- mbed-tls - lists.trustedfirmware.org

Canceled event: MBed-TLS Technical Forum - Asia @ Mon 29 Dec 2025 10am - 10:50am (GMT) (mbed-tls@lists.trustedfirmware.org)

by Shaun Longhorn

This event has been canceled. MBed-TLS Technical Forum - Asia Monday 29 Dec 2025 ⋅ 10am – 10:50am United Kingdom Time Trusted Firmware is inviting you to a scheduled Zoom meeting.Topic: MBed-TLS Technical Forum - AsiaTime: Jun 16, 2025 10:00 AM London Every 4 weeks on Mon, 39 occurrence(s)Please download and import the following iCalendar (.ics) files to your calendar system.Weekly: https://linaro-org.zoom.us/meeting/tJMqcuGuqDotGtIbACm498ytl0ZhydWKdu1b/ics… Zoom Meetinghttps://linaro-org.zoom.us/j/97758661706?pwd=baMjUvnWbY20z3ignQca7QVahhozkI.1Meeting ID: 977 5866 1706Passcode: 577208---One tap mobile+16892781000,,97758661706# US+17193594580,,97758661706# US---Dial by your location• +1 689 278 1000 US• +1 719 359 4580 US• +1 253 205 0468 US• +1 253 215 8782 US (Tacoma)• +1 301 715 8592 US (Washington DC)• +1 305 224 1968 US• +1 309 205 3325 US• +1 312 626 6799 US (Chicago)• +1 346 248 7799 US (Houston)• +1 360 209 5623 US• +1 386 347 5053 US• +1 507 473 4847 US• +1 564 217 2000 US• +1 646 558 8656 US (New York)• +1 646 931 3860 US• +1 669 444 9171 US• +1 669 900 9128 US (San Jose)• 833 548 0282 US Toll-free• 833 928 4608 US Toll-free• 833 928 4609 US Toll-free• 833 928 4610 US Toll-free• 877 853 5247 US Toll-free• 888 788 0099 US Toll-free• 833 548 0276 US Toll-freeMeeting ID: 977 5866 1706Find your local number: https://linaro-org.zoom.us/u/acdtApJNbc Guests mbed-tls(a)lists.trustedfirmware.org psa-crypto(a)lists.trustedfirmware.org ~~//~~ Invitation from Google Calendar: https://calendar.google.com/calendar/ You are receiving this email because you are an attendee on the event. Forwarding this invitation could allow any recipient to send a response to the organizer, be added to the guest list, invite others regardless of their own invitation status, or modify your RSVP. Learn more https://support.google.com/calendar/answer/37135#forwarding

6 months, 1 week

1
0
0 0

Question about using hardware-backed parameters in ALT crypto implementations

by Massimiliano Cialdi

Hi, I’m working with Mbed TLS 2.28.x on a microcontroller that provides a built-in crypto engine. The existing *_ALT support works fine for performance, and higher-level modules correctly route their block operations through the accelerated backend. On this platform the crypto hardware can also use internal key material stored in dedicated slots. These values are not accessible as byte arrays and cannot be passed to the usual setkey_*() API. Question Is there a recommended way to configure an ALT implementation so that it can select an internal key slot instead of receiving a buffer? Or, more generally, how should an ALT backend represent a key that is not exposed to software? Any guidance on the intended design would be appreciated. Thanks! Massimiliano Cialdi FIRMWARE ENGINEERING PROFESSIONAL LEADER Powersoft S.p.A. Via E. Conti, 5 - Scandicci (Fi) 50018 - Italy OFFICE: +39 055 7350230 [cid:2_3b23bc2c-3db3-4330-b6f5-3fb62b89422a.png]<https://www.facebook.com/powersoft/>[cid:3_7da2eb67-7c7f-41e6-9598-128bdd52ec04.png]<https://www.instagram.com/powersoft.official/>[cid:4_a5d469e7-3228-4fb1-948d-4c3e879ea0da.png]<https://www.youtube.com/@powersoftaudio>[cid:5_e4390674-51fd-4219-9389-28ae9a12796d.png]<https://www.linkedin.com/company/powersoft>[cid:6_083a55f9-076c-4d52-9f93-69225b28cb32.png]<https://open.spotify.com/show/6lwXROYcCyrVnJi6J9fA42>[cid:7_7fd8585e-63fd-441a-95f3-6c0b23d059e1.png]<https://x.com/Powersoft_Japan>[cid:8_6308aaa9-b97d-405b-a86c-0300a381d13f.png]<https://space.bilibili.com/3546387314641333>[cid:9_9af1e42f-0019-42c4-8046-d6246e65ed9e.png]<https://teams.microsoft.com/l/chat/0/0?users=massimiliano.cialdi@powersoft.…> [cid:pwsrgbn_12214209-f50f-45fa-be18-2a4cf1a5818a.png]<https://www.powersoft.com/en>

7 months

2
1
0 0

Re: How can I read plain-text private key into rsa_context?

by Shannek Pierce

05 DC AD 24 F4 E4 B1 C4 39 15 62 45 02 DC 7B 4A C6 57 8F FC 40 5B 5E 6F 55 FB E1 F6 58 62 CB 57 05 Sent from my iPhone

7 months, 1 week

1
0
0 0

AI Policy - Guidance on AI-assisted contributions

by Shaun Longhorn

All, Please be aware that today we have published our AI policy with Guidance on AI-assisted contributions. See the full details here: https://www.trustedfirmware.org/aipolicy/ Should you have any questions feel free to raise them. Thanks, Shaun Community Manager

7 months, 1 week

1
0
0 0

Re: [Hafnium] Re: Gerrit scheduled maintenance: 8th November 8-12 UTC

by Saheer Babu

Hi Jerome Could you try again please? Thanks, Saheer From: Jerome Forissier <jerome.forissier(a)linaro.org> Date: Monday, 10 November 2025 at 10:19 To: Saheer Babu <Saheer.Babu(a)arm.com>, tf-m(a)lists.trustedfirmware.org <tf-m(a)lists.trustedfirmware.org>, tf-rmm(a)lists.trustedfirmware.org <tf-rmm(a)lists.trustedfirmware.org>, hafnium(a)lists.trustedfirmware.org <hafnium(a)lists.trustedfirmware.org>, mbed-tls(a)lists.trustedfirmware.org <mbed-tls(a)lists.trustedfirmware.org>, olivier.deprez--- via Tf-openci <tf-openci(a)lists.trustedfirmware.org> Subject: Re: [Hafnium] Re: Gerrit scheduled maintenance: 8th November 8-12 UTC Hi Saheer, On 11/9/25 00:19, Saheer Babu via Hafnium wrote: > Hi > > Just wanted to let you all know that maintenance was done in the morning and site is back to normal. I'm getting a 403 from here: $ curl --show-headers https://review.trustedfirmware.org/ HTTP/2 403 server: awselb/2.0 date: Mon, 10 Nov 2025 10:14:55 GMT content-type: text/html content-length: 118 <html> <head><title>403 Forbidden</title></head> <body> <center><h1>403 Forbidden</h1></center> </body> </html> Same for git.trustedfirmware.org which makes the OP-TEE CI fail: https://github.com/OP-TEE/optee_os/actions/runs/19226835413/job/54955917815… Regards, -- Jerome > > Thanks, > Saheer > > From: Saheer Babu <Saheer.Babu(a)arm.com> > Date: Thursday, 30 October 2025 at 16:13 > To: tf-m(a)lists.trustedfirmware.org <tf-m(a)lists.trustedfirmware.org>, tf-rmm(a)lists.trustedfirmware.org <tf-rmm(a)lists.trustedfirmware.org>, hafnium(a)lists.trustedfirmware.org <hafnium(a)lists.trustedfirmware.org>, mbed-tls(a)lists.trustedfirmware.org <mbed-tls(a)lists.trustedfirmware.org>, olivier.deprez--- via Tf-openci <tf-openci(a)lists.trustedfirmware.org> > Subject: Gerrit scheduled maintenance: 8th November 8-12 UTC > Hi All, > > We will be performing maintenance activity on review.trustedfirmware.org and service will be unavailable on 8th November between 8 AM-11 AM UTC. > > Best regards, > > Saheer >

7 months, 1 week

1
0
0 0

FW: CI infrastructure scheduled maintenance: 12th Sep 2025

by Joanna Farley

FYI From: Saheer Babu via Tf-openci <tf-openci(a)lists.trustedfirmware.org> Date: Wednesday, 10 September 2025 at 15:17 To: tf-openci(a)lists.trustedfirmware.org <tf-openci(a)lists.trustedfirmware.org> Subject: [Tf-openci] CI infrastructure scheduled maintenance: 12th Sep 2025 Hi all, We will be performing upgrade of the clusters hosting review.trustedfirmware.org and ci.trustedfirmware.org on Friday, 12th Sep 2025 at 16:00 GMT+1. During this maintenance window, both services will be unavailable for approximately 4 hours. A follow-up email will be sent once the services are fully restored. Best regards, Saheer IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. -- Tf-openci mailing list -- tf-openci(a)lists.trustedfirmware.org To unsubscribe send an email to tf-openci-leave(a)lists.trustedfirmware.org

7 months, 2 weeks

2
3
0 0

Security backports for v2.28

by Matt Bauman

Hello all, I know that v2.28.10 is EOL, but I've been working on bringing security bug fixes to our distribution of it as part of my work in shoring up the Julia package ecosystem. I've largely leaned on the Debian security team's work thus far; they have the much harder task of supporting 2.16.9 for bullseye (security) and have done great work in bringing that version up to date through CVE-2025-52497. I've re-landed their backport patches against v2.28.10; these can be found on our build tree [1] or my fork [2]: 1. https://github.com/JuliaPackaging/Yggdrasil/tree/54c5a3e8e72899a3a778d8617f… 2. https://github.com/Mbed-TLS/mbedtls/compare/v2.28.10...mbauman:mbedtls:v2.2… Now I'm faced with the daunting prospect of last week's CVE-2025-54764 and CVE-2025-59438. These are *much* larger changesets. Has anyone else begun tackling this? I very much appreciated the guidance that’s included in the advisory itself, but I'm guessing there may be others in our situation... and I came here looking to see if anyone had begun talking about this (or working on it) yet. Best, Matt

7 months, 2 weeks

2
2
0 0

Question regarding mbedtls 3.6.0 conformance to IEC 62351-3:2023

by Tommaso Mancini

Hello, I am writing to you to ask if you have any available documentation you can share regarding mbedtls's conformance to IEC 62351-3:2023. For example: Do you know of any users which have implemented the library in systems that reached IEC 62351-3:2023 certification? Do you have a list of features mapped to the IEC 62351-3:2023 standard requirements? Perhaps a PICS template? Thank you in advance and apologies if this is the wrong channel for this kind of question. Kind Regards, Tommaso Mancini [1741361442716] <mailto:tommaso.mancini@sel-electric.it> Tommaso Mancini SEL S.p.A. R&D Software and Test Engineer Via Amendola 9,11,13,15,17 51035 Lamporecchio (PT) Tel. +39 0573 80051 Fax +39 0573 803110 website: www.sel-electric.com<http://www.sel-electric.com/> e-mail: tommaso.mancini(a)sel-electric.it<mailto:tommaso.mancini@sel-electric.it> <mailto:tommaso.mancini@sel-electric.it>Questo è un messaggio di posta elettronica proveniente da SEL s.p.a. Le informazioni contenut in questa comunicazione sono altamente riservate e possono essere utilizzate solo dalla persona o dall’ente cui sono destinate. La diffusione, distribuzione e/o copiatura del documento trasmesso da parte di qualsiasi soggetto diverso dal destinatario è proibita. Se avete ricevuto questo messaggio per errore, Vi preghiamo di contattarci immediatamente. Grazie. This communication is intended only for use by the addressee. It may contain confidential or privileged information. Transmission cannot be guaranteed to be secure or error-free. If you receive this communication unintentionally, please inform us immediately. Thank you. Per favore, pensa all’ambiente prima di stampare. Please, consider the environment before you print.

7 months, 3 weeks

1
0
0 0

MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED

by Кристиян Ценов

7 months, 3 weeks

1
0
0 0

Re: TrustedFirmware.org - Check for MbedTLS License/Royality fee for commercial usage

by Carina Tsai

To whom it may concern, Our engineering team is using the Mbed TLS library in our wifi range extenders sold on markets and adhere to the licensing terms outlined in the sourcecode and docs. Thanks to Shaun’s guideline, it would be no royalty if we adhere to the licensing terms. Is there any other cost required for us to use the Mbed TLS library in our wifi range extenders, adhering to the licensing terms outlined in the sourcecode and docs? Thank you Carina From: Shaun Longhorn <shaun.longhorn(a)linaro.org<mailto:shaun.longhorn@linaro.org>> Sent: Tuesday, September 30, 2025 7:08 PM To: Ken Chen <Ken.Chen(a)netgear.com<mailto:Ken.Chen@netgear.com>> Cc: enquiries(a)trustedfirmware.org<mailto:enquiries@trustedfirmware.org> Subject: Re: TrustedFirmware.org - Check for MbedTLS License/Royality fee for commercial usage External Email. Be cautious clicking attachments and links. Report suspicious to reportphishing(a)netgear.com<mailto:reportphishing@netgear.com>. Hi Ken, I'm the Community Manager at Trusted Firmware. I can't advise you directly on your licensing situation but I can point you towards the documentation. Mbed TLS is an open source community project and no royalty is required. You must adhere to the licensing terms outlined in the sourcecode and docs: https://github.com/Mbed-TLS/mbedtls?tab=readme-ov-file#license<https://urldefense.com/v3/__https:/github.com/Mbed-TLS/mbedtls?tab=readme-o…> https://mbed-tls.readthedocs.io/en/latest/kb/licensing/<https://urldefense.com/v3/__https:/mbed-tls.readthedocs.io/en/latest/kb/lic…> You can also reach out to the Mbed-TLS community on the following public mailing list. https://lists.trustedfirmware.org/mailman3/lists/mbed-tls.lists.trustedfirm…<https://urldefense.com/v3/__https:/lists.trustedfirmware.org/mailman3/lists…> I should highlight our optional memberships for Trusted Firmware detailed on this page. https://www.trustedfirmware.org/join/<https://urldefense.com/v3/__https:/www.trustedfirmware.org/join/__;!!JNtdCR…> membership has a number of benefits detailed in the slides. It could be beneficial in terms of lab testing and project visibility. If you have an interest we can arrange a call with the Co-Chairs and discuss benefits in more detail. Thanks, Shaun Community Manager On Tue, 30 Sept 2025 at 09:20, 'Ken Chen' via TFenquiries <enquiries(a)trustedfirmware.org<mailto:enquiries@trustedfirmware.org>> wrote: Dear Sir/Madam, I am reaching out to inquire about the licensing terms and any potential royalty fees associated with using the Mbed TLS library in our commercial products. I was unable to find a specific contact point for this type of query. Could you kindly forward this message to the appropriate person or team for further discussion? Thank you for your assistance. Best regards Ken This e-mail, including attachments, may include confidential and/or proprietary information, and may be used only by the person or entity to which it is addressed. If the reader of this e-mail is not the intended recipient or his or her authorized agent, the reader is hereby notified that any dissemination, distribution or copying of this e-mail is prohibited. If you have received this e-mail in error, please notify the sender by replying to this message and delete this e-mail immediately. This e-mail, including attachments, may include confidential and/or proprietary information, and may be used only by the person or entity to which it is addressed. If the reader of this e-mail is not the intended recipient or his or her authorized agent, the reader is hereby notified that any dissemination, distribution or copying of this e-mail is prohibited. If you have received this e-mail in error, please notify the sender by replying to this message and delete this e-mail immediately.

8 months

5
13
0 0

Announcing the joint release of Mbed TLS 4.0.0 & TF-PSA-Crypto 1.0.0

by Minos Galanakis

Hi Mbed TLS users, We’re pleased to announce a major milestone: the joint release of Mbed TLS 4.0.0 and the first-ever TF-PSA-Crypto 1.0.0. Mbed TLS now uses PSA Crypto as the default cryptographic API, and these releases include significant API changes that break backward compatibility with previous versions These releases include significant API changes that break backward compatibility with previous versions, so please test your integration thoroughly and follow the migration guides to update your codebase: https://github.com/Mbed-TLS/mbedtls/blob/mbedtls-4.0.0/docs/4.0-migration-g… https://github.com/Mbed-TLS/TF-PSA-Crypto/blob/v1.0.0/docs/1.0-migration-gu… Full details are available in the release notes: https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-4.0.0 https://github.com/Mbed-TLS/TF-PSA-Crypto/releases/tag/tf-psa-crypto-1.0.0.

8 months, 1 week

1
0
0 0

Mbed TLS 3.6.5 Released

by Minos Galanakis

Hi Mbed TLS users, We have released Mbed TLS version 3.6.5. These releases of Mbed TLS address several security issues, provide bug fixes, and bring other minor changes. Full details are available in the release notes https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.6.5. We recommend all users to consider whether they are impacted, and to upgrade appropriately.

8 months, 1 week

1
0
0 0

Modernizing a ecdh exchange

by Dirk-Willem van Gulik

I am currently doing an ECDH exchange over MQTT (i.e. at the message layer; MQTT is fundamentally `untrusted') - with a bit of out of band work to confirm end to end integrity. That worked nicely (and interoperable with java-bouncy-castle and openssl, etc with: mbedtls_ecp_group_load( &ctx_cli.grp, MBEDTLS_ECP_DP_CURVE25519 ) mbedtls_ecdh_gen_public( &ctx_cli.grp, &ctx_cli.d, &ctx_cli.Q, mbedtls_ctr_drbg_random, &ctr_drbg) mbedtls_mpi_write_binary( &ctx_cli.Q.X, node_publicsession, 32 ) to create the keys and with mbedtls_mpi_lset( &ctx_cli.private_Qp.Z, 1 )) mbedtls_mpi_read_binary( &ctx_cli.private_Qp.X, pubencr_tmp, CURVE259919_KEYLEN)) mbedtls_ecdh_compute_shared( &ctx_cli.grp, &ctx_cli.private_z, &ctx_cli.private_Qp, &ctx_cli.private_d, mbedtls_ctr_drbg_random, &ctr_drbg ) mbedtls_mpi_write_binary( &ctx_cli.private_z, sessionkey, CURVE259919_KEYLEN) to calculate the emphemeral session key. With the mbedtls_ecdh_context going increasingly private; I assume I can change the latter with: mbedtls_ecdh_calc_secret(&ctx_cli, &len_sessionkey, sessionkey, sizeof(sessionkey), mbedtls_ctr_drbg_random, &ctr_drbg) but am struggling to see how I an replace the key generation itself. Is there a similar option that does not look `into' ctx_cli ?? With kind regards, Dw. PS: actual code at https://github.com/MakerSpaceLeiden/AccesSystem/blob/master/lib-arduino/ACN…

8 months, 3 weeks

1
0
0 0

DTLS handshake with and without hello verify request

by Ankita Hatmode

Hi Team, I am working on exploring DTLS handshake using the mbedtls-3.6.4 version on our embedded platform. I enabled the hello verify request feature and got stuck at hello verify request state on server side if I don't reset the ssl context and don't set the client transport ID. I want to know if there is any way to complete a handshake by bypassing the reset of ssl context and setting the client transport ID. Also, our environment only supports C89 constructs. I could not see inttypes.h in the mbedtls-3.6.4, is there any specific reason to remove this file? I am getting compilation errors without inttypes.h and stdint.h. Is there any macro to be enabled to support the c89 compilation in mbedtls stack? Looking forward to your response. Thanks and regards, Ankita Hatmode -- ------------------------------------------------------------------------------------------------------------------------- **Disclaimer:** This email message including any attachments is confidential, and may be privileged and proprietary to Agiliad. If you are not the intended recipient, please notify us immediately by replying to this message and destroy all copies of this message including any attachments. You are NOT authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. Thank you. ------------------------------------------------------------------------------------------------------------------------

9 months, 2 weeks

2
3
0 0

TLS 1.3 and brainpool curves

by Maren Konrad

Dear MbedTLS maintainers, we are already using MBedTLS, however, we recently enabled TLS 1.3 and found that our certificates doesn't work anymore, because they are brainpoolP256r1 (https://datatracker.ietf.org/doc/html/rfc8734). So the question would be, if I missed any configuration to enable the usage of brainpool curves (which are working for TLS 1.2) or if there are any plans, that these are getting supported by MBedTLS 3.6.x? Best regards, Maren Konrad

9 months, 2 weeks

3
2
0 0

TLS handshake error : unexpected eof

by kavitha bk

Hi We migrated from mbedtls 2.28 to mbedtls 3.6.2 https://github.com/Mbed-TLS/mbedtls/tree/107ea89daaefb9867ea9121002fbbdf926… and we see TLS handshake fails when we use TLS 1.2 in mbedtls 3.6.2 instead of 1.3. We get below error 20E094B0FFFF0000:error:0A000126:SSL routines:ssl3_read_n:unexpected eof while reading:/usr/src/debug/openssl/3.1.0-r0/ssl/record/rec_layer_s3.c:303: # openssl s_client -connect 192.168.142.1:7001 -no_tls1_3 fails After seeing the trace we have enabled ciphers but still we see the issue. please advise, thanks. Thanks Kavitha

9 months, 4 weeks

1
0
0 0

psa crypto driver for imx-smw

by kavitha bk

Hi all, We are trying to write a psa crypto driver for imx-smw . They have exposed psa certified public apis https://github.com/nxp-imx/imx-smw/tree/release/version_4.x/public/psa Is there any documentation to replace existing psa implementation to custom psa crypto implementation in mbedtls..Please advise on the approach to follow to call the custom apis to implement based on https://github.com/Mbed-TLS/mbedtls/blob/mbedtls-3.6/docs/psa-driver-exampl… Thanks Kavitha

10 months, 2 weeks

1
0
0 0

Mbed TLS 3.6.4 Released

by Minos Galanakis

Hi Mbed TLS users, We have released Mbed TLS versions 3.6.4. These releases of Mbed TLS address several security issues, provide bug fixes, and bring other minor changes. Full details are available in the release notes (https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.6.4). We recommend all users to consider whether they are impacted, and to upgrade appropriately.

10 months, 3 weeks

2
2
0 0

Credential validation BEFORE first TLS handshake: the present and future of mbedtls_pk_sign/verify()

by Almut Herzog

Hi, Prior to the first TLS handshake our application is required to perform input validation of the provided credentials (from file or smart card) for this peer. One of those checks is to verify that private and public key match. We used to use mbedtls_pk_sign() with a custom mbedtls_pk_context for that. But in version 3.X mbedtls_pk_info_t was made private so mbedtls_pk_setup() with a custom mbedtls_pk_info_t whose sign_func would call into our smart card wrapper is no longer possible. Is there still a way to provide custom callback functions for signing in 3.6.4 somehow? Or any other workaround for early check of a key pair? Looking at 4.0.0-beta, also pk.h is no longer public. Will it still be possible to perform early validation of this peer's credentials prior to a first TLS handshake? How? While I am at it, it would be good to implement something that is future-proof. What else I have looked at: * mbedtls_pk_setup_opaque() might be the way to go but I do not find an example of how to link a key id to a custom signature function. * mbedtls_pk_setup_rsa_alt() would be useful if our application was always using RSA. * Both functions are no longer public in 4.0 Related: Early validation of a CRL (whether it was signed by the expected CA) used to be possible with mbedtls_pk_verify_ext(). But to properly set the input parameters requires access to private members of mbedtls_x509_crl in 3.6.4 (maybe an acceptable move?) but in 4.0.0 mbedtls_pk_verify_ext() is no longer public. How perform explicit/"manual" CRL validation especially given the possibly skipped CRL validation in mbedtls_x509_crt_verify() as per the comment below? "It is your responsibility to provide up-to-date CRLs for all trusted CAs. If no CRL is provided for the CA that was used t sign the certificate, CRL verification is skipped silently..." Any future-proof ideas for this? Best regards, /Almut

10 months, 3 weeks

2
1
0 0

Re: MBed-TLS Technical Forum - Asia

by Gilles Peskine

Hello, Due to holidays, Arm will be unable to host a meeting on 14 July 2025. Slides are available at https://github.com/TrustedFirmwareWebsite/website/pull/652/files#diff-ee947… and will be on the archive web site shortly. Short summary of the past 2 weeks: the 3.6.4 release is out. We are now focusing on the last tasks for the 1.0/4.0 big release at end of Q3. Best regards, -- Gilles Peskine Mbed TLS developer and PSA Crypto architect ________________________________ From: Trusted Firmware Public Meetings Sent: 21 May 2025 14:56 To: Trusted Firmware Public Meetings <linaro.org_havjv2figrh5egaiurb229pd8c(a)group.calendar.google.com>; mbed-tls(a)lists.trustedfirmware.org <mbed-tls(a)lists.trustedfirmware.org>; psa-crypto(a)lists.trustedfirmware.org <psa-crypto(a)lists.trustedfirmware.org> Subject: MBed-TLS Technical Forum - Asia When: 14 July 2025 11:00-11:50. Where: Trusted Firmware is inviting you to a scheduled Zoom meeting. Topic: MBed-TLS Technical Forum - Asia Time: Jun 16, 2025 10:00 AM London Every 4 weeks on Mon, 39 occurrence(s) Please download and import the following iCalendar (.ics) files to your calendar system. Weekly: https://linaro-org.zoom.us/meeting/tJMqcuGuqDotGtIbACm498ytl0ZhydWKdu1b/ics…<https://www.google.com/url?q=https%3A%2F%2Flinaro-org.zoom.us%2Fmeeting%2Ft…> Join Zoom Meeting https://linaro-org.zoom.us/j/97758661706?pwd=baMjUvnWbY20z3ignQca7QVahhozkI…<https://www.google.com/url?q=https%3A%2F%2Flinaro-org.zoom.us%2Fj%2F9775866…> Meeting ID: 977 5866 1706 Passcode: 577208 --- One tap mobile +16892781000,,97758661706# US +17193594580,,97758661706# US --- Dial by your location • +1 689 278 1000 US • +1 719 359 4580 US • +1 253 205 0468 US • +1 253 215 8782 US (Tacoma) • +1 301 715 8592 US (Washington DC) • +1 305 224 1968 US • +1 309 205 3325 US • +1 312 626 6799 US (Chicago) • +1 346 248 7799 US (Houston) • +1 360 209 5623 US • +1 386 347 5053 US • +1 507 473 4847 US • +1 564 217 2000 US • +1 646 558 8656 US (New York) • +1 646 931 3860 US • +1 669 444 9171 US • +1 669 900 9128 US (San Jose) • 833 548 0282 US Toll-free • 833 928 4608 US Toll-free • 833 928 4609 US Toll-free • 833 928 4610 US Toll-free • 877 853 5247 US Toll-free • 888 788 0099 US Toll-free • 833 548 0276 US Toll-free Meeting ID: 977 5866 1706 Find your local number: https://linaro-org.zoom.us/u/acdtApJNbc<https://www.google.com/url?q=https%3A%2F%2Flinaro-org.zoom.us%2Fu%2FacdtApJ…> When Every 4 weeks from 10am to 10:50am on Monday (United Kingdom Time) Guests mbed-tls(a)lists.trustedfirmware.org<mailto:mbed-tls@lists.trustedfirmware.org> psa-crypto(a)lists.trustedfirmware.org<mailto:psa-crypto@lists.trustedfirmware.org> View all guest info<https://calendar.google.com/calendar/event?action=VIEW&eid=NjI4c3NnYjFoZHRh…> RSVP for psa-crypto(a)lists.trustedfirmware.org<mailto:psa-crypto@lists.trustedfirmware.org> for all events in this series Yes<https://calendar.google.com/calendar/event?action=RESPOND&eid=NjI4c3NnYjFoZ…> No<https://calendar.google.com/calendar/event?action=RESPOND&eid=NjI4c3NnYjFoZ…> Maybe<https://calendar.google.com/calendar/event?action=RESPOND&eid=NjI4c3NnYjFoZ…> More options<https://calendar.google.com/calendar/event?action=VIEW&eid=NjI4c3NnYjFoZHRh…> Invitation from Google Calendar<https://calendar.google.com/calendar/> You are receiving this email because you are an attendee on the event. Forwarding this invitation could allow any recipient to send a response to the organizer, be added to the guest list, invite others regardless of their own invitation status, or modify your RSVP. Learn more<https://support.google.com/calendar/answer/37135#forwarding>

11 months, 2 weeks

1
0
0 0

Strategic Financing & Brokerage Collaboration Opportunity

by LIAM GILL

We are pleased to introduce Velositi Consultancy Group, a Finnish-owned brokerage and consultancy firm headquartered in Ontario, Canada. As the exclusive representative of leading financial institutions across Oman, Saudi Arabia, and Dubai, we offer customized financing solutions globally. Through our partners, we provide loan facilities at a competitive 3% annual interest, featuring a 2-year grace period and no physical collateral—a unique offer tailored for today’s business environment. This opportunity is extended especially to recognized business leaders like yourself. Your recent listing by your country’s Chamber of Commerce as “Reliable to do business with” during the Saudi Business Summit highlights the potential for meaningful collaboration. Beyond direct financing, we also welcome broker partnerships for referring businesses in need of funding. We would be pleased to discuss how we can support your growth and financial objectives. Warm regards, Liam Gill Chairman, Business Development Velositi Consultancy Group 300 John Street, Suite 506, Thornhill, ON L3T 6M8, Canada LIAM GILL 300 John Street, Suite 506 , ON , Thornhill , L3T 6M8 Unsubscribe ( https://u45460243.ct.sendgrid.net/wf/unsubscribe?upn=u001.AzuRT3u7SiTsBx5mQ… ) - Unsubscribe Preferences ( https://u45460243.ct.sendgrid.net/wf/unsubscribe?upn=u001.AzuRT3u7SiTsBx5mQ… )

11 months, 2 weeks

1
0
0 0

Mbed TLS 4.0.0-beta & TF-PSA-Crypto 1.0.0-beta releases.

by Minos Galanakis

I am happy to announce the joint-release of Mbed TLS 4.0.0-beta & TF-PSA-Crypto 1.0.0-beta PSA-Crypto now lives in its own repository while TLS and X.509 remain in Mbed TLS. This beta release breaks compatibility with earlier versions of Mbed TLS. Please do not use it in production. It’s intended for the community to verify codebase integrations against the split and API changes, and for early adopters to experiment and provide feedback. For full details, please see the release pages: Mbed TLS 4.0.0-beta: https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-4.0.0-beta TF-PSA-Crypto 1.0.0-beta: https://github.com/Mbed-TLS/TF-PSA-Crypto/releases/tag/tf-psa-crypto-1.0.0-…

11 months, 3 weeks

1
0
0 0

[Mbed-tls-announce] Mbed TLS 4.0.0-beta & TF-PSA-Crypto 1.0.0-beta

by Minos Galanakis via Mbed-tls-announce

I am happy to announce the joint-release of Mbed TLS 4.0.0-beta & TF-PSA-Crypto 1.0.0-beta PSA-Crypto now lives in its own repository while TLS and X.509 remain in Mbed TLS. This beta release breaks compatibility with earlier versions of Mbed TLS. Please do not use it in production. It’s intended for the community to verify codebase integrations against the split and API changes, and for early adopters to experiment and provide feedback. For full details, please see the release pages: Mbed TLS 4.0.0-beta: https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-4.0.0-beta TF-PSA-Crypto 1.0.0-beta: https://github.com/Mbed-TLS/TF-PSA-Crypto/releases/tag/tf-psa-crypto-1.0.0-… IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. -- Mbed-tls-announce mailing list -- mbed-tls-announce(a)lists.trustedfirmware.org To unsubscribe send an email to mbed-tls-announce-leave(a)lists.trustedfirmware.org

11 months, 3 weeks

1
0
0 0

[Mbed-tls-announce] Mbed TLS 3.6.4 Released

by Minos Galanakis via Mbed-tls-announce

Hi Mbed TLS users, We have released Mbed TLS versions 3.6.4. These releases of Mbed TLS address several security issues, provide bug fixes, and bring other minor changes. Full details are available in the release notes (https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.6.4). We recommend all users to consider whether they are impacted, and to upgrade appropriately. IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. -- Mbed-tls-announce mailing list -- mbed-tls-announce(a)lists.trustedfirmware.org To unsubscribe send an email to mbed-tls-announce-leave(a)lists.trustedfirmware.org

11 months, 3 weeks

1
0
0 0

imx-secure-enclave with mbedtls 2.28.9

by kavitha bk

Hi We are using mbedtls 2.28.9 and want to offload crypto operations to HSM from NXP imx-secure-enclave. is the below approach correct or please suggest alternate approaches if any? 1.Transition all apis from traditional apis to psa in modules Use PSA crypto module https://github.com/Mbed-TLS/mbedtls/blob/development/docs/psa-transition.md 2. Integrate PSA module with imx-secure-enclave in our custom mbedtls 3. All modules will use custom mbedtls which will internally offload crypto operations to HSM or Do you recommend to use MBEDTLS_PK_RSA_ALT_SUPPORT? and implement the key creation/signing/export of public key operations ? Thanks, Kavitha

1 year

2
2
0 0

2026

2025

2024

2023

2022

2021

2020

mbed-tls