`async` API for `Env`? about opensk HOT 3 OPEN

Thank you for your interest. The current Env API has evolved with needs from different platforms. The API calls you mentioned are broadly in 2 categories.

USB HID related

HidConnection and UserPresence.
Our current API is mostly taken from pre-library code and hasn't been redesigned yet. I could see us moving to an async API here.
We haven't touched it yet since we might want to be compatible with other transports like NFC in the future, and the new design should work for that.

Storage related

AttestationStore::{get,set}, Storage::{read_slice,write_slice,erase_page}
First comment: This is work in progress, e.g., #679. I suggest you look at the develop branch, not the current main branch 2.1 which is for people who want to build and use OpenSK more than it is for developers. Not too different yet, but more recent. AttestationStore moved into Persist.

Being async here is more problematic, since some of our security guarantees are tied to storage writes having persisted when execution continues. Can you help me understand why a blocking API doesn't work for you?

from opensk.

USB HID related

Our current API is mostly taken from pre-library code and hasn't been redesigned yet. I could see us moving to an async API here.

Cool, then there's a chance I may propose a PR or two later 🙂

Storage related

Can you help me understand why a blocking API doesn't work for you?

On my hardware, I'm using external eMMC memory for persistent storage, rather than embedded flash. It gives me quite a bit more capacity to work with, but it's also a slower channel where data is transferred over a bus 1 byte at a time with a checksum at the end for verification.

some of our security guarantees are tied to storage writes having persisted when execution continues

In my case, that's exactly why I'd prefer async - so that execution can switch to other unrelated tasks (e.g. updating the display) while a read/write is pending, and yield back to OpenSK once the operation has been confirmed by a successful handshake from the eMMC.

from opensk.

Question is how you'd design an Env that doesn't break all sync users and supports async use cases at the same time? To make sure I don't overpromise: I don't merge a PR that only moves our API to async.

So maybe it is indeed easier if you can use the sync OpenSK as is? Outside of user presence checking, our USB HID code is in the main loop, which is fully in your control. So the limitation that you can't run, e.g., display updates in parallel only applies when OpenSK processes a command.

from opensk.