diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 478110425..346cbe683 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -8,7 +8,8 @@ on:
       - trying
   pull_request:
     branches:
-      - master
+      - mbedtls-3
+      - main
       - 'v0.*'
   merge_group:
 
diff --git a/README.md b/README.md
index 42f7bdac3..7b3450446 100644
--- a/README.md
+++ b/README.md
@@ -1,7 +1,12 @@
+> [!WARNING]
+> The state of this repertory is changed to maintenance. We will not accept any more feature requests. Please check [Change of status](#change-of-status) for details
+
+
 # mbedtls
 
 [![Build Status](https://travis-ci.com/fortanix/rust-mbedtls.svg?branch=master)](https://travis-ci.com/fortanix/rust-mbedtls)
 
+
 This is an idiomatic Rust wrapper for MbedTLS, allowing you to use MbedTLS with
 only safe code while being able to use such great Rust features like error
 handling and closures.
@@ -9,6 +14,24 @@ handling and closures.
 Additionally, building on MbedTLS's focus on embedded use, this crate can be
 used in a no_std environment.
 
+## Change of status
+
+We discovered that `mbedtls 3.X` is not thread safe and will not work properly with multiple threads.
+And the new PSA approach does not match our needs. So we now decided to stay on mbedtls `2.28.X`; and the state of this repertory is changed to maintenance. We will not accept any more feature requests.
+
+Old code of `mbedtls 3.X` on `master` branch has been moved to branch `mbedtls-3`.
+
+Related issue: [#320](https://github.com/fortanix/rust-mbedtls/issues/320)
+
+Reference links:
+
+- Design changes:
+  - https://lists.trustedfirmware.org/archives/list/mbed-tls@lists.trustedfirmware.org/message/RJ7YPNBNWUNW2ICQJ72H2JMKPDKGQOLT/
+- Bugs
+  - https://github.com/fortanix/rust-mbedtls/issues/301
+  - https://github.com/fortanix/rust-mbedtls/issues/293
+  - https://github.com/Mbed-TLS/mbedtls/issues/3263
+
 ## Building
 
 This crate depends on the mbedtls-sys-auto crate, see below for build details.
diff --git a/ci_tools.sh b/ci_tools.sh
index edffece12..4e212f920 100755
--- a/ci_tools.sh
+++ b/ci_tools.sh
@@ -49,6 +49,7 @@ download_cargo_nextest() {
 
 aarch64_cross_toolchain_hash=c8ee0e7fd58f5ec6811e3cec5fcdd8fc47cb2b49fb50e9d7717696ddb69c812547b5f389558f62dfbf9db7d6ad808a5a515cc466b8ea3e9ab3daeb20ba1adf33
 # save to directory that will be cached
+mkdir -p ${repo_root}/target
 aarch64_cross_toolchain_save_path=${repo_root}/target/aarch64-linux-musl-cross.tgz
 if [ "$TARGET" == "aarch64-unknown-linux-musl" ]; then
     if ! check_sha512 ${aarch64_cross_toolchain_hash} ${aarch64_cross_toolchain_save_path}; then