doc: update migration guide with mesh versions incompatibility

alxelax · kartben · commit 5e235bbf88fa · 2025-02-06T21:13:31.000+01:00
Commit adds description of key representation incompatibility
for mesh images built with different crypto libraries.

Signed-off-by: Aleksandr Khromykh &lt;aleksandr.khromykh@nordicsemi.no&gt;
diff --git a/doc/connectivity/bluetooth/api/mesh/dfu.rst b/doc/connectivity/bluetooth/api/mesh/dfu.rst
@@ -212,9 +212,10 @@ re-provisioned. The complete list of available options is defined in :c:enum:`bt
    provisioning. In this case, the device stays provisioned and the new composition data takes place
    after re-provisioning using the Remote Provisioning models.
 :c:enumerator:`BT_MESH_DFU_EFFECT_UNPROV`
-  This effect is chosen if the composition data in the new firmware changes, the device doesn't
+  This effect is chosen if the composition data in the new firmware changes, the device does not
   support the remote provisioning, and the new composition data takes effect after applying the
-  firmware.
+  firmware. The effect can also be chosen, if it is necessary to unprovision the device for
+  application-specific reasons.
 
 When the Target node receives the Firmware Update Firmware Metadata Check message, the Firmware
 Update Server model calls the :c:member:`bt_mesh_dfu_srv_cb.check` callback, the application can
diff --git a/doc/releases/migration-guide-4.1.rst b/doc/releases/migration-guide-4.1.rst
@@ -485,6 +485,16 @@ Bluetooth Mesh
   set as deprecated. Default option for platforms that do not support TF-M
   is :kconfig:option:`CONFIG_BT_MESH_USES_MBEDTLS_PSA`.
 
+* Mesh key representations are not backward compatible if images are built with TinyCrypt and
+  crypto libraries based on the PSA API. Mesh no longer stores the key values for those crypto
+  libraries. The crypto library stores the keys in the internal trusted storage.
+  If a provisioned device is going to update its image that was built with
+  the :kconfig:option:`CONFIG_BT_MESH_USES_TINYCRYPT` Kconfig option set on an image
+  that was built with :kconfig:option:`CONFIG_BT_MESH_USES_MBEDTLS_PSA` or
+  :kconfig:option:`CONFIG_BT_MESH_USES_TFM_PSA` without erasing the persistent area,
+  it should be unprovisioned first and reprovisioned after update again.
+  If the image is changed over Mesh DFU, use :c:enumerator:`BT_MESH_DFU_EFFECT_UNPROV`.
+
 * Mesh explicitly depends on the Secure Storage subsystem if storing into
   non-volatile memory (:kconfig:option:`CONFIG_BT_SETTINGS`) is enabled and
   Mbed TLS library (:kconfig:option:`CONFIG_BT_MESH_USES_MBEDTLS_PSA`) is used.
