diff --git a/ChangeLog.d/psa_crypto_se.txt b/ChangeLog.d/psa_crypto_se.txt new file mode 100644 index 0000000000..f8136b1e82 --- /dev/null +++ b/ChangeLog.d/psa_crypto_se.txt @@ -0,0 +1,5 @@ +New deprecations + * Secure element drivers enabled by MBEDTLS_PSA_CRYPTO_SE_C are deprecated. + This was intended as an experimental feature, but had not been explicitly + documented as such. Use opaque drivers with the interface enabled by + MBEDTLS_PSA_CRYPTO_DRIVERS instead. diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index bdc32e1835..aa9c9c3247 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -581,6 +581,14 @@ #error "MBEDTLS_PSA_CRYPTO_SE_C defined, but not all prerequisites" #endif +#if defined(MBEDTLS_PSA_CRYPTO_SE_C) +#if defined(MBEDTLS_DEPRECATED_REMOVED) +#error "MBEDTLS_PSA_CRYPTO_SE_C is deprecated and will be removed in a future version of Mbed TLS" +#elif defined(MBEDTLS_DEPRECATED_WARNING) +#warning "MBEDTLS_PSA_CRYPTO_SE_C is deprecated and will be removed in a future version of Mbed TLS" +#endif +#endif /* MBEDTLS_PSA_CRYPTO_SE_C */ + #if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) && \ ! defined(MBEDTLS_PSA_CRYPTO_C) #error "MBEDTLS_PSA_CRYPTO_STORAGE_C defined, but not all prerequisites" diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 9c8ec11a76..65260bc573 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -2686,11 +2686,11 @@ /** * \def MBEDTLS_PSA_CRYPTO_SE_C * - * Enable secure element support in the Platform Security Architecture + * Enable dynamic secure element support in the Platform Security Architecture * cryptography API. * - * \warning This feature is not yet suitable for production. It is provided - * for API evaluation and testing purposes only. + * \deprecated This feature is deprecated. Please switch to the driver + * interface enabled by #MBEDTLS_PSA_CRYPTO_DRIVERS. * * Module: library/psa_crypto_se.c *