From 02eef2a48b5bd2162e01fdd176f54f3d2deb88d7 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Fri, 14 Nov 2025 14:35:01 +0100
Subject: [PATCH] Update config information about TF-PSA-Crypto 1.0 and Mbed
 TLS 4.0

Update data collected a few weeks before the release to the actual releases.

This fixes `check_names.py` failing on `MBEDTLS_DES_C` in
`tf_psa_crypto_config_check_user.h` when generated files are present in the
source tree.

```
scripts/save_config_history.sh mbedtls-4.0.0 4.0
scripts/save_config_history.sh tf-psa-crypto-1.0.0 1.0
```

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 history/config-adjust-tfpsacrypto-1.0.txt  | 26 ----------------------
 history/config-options-mbedtls-4.0.txt     |  1 +
 history/config-options-tfpsacrypto-1.0.txt | 25 ++-------------------
 3 files changed, 3 insertions(+), 49 deletions(-)

diff --git a/history/config-adjust-tfpsacrypto-1.0.txt b/history/config-adjust-tfpsacrypto-1.0.txt
index 09766414d..7725ff775 100644
--- a/history/config-adjust-tfpsacrypto-1.0.txt
+++ b/history/config-adjust-tfpsacrypto-1.0.txt
@@ -32,9 +32,7 @@ MBEDTLS_CIPHER_PADDING_PKCS7
 MBEDTLS_CMAC_C
 MBEDTLS_CONFIG_ADJUST_LEGACY_CRYPTO_H
 MBEDTLS_CONFIG_ADJUST_LEGACY_FROM_PSA_H
-MBEDTLS_CONFIG_ADJUST_PSA_SUPERSET_LEGACY_H
 MBEDTLS_CONFIG_ADJUST_TEST_ACCELERATORS_H
-MBEDTLS_DES_C
 MBEDTLS_ECDH_C
 MBEDTLS_ECDSA_C
 MBEDTLS_ECDSA_DETERMINISTIC
@@ -127,7 +125,6 @@ MBEDTLS_PSA_ACCEL_KEY_TYPE_ARIA
 MBEDTLS_PSA_ACCEL_KEY_TYPE_CAMELLIA
 MBEDTLS_PSA_ACCEL_KEY_TYPE_CHACHA20
 MBEDTLS_PSA_ACCEL_KEY_TYPE_DERIVE
-MBEDTLS_PSA_ACCEL_KEY_TYPE_DES
 MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_BASIC
 MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_EXPORT
 MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_GENERATE
@@ -211,7 +208,6 @@ MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES
 MBEDTLS_PSA_BUILTIN_KEY_TYPE_ARIA
 MBEDTLS_PSA_BUILTIN_KEY_TYPE_CAMELLIA
 MBEDTLS_PSA_BUILTIN_KEY_TYPE_CHACHA20
-MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES
 MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_BASIC
 MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_EXPORT
 MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_GENERATE
@@ -235,7 +231,6 @@ MBEDTLS_PSA_CRYPTO_RNG_STRENGTH
 MBEDTLS_PSA_DH_ACCEL_INCOMPLETE_ALGS
 MBEDTLS_PSA_DH_ACCEL_INCOMPLETE_GROUPS
 MBEDTLS_PSA_DH_ACCEL_INCOMPLETE_KEY_TYPES
-MBEDTLS_PSA_DRIVER_GET_ENTROPY
 MBEDTLS_PSA_DRIVER_GET_ENTROPY_DEFINED
 MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_ALGS
 MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES
@@ -247,8 +242,6 @@ MBEDTLS_RSA_C
 MBEDTLS_SHA1_C
 MBEDTLS_SHA224_C
 MBEDTLS_SHA256_C
-MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT
-MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY
 MBEDTLS_SHA384_C
 MBEDTLS_SHA512_C
 MBEDTLS_SSL_HAVE_AEAD
@@ -266,7 +259,6 @@ PSA_HAVE_SOFT_BLOCK_MODE
 PSA_HAVE_SOFT_KEY_TYPE_AES
 PSA_HAVE_SOFT_KEY_TYPE_ARIA
 PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA
-PSA_HAVE_SOFT_KEY_TYPE_DES
 PSA_HAVE_SOFT_PBKDF2
 PSA_HAVE_SOFT_PBKDF2_CMAC
 PSA_HAVE_SOFT_PBKDF2_HMAC
@@ -275,29 +267,11 @@ PSA_WANT_ALG_ECB_NO_PADDING
 PSA_WANT_ALG_ECDSA
 PSA_WANT_ALG_ECDSA_ANY
 PSA_WANT_ALG_HMAC
-PSA_WANT_ALG_MD5
-PSA_WANT_ALG_RIPEMD160
 PSA_WANT_ALG_RSA_PKCS1V15_SIGN
 PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW
 PSA_WANT_ALG_RSA_PSS
 PSA_WANT_ALG_RSA_PSS_ANY_SALT
-PSA_WANT_ALG_SHA_1
-PSA_WANT_ALG_SHA_224
-PSA_WANT_ALG_SHA_256
-PSA_WANT_ALG_SHA_384
-PSA_WANT_ALG_SHA_512
 PSA_WANT_ALG_SOME_PAKE
-PSA_WANT_ECC_BRAINPOOL_P_R1_256
-PSA_WANT_ECC_BRAINPOOL_P_R1_384
-PSA_WANT_ECC_BRAINPOOL_P_R1_512
-PSA_WANT_ECC_MONTGOMERY_255
-PSA_WANT_ECC_MONTGOMERY_448
-PSA_WANT_ECC_SECP_K1_192
-PSA_WANT_ECC_SECP_K1_256
-PSA_WANT_ECC_SECP_R1_192
-PSA_WANT_ECC_SECP_R1_256
-PSA_WANT_ECC_SECP_R1_384
-PSA_WANT_ECC_SECP_R1_521
 PSA_WANT_KEY_TYPE_AES
 PSA_WANT_KEY_TYPE_DERIVE
 PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC
diff --git a/history/config-options-mbedtls-4.0.txt b/history/config-options-mbedtls-4.0.txt
index cadd768dc..81b233804 100644
--- a/history/config-options-mbedtls-4.0.txt
+++ b/history/config-options-mbedtls-4.0.txt
@@ -40,6 +40,7 @@ MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
 MBEDTLS_SSL_KEYING_MATERIAL_EXPORT
 MBEDTLS_SSL_MAX_EARLY_DATA_SIZE
 MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+MBEDTLS_SSL_NULL_CIPHERSUITES
 MBEDTLS_SSL_OUT_CONTENT_LEN
 MBEDTLS_SSL_PROTO_DTLS
 MBEDTLS_SSL_PROTO_TLS1_2
diff --git a/history/config-options-tfpsacrypto-1.0.txt b/history/config-options-tfpsacrypto-1.0.txt
index d8458a8ff..db99c299b 100644
--- a/history/config-options-tfpsacrypto-1.0.txt
+++ b/history/config-options-tfpsacrypto-1.0.txt
@@ -7,31 +7,14 @@ MBEDTLS_AES_USE_HARDWARE_ONLY
 MBEDTLS_ASN1_PARSE_C
 MBEDTLS_ASN1_WRITE_C
 MBEDTLS_BASE64_C
-MBEDTLS_BIGNUM_C
 MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
 MBEDTLS_CAMELLIA_SMALL_MEMORY
 MBEDTLS_CHECK_RETURN
 MBEDTLS_CHECK_RETURN_WARNING
-MBEDTLS_CIPHER_NULL_CIPHER
 MBEDTLS_CTR_DRBG_C
 MBEDTLS_DEPRECATED_REMOVED
 MBEDTLS_DEPRECATED_WARNING
-MBEDTLS_ECDH_C
 MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED
-MBEDTLS_ECDSA_C
-MBEDTLS_ECJPAKE_C
-MBEDTLS_ECP_C
-MBEDTLS_ECP_DP_BP256R1_ENABLED
-MBEDTLS_ECP_DP_BP384R1_ENABLED
-MBEDTLS_ECP_DP_BP512R1_ENABLED
-MBEDTLS_ECP_DP_CURVE25519_ENABLED
-MBEDTLS_ECP_DP_CURVE448_ENABLED
-MBEDTLS_ECP_DP_SECP192K1_ENABLED
-MBEDTLS_ECP_DP_SECP192R1_ENABLED
-MBEDTLS_ECP_DP_SECP256K1_ENABLED
-MBEDTLS_ECP_DP_SECP256R1_ENABLED
-MBEDTLS_ECP_DP_SECP384R1_ENABLED
-MBEDTLS_ECP_DP_SECP521R1_ENABLED
 MBEDTLS_ECP_FIXED_POINT_OPTIM
 MBEDTLS_ECP_NIST_OPTIM
 MBEDTLS_ECP_RESTARTABLE
@@ -74,7 +57,6 @@ MBEDTLS_PLATFORM_EXIT_MACRO
 MBEDTLS_PLATFORM_FPRINTF_ALT
 MBEDTLS_PLATFORM_FPRINTF_MACRO
 MBEDTLS_PLATFORM_FREE_MACRO
-MBEDTLS_PLATFORM_GET_ENTROPY_ALT
 MBEDTLS_PLATFORM_GMTIME_R_ALT
 MBEDTLS_PLATFORM_MEMORY
 MBEDTLS_PLATFORM_MS_TIME_ALT
@@ -136,8 +118,6 @@ MBEDTLS_RSA_GEN_KEY_MIN_BITS
 MBEDTLS_RSA_NO_CRT
 MBEDTLS_SELF_TEST
 MBEDTLS_SHA256_SMALLER
-MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT
-MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY
 MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT
 MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY
 MBEDTLS_SHA512_SMALLER
@@ -212,14 +192,12 @@ PSA_WANT_KEY_TYPE_ARIA
 PSA_WANT_KEY_TYPE_CAMELLIA
 PSA_WANT_KEY_TYPE_CHACHA20
 PSA_WANT_KEY_TYPE_DERIVE
-PSA_WANT_KEY_TYPE_DES
 PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC
 PSA_WANT_KEY_TYPE_DH_KEY_PAIR_DERIVE
 PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT
 PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE
 PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT
 PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY
-PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
 PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC
 PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE
 PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT
@@ -230,13 +208,14 @@ PSA_WANT_KEY_TYPE_HMAC
 PSA_WANT_KEY_TYPE_PASSWORD
 PSA_WANT_KEY_TYPE_PASSWORD_HASH
 PSA_WANT_KEY_TYPE_RAW_DATA
-PSA_WANT_KEY_TYPE_RSA_KEY_PAIR
 PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
 PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_DERIVE
 PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT
 PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE
 PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT
 PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY
+TF_PSA_CRYPTO_ALLOW_REMOVED_MECHANISMS
 TF_PSA_CRYPTO_CONFIG_FILE
+TF_PSA_CRYPTO_CONFIG_VERSION
 TF_PSA_CRYPTO_USER_CONFIG_FILE
 TF_PSA_CRYPTO_VERSION