From d0e66b00fbf588b4fee72df7ee3f226b2a431163 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 24 Jul 2019 13:52:51 +0200 Subject: [PATCH] Turn off secure element support by default Secure element support is not yet usable in the real world. Only part of the feature is implemented and the part that's implemented is not sufficient for real-world uses. A lot of error handling is missing, and there are no tests. This commit should be reverted once the feature has stabilized. --- include/mbedtls/config.h | 5 ++++- scripts/config.pl | 1 + 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 0e8d7550e..bd6f7b6a0 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -1715,12 +1715,15 @@ * Enable secure element support in the Platform Security Architecture * cryptography API. * + * \warning This feature is not yet suitable for production. It is provided + * for API evaluation and testing purposes only. + * * Module: library/psa_crypto_se.c * * Requires: MBEDTLS_PSA_CRYPTO_C, MBEDTLS_PSA_CRYPTO_STORAGE_C * */ -#define MBEDTLS_PSA_CRYPTO_SE_C +//#define MBEDTLS_PSA_CRYPTO_SE_C /** * \def MBEDTLS_PSA_CRYPTO_STORAGE_C diff --git a/scripts/config.pl b/scripts/config.pl index 05cc52e64..6479c6d53 100755 --- a/scripts/config.pl +++ b/scripts/config.pl @@ -85,6 +85,7 @@ MBEDTLS_NO_PLATFORM_ENTROPY MBEDTLS_RSA_NO_CRT MBEDTLS_NO_UDBL_DIVISION MBEDTLS_NO_64BIT_MULTIPLICATION +MBEDTLS_PSA_CRYPTO_SE_C MBEDTLS_PSA_CRYPTO_SPM MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER MBEDTLS_PSA_INJECT_ENTROPY