diff --git a/configs/config-psa-crypto.h b/configs/config-psa-crypto.h index f3a8b722f8..c9a8ebd626 100644 --- a/configs/config-psa-crypto.h +++ b/configs/config-psa-crypto.h @@ -710,6 +710,16 @@ */ //#define MBEDTLS_PSA_CRYPTO_SPM +/** + * \def MBEDTLS_PSA_HAS_ITS_IO + * + * Enable the non-volatile secure storage usage. + * + * This is crucial on systems that do not have a HW TRNG support. + * + */ +//#define MBEDTLS_PSA_HAS_ITS_IO + /** * \def MBEDTLS_RSA_NO_CRT * diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index b2a9a2e100..c47c4714a4 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -1173,6 +1173,16 @@ */ //#define MBEDTLS_PSA_CRYPTO_SPM +/** + * \def MBEDTLS_PSA_HAS_ITS_IO + * + * Enable the non-volatile secure storage usage. + * + * This is crucial on systems that do not have a HW TRNG support. + * + */ +//#define MBEDTLS_PSA_HAS_ITS_IO + /** * \def MBEDTLS_RSA_NO_CRT * diff --git a/library/version_features.c b/library/version_features.c index 00652f1e45..af8149052d 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -420,6 +420,9 @@ static const char *features[] = { #if defined(MBEDTLS_PSA_CRYPTO_SPM) "MBEDTLS_PSA_CRYPTO_SPM", #endif /* MBEDTLS_PSA_CRYPTO_SPM */ +#if defined(MBEDTLS_PSA_HAS_ITS_IO) + "MBEDTLS_PSA_HAS_ITS_IO", +#endif /* MBEDTLS_PSA_HAS_ITS_IO */ #if defined(MBEDTLS_RSA_NO_CRT) "MBEDTLS_RSA_NO_CRT", #endif /* MBEDTLS_RSA_NO_CRT */ diff --git a/scripts/config.pl b/scripts/config.pl index 81bb8950dc..6d02ec05c4 100755 --- a/scripts/config.pl +++ b/scripts/config.pl @@ -97,6 +97,8 @@ MBEDTLS_PKCS11_C MBEDTLS_NO_UDBL_DIVISION MBEDTLS_NO_64BIT_MULTIPLICATION MBEDTLS_PSA_CRYPTO_SPM +MBEDTLS_PSA_HAS_ITS_IO +MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C _ALT\s*$ ); @@ -119,6 +121,7 @@ MBEDTLS_PLATFORM_FPRINTF_ALT MBEDTLS_PSA_CRYPTO_STORAGE_C MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C +MBEDTLS_PSA_HAS_ITS_IO ); # Things that should be enabled in "full" even if they match @excluded