Skip to content

subsys: mgmt: updatehub: remove support for legacy Mbed TLS crypto #97614

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Oct 20, 2025
Merged

subsys: mgmt: updatehub: remove support for legacy Mbed TLS crypto #97614

merged 4 commits into from
Oct 20, 2025
+31 −72

Conversation

valeriosetti
Copy link
Contributor

The long-term goal of Zephyr is to rely exclusively on PSA Crypto API to get crypto support. In parallel Mbed TLS is removing legacy crypto support from the upcoming release (v.4.0).
This PR removes usage of legacy crypto from UpdateHub, updates test and migration-guide documentation.

@zephyrbot zephyrbot added area: Samples Samples Release Notes To be mentioned in the release notes area: UpdateHub UpdateHub labels Oct 15, 2025
maass-hamburg
maass-hamburg reviewed Oct 15, 2025
View reviewed changes
@valeriosetti valeriosetti force-pushed the updatehub-remove-legacy-crypto branch from f0d3c90 to 9e008eb Compare October 15, 2025 12:15
jhedberg
jhedberg previously approved these changes Oct 15, 2025
View reviewed changes
maass-hamburg
maass-hamburg previously approved these changes Oct 15, 2025
View reviewed changes
@valeriosetti valeriosetti dismissed stale reviews from maass-hamburg and jhedberg via 48d9e67 October 17, 2025 11:31
@valeriosetti valeriosetti force-pushed the updatehub-remove-legacy-crypto branch from 9e008eb to 48d9e67 Compare October 17, 2025 11:31
@valeriosetti
mgmt: updatehub: remove legacy Mbed TLS crypto support
91b1ae8 
The long-term Zephyr's goal is rely only on PSA Crypto API for crypto
support in Zephyr and at the same time Mbed TLS will remove this support
from the next release.

Therefore this commit removes usage of legacy crypto hash support from
updatehub.

Signed-off-by: Valerio Setti <[email protected]>
@valeriosetti valeriosetti force-pushed the updatehub-remove-legacy-crypto branch from 48d9e67 to 5b28986 Compare October 17, 2025 11:32
@valeriosetti
Copy link
Contributor Author

The double force push is intentional:

  1. rebase on main to benefit from merging of modules: mbedtls: add helper Kconfig PSA_CRYPTO #96415
  2. take advantage of the PSA_CRYPTO Kconfig introduced with that PR

maass-hamburg
maass-hamburg previously approved these changes Oct 17, 2025
View reviewed changes
@valeriosetti valeriosetti requested a review from jhedberg October 17, 2025 11:40
jhedberg
jhedberg previously approved these changes Oct 17, 2025
View reviewed changes
tomi-font
tomi-font requested changes Oct 20, 2025
View reviewed changes
@valeriosetti
mgmt: updatehub: simplify code
c83713a 
Following the removal of legacy crypto support the code could be further
simplified so this commit accomplish to this part.

Signed-off-by: Valerio Setti <[email protected]>
@valeriosetti
samples: subsys: updatehub: remove PSA overlay and test case
396d72d 
Updatehub now only use PSA Crypto API for crypto support and it
automatically enables Mbed TLS when TF-M is not available in the build,
so there is no need for neither a specific test case for PSA nor
the overlay file.

Signed-off-by: Valerio Setti <[email protected]>
@valeriosetti valeriosetti dismissed stale reviews from jhedberg and maass-hamburg via f716bfc October 20, 2025 10:34
@valeriosetti valeriosetti force-pushed the updatehub-remove-legacy-crypto branch from 5b28986 to f716bfc Compare October 20, 2025 10:34
@valeriosetti valeriosetti mentioned this pull request Oct 20, 2025
Open
maass-hamburg
maass-hamburg previously approved these changes Oct 20, 2025
View reviewed changes
tomi-font
tomi-font previously approved these changes Oct 20, 2025
View reviewed changes
doc/releases/migration-guide-4.3.rst Outdated
Comment on lines 356 to 357
cases. :kconfig:option:`CONFIG_UPDATEHUB` will automatically enable Mbed TLS PSA Crypto
implemementation if TF-M is not enabled in the build.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
cases. :kconfig:option:`CONFIG_UPDATEHUB` will automatically enable Mbed TLS PSA Crypto
implemementation if TF-M is not enabled in the build.
cases. :kconfig:option:`CONFIG_UPDATEHUB` will automatically enable Mbed TLS's PSA Crypto
implemementation if TF-M is not enabled in the build.

or

Suggested change
cases. :kconfig:option:`CONFIG_UPDATEHUB` will automatically enable Mbed TLS PSA Crypto
implemementation if TF-M is not enabled in the build.
cases. :kconfig:option:`CONFIG_UPDATEHUB` will automatically enable the Mbed TLS implementation of PSA Crypto
if TF-M is not enabled in the build.

@valeriosetti
doc: migration-guide: add note for changes in UpdateHub
f54ba07 
Add a note about the removal of legacy Mbed TLS crypto support from
UpdateHub.

Signed-off-by: Valerio Setti <[email protected]>
@valeriosetti valeriosetti dismissed stale reviews from tomi-font and maass-hamburg via f54ba07 October 20, 2025 11:15
@valeriosetti valeriosetti force-pushed the updatehub-remove-legacy-crypto branch from f716bfc to f54ba07 Compare October 20, 2025 11:15
@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@nandojve nandojve added this to the v4.3.0 milestone Oct 20, 2025
nandojve
nandojve approved these changes Oct 20, 2025
View reviewed changes
Copy link
Member

@nandojve nandojve left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you @valeriosetti for the update.

@nashif nashif merged commit fe1ff7f into zephyrproject-rtos:main Oct 20, 2025
26 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nandojve nandojve nandojve approved these changes

@maass-hamburg maass-hamburg maass-hamburg approved these changes

@cfriedt cfriedt Awaiting requested review from cfriedt

@JarmouniA JarmouniA Awaiting requested review from JarmouniA

@kartben kartben Awaiting requested review from kartben

@nashif nashif Awaiting requested review from nashif

@jhedberg jhedberg Awaiting requested review from jhedberg

@tomi-font tomi-font Awaiting requested review from tomi-font

Assignees

@nandojve nandojve

Labels

area: Samples Samples area: UpdateHub UpdateHub Release Notes To be mentioned in the release notes

Projects

None yet

Milestone

v4.3.0

Development

Successfully merging this pull request may close these issues.

7 participants

@valeriosetti @jhedberg @nandojve @maass-hamburg @tomi-font @nashif @zephyrbot