Hopefully clarify the example

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-07 23:21:50 +02:00 · 2021-06-07 23:21:50 +02:00 · 91466c8d3f
commit 91466c8d3f
parent 52bb83e6ad
1 changed files with 5 additions and 4 deletions
--- a/include/psa/crypto_values.h
+++ b/include/psa/crypto_values.h
@ -2026,10 +2026,11 @@
 * They must be created through platform-specific means that bypass the API.
 *
 * Some platforms may offer ways to destroy read-only keys. For example,
- * a platform with multiple levels of privilege may expose a key to an
- * application without allowing that application to destroy the key, in
- * which case it may show the key a view of the key metadata where the
- * lifetime is read-only.
+ * consider a platform with multiple levels of privilege, where a
+ * low-privilege application can use a key but is not allowed to destroy
+ * it, and the platform exposes the key to the application with a read-only
+ * lifetime. High-privilege code can destroy the key even though the
+ * application sees the key as read-only.
 *
 * \param lifetime      The lifetime value to query (value of type
 *                      ::psa_key_lifetime_t).