crypto: Remove PSA Crypto API from targets without entropy

An entropy source is required in order to use the PSA Crypto API. The only devices Mbed OS knows are guaranteed by default to have an entropy source are those devices with a TRNG. Don't enable the PSA Crypto API by default for devices that Mbed OS can't know have an entropy source. This avoids run-time errors when an entropy source is not present on these targets. Applications can add their own entropy source by place entropy into their systems, implementing their own NV Seed read and write callbacks, and then enabling the MBEDTLS_ENTROPY_NV_SEED configuration option to notify the PSA Crypto implementation that an entropy source is present and how to use it. See https://os.mbed.com/docs/mbed-os/v5.11/porting/entropy-sources.html for the background on why entropy is fundamental to system security and how to inject entropy into systems that lack an on-board source of entropy.
2019-02-13 15:04:43 +00:00 · 2019-02-13 15:04:43 +00:00 · 326b119fa1
parent a477354292
commit 326b119fa1
1 changed files with 1 additions and 1 deletions
--- a/targets/targets.json
+++ b/targets/targets.json
@ -2439,7 +2439,7 @@
                "macro_name": "CLOCK_SOURCE_USB"
            }
        },
-        "macros_add": ["USB_STM_HAL", "USBHOST_OTHER", "MBEDTLS_PSA_CRYPTO_C", "MBEDTLS_ENTROPY_NV_SEED"],
+        "macros_add": ["USB_STM_HAL", "USBHOST_OTHER"],
        "device_has_add": [
            "SERIAL_ASYNCH",
            "FLASH",