Remove the dynamic SE interface in 4.0

[daverodgman]

Remove the dynamic SE interface (supplanted by opaque drivers). MBEDTLS_PSA_CRYPTO_SE_C must be removed from mbedtls_config.h. All code related to this should be removed, except mbedtls_psa_register_se_key() which first needs to change to work with new-style drivers.

Mailing list thread: https://lists.trustedfirmware.org/archives/list/mbed-tls@lists.trustedfirmware.org/thread/7AM6WGPCIEHOZQ5G3M5LPZHNG5CSOPAP/

[mpg]

Note: a good portion of docs/architecture/testing/driver-interface-test-strategy.md can be removed as well.

[mpg]

Note: I think this will close https://github.com/Mbed-TLS/mbedtls/issues/3856 as well. Actually, when addressing this, we should search for "SE", MBEDTLS_PSA_CRYPTO_SE_C, etc. in open issues and close those that become irrelevant.

[gilles-peskine-arm]

close those that become irrelevant.

Agreed that we should do that. But double check that the issues don't also apply to the new driver interface, or if they do that there is an issue for that.

I tend to call MBEDTLS_PSA_CRYPTO_SE_C the “old driver interface” or “dynamic secure element driver interface” or “dynamic SE drivers”.

[gilles-peskine-arm]

Note that at least mbedtls_psa_register_se_key should stay but be adapted to the new kind of opaque drivers.

[mimok]

I'm still using the "old" dynamic SE interface and i'm wondering whether the new PSA driver interface is actually in production or not before switching. I mean the driver interface cannot be fully defined through JSON files, you still need to manually modify the jinja templates. Is this really the way it is expected to work ?

[gilles-peskine-arm]

The C part is ready for production and actually used in production by several early adopters. Unfortunately, you do need to edit psa_crypto_driver_wrappers* manually at the moment. The way this is supposed to work is that you would provide a JSON file, but the script to generate the wrappers from JSON is not ready for production yet.