Hi Ronan,

yes that is a good point. We should really remove that option from mainline completely as there support for MCUBOOT_USE_MBED_TLS is not available anymore since the move to TF-PSA-Crypto.

Thanks,

Antonio

Sent from Outlook for Mac

From: Ronan GABOU via TF-M <tf-m@lists.trustedfirmware.org>
Date: Monday, 9 February 2026 at 16:22
To: Bohdan.Hunko--- via TF-M <tf-m@lists.trustedfirmware.org>
Subject: [TF-M] MCUBOOT_USE_PSA_CRYPTO : default value

Hello,

As latest TFM version now supports MbedTLS 4.0 which use TF PSA CRYPTO (I understood only PSA API are available and no more mbed API)

Don’t you think that the default value for MCUBOOT_USE_PSA_CRYPTO in file : \trusted-firmware-m\bl2\ext\mcuboot\mcuboot_default_config.cmake should be ON instead of OFF ?

Thank you.

Ronan,

Shape, rectangle

Description automatically generated

Ronan GABOU

MDRF / Embedded Processing / General Purpose and Automotive MCU / Ecosystem / Security

STMicroelectronics

134 avenue Aristide Briand, 92120 Montrouge, France

This communication is confidential and intended solely for the addressee(s). If you are not the intended

recipient, you should not review, retain, copy or distribute the e-mail itself or the information it contains.

In such case, we kindly request you notify the sender by replying to this transmission and delete the

message without disclosing it. Thank you!

ST online: www.st.com