From 263b6925a26e8b011a5cff0c94d36047d8f3fcf9 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 13 Sep 2023 13:14:43 +0200 Subject: [PATCH] The PSA implementation is production-quality This has been the case for a while, but we forgot to update the readme. Don't prominently label it a "reference" implementation. That implies that it's a complete implementation, but it isn't: we do not intend to implement every mechanism that the PSA specification has an encoding for. That also tends to imply that it's for demonstration purposes and not ready for production, but Mbed TLS is intended to be used in production. Signed-off-by: Gilles Peskine --- README.md | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index d731d4ba02..d1cf0c2e2e 100644 --- a/README.md +++ b/README.md @@ -1,9 +1,7 @@ README for Mbed TLS =================== -Mbed TLS is a C library that implements cryptographic primitives, X.509 certificate manipulation and the SSL/TLS and DTLS protocols. Its small code footprint makes it suitable for embedded systems. - -Mbed TLS includes a reference implementation of the [PSA Cryptography API](#psa-cryptography-api). This is currently a preview for evaluation purposes only. +Mbed TLS is a C library that implements cryptographic primitives (including the [PSA Cryptography API](#psa-cryptography-api)), X.509 certificate manipulation and the SSL/TLS and DTLS protocols. Its small code footprint makes it suitable for embedded systems. Configuration ------------- @@ -298,8 +296,7 @@ Arm welcomes feedback on the design of the API. If you think something could be ### PSA implementation in Mbed TLS -Mbed TLS includes a reference implementation of the PSA Cryptography API. -However, it does not aim to implement the whole specification; in particular it does not implement all the algorithms. +Mbed TLS includes an implementation of the PSA Cryptography API. It covers most, but not all algorithms. The X.509 and TLS code can use PSA cryptography for most operations. To enable this support, activate the compilation option `MBEDTLS_USE_PSA_CRYPTO` in `mbedtls_config.h`. Note that TLS 1.3 uses PSA cryptography for most operations regardless of this option. See `docs/use-psa-crypto.md` for details.