Dear all,
Please find below the minute of the meeting for yesterday’s TSC; also the presentation is attached.
Attendance:
Shebu
Joanna
David
Janos
Antonio
Eric Finco
Andrew Davis
Julius Werner
PJ Bringer
Dominik Ermel
David Brown
Frank AK
Michael T
Agenda:
* TF-PSA-Crypto / Mbed TLS roadmap update [Shebu]
*
Zephyr’s release timeline and sync with dependency projects (TF-M, Mbed TLS, TF-PSA-Crypto) [David B]
[Shebu] TF-PSA-Crypto release and split happened in 2025, April 2026 targeting for first TLSs to be integrated with TF-M
PSA Crypto APIs are now the default APIs
PQC algorithms: After NIST ha standardised, we’re looking into how to enable PQC into PSA Crypto. First step is ML-DSA; start with mldsa-native from PQCAlliance. Fork and integrate through the PSA Crypto drivers interface ML-DSA-87 initially only. PSA API in the work. TF-M will pick it up as soon it is available. Then look into ML-KEM. Hopefully it will be adopted widely
[David B] What’s the timeline? PR already open, driven by Gilles. Integration in drivers first; might not make it into the LTS but should available by April; Then PSA APIs support will happen towards end of Q2
[Shebu] Appreciate any feedback upstream
[Shebu] Arm Bug Bounty project has been rolled out. Lot of interest and traction; Several submissions and security incidents reported.
[Shebu] tf-psa-crypto-drivers interest from partners to maintainer vendor drivers; Mbed TLS or TF-PSA-Crypto doesn’t maintain drivers because there is no way for testing. CryptoCell goes first
[Shebu] Additional maintainer from the community: Valerio Setti from Baylibre contracted by Nordic Semiconductor. First maintainer from non-Arm. Hopefully sets a good precedence for more contributors to be involved in the project, for example security engineer from partner companies doing more reviews as Mbed TLS / TF-PSA-Crypto is always scarce on review bandwidth.
[Frank AK] NXP requests on driver API change for KDF. Oberon has a proposal, our understanding is that Oberon has intention to push that proposal on PSA API Github after following up on discussion on Discord, Andrew T happy to review the proposal so at the moment we’re waiting for Oberon to push the proposal. Also we are happy to have partner companies, implement those APIs based on the Oberon proposal
[Frank AK] The proposal is still limited to non-opaque keys, so this needs more discussion towards either NXP or Arm to complete / fulfill the discussion.
[Shebu] The first step would be to wait for Andrew T come back from holiday, wait for push, and then discuss on Github and the tf-psa-crypto-drivers working group; Janos agrees on discussion for the tech aspects in that, then feedback into API proposal to finalise the API submission
[Janos] On Security issues and Reviews: new bug bounty program resulted in quite a number of vulnerabilities, some of them have merit, a lot of analysis and bandwidth consumption for the team; Think AI tools are helping to submit more vulnerability reports. As a comparison, previously we were getting 1-3 reports, last week only we got 5. Non-negligible time for the maintainers to review, not very predictable. Can affect delivery times overall.
[Janos] OSTIF Audit offered to us and decided to go through with it
[Janos] Process to support community members to become trusted reviewers. Likely being a trusted reviewers is a pre-requisite to push features that are not on the roadmap, community-driven. Power that can be use
Thanks,
Antonio
Sent from Outlook for Mac
Dear all,
we are restarting the TSC meetings from tomorrow with the roadmap updates. @Shebu Varghese Kuriakose<mailto:Shebu.VargheseKuriakose@arm.com> and @Janos Follath<mailto:Janos.Follath@arm.com> will give an update on the TF-PSA-Crypto / Mbed TLS projects roadmaps.
Agenda:
*
TF-PSA-Crypto / Mbed TLS projects roadmap updates
*
Any other business
Please reply to this email if you want to add a topic to discuss for the meeting.
Thanks,
Antonio
