Description
Summary
Create a more directly-integrated Parsec provider that uses NXP Layerscape secure objects (libsecure_obj), so that the PKCS#11 wrapper can be bypassed.
Details
Parsec can already be used with the secure object (virtual HSM) facility on the NXP Layerscape platforms such as LS1046a: https://docs.nxp.com/bundle/GUID-3B3DA6F9-635B-4E21-AA0D-439A9ACF044B/page/GUID-CD50DAA2-28AA-44F1-BE9B-494356F74EBD.html
However, this integration currently relies upon the PKCS#11 wrapper (libpkcs11), where it would be better to interface with libsecure_obj natively.
The rationale for this is that it reduces the number of different PKCS#11 implementations that Parsec needs to be compatible with, which reduces the scope for regressions and errors in the future. Part of the Parsec design philosophy is to avoid the use of bridges and shims where possible, and it should be possible in this case.
This will require creating a Rust wrapper crate for libsecure_obj, unless there is a suitable one being maintained in the Rust ecosystem already.
The aim would be for such a back-end to be have feature parity with the PKCS#11-based solution, supporting all of the same operations to the same level.
Definition of Done
This is a fairly substantial project, so probably it will need individual tickets for implementation tasks. This issue can be kept open as a placeholder until it can be superseded by more detailed tickets, although we probably shouldn't close this issue until there is at least a skeleton implementation merged to the mainline branch, even if it doesn't support any opcodes yet.