Hello,

PSA is indeed Platform Security Architecture. Mbed TLS can be used to implement the cryptographic mechanisms in a PSA platform. The PSA specifications include a cryptography API, and “PSA” in Mbed TLS refers to this API. The PSA cryptography API is the “modern” API of Mbed TLS for cryptography, and the next major version of Mbed TLS will remove many non-PSA cryptography APIs.

Merely enabling PSA API support does not change anything with respect to security. Using the PSA API rather than the legacy API makes no direct difference for security, but PSA APIs have indirect advantages. One advantage is that PSA APIs allow more isolation (e.g. separating the TLS stack and the cryptographic primitives in different processes/partitions/worlds, using keys in a secure element); this is only an advantage if your platform uses this capability. Another advantage of PSA APIs is that they are more protected against accidental misuse (e.g. if an output buffer is too small, you'll get an error, not a buffer overflow like some legacy APIs).

Best regards,

--
Gilles Peskine
Mbed TLS developer and PSA Crypto architect

On 18/03/2024 15:14, Satya Prakash Prasad via mbed-tls wrote:
Hi,

Please provide the details as requested : features of PSA in MbedTLS.
I found this
related document -
https://mbed-tls.readthedocs.io/en/latest/getting_started/psa/.

Is PSA related to Platform Security Architecture or is related to TLS security?

How will the inclusion and non-inclusion of PSA will differ in terms
of security?

Regards,
Prakash

On Sun, Mar 17, 2024 at 10:02 AM Satya Prakash Prasad
<satyaprakash.developer.unix@gmail.com> wrote:

Hi,

Can someone please let me know features of PSA in MbedTLS. I found this
related document -
https://mbed-tls.readthedocs.io/en/latest/getting_started/psa/.

Is PSA related to Platform Security Architecture or is related to TLS security?

How will the inclusion and non-inclusion of PSA will differ in terms
of security?

Regards,
Prakash

On Sat, Mar 16, 2024 at 10:59 AM Satya Prakash Prasad
<satyaprakash.developer.unix@gmail.com> wrote:

Hi,

Please also let me know the features of PSA in MbedTLS. I found this
related document -
https://mbed-tls.readthedocs.io/en/latest/getting_started/psa/.

Is PSA related to Platform Security Architecture or is related to TLS security?

How will the inclusion and non-inclusion of PSA will differ in terms
of security?

Thanks in advance.

Regards,
Prakash