diff --git a/cmake/modules/FindmbedTLS.cmake b/cmake/modules/FindmbedTLS.cmake
index fed09b86c..9286e8e8d 100644
--- a/cmake/modules/FindmbedTLS.cmake
+++ b/cmake/modules/FindmbedTLS.cmake
@@ -26,8 +26,9 @@ SET(MBEDTLS_FIND_QUIETLY TRUE)
 FIND_LIBRARY(MBEDTLS_LIBRARY NAMES mbedtls libmbedtls libmbedx509)
 FIND_LIBRARY(MBEDX509_LIBRARY NAMES mbedx509 libmbedx509)
 FIND_LIBRARY(MBEDCRYPTO_LIBRARY NAMES mbedcrypto libmbedcrypto)
+FIND_LIBRARY(TFPSACRYPTO_LIBRARY NAMES libtfpsacrypto tfpsacrypto)
 
-IF(MBEDTLS_INCLUDE_DIR AND MBEDTLS_LIBRARY AND MBEDX509_LIBRARY AND MBEDCRYPTO_LIBRARY)
+IF(MBEDTLS_INCLUDE_DIR AND MBEDTLS_LIBRARY AND MBEDX509_LIBRARY AND (MBEDCRYPTO_LIBRARY OR TFPSACRYPTO_LIBRARY))
     SET(MBEDTLS_FOUND TRUE)
 ENDIF()
 
@@ -37,14 +38,24 @@ IF(MBEDTLS_FOUND)
     GET_FILENAME_COMPONENT(MBEDTLS_LIBRARY_FILE ${MBEDTLS_LIBRARY} NAME_WE)
     GET_FILENAME_COMPONENT(MBEDX509_LIBRARY_FILE ${MBEDX509_LIBRARY} NAME_WE)
     GET_FILENAME_COMPONENT(MBEDCRYPTO_LIBRARY_FILE ${MBEDCRYPTO_LIBRARY} NAME_WE)
+    GET_FILENAME_COMPONENT(TFPSACRYPTO_LIBRARY_FILE ${TFPSACRYPTO_LIBRARY} NAME_WE)
     STRING(REGEX REPLACE "^lib" "" MBEDTLS_LIBRARY_FILE ${MBEDTLS_LIBRARY_FILE})
     STRING(REGEX REPLACE "^lib" "" MBEDX509_LIBRARY_FILE ${MBEDX509_LIBRARY_FILE})
     STRING(REGEX REPLACE "^lib" "" MBEDCRYPTO_LIBRARY_FILE ${MBEDCRYPTO_LIBRARY_FILE})
+    STRING(REGEX REPLACE "^lib" "" TFPSACRYPTO_LIBRARY_FILE ${TFPSACRYPTO_LIBRARY_FILE})
+
+    if (NOT TFPSACRYPTO_LIBRARY_FILE STREQUAL "")
+        SET(MBEDTLS_CRYPTO_LIBRARY_FILE ${TFPSACRYPTO_LIBRARY_FILE})
+    elseif (NOT MBEDCRYPTO_LIBRARY_FILE STREQUAL "")
+        SET(MBEDTLS_CRYPTO_LIBRARY_FILE ${MBEDCRYPTO_LIBRARY_FILE})
+    else ()
+        MESSAGE(FATAL_ERROR "Could not find mbedTLS Crypto library")
+    endif()
 
     if (MSVC)
-        SET(MBEDTLS_LIBRARIES ${MBEDTLS_LIBRARY_FILE}.lib ${MBEDX509_LIBRARY_FILE}.lib ${MBEDCRYPTO_LIBRARY_FILE}.lib)
+        SET(MBEDTLS_LIBRARIES ${MBEDTLS_LIBRARY_FILE}.lib ${MBEDX509_LIBRARY_FILE}.lib ${MBEDTLS_CRYPTO_LIBRARY_FILE}.lib)
     else()
-        SET(MBEDTLS_LIBRARIES "-L${MBEDTLS_LIBRARY_DIR} -l${MBEDTLS_LIBRARY_FILE} -l${MBEDX509_LIBRARY_FILE} -l${MBEDCRYPTO_LIBRARY_FILE}")
+        SET(MBEDTLS_LIBRARIES "-L${MBEDTLS_LIBRARY_DIR} -l${MBEDTLS_LIBRARY_FILE} -l${MBEDX509_LIBRARY_FILE} -l${MBEDTLS_CRYPTO_LIBRARY_FILE}")
     endif()
 
     IF(NOT MBEDTLS_FIND_QUIETLY)
diff --git a/dist/macOS/Brewfile b/dist/macOS/Brewfile
index c520b0c7c..820d35ad6 100644
--- a/dist/macOS/Brewfile
+++ b/dist/macOS/Brewfile
@@ -1,4 +1,4 @@
-brew "mbedtls@3", link: true
+brew "mbedtls"
 brew "nlohmann-json"
 brew "cmake"
 brew "ccache"
diff --git a/lib/libimhex/source/helpers/crypto.cpp b/lib/libimhex/source/helpers/crypto.cpp
index 3d56128d6..0eef9828b 100644
--- a/lib/libimhex/source/helpers/crypto.cpp
+++ b/lib/libimhex/source/helpers/crypto.cpp
@@ -8,12 +8,24 @@
 
 #include <mbedtls/version.h>
 #include <mbedtls/base64.h>
-#include <mbedtls/bignum.h>
-#include <mbedtls/md5.h>
-#include <mbedtls/sha1.h>
-#include <mbedtls/sha256.h>
-#include <mbedtls/sha512.h>
-#include <mbedtls/cipher.h>
+
+#if MBEDTLS_VERSION_MAJOR >= 4
+    // TODO: We'll need to migrate to the new <psa/crypto.h> eventually. For now, just include the old stuff again
+    #define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
+    #include <mbedtls/private/bignum.h>
+    #include <mbedtls/private/md5.h>
+    #include <mbedtls/private/sha1.h>
+    #include <mbedtls/private/sha256.h>
+    #include <mbedtls/private/sha512.h>
+    #include <mbedtls/private/cipher.h>
+#else
+    #include <mbedtls/bignum.h>
+    #include <mbedtls/md5.h>
+    #include <mbedtls/sha1.h>
+    #include <mbedtls/sha256.h>
+    #include <mbedtls/sha512.h>
+    #include <mbedtls/cipher.h>
+#endif
 
 #include <array>
 #include <functional>
@@ -22,26 +34,6 @@
 #include <bit>
 #include <span>
 
-#if MBEDTLS_VERSION_MAJOR <= 2
-
-    #define mbedtls_md5_starts mbedtls_md5_starts_ret
-    #define mbedtls_md5_update mbedtls_md5_update_ret
-    #define mbedtls_md5_finish mbedtls_md5_finish_ret
-
-    #define mbedtls_sha1_starts mbedtls_sha1_starts_ret
-    #define mbedtls_sha1_update mbedtls_sha1_update_ret
-    #define mbedtls_sha1_finish mbedtls_sha1_finish_ret
-
-    #define mbedtls_sha256_starts mbedtls_sha256_starts_ret
-    #define mbedtls_sha256_update mbedtls_sha256_update_ret
-    #define mbedtls_sha256_finish mbedtls_sha256_finish_ret
-
-    #define mbedtls_sha512_starts mbedtls_sha512_starts_ret
-    #define mbedtls_sha512_update mbedtls_sha512_update_ret
-    #define mbedtls_sha512_finish mbedtls_sha512_finish_ret
-
-#endif
-
 namespace hex::crypt {
     using namespace std::placeholders;
 
diff --git a/lib/third_party/yara/crypto.h b/lib/third_party/yara/crypto.h
index f6cec99ee..4d2992029 100644
--- a/lib/third_party/yara/crypto.h
+++ b/lib/third_party/yara/crypto.h
@@ -117,9 +117,18 @@ typedef CC_SHA256_CTX yr_sha256_ctx;
 #define yr_sha256_final(digest, ctx)     CC_SHA256_Final(digest, ctx)
 
 #elif defined(HAVE_MBEDTLS)
-#include <mbedtls/md5.h>
-#include <mbedtls/sha1.h>
-#include <mbedtls/sha256.h>
+
+#include <mbedtls/version.h>
+#if MBEDTLS_VERSION_MAJOR >= 4
+  #define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
+  #include <mbedtls/private/md5.h>
+  #include <mbedtls/private/sha1.h>
+  #include <mbedtls/private/sha256.h>
+#else
+  #include <mbedtls/md5.h>
+  #include <mbedtls/sha1.h>
+  #include <mbedtls/sha256.h>
+#endif
 
 typedef mbedtls_md5_context yr_md5_ctx;
 typedef mbedtls_sha1_context yr_sha1_ctx;
diff --git a/plugins/builtin/source/content/data_processor_nodes/decode_nodes.cpp b/plugins/builtin/source/content/data_processor_nodes/decode_nodes.cpp
index cf31d12b5..f0d93e96b 100644
--- a/plugins/builtin/source/content/data_processor_nodes/decode_nodes.cpp
+++ b/plugins/builtin/source/content/data_processor_nodes/decode_nodes.cpp
@@ -4,8 +4,6 @@
 #include <hex/helpers/scaling.hpp>
 #include <hex/helpers/crypto.hpp>
 #include <hex/data_processor/node.hpp>
-
-#include <mbedtls/cipher.h>
 #include <mbedtls/error.h>
 
 #include <nlohmann/json.hpp>