Hi Archanaa, the ability for a user of Mbed TLS to use its own implementation of PSA Crypto API and not the TF-PSA-Crypto is not in scope for the second half of 2024. It is something we want to eventually support though (not planned yet as far as I know). Another possibility for a crypto hardware is to not implement the PSA Crypto API for it but the PSA Crypto driver interface and we have already reasonable support for that.

 

Thanks, Ronald.

 

From: S Krishnan, Archanaa via mbed-tls <mbed-tls@lists.trustedfirmware.org>
Sent: Monday, October 30, 2023 6:43 PM
To: mbed-tls@lists.trustedfirmware.org
Subject: [mbed-tls] Re: TF-PSA-Crypto publication

 

Also, sending to mbedtls forum.

 

From: S Krishnan, Archanaa
Sent: Monday, October 30, 2023 9:18 AM
To: 'Ronald Cron' <Ronald.Cron@arm.com>
Subject: RE: TF-PSA-Crypto publication

 

Hi Ronald,

 

Thank you for the announcement.

 

According to the roadmap, https://mbed-tls.readthedocs.io/en/latest/project/roadmap/, mbedTLS is expected to use the PSA API repository in the second half of 2024.

 

When that happens, will a user have the option to either choose PSA Crypto API implementation from TF-PSA-Crypto repo vs their own custom repo? I.e., if I have my own implementation of PSA Crypto API for a crypto hardware, will I be able to use it with mbedTLS in place of the TF-PSA-Crypto repository?

 

Please let me know if there is any documentation about the same that I can refer to in mbedTLS repo.

 

Regards,
Archanaa

 

From: Ronald Cron via mbed-tls <mbed-tls@lists.trustedfirmware.org>
Sent: Friday, October 13, 2023 8:06 AM
To: mbed-tls@lists.trustedfirmware.org
Subject: [EXTERNAL] [mbed-tls] TF-PSA-Crypto publication

 

We are happy to announce the publication in GitHub of the TF-PSA-Crypto repository: https://github.com/Mbed-TLS/TF-PSA-Crypto.

 

The TF-PSA-Crypto repository provides an implementation of the PSA Cryptography API (https://arm-software.github.io/psa-api). This encompasses the on-going extensions to the PSA Cryptography API (e.g. PAKE). The PSA Cryptography API implementation is organized around the PSA Cryptography driver interface aiming to ease the support of cryptographic accelerators and processors.

 

This is a significant milestone on the journey to split the PSA Cryptography API implementation and its development out of the Mbed TLS repository into TF-PSA-Crypto. This is early days though and the TF-PSA-Crypto repository should be considered as a prototype: it is read-only and mostly a mirror of the PSA Cryptography API implementation of Mbed TLS. But we believe it is a good illustration of what we are aiming at.

 

Thanks, Ronald Cron on behalf of the Mbed TLS team.