1This document explains how to create builds of Mbed TLS where some 2cryptographic mechanisms are provided only by PSA drivers (that is, no 3built-in implementation of those algorithms), from a user's perspective. 4 5This is useful to save code size for people who are using either a hardware 6accelerator, or an alternative software implementation that is more 7aggressively optimized for code size than the default one in Mbed TLS. 8 9General considerations 10---------------------- 11 12This document assumes that you already have a working driver. 13Otherwise, please see the [PSA driver example and 14guide](psa-driver-example-and-guide.md) for information on writing a 15driver. 16 17In order to have some mechanism provided only by a driver, you'll want 18the following compile-time configuration options enabled: 19 20- `MBEDTLS_PSA_CRYPTO_C` (enabled by default) - this enables PSA Crypto. 21- `MBEDTLS_USE_PSA_CRYPTO` (disabled by default) - this makes PK, X.509 and 22 TLS use PSA Crypto. You need to enable this if you're using PK, X.509 or TLS 23and want them to have access to the algorithms provided by your driver. (See 24[the dedicated document](use-psa-crypto.md) for details.) 25- `MBEDTLS_PSA_CRYPTO_CONFIG` (disabled by default) - this enables 26 configuration of cryptographic algorithms using `PSA_WANT` macros in 27`include/psa/crypto_config.h`. See [Conditional inclusion of cryptographic 28mechanism through the PSA API in Mbed 29TLS](proposed/psa-conditional-inclusion-c.md) for details. 30 31In addition, for each mechanism you want provided only by your driver: 32 33- Define the corresponding `PSA_WANT` macro in `psa/crypto_config.h` - this 34 means the algorithm will be available in the PSA Crypto API. 35- Define the corresponding `MBEDTLS_PSA_ACCEL` in your build. This could be 36 defined in `psa/crypto_config.h` or your compiler's command line. This 37informs the PSA code that an accelerator is available for this mechanism. 38- Undefine / comment out the corresponding `MBEDTLS_xxx_C` macro in 39 `mbedtls/mbedtls_config.h`. This ensures the built-in implementation is not 40included in the build. 41 42For example, if you want SHA-256 to be provided only by a driver, you'll want 43`PSA_WANT_ALG_SHA_256` and `MBEDTLS_PSA_ACCEL_SHA_256` defined, and 44`MBEDTLS_SHA256_C` undefined. 45 46In addition to these compile-time considerations, at runtime you'll need to 47make sure you call `psa_crypto_init()` before any function that uses the 48driver-only mechanisms. Note that this is already a requirement for any use of 49the PSA Crypto API, as well as for use of the PK, X.509 and TLS modules when 50`MBEDTLS_USE_PSA_CRYPTO` is enabled, so in most cases your application will 51already be doing this. 52 53Mechanisms covered 54------------------ 55 56For now, only the following (families of) mechanisms are supported: 57 58- hashes: SHA-3, SHA-2, SHA-1, MD5, etc. 59- elliptic-curve cryptography (ECC): ECDH, ECDSA, EC J-PAKE, ECC key types. 60- finite-field Diffie-Hellman: FFDH algorithm, DH key types. 61- RSA: PKCS#1 v1.5 and v2.1 signature and encryption algorithms, RSA key types 62 (for now, only crypto, no X.509 or TLS support). 63- AEADs: 64 - GCM and CCM with AES, ARIA and Camellia key types 65 - ChachaPoly with ChaCha20 Key type 66- Unauthenticated ciphers: 67 - key types: AES, ARIA, Camellia, DES 68 - modes: ECB, CBC, CTR, CFB, OFB, XTS 69 70For each family listed above, all the mentioned alorithms/key types are also 71all the mechanisms that exist in PSA API. 72 73Supported means that when those are provided only by drivers, everything 74(including PK, X.509 and TLS if `MBEDTLS_USE_PSA_CRYPTO` is enabled) should 75work in the same way as if the mechanisms where built-in, except as documented 76in the "Limitations" sub-sections of the sections dedicated to each family 77below. 78 79Hashes 80------ 81 82It is possible to have all hash operations provided only by a driver. 83 84More precisely: 85 86- you can enable `PSA_WANT_ALG_SHA_256` without `MBEDTLS_SHA256_C`, provided 87 you have `MBEDTLS_PSA_ACCEL_ALG_SHA_256` enabled; 88- and similarly for all supported hash algorithms: `MD5`, `RIPEMD160`, 89 `SHA_1`, `SHA_224`, `SHA_256`, `SHA_384`, `SHA_512`, `SHA3_224`, `SHA3_256`, 90`SHA3_384`, `SHA3_512`. 91 92In such a build, all crypto operations (via the PSA Crypto API, or non-PSA 93APIs), as well as X.509 and TLS, will work as usual, except that direct calls 94to low-level hash APIs (`mbedtls_sha256()` etc.) are not possible for the 95modules that are disabled. 96 97You need to call `psa_crypto_init()` before any crypto operation that uses 98a hash algorithm that is provided only by a driver, as mentioned in [General 99considerations](#general-considerations) above. 100 101If you want to check at compile-time whether a certain hash algorithm is 102available in the present build of Mbed TLS, regardless of whether it's 103provided by a driver or built-in, you should use the following macros: 104 105- for code that uses only the PSA Crypto API: `PSA_WANT_ALG_xxx` from 106 `psa/crypto.h`; 107- for code that uses non-PSA crypto APIs: `MBEDTLS_MD_CAN_xxx` from 108 `mbedtls/config_adjust_legacy_crypto.h`. 109 110### HMAC 111 112In addition to accelerated hash operations, it is also possible to accelerate 113HMAC by enabling and accelerating: 114- HMAC algorithm and key type, i.e. `[PSA_WANT|MBEDTLS_PSA_ACCEL]_ALG_HMAC` and 115 `[PSA_WANT|MBEDTLS_PSA_ACCEL]KEY_TYPE_HMAC`. 116- Required hash algorithm(s) as explained in [Hashes](#hashes) section. 117 118In such a build it is possible to disable legacy HMAC support by disabling 119`MBEDTLS_MD_C` and still getting crypto operations, X.509 and TLS to work as 120usual. Exceptions are: 121- As mentioned in [Hashes](#hashes) direct calls to legacy lo-level hash APIs 122 (`mbedtls_sha256()` etc.) will not be possible for the legacy modules that 123 are disabled. 124- Legacy HMAC support (`mbedtls_md_hmac_xxx()`) won't be possible. 125- `MBEDTLS_PKCS[5|7]_C`, `MBEDTLS_HMAC_DRBG_C` and `MBEDTLS_HKDF_C` since they 126 depend on the legacy implementation of HMAC. 127 - disabling HMAC_DRBG_C cause deterministic ECDSA (i.e. 128 `MBEDTLS_DETERMINISTIC_ECDSA` on the legacy side and 129 `PSA_WANT_ALG_DETERMINISTIC_ECDSA` on the PSA one) to be not available. 130 131Elliptic-curve cryptography (ECC) 132--------------------------------- 133 134It is possible to have most ECC operations provided only by a driver: 135 136- the ECDH, ECDSA and EC J-PAKE algorithms; 137- key import, export, and random generation. 138 139More precisely, if: 140 141- you have driver support for ECC public and using private keys (that is, 142`MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY` and 143`MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_BASIC` are enabled), and 144- you have driver support for all ECC curves that are enabled (that is, for 145 each `PSA_WANT_ECC_xxx` macro enabled, the corresponding 146`MBEDTLS_PSA_ACCEL_ECC_xxx` macros is enabled as well); 147 148then you can: 149 150- enable `PSA_WANT_ALG_ECDH` without `MBEDTLS_ECDH_C`, provided 151 `MBEDTLS_PSA_ACCEL_ALG_ECDH` is enabled 152- enable `PSA_WANT_ALG_ECDSA` without `MBEDTLS_ECDSA_C`, provided 153 `MBEDTLS_PSA_ACCEL_ALG_ECDSA` is enabled; 154- enable `PSA_WANT_ALG_JPAKE` without `MBEDTLS_ECJPAKE_C`, provided 155 `MBEDTLS_PSA_ACCEL_ALG_JPAKE` is enabled. 156 157In addition, if: 158 159- none of `MBEDTLS_ECDH_C`, `MBEDTLS_ECDSA_C`, `MBEDTLS_ECJPAKE_C` are enabled 160 (see conditions above), and 161- you have driver support for all enabled ECC key pair operations - that is, 162 for each `PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_xxx` macro enabled, the 163corresponding `MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_xxx` macros is also 164enabled, 165 166then you can also disable `MBEDTLS_ECP_C`. However, a small subset of it might 167still be included in the build, see limitations sub-section below. 168 169In addition, if: 170 171- `MBEDTLS_ECP_C` is fully removed (see limitation sub-section below), 172- and support for RSA key types and algorithms is either fully disabled or 173 fully provided by a driver, 174- and support for DH key types and the FFDH algorithm is either disabled or 175 fully provided by a driver, 176 177then you can also disable `MBEDTLS_BIGNUM_C`. 178 179In such builds, all crypto operations via the PSA Crypto API will work as 180usual, as well as the PK, X.509 and TLS modules if `MBEDTLS_USE_PSA_CRYPTO` is 181enabled, with the following exceptions: 182 183- direct calls to APIs from the disabled modules are not possible; 184- PK, X.509 and TLS will not support restartable ECC operations (see 185 limitation sub-section below). 186 187If you want to check at compile-time whether a certain curve is available in 188the present build of Mbed TLS, regardless of whether ECC is provided by a 189driver or built-in, you should use the following macros: 190 191- for code that uses only the PSA Crypto API: `PSA_WANT_ECC_xxx` from 192 `psa/crypto.h`; 193- for code that may also use non-PSA crypto APIs: `MBEDTLS_ECP_HAVE_xxx` from 194 `mbedtls/build_info.h` where xxx can take the same values as for 195`MBEDTLS_ECP_DP_xxx` macros. 196 197Note that for externally-provided drivers, the integrator is responsible for 198ensuring the appropriate `MBEDTLS_PSA_ACCEL_xxx` macros are defined. However, 199for the p256-m driver that's provided with the library, those macros are 200automatically defined when enabling `MBEDTLS_PSA_P256M_DRIVER_ENABLED`. 201 202### Limitations regarding fully removing `ecp.c` 203 204A limited subset of `ecp.c` will still be automatically re-enabled if any of 205the following is enabled: 206 207- `MBEDTLS_PK_PARSE_EC_COMPRESSED` - support for parsing ECC keys where the 208 public part is in compressed format; 209- `MBEDTLS_PK_PARSE_EC_EXTENDED` - support for parsing ECC keys where the 210 curve is identified not by name, but by explicit parameters; 211- `PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE` - support for deterministic 212 derivation of an ECC keypair with `psa_key_derivation_output_key()`. 213 214Note: when any of the above options is enabled, a subset of `ecp.c` will 215automatically be included in the build in order to support it. Therefore 216you can still disable `MBEDTLS_ECP_C` in `mbedtls_config.h` and this will 217result in some code size savings, but not as much as when none of the 218above features are enabled. 219 220We do have plans to support each of these with `ecp.c` fully removed in the 221future, however there is no established timeline. If you're interested, please 222let us know, so we can take it into consideration in our planning. 223 224### Limitations regarding restartable / interruptible ECC operations 225 226At the moment, there is no driver support for interruptible operations 227(see `psa_sign_hash_start()` + `psa_sign_hash_complete()` etc.) so as a 228consequence these are not supported in builds without `MBEDTLS_ECDSA_C`. 229 230Similarly, there is no PSA support for interruptible ECDH operations so these 231are not supported without `ECDH_C`. See also limitations regarding 232restartable operations with `MBEDTLS_USE_PSA_CRYPTO` in [its 233documentation](use-psa-crypto.md). 234 235Again, we have plans to support this in the future but not with an established 236timeline, please let us know if you're interested. 237 238### Limitations regarding "mixed" builds (driver and built-in) 239 240In order for a build to be driver-only (no built-in implementation), all the 241requested algorithms, key types (key operations) and curves must be 242accelerated (plus a few other restrictions, see "Limitations regarding fully 243removing `ecp.c`" above). However, what if you have an accelerator that only 244supports some algorithms, some key types (key operations), or some curves, but 245want to have more enabled in you build? 246 247It is possible to have acceleration for only a subset of the requested 248algorithms. In this case, the built-in implementation of the accelerated 249algorithms will be disabled, provided all the requested curves and key types 250that can be used with this algorithm are also declared as accelerated. 251 252There is very limited support for having acceleration for only a subset of the 253requested key type operations. The only configuration that's tested is that of 254a driver accelerating `PUBLIC_KEY`, `KEY_PAIR_BASIC`, `KEY_PAIR_IMPORT`, 255`KEY_PAIR_EXPORT` but not `KEY_PAIR_GENERATE`. (Note: currently the driver 256interface does not support `KEY_PAIR_DERIVE`.) 257 258There is limited support for having acceleration for only a subset of the 259requested curves. In such builds, only the PSA API is currently tested and 260working; there are known issues in PK, and X.509 and TLS are untested. 261 262Finite-field Diffie-Hellman 263--------------------------- 264 265Support is pretty similar to the "Elliptic-curve cryptography (ECC)" section 266above. 267Key management and usage can be enabled by means of the usual `PSA_WANT` + 268`MBEDTLS_PSA_ACCEL` pairs: 269 270- `[PSA_WANT|MBEDTLS_PSA_ACCEL]_KEY_TYPE_DH_PUBLIC_KEY`; 271- `[PSA_WANT|MBEDTLS_PSA_ACCEL]_KEY_TYPE_DH_KEY_PAIR_BASIC`; 272- `[PSA_WANT|MBEDTLS_PSA_ACCEL]_KEY_TYPE_DH_KEY_PAIR_IMPORT`; 273- `[PSA_WANT|MBEDTLS_PSA_ACCEL]_KEY_TYPE_DH_KEY_PAIR_EXPORT`; 274- `[PSA_WANT|MBEDTLS_PSA_ACCEL]_KEY_TYPE_DH_KEY_PAIR_GENERATE`; 275 276The same holds for the associated algorithm: 277`[PSA_WANT|MBEDTLS_PSA_ACCEL]_ALG_FFDH` allow builds accelerating FFDH and 278removing builtin support (i.e. `MBEDTLS_DHM_C`). 279 280Note that the PSA API only supports FFDH with RFC 7919 groups, whereas the 281Mbed TLS legacy API supports custom groups. As a consequence, the TLS layer 282of Mbed TLS only supports DHE cipher suites if built-in FFDH 283(`MBEDTLS_DHM_C`) is present, even when `MBEDTLS_USE_PSA_CRYPTO` is enabled. 284 285RSA 286--- 287 288It is possible for all RSA operations to be provided only by a driver. 289 290More precisely, if: 291 292- all the RSA algorithms that are enabled (`PSA_WANT_ALG_RSA_*`) are also 293 accelerated (`MBEDTLS_PSA_ACCEL_ALG_RSA_*`), 294- and all the RSA key types that are enabled (`PSA_WANT_KEY_TYPE_RSA_*`) are 295 also accelerated (`MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_*`), 296 297then you can disable `MBEDTLS_RSA_C`, `MBEDTLS_PKCS1_V15` and 298`MBEDTLS_PKCS1_V21`, and RSA will still work in PSA Crypto. 299 300### Limitations on RSA acceleration 301 302Unlike other mechanisms, for now in configurations with driver-only RSA, only 303PSA Crypto works. In particular, PK, X.509 and TLS will _not_ work with 304driver-only RSA even if `MBEDTLS_USE_PSA_CRYPTO` is enabled. 305 306Currently (early 2024) we don't have plans to extend this support. If you're 307interested in wider driver-only support for RSA, please let us know. 308 309Ciphers (unauthenticated and AEAD) 310---------------------------------- 311 312It is possible to have all ciphers and AEAD operations provided only by a 313driver. More precisely, for each desired combination of key type and 314algorithm/mode you can: 315 316- Enable desired PSA key type(s): 317 - `PSA_WANT_KEY_TYPE_AES`, 318 - `PSA_WANT_KEY_TYPE_ARIA`, 319 - `PSA_WANT_KEY_TYPE_CAMELLIA`, 320 - `PSA_WANT_KEY_TYPE_CHACHA20`, 321 - `PSA_WANT_KEY_TYPE_DES`. 322- Enable desired PSA algorithm(s): 323 - Unauthenticated ciphers modes: 324 - `PSA_WANT_ALG_CBC_NO_PADDING`, 325 - `PSA_WANT_ALG_CBC_PKCS7`, 326 - `PSA_WANT_ALG_CCM_STAR_NO_TAG`, 327 - `PSA_WANT_ALG_CFB`, 328 - `PSA_WANT_ALG_CTR`, 329 - `PSA_WANT_ALG_ECB_NO_PADDING`, 330 - `PSA_WANT_ALG_OFB`, 331 - `PSA_WANT_ALG_STREAM_CIPHER`. 332 - AEADs: 333 - `PSA_WANT_ALG_CCM`, 334 - `PSA_WANT_ALG_GCM`, 335 - `PSA_WANT_ALG_CHACHA20_POLY1305`. 336- Enable `MBEDTLS_PSA_ACCEL_[KEY_TYPE_xxx|ALG_yyy]` symbol(s) which correspond 337 to the `PSA_WANT_KEY_TYPE_xxx` and `PSA_WANT_ALG_yyy` of the previous steps. 338- Disable builtin support of key types: 339 - `MBEDTLS_AES_C`, 340 - `MBEDTLS_ARIA_C`, 341 - `MBEDTLS_CAMELLIA_C`, 342 - `MBEDTLS_DES_C`, 343 - `MBEDTLS_CHACHA20_C`. 344 and algorithms/modes: 345 - `MBEDTLS_CBC_C`, 346 - `MBEDTLS_CFB_C`, 347 - `MBEDTLS_CTR_C`, 348 - `MBEDTLS_OFB_C`, 349 - `MBEDTLS_XTS_C`, 350 - `MBEDTLS_CCM_C`, 351 - `MBEDTLS_GCM_C`, 352 - `MBEDTLS_CHACHAPOLY_C`, 353 - `MBEDTLS_NULL_CIPHER`. 354 355Once a key type and related algorithm are accelerated, all the PSA Crypto APIs 356will work, as well as X.509 and TLS (with `MBEDTLS_USE_PSA_CRYPTO` enabled) but 357some non-PSA APIs will be absent or have reduced functionality, see 358[Restrictions](#restrictions) for details. 359 360### Restrictions 361 362- If an algorithm other than CCM and GCM (see 363 ["Partial acceleration for CCM/GCM"](#partial-acceleration-for-ccmgcm) below) 364 is enabled but not accelerated, then all key types that can be used with it 365 will need to be built-in. 366- If a key type is enabled but not accelerated, then all algorithms that can be 367 used with it will need to be built-in. 368 369Some legacy modules can't take advantage of PSA drivers yet, and will either 370need to be disabled, or have reduced features when the built-in implementations 371of some ciphers are removed: 372 373- `MBEDTLS_NIST_KW_C` needs built-in AES: it must be disabled when 374 `MBEDTLS_AES_C` is disabled. 375- `MBEDTLS_CMAC_C` needs built-in AES/DES: it must be disabled when 376 `MBEDTLS_AES_C` and `MBEDTLS_DES_C` are both disabled. When only one of them 377 is enabled, then only the corresponding cipher will be available at runtime 378 for use with `mbedtls_cipher_cmac_xxx`. (Note: if there is driver support for 379 CMAC and all compatible key types, then `PSA_WANT_ALG_CMAC` can be enabled 380 without `MBEDTLS_CMAC_C` and CMAC will be usable with `psa_max_xxx` APIs.) 381- `MBEDTLS_CIPHER_C`: the `mbedtls_cipher_xxx()` APIs will only work with 382 ciphers that are built-in - that is, both the underlying cipher 383 (eg `MBEDTLS_AES_C`) and the mode (eg `MBEDTLS_CIPHER_MODE_CBC` or 384 `MBEDTLS_GCM_C`). 385- `MBEDTLS_PKCS5_C`: encryption/decryption (PBES2, PBE) will only work with 386 ciphers that are built-in. 387- PEM decryption will only work with ciphers that are built-in. 388- PK parse will only be able to parse encrypted keys using built-in ciphers. 389 390Note that if you also disable `MBEDTLS_CIPHER_C`, there will be additional 391restrictions, see [Disabling `MBEDTLS_CIPHER_C`](#disabling-mbedtls_cipher_c). 392 393### Legacy <-> PSA matching 394 395Note that the relationship between legacy (i.e. `MBEDTLS_xxx_C`) and PSA 396(i.e. `PSA_WANT_xxx`) symbols is not always 1:1. For example: 397 398- ECB mode is always enabled in the legacy configuration for each key type that 399 allows it (AES, ARIA, Camellia, DES), whereas it must be explicitly enabled 400 in PSA with `PSA_WANT_ALG_ECB_NO_PADDING`. 401- In the legacy API, `MBEDTLS_CHACHA20_C` enables the ChaCha20 stream cipher, and 402 enabling `MBEDTLS_CHACHAPOLY_C` also enables the ChaCha20-Poly1305 AEAD. In the 403 PSA API, you need to enable `PSA_KEY_TYPE_CHACHA20` for both, plus 404 `PSA_ALG_STREAM_CIPHER` or `PSA_ALG_CHACHA20_POLY1305` as desired. 405- The legacy symbol `MBEDTLS_CCM_C` adds support for both cipher and AEAD, 406 whereas in PSA there are 2 different symbols: `PSA_WANT_ALG_CCM_STAR_NO_TAG` 407 and `PSA_WANT_ALG_CCM`, respectively. 408 409### Partial acceleration for CCM/GCM 410 411[This section depends on #8598 so it might be updated while that PR progresses.] 412 413In case legacy CCM/GCM algorithms are enabled, it is still possible to benefit 414from PSA acceleration of the underlying block cipher by enabling support for 415ECB mode (`PSA_WANT_ALG_ECB_NO_PADDING` + `MBEDTLS_PSA_ACCEL_ALG_ECB_NO_PADDING`) 416together with desired key type(s) (`PSA_WANT_KEY_TYPE_[AES|ARIA|CAMELLIA]` + 417`MBEDTLS_PSA_ACCEL_KEY_TYPE_[AES|ARIA|CAMELLIA]`). 418 419In such configurations it is possible to: 420 421- Use CCM and GCM via the PSA Crypto APIs. 422- Use CCM and GCM via legacy functions `mbedtls_[ccm|gcm]_xxx()` (but not the 423 legacy functions `mbedtls_cipher_xxx()`). 424- Disable legacy key types (`MBEDTLS_[AES|ARIA|CAMELLIA]_C`) if there is no 425 other dependency requiring them. 426 427ChaChaPoly has no such feature, so it requires full acceleration (key type + 428algorithm) in order to work with a driver. 429 430### CTR-DRBG 431 432The legacy CTR-DRBG module (enabled by `MBEDTLS_CTR_DRBG_C`) can also benefit 433from PSA acceleration if both of the following conditions are met: 434 435- The legacy AES module (`MBEDTLS_AES_C`) is not enabled and 436- AES is supported on the PSA side together with ECB mode, i.e. 437 `PSA_WANT_KEY_TYPE_AES` + `PSA_WANT_ALG_ECB_NO_PADDING`. 438 439### Disabling `MBEDTLS_CIPHER_C` 440 441It is possible to save code size by disabling MBEDTLS_CIPHER_C when all of the 442following conditions are met: 443 444- The application is not using the `mbedtls_cipher_` API. 445- In PSA, all unauthenticated (that is, non-AEAD) ciphers are either disabled or 446 fully accelerated (that is, all compatible key types are accelerated too). 447- Either TLS is disabled, or `MBEDTLS_USE_PSA_CRYPTO` is enabled. 448- `MBEDTLS_NIST_KW` is disabled. 449- `MBEDTLS_CMAC_C` is disabled. (Note: support for CMAC in PSA can be provided by 450 a driver.) 451 452In such a build, everything will work as usual except for the following: 453 454- Encryption/decryption functions from the PKCS5 and PKCS12 module will not be 455 available (only key derivation functions). 456- Parsing of PKCS5- or PKCS12-encrypted keys in PK parse will fail. 457 458Note: AEAD ciphers (CCM, GCM, ChachaPoly) do not have a dependency on 459MBEDTLS_CIPHER_C even when using the built-in implementations. 460 461If you also have some ciphers fully accelerated and the built-ins removed, see 462[Restrictions](#restrictions) for restrictions related to removing the built-ins. 463 464 465 466
