This document is mainly about a plan that was driven by backward
compatibility constraints that no longer exist in 4.0.
Although some of it is still of interest to explain why 4.0 is the way
it is (and more complicated than one would expect based on the APIs that
are left in 4.0). But for this it should suffice to consult earlier
versions and does not worth to maintain it.
Signed-off-by: Janos Follath <janos.follath@arm.com>
Some sentences or paragraphs became confusing or meaningless after
removing USE_PSA and only fixing the local context/semantics.
Fix the semantics where needed and remove parts that became meaningless.
Signed-off-by: Janos Follath <janos.follath@arm.com>
The original purpose of this document was to answer the following
question in more detail than the documentation of MBEDTLS_USE_PSA_CRYPTO
in config.h: as a user, what do I gain and lose if I enable
MBEDTLS_USE_PSA_CRYPTO? This question is no longer relevant.
- General considerations section: not relevant as mentioned above
- New APIs/API extensions: these are not new or extensions anymore.
Also, for detailed information this section refers to the API
documentation, which contains all the information the user needs.
- Internal changes: these are discussed in detail in
docs/architecture/psa-migration/psa-limitations.md.
Signed-off-by: Janos Follath <janos.follath@arm.com>
This is an architecture document focusing on how PSA APIs can be mixed
with non-PSA APIs, notably including PK (and in fact, it's mostly about
PK, since we didn't identify work to be done in other areas). It is not
really relevant in 4.0/1.0, where the goals will be different — to do
without low-level legacy APIs.
Signed-off-by: Janos Follath <janos.follath@arm.com>
This is an architecture document focusing on how parts of the code base
can accommodate both builds with PSA crypto disabled and builds with
driver-only mechanisms. Going forward, this coexistence is no longer
relevant.
The document does explain why some parts of md and cipher are the way
they are. In the future, we'll want to remove legacy code paths and keep
only the PSA code paths. But for that, it isn't particularly useful to
know how the dual code paths came about, or what constraints they had to
obey. Those constraints no longer apply.
Signed-off-by: Janos Follath <janos.follath@arm.com>
MBED_TLS_USE_PSA_CRYPTO is now always enabled we need to remove
documentation discussing cases when it is disabled.
Signed-off-by: Janos Follath <janos.follath@arm.com>
MBED_TLS_USE_PSA_CRYPTO is now always enabled we need to remove
documentation discussing cases when it is disabled.
The goal is not to update the document, only to remove
MBED_TLS_USE_PSA_CRYPTO, while making a minimal local context of the
occurrance up to date and sensible.
Signed-off-by: Janos Follath <janos.follath@arm.com>
This document is describes the testing strategy for the
`MBEDTLS_USE_PSA_CRYPTO` option. This option is now always on, can't be
disabled and the corresponding behaviour is the only library behaviour.
Signed-off-by: Janos Follath <janos.follath@arm.com>
MBED_TLS_USE_PSA_CRYPTO is now always enabled we need to remove
documentation discussing cases when it is disabled.
Signed-off-by: Janos Follath <janos.follath@arm.com>
MBED_TLS_USE_PSA_CRYPTO is now always enabled we need to remove
documentation discussing cases when it is disabled.
Signed-off-by: Janos Follath <janos.follath@arm.com>
Move the docuumentation files that after
the split will fit better in TF-PSA-Crypto
than Mbed TLS. No comment update.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit, moves configuration entries that were not present
during the design-review.
It also updates the proposal accordingly.
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
config_test_driver.h and
crypto_config_test_driver_extension.h are
configuration files thus they better fit in
mbedtls branches than in the framework.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
These were accidentally documented incorrectly in the PSA shared memory
documentation due to a global find and replace.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Remove the configuration option MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED and all
code guarded by it. This remove support for the RSA-PSK key exchange in TLS
1.2.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Rename MBEDTLS_PSA_CRYPTO_(USER_)CONFIG_FILE to
TF_PSA_CRYPTO_(USER_)CONFIG_FILE as we rename
crypto_config.h to tf_psa_crypto_config.h.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Re-organize "Mbed TLS modules" and "Module configuration options"
into "X.509 feature selection" and "TLS feature selection" for
better alignment with tf_psa_crypto_config.h.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Re-order mbedtls_config.h sections for
the order to be more aligned with the
tf_psa_crypto_config.h one.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
