From 8b1d9e49d9032bf228e2008f5012bab0fc3a0554 Mon Sep 17 00:00:00 2001
From: David Horstmann <david.horstmann@arm.com>
Date: Fri, 30 Jan 2026 14:51:59 +0000
Subject: [PATCH] Reword to be more specific

Specify that the cryptographic operations of Mbed TLS are governed by
its threat model and point specifically to block ciphers as an important
case of this.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
---
 SECURITY.md | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/SECURITY.md b/SECURITY.md
index 7059970bb8..e36162abd7 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -21,9 +21,13 @@ Users are urged to always use the latest version of a maintained branch.
 
 ## Use of TF-PSA-Crypto
 
-Note that Mbed TLS uses the cryptography API provided by TF-PSA-Crypto. Its
-security policy can be found
-[here](https://github.com/Mbed-TLS/TF-PSA-Crypto/blob/development/SECURITY.md).
+Note that Mbed TLS uses the cryptography API provided by TF-PSA-Crypto.
+Its
+[threat model](https://github.com/Mbed-TLS/TF-PSA-Crypto/blob/development/SECURITY.md#threat-model)
+applies to all cryptographic operations performed by Mbed TLS. In particular,
+users of Mbed TLS should note the considerations around
+[block ciphers](https://github.com/Mbed-TLS/TF-PSA-Crypto/blob/development/SECURITY.md#block-ciphers)
+since they apply to the block ciphers used in TLS.
 
 ## Threat model