TinyCrypt deprecation - library's usage removal part 1

[valeriosetti]

This is the first step toward the removal of TinyCrypt library usage from the Zephyr's codebase. This is the continuation of the initial PR (#79566) that started the deprecation of the TinyCrypt library.

The idea is to do basic/simple removals here and keep BT stuff for a follow-up separated PR.

This PR depends on #79566. Initial commit is taken from there.

[dkalowsk]

@ceolin and @tomi-font isn't this needed for the 4.0 release? AKA we're in RC1 right now, what needs to be done to make this into RC2?

[ceolin]

You have to mark the shim driver as deprecated for now and remove it together with the library. The changes in jwt and random can get in.

@ceolin Are you sure about the latter part? I can imagine users currently using TinyCrypt for those may face breaking changes when they are removed (which means as soon as 4.0 if we remove them right away) due to e.g. using TinyCrypt and not Mbed TLS (and being already tight on size constraints). I don't know. Just trying to make sure this is done right.

Giving my 2 cents here while waiting for Flavio's reply. I think the answer is "yes" and the reason is (https://docs.zephyrproject.org/latest/develop/api/api_lifecycle.html#deprecated):

• Code using the deprecated API needs to be modified to remove usage of said API

Yep. We have to keep it for external use cases but internally we can remove it.

[ceolin]

@ceolin and @tomi-font isn't this needed for the 4.0 release? AKA we're in RC1 right now, what needs to be done to make this into RC2?

These changes look good to me :)

[tomi-font]

I only have one blocking comment: #79653 (comment)

[tomi-font]

Looks good to me! I realized we have one more reason to want this in for 4.0. (@dkalowsk @mmahadevan108)
This is replacing Kconfig options in JWT that themselves replaced older Kconfig options, within this release.
What this means if we only merge this for 4.1, is that there will be a few Kconfig options that are introduced in 4.0 and removed in 4.1. Really not great. Merging this for 4.0 makes this double change atomic, so I hope we can do that.
Also, this helps with the deprecation of TinyCrypt as this deprecates the shim driver (among others), which makes sense to have in 4.0 as well.
@ceolin @d3zd3z please re-review ASAP

[mmahadevan108]

I mentioned this PR in the Oct 30th TSC meeting for an exception so we can merge and include in the 4.0 release. I have also posted this PR for discussion in the release channel.

[dkalowsk]

Looks right to me. @ceolin looking for your review as well.

One minor question, should the MAINTAINERS.yml file status be updated to also note that TinyCrypt is deprecated and not getting "odd fixes"?

[ceolin]

re-approving it

[dkalowsk]

I don't see anything in the PR that should block it (and it has my approval just not giving it in GitHub yet due the next steps). My understanding from conversations in Discord has been that this part 1 really needs to be merged with part 2. Even then there are some concerns that BT isn't quite ready for Tinycrypt to go away. @jhedberg can you confirm my understanding here?

[jhedberg]

My understanding from conversations in Discord has been that this part 1 really needs to be merged with part 2. Even then there are some concerns that BT isn't quite ready for Tinycrypt to go away. @jhedberg can you confirm my understanding here?

I'd say it's actually three PRs that go together, starting with #79566 which was already merged. Ultimately this is something for the release engineering team and possibly the TSC to decide, i.e. whether to make an exception or not to the practice of not having upstream users of deprecated APIs when a release is made. If an exception isn't made, then my interpretation is that #79566 should be reverted.

[mmahadevan108]

After discussion in the release meeting on Nov 5th, it was decided to merge this PR for the 4.0 release.