Clarify the "restart vs use PSA" situation in TLS Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>

commit: 55a188b420a16cfcb3409fa94945c446cb3e56fb [log] [tgz]
author: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Tue Dec 06 12:00:33 2022 +0100
committer: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Fri Dec 09 10:09:33 2022 +0100
tree: f477f7e4dfc6ee7bfa5182d87af584a9b594661d
parent: cc6e0a650fa94a733d93237869c26450a9dd2680 [diff]
diff --git a/docs/architecture/psa-migration/psa-limitations.md b/docs/architecture/psa-migration/psa-limitations.md
index e565b28..c368023 100644
--- a/docs/architecture/psa-migration/psa-limitations.md
+++ b/docs/architecture/psa-migration/psa-limitations.md

@@ -17,8 +17,11 @@
 There is currently no support for that in PSA at all, but it will be added at
 some point, see <https://github.com/orgs/Mbed-TLS/projects/1#column-18816849>.
 
-Currently, `MBEDTLS_USE_PSA_CRYPTO` is simply incompatible with
-`MBEDTLS_ECP_RESTARTABLE`.
+Currently, when `MBEDTLS_USE_PSA_CRYPTO` and `MBEDTLS_ECP_RESTARTABLE` are
+both enabled, some operations that should be restartable are not (ECDH in TLS
+1.2 clients using ECDHE-ECDSA), as they are using PSA instead, and some
+operations that should use PSA do not (signature generation & verification) as
+they use the legacy API instead, in order to get restartable behaviour.
 
 Things that are in the API but not implemented yet
 --------------------------------------------------
commit	55a188b420a16cfcb3409fa94945c446cb3e56fb	[log] [tgz]
author	Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	Tue Dec 06 12:00:33 2022 +0100
committer	Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	Fri Dec 09 10:09:33 2022 +0100
tree	f477f7e4dfc6ee7bfa5182d87af584a9b594661d
parent	cc6e0a650fa94a733d93237869c26450a9dd2680 [diff]