Skip to content

Conversation

valeriosetti
Copy link
Contributor

The long-term goal of the Zephyr project is to rely exclusively on PSA Crypto API for the crypto support. In parallel Mbed TLS is going to remove legacy crypto support from the next (4.0) release.

Therefore this PR deprecates CONFIG_FLASH_AREA_CHECK_INTEGRITY_MBEDTLS and it also updates the migration guide document about this change.

@zephyrbot zephyrbot added area: Storage Storage subsystem Release Notes To be mentioned in the release notes labels Oct 15, 2025
@valeriosetti valeriosetti force-pushed the flash-map-deprecate-legacy-crypto branch from 000762e to c86ad3d Compare October 15, 2025 10:31

config FLASH_AREA_CHECK_INTEGRITY_PSA
bool "Use PSA"
select PSA_WANT_ALG_SHA_256
select MBEDTLS if !BUILD_WITH_TFM
select MBEDTLS_PSA_CRYPTO_C if !BUILD_WITH_TFM
select PSA_WANT_ALG_SHA_256 if !BUILD_WITH_TFM
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

there is already a select PSA_WANT_ALG_SHA_256 before

@valeriosetti valeriosetti force-pushed the flash-map-deprecate-legacy-crypto branch from c86ad3d to 2259aec Compare October 15, 2025 12:16
help
Use the PSA API to perform the integrity check.

config FLASH_AREA_CHECK_INTEGRITY_MBEDTLS
bool "Use Mbed TLS"
bool "[DEPRECATED] Use Mbed TLS"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there some existing guidance on how "[DEPRECATED]" should be formatted in the Kconfig description? It seems like it's more common to put it at the end of the string rather than the beginning:

❯ git grep '"\[DEPRECATED\] '|wc -l
       3
❯ git grep ' \[DEPRECATED\]"'|wc -l
      15

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

at the end seems better

@valeriosetti valeriosetti force-pushed the flash-map-deprecate-legacy-crypto branch from 2259aec to 00228e5 Compare October 16, 2025 13:53
@valeriosetti valeriosetti requested a review from jhedberg October 16, 2025 13:53
maass-hamburg
maass-hamburg previously approved these changes Oct 16, 2025
@valeriosetti valeriosetti force-pushed the flash-map-deprecate-legacy-crypto branch from 00228e5 to 8310309 Compare October 17, 2025 11:17
The long-term goal of the Zephyr project is to rely exclusively on PSA
Crypto API for the crypto support. In parallel Mbed TLS is going to remove
legacy crypto support from the next (4.0) release.

Therefore this commit deprecates CONFIG_FLASH_AREA_CHECK_INTEGRITY_MBEDTLS
and it also updates the migration guide document about this change.

Signed-off-by: Valerio Setti <[email protected]>
@valeriosetti
Copy link
Contributor Author

The double force push is intentional:

  1. rebase on main to benefit from merging of modules: mbedtls: add helper Kconfig PSA_CRYPTO #96415. No code change was done in this rebase.
  2. take advantage of the PSA_CRYPTO Kconfig introduced with that PR

Copy link

@cfriedt cfriedt merged commit 4ecb6d3 into zephyrproject-rtos:main Oct 20, 2025
26 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

area: Storage Storage subsystem Release Notes To be mentioned in the release notes

Projects

None yet

Development

Successfully merging this pull request may close these issues.

5 participants