Gate secure element support by a separate config option Secure element support has its own source file, and in addition requires many hooks in other files. This is a nontrivial amount of code, so make it optional (but default on).
diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 7e20071..8789084 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c
@@ -32,7 +32,9 @@ #include "psa_crypto_core.h" #include "psa_crypto_invasive.h" +#if defined(MBEDTLS_PSA_CRYPTO_SE_C) #include "psa_crypto_se.h" +#endif #include "psa_crypto_slot_management.h" /* Include internal declarations that are useful for implementing persistently * stored keys. */ @@ -5212,9 +5214,11 @@ * In particular, this sets all state indicator to the value * indicating "uninitialized". */ mbedtls_platform_zeroize( &global_data, sizeof( global_data ) ); +#if defined(MBEDTLS_PSA_CRYPTO_SE_C) /* Unregister all secure element drivers, so that we restart from * a pristine state. */ psa_unregister_all_se_drivers( ); +#endif /* MBEDTLS_PSA_CRYPTO_SE_C */ } psa_status_t psa_crypto_init( void )
diff --git a/library/psa_crypto_se.c b/library/psa_crypto_se.c index 32142eb..814c6a0 100644 --- a/library/psa_crypto_se.c +++ b/library/psa_crypto_se.c
@@ -25,7 +25,7 @@ #include MBEDTLS_CONFIG_FILE #endif -#if defined(MBEDTLS_PSA_CRYPTO_C) +#if defined(MBEDTLS_PSA_CRYPTO_SE_C) #include <string.h> @@ -76,4 +76,4 @@ memset( driver_table, 0, sizeof( driver_table ) ); } -#endif /* MBEDTLS_PSA_CRYPTO_C */ +#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
diff --git a/library/version_features.c b/library/version_features.c index 4f1da6a..5701598 100644 --- a/library/version_features.c +++ b/library/version_features.c
@@ -555,6 +555,9 @@ #if defined(MBEDTLS_PSA_CRYPTO_C) "MBEDTLS_PSA_CRYPTO_C", #endif /* MBEDTLS_PSA_CRYPTO_C */ +#if defined(MBEDTLS_PSA_CRYPTO_SE_C) + "MBEDTLS_PSA_CRYPTO_SE_C", +#endif /* MBEDTLS_PSA_CRYPTO_SE_C */ #if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) "MBEDTLS_PSA_CRYPTO_STORAGE_C", #endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C */