Closed owen126315 closed 4 months ago
steven-bellock
commented
4 months ago From https://github.com/Mbed-TLS/mbedtls/releases
Mbed TLS 2.28 is a long-time support branch. It will be supported with bug-fixes and security fixes until end of 2024.
So yes, sounds like there should be plans to migrate to the version 3 release.
rayling
commented
4 months ago @steven-bellock sound great!, thanks
arugan02
commented
4 months ago Hi @steven-bellock
I'm working on TF-RMM project [1]. And we are in progress of integrating libspdm in RMM to provide SPDM requester side capabilities for Device Assignment use case (Trusted IO). As part of this work we have updated mbedtls in libspdm to use 3.+ version [2]. I recently saw this issue#2709 and am planning to raise a pull request for this issue. Please have a look. Thanks!
[1] https://tf-rmm.readthedocs.io/en/latest/index.html [2] https://review.trustedfirmware.org/c/TF-RMM/tf-rmm/+/28567
jyao1
commented
4 months ago @arugan02 , thanks for the work. Assign this to you.
steven-bellock
commented
4 months ago This was completed by #2711.
The mbedtls inside libspdm is version 2.28.1. It is fine for current SPDM implementation. Yet, according to mbedtls 3.0 development plan, upgrade and support for version LTS 2.x will be stopped by mid 2024.
Is there any plan to upgrade it to 3.0+ to make sure the libspdm can get continuous support and bug fix from mbedtls team.
https://lists.trustedfirmware.org/archives/list/mbed-tls-announce@lists.trustedfirmware.org/thread/SB42NEOHUIVVVTPA2H37XXUDVNEGTDRG/[](url)