MbedTLS Best Practices

Understand the Architecture and Componentization

Leverage the modular architecture of Mbed TLS, which separates core cryptographic functions, PSA Crypto drivers, and alternative implementations to build flexible and maintainable security solutions.

Use Hardware RNG Over Software Entropy

It is highly recommended to use hardware-based True Random Number Generators (TRNG) instead of software entropy sources because TRNGs provide greater robustness and efficiency. Most STM32 devices come with hardware RNG support, which should be leveraged to enhance security and performance.

Activate Only One Crypto Interface at a Time

Only one cryptographic interface should be activated at a time; either MBED or PSA should be used exclusively to avoid conflicts or unexpected behavior in the cryptographic operations.