mcu-tools · d3zd3z · Apr 27, 2026 · Apr 23, 2026 · Apr 23, 2026 · Apr 23, 2026
@@ -16,7 +16,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        python-version: ["3.8", "3.9", "3.10", "3.11", "3.12", "3.13", "3.14", "pypy3.9", "pypy3.10", "pypy3.11"]
+        python-version: ["3.8", "3.9", "3.10", "3.11", "3.12", "3.13", "3.14", "pypy3.11"]
     steps:
     - uses: actions/checkout@v6
     - name: Set up Python ${{ matrix.python-version }}

@@ -46,6 +46,28 @@ jobs:
         - "sig-ecdsa hw-rollback-protection multiimage"
         - "sig-ecdsa-psa,sig-ecdsa-psa sig-p384,sig-ecdsa-psa swap-move bootstrap max-align-16"
         - "sig-ecdsa-psa enc-ec256 max-align-16, sig-ecdsa-psa enc-ec256 swap-offset validate-primary-slot max-align-16"
+        # Same set, routed through Mbed TLS 4.1 via the mbedtls-v4
+        # feature. These mirror the 3.6 path above and should behave
+        # identically — the crypto config is the same shape (ECDSA
+        # P-256/P-384 + SHA-256).
+        - "sig-ecdsa-psa mbedtls-v4,sig-ecdsa-psa sig-p384 mbedtls-v4,sig-ecdsa-psa swap-move bootstrap max-align-16 mbedtls-v4"
+        # Orthogonal feature combinations untested on the 3.6
+        # sig-ecdsa-psa path but expected to work — swap/align/
+        # multiimage/validate don't touch crypto. Good shakedown for
+        # the CMake-driven build surface.
+        - "sig-ecdsa-psa swap-offset mbedtls-v4,sig-ecdsa-psa validate-primary-slot mbedtls-v4,sig-ecdsa-psa overwrite-only mbedtls-v4,sig-ecdsa-psa multiimage mbedtls-v4"
+        # Reset/XIP/rollback combinations. Higher risk of surfacing
+        # PSA-specific assumptions baked into these code paths; run
+        # and triage.
+        - "sig-ecdsa-psa ram-load mbedtls-v4,sig-ecdsa-psa direct-xip mbedtls-v4,sig-ecdsa-psa overwrite-only downgrade-prevention mbedtls-v4,sig-ecdsa-psa hw-rollback-protection multiimage mbedtls-v4"
+        # Genuine PSA encryption via encrypted_psa.c (vs. the 3.6
+        # stub path above, which leaves PSA init as a no-op and uses
+        # TinyCrypt). Mirrors the 3.6 enc-ec256 row.
+        - "sig-ecdsa-psa enc-ec256 mbedtls-v4,sig-ecdsa-psa enc-ec256 swap-offset validate-primary-slot max-align-16 mbedtls-v4"
+        # AES-256 variant. Same ECIES-P256 machinery, larger
+        # BOOT_ENC_KEY_SIZE. PSA_KEY_TYPE_AES covers all AES key
+        # sizes so no config delta.
+        - "sig-ecdsa-psa enc-aes256-ec256 mbedtls-v4,sig-ecdsa-psa enc-aes256-ec256 swap-offset validate-primary-slot max-align-16 mbedtls-v4"
         - "ram-load enc-aes256-kw multiimage"
         - "ram-load enc-aes256-kw sig-ecdsa-mbedtls multiimage"
     runs-on: ubuntu-latest

@@ -1,5 +1,5 @@
 [submodule "sim/mbedtls"]
-	path = ext/mbedtls
+	path = ext/mbedtls-3.6.0
 	url = https://github.com/ARMmbed/mbedtls
 [submodule "boot/cypress/libs/mtb-pdl-cat1"]
 	path = boot/cypress/libs/mtb-pdl-cat1
@@ -19,3 +19,6 @@
 [submodule "boot/cypress/libs/cy-mbedtls-acceleration"]
 	path = boot/cypress/libs/cy-mbedtls-acceleration
 	url = https://github.com/cypresssemiconductorco/cy-mbedtls-acceleration.git
+[submodule "ext/mbedtls-4.1.0"]
+	path = ext/mbedtls-4.1.0
+	url = https://github.com/Mbed-TLS/mbedtls.git
@@ -12,7 +12,7 @@ scripts/*
 sim/*
 testplan/*
 ext/fiat/*
-ext/mbedtls/*
+ext/mbedtls-3.6.0/*
 ext/mbedtls-asn1/*
 ext/nrf/*
 ext/tinycrypt/tests/*

@@ -14,9 +14,27 @@
 #define MBEDTLS_ASN1_PARSE_C
 
 #include "bootutil/crypto/sha.h"
+#include "mbedtls/build_info.h"
 #include "mbedtls/oid.h"
 #include "mbedtls/asn1.h"
 
+/*
+ * In Mbed TLS 4.x, MBEDTLS_OID_EC_ALG_UNRESTRICTED and
+ * MBEDTLS_OID_EC_GRP_SECP256R1 were moved from the public
+ * `mbedtls/oid.h` to the private `tf-psa-crypto/utilities/crypto_oid.h`.
+ * Rather than pull a private header, define the raw OID byte strings
+ * locally when the public macros are not available. Values are taken
+ * from X9.62 / SEC2:
+ *   id-ecPublicKey (1.2.840.10045.2.1)       → {0x2a,0x86,0x48,0xce,0x3d,0x02,0x01}
+ *   secp256r1      (1.2.840.10045.3.1.7)     → {0x2a,0x86,0x48,0xce,0x3d,0x03,0x01,0x07}
+ */
+#if !defined(MBEDTLS_OID_EC_ALG_UNRESTRICTED)
+#define MBEDTLS_OID_EC_ALG_UNRESTRICTED "\x2a\x86\x48\xce\x3d\x02\x01"
+#endif
+#if !defined(MBEDTLS_OID_EC_GRP_SECP256R1)
+#define MBEDTLS_OID_EC_GRP_SECP256R1    "\x2a\x86\x48\xce\x3d\x03\x01\x07"
+#endif
+
 #include "bootutil/image.h"
 #include "bootutil/enc_key.h"
 #include "bootutil/sign_key.h"
@@ -329,7 +347,7 @@ boot_decrypt_key(const uint8_t *buf, uint8_t *enckey)
 
     /* Only info, no salt */
     psa_ret = psa_key_derivation_input_bytes(&key_do, PSA_KEY_DERIVATION_INPUT_INFO,
-                                             "MCUBoot_ECIES_v1", 16);
+                                             (const uint8_t *)"MCUBoot_ECIES_v1", 16);
     if (psa_ret != PSA_SUCCESS) {
         psa_cleanup_ret = psa_key_derivation_abort(&key_do);
         if (psa_cleanup_ret != PSA_SUCCESS) {
@@ -431,6 +449,9 @@ int bootutil_aes_ctr_encrypt(bootutil_aes_ctr_context *ctx, uint8_t *counter,
     psa_cipher_operation_t psa_op;
     size_t elen = 0;	/* Decrypted length */
 
+    /* PSA cipher API handles CTR block alignment internally. */
+    (void)blk_off;
+
     /* Fixme: calling psa_crypto_init multiple times is not a problem,
      * yet the code here is only present because there is not general
      * crypto init. */
@@ -488,6 +509,9 @@ int bootutil_aes_ctr_decrypt(bootutil_aes_ctr_context *ctx, uint8_t *counter,
     psa_cipher_operation_t psa_op;
     size_t dlen = 0;	/* Decrypted length */
 
+    /* PSA cipher API handles CTR block alignment internally. */
+    (void)blk_off;
+
     /* Fixme: the init should already happen before calling the function, but
      * somehow it does not, for example when recovering in swap.
      */

@@ -336,7 +336,7 @@ set(port_srcs
     )
 
 if(CONFIG_ESP_MCUBOOT_SERIAL)
-    set(MBEDTLS_DIR "${MCUBOOT_ROOT_DIR}/ext/mbedtls")
+    set(MBEDTLS_DIR "${MCUBOOT_ROOT_DIR}/ext/mbedtls-3.6.0")
 
     list(APPEND bootutil_srcs
         ${BOOT_SERIAL_DIR}/src/boot_serial.c

@@ -3,7 +3,7 @@
 # SPDX-License-Identifier: Apache-2.0
 
 if (DEFINED CONFIG_ESP_USE_MBEDTLS)
-    set(MBEDTLS_DIR ${MCUBOOT_ROOT_DIR}/ext/mbedtls)
+    set(MBEDTLS_DIR ${MCUBOOT_ROOT_DIR}/ext/mbedtls-3.6.0)
     set(CRYPTO_INC
         ${MBEDTLS_DIR}/include
         )

@@ -47,7 +47,7 @@ The following instructions considers a MCUboot Espressif port standalone build.
 2. Update the Mbed TLS submodule required by MCUboot:
 
     ```bash
-    git submodule update --init --recursive ext/mbedtls
+    git submodule update --init --recursive ext/mbedtls-3.6.0
     ```
 
 3. If ESP-IDF is the chosen option for use as HAL layer and the system already have ESP-IDF

@@ -5,3 +5,11 @@ cbor2
 setuptools
 pyyaml
 pytest
+
+# Needed by Mbed TLS 4.x's CMake-driven build (invoked from
+# sim/mcuboot-sys/build.rs when the `mbedtls-v4` Cargo feature is
+# enabled) to generate psa_crypto_driver_wrappers* and
+# tf_psa_crypto_config_check_*.h. Harmless if that feature is never
+# used.
+jinja2
+jsonschema
@@ -12,6 +12,7 @@ sig-rsa3072 = ["mcuboot-sys/sig-rsa3072"]
 sig-ecdsa = ["mcuboot-sys/sig-ecdsa"]
 sig-ecdsa-mbedtls = ["mcuboot-sys/sig-ecdsa-mbedtls"]
 sig-ecdsa-psa = ["mcuboot-sys/sig-ecdsa-psa", "mcuboot-sys/psa-crypto-api"]
+mbedtls-v4 = ["mcuboot-sys/mbedtls-v4"]
 sig-p384 = ["mcuboot-sys/sig-p384"]
 sig-ed25519 = ["mcuboot-sys/sig-ed25519"]
 overwrite-only = ["mcuboot-sys/overwrite-only"]

@@ -102,11 +102,18 @@ hw-rollback-protection = []
 # Enable the PSA Crypto APIs where supported for cryptography related operations.
 psa-crypto-api = []
 
+# Route the simulator build to ext/mbedtls-4.1.0 instead of the default
+# ext/mbedtls-3.6.0 (LTS). Only supported in combination with feature
+# paths that have been ported to the 4.x API surface; currently just
+# sig-ecdsa-psa.
+mbedtls-v4 = []
+
 # Test for ih_load_addr in upgrade/next boot slot
 check-load-addr = []
 
 [build-dependencies]
 cc = "1.0.25"
+cmake = "0.1"
 
 [dependencies]
 libc = "0.2"