Hi TF-A LTS maintainers,
FYI Mbed TLS project released a minor version with 2 security fixes. See the release notes here: https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.7
I believe TF-A is not affected by any of these 2 security issues. To the best of my knowledge:
* Private key RSA operations are only used for asymmetric-key decryption. In most cases, TF-A does not decrypt anything, it only verifies boot signatures, which rather involves RSA *public* key operations.
There is the case of the firmware decryption feature (see `ENCRYPT_FW` build option and associated code & doc) but this uses AES-GCM, not RSA.
* TF-A does not modify boot certificates (so no X.509 extensions modifications), it only consumes them.
Best regards, Sandrine IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.