: Georgios Vasilakis <[email protected]>

Author: Vge0rge

subsys/nrf_security/src/drivers/cracen/cracenpsa/cracenpsa.cmake

@@ -23,6 +23,12 @@ list(APPEND cracen_driver_sources
   ${CMAKE_CURRENT_LIST_DIR}/src/prng_pool.c
 )
 
+if(BUILD_INSIDE_TFM)
+  list(APPEND cracen_driver_sources
+    ${CMAKE_CURRENT_LIST_DIR}/src/builtin_key_policy.c
+  )
+endif()
+
 # Include hardware cipher implementation for all devices except nRF54LM20A
 # nRF54LM20A uses only cracen_sw
 if(NOT CONFIG_PSA_NEED_CRACEN_MULTIPART_WORKAROUNDS)

subsys/nrf_security/src/drivers/cracen/cracenpsa/include/cracen_psa_builtin_key_policy.h

@@ -0,0 +1,45 @@
+/*
+ * Copyright (c) 2025 Nordic Semiconductor ASA
+ *
+ * SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
+ */
+
+#ifndef CRACEN_PSA_BUILTIN_KEY_POLICY_H
+#define CRACEN_PSA_BUILTIN_KEY_POLICY_H
+
+#include <psa/crypto.h>
+#include <psa/crypto_values.h>
+
+#if defined(__NRF_TFM__)
+
+typedef struct {
+	mbedtls_key_owner_id_t owner;
+	psa_drv_slot_number_t key_slot;
+} cracen_builtin_ikg_key_policy_t;
+
+typedef enum {
+	KMU_ENTRY_SLOT_SINGLE,
+	KMU_ENTRY_SLOT_RANGE,
+} cracen_kmu_entry_type_t;
+
+/* When defining a range of KMU slots both the start and end slot numbers are inclusive. */
+typedef struct {
+	mbedtls_key_owner_id_t owner;
+	psa_drv_slot_number_t key_slot_start;
+	psa_drv_slot_number_t key_slot_end;
+	cracen_kmu_entry_type_t kmu_entry_type;
+} cracen_builtin_kmu_key_policy_t;
+
+bool cracen_builtin_key_user_allowed(const psa_key_attributes_t *attributes);
+
+#else
+
+static inline bool cracen_builtin_key_user_allowed(const psa_key_attributes_t *attributes)
+{
+	(void)attributes;
+	return true;
+}
+
+#endif /* __NRF_TFM__ */
+
+#endif /* CRACEN_PSA_BUILTIN_KEY_POLICY_H */

subsys/nrf_security/src/drivers/cracen/cracenpsa/src/builtin_key_policy.c

@@ -0,0 +1,129 @@
+/*
+ * Copyright (c) 2025 Nordic Semiconductor ASA
+ *
+ * SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
+ */
+
+#include "common.h"
+
+#include <psa/crypto.h>
+#include <psa/crypto_values.h>
+#include <zephyr/sys/util.h>
+#include <stddef.h>
+#include <string.h>
+
+#include <psa_manifest/pid.h>
+#include <tfm_builtin_key_ids.h>
+#include <cracen_psa_builtin_key_policy.h>
+#include <drivers/nrfx_utils.h>
+
+#define MAPPED_TZ_NS_AGENT_DEFAULT_CLIENT_ID (-0x3c000000)
+
+static const cracen_builtin_ikg_key_policy_t g_builtin_ikg_policy[] = {
+#ifdef TFM_SP_ITS
+	{.owner = TFM_SP_ITS, .key_slot = TFM_BUILTIN_KEY_ID_HUK},
+#endif /* TFM_SP_ITS */
+#ifdef TFM_SP_PS
+	{.owner = TFM_SP_PS, .key_slot = TFM_BUILTIN_KEY_ID_HUK},
+#endif /* TFM_SP_PS */
+#ifdef TFM_SP_INITIAL_ATTESTATION
+	{.owner = TFM_SP_INITIAL_ATTESTATION, .key_slot = TFM_BUILTIN_KEY_ID_IAK}
+#endif /* TFM_SP_INITIAL_ATTESTATION */
+};
+
+#ifdef PSA_NEED_CRACEN_KMU_DRIVER
+
+static const cracen_builtin_kmu_key_policy_t g_builtin_kmu_policy[] = {
+	/* 0x0 is used by libraries like the hw_unique_key library when manually generating psa
+	 * key_ids. Allow access to all slots for these libraries since they don't have the logic to
+	 * have an owner id and reside inside TF-M.
+	 */
+	{.owner = 0x0,
+	 .key_slot_start = 0,
+	 .key_slot_end = 255,
+	 .kmu_entry_type = KMU_ENTRY_SLOT_RANGE},
+#ifdef TFM_SP_ITS
+	{.owner = TFM_SP_ITS,
+	 .key_slot_start = 0,
+	 .key_slot_end = 255,
+	 .kmu_entry_type = KMU_ENTRY_SLOT_RANGE},
+#endif /* TFM_SP_ITS */
+#ifdef TFM_SP_CRYPTO
+	{.owner = TFM_SP_CRYPTO,
+	 .key_slot_start = 0,
+	 .key_slot_end = 255,
+	 .kmu_entry_type = KMU_ENTRY_SLOT_RANGE},
+#endif /* TFM_SP_CRYPTO */
+	/* The docs have KMU slots >= 180 reserved so don't allow NS users to access them */
+	{.owner = MAPPED_TZ_NS_AGENT_DEFAULT_CLIENT_ID,
+	 .key_slot_start = 0,
+	 .key_slot_end = 179,
+	 .kmu_entry_type = KMU_ENTRY_SLOT_RANGE}};
+
+static bool cracen_builtin_kmu_user_allowed(mbedtls_key_owner_id_t owner,
+					    psa_drv_slot_number_t slot_number,
+					    const psa_key_attributes_t *attributes)
+{
+	for (uint32_t i = 0; i < NRFX_ARRAY_SIZE(g_builtin_kmu_policy); i++) {
+
+		switch (g_builtin_kmu_policy[i].kmu_entry_type) {
+		case KMU_ENTRY_SLOT_SINGLE:
+			if (g_builtin_kmu_policy[i].owner == owner &&
+			    g_builtin_kmu_policy[i].key_slot_start == slot_number) {
+				return true;
+			}
+			break;
+		case KMU_ENTRY_SLOT_RANGE:
+			if (g_builtin_kmu_policy[i].owner == owner &&
+			    (slot_number >= g_builtin_kmu_policy[i].key_slot_start &&
+			     slot_number <= g_builtin_kmu_policy[i].key_slot_end)) {
+				return true;
+			}
+			break;
+		default:
+			break;
+		}
+	}
+
+	return false;
+}
+#endif /* PSA_NEED_CRACEN_KMU_DRIVER */
+
+static bool cracen_builtin_ikg_user_allowed(mbedtls_key_owner_id_t owner,
+					    psa_drv_slot_number_t slot_number,
+					    const psa_key_attributes_t *attributes)
+{
+	for (uint32_t i = 0; i < NRFX_ARRAY_SIZE(g_builtin_ikg_policy); i++) {
+		if (g_builtin_ikg_policy[i].owner == owner &&
+		    g_builtin_ikg_policy[i].key_slot == slot_number) {
+			return true;
+		}
+	}
+
+	return false;
+}
+
+bool cracen_builtin_key_user_allowed(const psa_key_attributes_t *attributes)
+{
+	mbedtls_key_owner_id_t owner = MBEDTLS_SVC_KEY_ID_GET_OWNER_ID(psa_get_key_id(attributes));
+	psa_drv_slot_number_t slot_id;
+
+	if (PSA_KEY_LIFETIME_GET_LOCATION(psa_get_key_lifetime(attributes)) ==
+	    PSA_KEY_LOCATION_CRACEN) {
+
+		slot_id = MBEDTLS_SVC_KEY_ID_GET_KEY_ID(psa_get_key_id(attributes));
+		return cracen_builtin_ikg_user_allowed(owner, slot_id, attributes);
+	}
+
+#ifdef PSA_NEED_CRACEN_KMU_DRIVER
+	if (PSA_KEY_LIFETIME_GET_LOCATION(psa_get_key_lifetime(attributes)) ==
+	    PSA_KEY_LOCATION_CRACEN_KMU) {
+
+		slot_id = CRACEN_PSA_GET_KMU_SLOT(
+			MBEDTLS_SVC_KEY_ID_GET_KEY_ID(psa_get_key_id(attributes)));
+		return cracen_builtin_kmu_user_allowed(owner, slot_id, attributes);
+	}
+#endif /* PSA_NEED_CRACEN_KMU_DRIVER */
+
+	return true;
+}

subsys/nrf_security/src/drivers/cracen/cracenpsa/src/key_management.c

@@ -14,6 +14,7 @@
 #include <cracen_psa_montgomery.h>
 #include <cracen_psa_ikg.h>
 #include <cracen_psa_rsa_keygen.h>
+#include <cracen_psa_builtin_key_policy.h>
 #include <nrf_security_mutexes.h>
 #include "ecc.h"
 #include <silexpk/sxops/rsa.h>
@@ -894,6 +895,10 @@ psa_status_t cracen_export_public_key(const psa_key_attributes_t *attributes,
 		return PSA_ERROR_INVALID_ARGUMENT;
 	}
 
+	if (!cracen_builtin_key_user_allowed(attributes)) {
+		return PSA_ERROR_NOT_PERMITTED;
+	}
+
 	if (IS_ENABLED(PSA_NEED_CRACEN_KEY_TYPE_ECC_KEY_PAIR_EXPORT)) {
 		if (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(key_type)) {
 			return export_ecc_public_key_from_keypair(attributes, key_buffer,
@@ -945,6 +950,10 @@ psa_status_t cracen_import_key(const psa_key_attributes_t *attributes, const uin
 		return PSA_ERROR_INVALID_ARGUMENT;
 	}
 
+	if (!cracen_builtin_key_user_allowed(attributes)) {
+		return PSA_ERROR_NOT_PERMITTED;
+	}
+
 	psa_key_location_t location =
 		PSA_KEY_LIFETIME_GET_LOCATION(psa_get_key_lifetime(attributes));
 #ifdef PSA_NEED_CRACEN_KMU_DRIVER
@@ -1205,6 +1214,10 @@ psa_status_t cracen_generate_key(const psa_key_attributes_t *attributes, uint8_t
 	psa_key_location_t location =
 		PSA_KEY_LIFETIME_GET_LOCATION(psa_get_key_lifetime(attributes));
 
+	if (!cracen_builtin_key_user_allowed(attributes)) {
+		return PSA_ERROR_NOT_PERMITTED;
+	}
+
 #ifdef PSA_NEED_CRACEN_KMU_DRIVER
 	if (location == PSA_KEY_LOCATION_CRACEN_KMU) {
 		return generate_key_for_kmu(attributes, key_buffer, key_buffer_size,
@@ -1337,6 +1350,11 @@ psa_status_t cracen_get_builtin_key(psa_drv_slot_number_t slot_number,
 	 * and the `lifetime` field of the attribute struct. We will fill all the other
 	 * attributes, and update the `lifetime` field to be more specific.
 	 */
+
+	if (!cracen_builtin_key_user_allowed(attributes)) {
+		return PSA_ERROR_NOT_PERMITTED;
+	}
+
 	switch (slot_number) {
 	case CRACEN_BUILTIN_IDENTITY_KEY_ID:
 	case CRACEN_BUILTIN_MKEK_ID:
@@ -1394,6 +1412,10 @@ psa_status_t cracen_export_key(const psa_key_attributes_t *attributes, const uin
 	psa_key_location_t location =
 		PSA_KEY_LIFETIME_GET_LOCATION(psa_get_key_lifetime(attributes));
 
+	if (!cracen_builtin_key_user_allowed(attributes)) {
+		return PSA_ERROR_NOT_PERMITTED;
+	}
+
 	if (location == PSA_KEY_LOCATION_CRACEN_KMU) {
 		/* The keys will already be in the key buffer as they got loaded their by a previous
 		 * call to cracen_get_builtin_key or cached in the memory.
@@ -1442,6 +1464,10 @@ psa_status_t cracen_copy_key(psa_key_attributes_t *attributes, const uint8_t *so
 			     size_t target_key_buffer_size, size_t *target_key_buffer_length)
 {
 #ifdef PSA_NEED_CRACEN_KMU_DRIVER
+	if (!cracen_builtin_key_user_allowed(attributes)) {
+		return PSA_ERROR_NOT_PERMITTED;
+	}
+
 	psa_key_location_t location =
 		PSA_KEY_LIFETIME_GET_LOCATION(psa_get_key_lifetime(attributes));
 
@@ -1496,6 +1522,10 @@ psa_status_t cracen_copy_key(psa_key_attributes_t *attributes, const uint8_t *so
 psa_status_t cracen_destroy_key(const psa_key_attributes_t *attributes)
 {
 #ifdef PSA_NEED_CRACEN_KMU_DRIVER
+	if (!cracen_builtin_key_user_allowed(attributes)) {
+		return PSA_ERROR_NOT_PERMITTED;
+	}
+
 	return cracen_kmu_destroy_key(attributes);
 #endif
 
@@ -1508,6 +1538,10 @@ psa_status_t cracen_derive_key(const psa_key_attributes_t *attributes, const uin
 {
 	psa_key_type_t key_type = psa_get_key_type(attributes);
 
+	if (!cracen_builtin_key_user_allowed(attributes)) {
+		return PSA_ERROR_NOT_PERMITTED;
+	}
+
 	if (PSA_KEY_TYPE_IS_SPAKE2P_KEY_PAIR(key_type) && IS_ENABLED(PSA_NEED_CRACEN_SPAKE2P)) {
 		return cracen_derive_spake2p_key(attributes, input, input_length, key, key_size,
 						 key_length);