Turn off secure element support by default

Secure element support is not yet usable in the real world. Only part
of the feature is implemented and the part that's implemented is not
sufficient for real-world uses. A lot of error handling is missing,
and there are no tests.

This commit should be reverted once the feature has stabilized.
This commit is contained in:
Gilles Peskine 2019-07-24 13:52:51 +02:00
parent 105736653f
commit d0e66b00fb
2 changed files with 5 additions and 1 deletions

View file

@ -1715,12 +1715,15 @@
* Enable secure element support in the Platform Security Architecture * Enable secure element support in the Platform Security Architecture
* cryptography API. * cryptography API.
* *
* \warning This feature is not yet suitable for production. It is provided
* for API evaluation and testing purposes only.
*
* Module: library/psa_crypto_se.c * Module: library/psa_crypto_se.c
* *
* Requires: MBEDTLS_PSA_CRYPTO_C, MBEDTLS_PSA_CRYPTO_STORAGE_C * Requires: MBEDTLS_PSA_CRYPTO_C, MBEDTLS_PSA_CRYPTO_STORAGE_C
* *
*/ */
#define MBEDTLS_PSA_CRYPTO_SE_C //#define MBEDTLS_PSA_CRYPTO_SE_C
/** /**
* \def MBEDTLS_PSA_CRYPTO_STORAGE_C * \def MBEDTLS_PSA_CRYPTO_STORAGE_C

View file

@ -85,6 +85,7 @@ MBEDTLS_NO_PLATFORM_ENTROPY
MBEDTLS_RSA_NO_CRT MBEDTLS_RSA_NO_CRT
MBEDTLS_NO_UDBL_DIVISION MBEDTLS_NO_UDBL_DIVISION
MBEDTLS_NO_64BIT_MULTIPLICATION MBEDTLS_NO_64BIT_MULTIPLICATION
MBEDTLS_PSA_CRYPTO_SE_C
MBEDTLS_PSA_CRYPTO_SPM MBEDTLS_PSA_CRYPTO_SPM
MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER
MBEDTLS_PSA_INJECT_ENTROPY MBEDTLS_PSA_INJECT_ENTROPY