Turn off secure element support by default

Secure element support is not yet usable in the real world. Only part of the feature is implemented and the part that's implemented is not sufficient for real-world uses. A lot of error handling is missing, and there are no tests. This commit should be reverted once the feature has stabilized.
2019-07-24 13:52:51 +02:00 · 2019-07-24 13:52:51 +02:00 · d0e66b00fb
commit d0e66b00fb
parent 105736653f
2 changed files with 5 additions and 1 deletions
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@ -1715,12 +1715,15 @@
 * Enable secure element support in the Platform Security Architecture
 * cryptography API.
 *
+ * \warning This feature is not yet suitable for production. It is provided
+ *          for API evaluation and testing purposes only.
+ *
 * Module:  library/psa_crypto_se.c
 *
 * Requires: MBEDTLS_PSA_CRYPTO_C, MBEDTLS_PSA_CRYPTO_STORAGE_C
 *
 */
-#define MBEDTLS_PSA_CRYPTO_SE_C
+//#define MBEDTLS_PSA_CRYPTO_SE_C

 /**
 * \def MBEDTLS_PSA_CRYPTO_STORAGE_C
--- a/scripts/config.pl
+++ b/scripts/config.pl
@ -85,6 +85,7 @@ MBEDTLS_NO_PLATFORM_ENTROPY
 MBEDTLS_RSA_NO_CRT
 MBEDTLS_NO_UDBL_DIVISION
 MBEDTLS_NO_64BIT_MULTIPLICATION
+MBEDTLS_PSA_CRYPTO_SE_C
 MBEDTLS_PSA_CRYPTO_SPM
 MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER
 MBEDTLS_PSA_INJECT_ENTROPY