From 6140d2efcc8a1b04582148e3e5286b15387b08e5 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 20 Jun 2022 18:48:52 +0200 Subject: [PATCH] Backward compatibility: the key store Promise that we will keep supporting existing key store formats, at least until a major version comes along. Signed-off-by: Gilles Peskine --- BRANCHES.md | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/BRANCHES.md b/BRANCHES.md index f3da8820c928..ff23b7f8125f 100644 --- a/BRANCHES.md +++ b/BRANCHES.md @@ -16,7 +16,7 @@ API compatibility in the `master` branch between major version changes. We also maintain ABI compatibility within LTS branches; see the next section for details. -## Backwards Compatibility +## Backwards Compatibility for application code We maintain API compatibility in released versions of Mbed TLS. If you have code that's working and secure with Mbed TLS x.y.z and does not rely on @@ -50,6 +50,19 @@ increase code size for a security fix.) For contributors, see the [Backwards Compatibility section of CONTRIBUTING](CONTRIBUTING.md#backwards-compatibility). +## Backward compatibility for the key store + +We maintain backward compatibility with previous versions of versions of the +PSA Crypto persistent storage since Mbed TLS 2.25.0, provided that the +storage backend (PSA ITS implementation) is configured in a compatible way. +We intend to maintain this backward compatibilty throughout a major version +of Mbed TLS (for example, all Mbed TLS 3.y versions will be able to read +keys written under any Mbed TLS 3.x with x < y). + +Mbed TLS 3.x can also read keys written by Mbed TLS 2.25.0 through 2.28.x +LTS, but future major version upgrades (for example from 2.28.x/3.x to 4.y) +may require the use of an upgrade tool. + ## Current Branches The following branches are currently maintained: