Merge pull request #9808 from waleed-elmelegy-arm/add-iop-export-pub-key-complete

Add PSA interruptible export public-key complete API
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 1501240..19fa7e9 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -412,41 +412,71 @@
 # to define the test executables.
 #
 if(ENABLE_TESTING OR ENABLE_PROGRAMS)
-    file(GLOB MBEDTLS_TEST_HELPER_FILES
-         ${CMAKE_CURRENT_SOURCE_DIR}/tests/src/*.c
-         ${CMAKE_CURRENT_SOURCE_DIR}/tests/src/test_helpers/*.c)
-    add_library(mbedtls_test_helpers OBJECT ${MBEDTLS_TEST_HELPER_FILES})
-    set_base_compile_options(mbedtls_test_helpers)
-
+    file(GLOB MBEDTLS_TEST_FILES
+         ${MBEDTLS_FRAMEWORK_DIR}/tests/src/*.c
+         ${MBEDTLS_FRAMEWORK_DIR}/tests/src/drivers/*.c)
+    add_library(mbedtls_test OBJECT ${MBEDTLS_TEST_FILES})
+    set_base_compile_options(mbedtls_test)
     if(GEN_FILES)
         add_custom_command(
             OUTPUT
-                ${MBEDTLS_DIR}/tests/src/test_certs.h
-            WORKING_DIRECTORY
-                ${MBEDTLS_DIR}/tests
+                ${MBEDTLS_FRAMEWORK_DIR}/tests/src/test_keys.h
+            COMMAND
+                "${MBEDTLS_PYTHON_EXECUTABLE}"
+                "${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_test_keys.py"
+                "--output"
+                "${MBEDTLS_FRAMEWORK_DIR}/tests/src/test_keys.h"
+            DEPENDS
+                ${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_test_keys.py
+        )
+        add_custom_target(mbedtls_test_keys_header
+            DEPENDS ${MBEDTLS_FRAMEWORK_DIR}/tests/src/test_keys.h)
+        add_dependencies(mbedtls_test mbedtls_test_keys_header)
+    endif()
+    target_include_directories(mbedtls_test
+        PRIVATE ${MBEDTLS_FRAMEWORK_DIR}/tests/include
+        PRIVATE tests/include
+        PRIVATE include
+        PRIVATE tf-psa-crypto/include
+        PRIVATE tf-psa-crypto/drivers/builtin/include
+        PRIVATE tf-psa-crypto/drivers/everest/include
+        PRIVATE library
+        PRIVATE tf-psa-crypto/core
+        PRIVATE tf-psa-crypto/drivers/builtin/src)
+    # Request C11, needed for memory poisoning tests
+    set_target_properties(mbedtls_test PROPERTIES C_STANDARD 11)
+    set_config_files_compile_definitions(mbedtls_test)
+
+    file(GLOB MBEDTLS_TEST_HELPER_FILES
+         tests/src/*.c tests/src/test_helpers/*.c)
+    add_library(mbedtls_test_helpers OBJECT ${MBEDTLS_TEST_HELPER_FILES})
+    set_base_compile_options(mbedtls_test_helpers)
+    if(GEN_FILES)
+        add_custom_command(
+            OUTPUT
+                ${CMAKE_CURRENT_SOURCE_DIR}/tests/src/test_certs.h
             COMMAND
                 "${MBEDTLS_PYTHON_EXECUTABLE}"
                 "${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_test_cert_macros.py"
                 "--output"
-                "${MBEDTLS_DIR}/tests/src/test_certs.h"
+                "${CMAKE_CURRENT_SOURCE_DIR}/tests/src/test_certs.h"
             DEPENDS
                 ${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_test_cert_macros.py
         )
         add_custom_target(mbedtls_test_certs_header
-            DEPENDS ${MBEDTLS_DIR}/tests/src/test_certs.h)
+            DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/tests/src/test_certs.h)
         add_dependencies(mbedtls_test_helpers mbedtls_test_certs_header)
     endif()
-
     target_include_directories(mbedtls_test_helpers
-        PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/framework/tests/include
-        PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/tests/include
-        PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/include
-        PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/tf-psa-crypto/include
-        PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/tf-psa-crypto/drivers/builtin/include
-        PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/library
-        PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/tf-psa-crypto/core
-        PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/tf-psa-crypto/drivers/builtin/src
-        PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/tf-psa-crypto/drivers/everest/include)
+        PRIVATE ${MBEDTLS_FRAMEWORK_DIR}/tests/include
+        PRIVATE tests/include
+        PRIVATE include
+        PRIVATE tf-psa-crypto/include
+        PRIVATE tf-psa-crypto/drivers/builtin/include
+        PRIVATE library
+        PRIVATE tf-psa-crypto/core
+        PRIVATE tf-psa-crypto/drivers/builtin/src
+        PRIVATE tf-psa-crypto/drivers/everest/include)
 
     set_config_files_compile_definitions(mbedtls_test_helpers)
 endif()
diff --git a/Makefile b/Makefile
index ebe8492..20580bf 100644
--- a/Makefile
+++ b/Makefile
@@ -94,6 +94,8 @@
 # present before it runs. It doesn't matter if the files aren't up-to-date,
 # they just need to be present.
 $(VISUALC_FILES): | library/generated_files
+$(VISUALC_FILES): | programs/generated_files
+$(VISUALC_FILES): | tests/generated_files
 $(VISUALC_FILES): $(gen_file_dep) scripts/generate_visualc_files.pl
 $(VISUALC_FILES): $(gen_file_dep) scripts/data_files/vs2017-app-template.vcxproj
 $(VISUALC_FILES): $(gen_file_dep) scripts/data_files/vs2017-main-template.vcxproj
diff --git a/configs/ext/crypto_config_profile_medium.h b/configs/ext/crypto_config_profile_medium.h
index 2871c94..67de4c0 100644
--- a/configs/ext/crypto_config_profile_medium.h
+++ b/configs/ext/crypto_config_profile_medium.h
@@ -9,37 +9,149 @@
  * \brief PSA crypto configuration options (set of defines)
  *
  */
-#if defined(MBEDTLS_PSA_CRYPTO_CONFIG)
-/**
- * When #MBEDTLS_PSA_CRYPTO_CONFIG is enabled in mbedtls_config.h,
- * this file determines which cryptographic mechanisms are enabled
- * through the PSA Cryptography API (\c psa_xxx() functions).
- *
- * To enable a cryptographic mechanism, uncomment the definition of
- * the corresponding \c PSA_WANT_xxx preprocessor symbol.
- * To disable a cryptographic mechanism, comment out the definition of
- * the corresponding \c PSA_WANT_xxx preprocessor symbol.
- * The names of cryptographic mechanisms correspond to values
- * defined in psa/crypto_values.h, with the prefix \c PSA_WANT_ instead
- * of \c PSA_.
- *
- * Note that many cryptographic mechanisms involve two symbols: one for
- * the key type (\c PSA_WANT_KEY_TYPE_xxx) and one for the algorithm
- * (\c PSA_WANT_ALG_xxx). Mechanisms with additional parameters may involve
- * additional symbols.
- */
-#else
-/**
- * When \c MBEDTLS_PSA_CRYPTO_CONFIG is disabled in mbedtls_config.h,
- * this file is not used, and cryptographic mechanisms are supported
- * through the PSA API if and only if they are supported through the
- * mbedtls_xxx API.
- */
-#endif
 
 #ifndef PROFILE_M_PSA_CRYPTO_CONFIG_H
 #define PROFILE_M_PSA_CRYPTO_CONFIG_H
 
+/**
+ * \name SECTION: Platform abstraction layer
+ *
+ * This section sets platform specific settings.
+ * \{
+ */
+
+/**
+ * \def MBEDTLS_MEMORY_BUFFER_ALLOC_C
+ *
+ * Enable the buffer allocator implementation that makes use of a (stack)
+ * based buffer to 'allocate' dynamic memory. (replaces calloc() and free()
+ * calls)
+ *
+ * Module:  library/memory_buffer_alloc.c
+ *
+ * Requires: MBEDTLS_PLATFORM_C
+ *           MBEDTLS_PLATFORM_MEMORY (to use it within Mbed TLS)
+ *
+ * Enable this module to enable the buffer memory allocator.
+ */
+#define MBEDTLS_MEMORY_BUFFER_ALLOC_C
+
+/**
+ * \def MBEDTLS_PLATFORM_C
+ *
+ * Enable the platform abstraction layer that allows you to re-assign
+ * functions like calloc(), free(), snprintf(), printf(), fprintf(), exit().
+ *
+ * Enabling MBEDTLS_PLATFORM_C enables to use of MBEDTLS_PLATFORM_XXX_ALT
+ * or MBEDTLS_PLATFORM_XXX_MACRO directives, allowing the functions mentioned
+ * above to be specified at runtime or compile time respectively.
+ *
+ * \note This abstraction layer must be enabled on Windows (including MSYS2)
+ * as other modules rely on it for a fixed snprintf implementation.
+ *
+ * Module:  library/platform.c
+ * Caller:  Most other .c files
+ *
+ * This module enables abstraction of common (libc) functions.
+ */
+#define MBEDTLS_PLATFORM_C
+
+/**
+ * \def MBEDTLS_PLATFORM_MEMORY
+ *
+ * Enable the memory allocation layer.
+ *
+ * By default Mbed TLS uses the system-provided calloc() and free().
+ * This allows different allocators (self-implemented or provided) to be
+ * provided to the platform abstraction layer.
+ *
+ * Enabling #MBEDTLS_PLATFORM_MEMORY without the
+ * MBEDTLS_PLATFORM_{FREE,CALLOC}_MACROs will provide
+ * "mbedtls_platform_set_calloc_free()" allowing you to set an alternative calloc() and
+ * free() function pointer at runtime.
+ *
+ * Enabling #MBEDTLS_PLATFORM_MEMORY and specifying
+ * MBEDTLS_PLATFORM_{CALLOC,FREE}_MACROs will allow you to specify the
+ * alternate function at compile time.
+ *
+ * An overview of how the value of mbedtls_calloc is determined:
+ *
+ * - if !MBEDTLS_PLATFORM_MEMORY
+ *     - mbedtls_calloc = calloc
+ * - if MBEDTLS_PLATFORM_MEMORY
+ *     - if (MBEDTLS_PLATFORM_CALLOC_MACRO && MBEDTLS_PLATFORM_FREE_MACRO):
+ *         - mbedtls_calloc = MBEDTLS_PLATFORM_CALLOC_MACRO
+ *     - if !(MBEDTLS_PLATFORM_CALLOC_MACRO && MBEDTLS_PLATFORM_FREE_MACRO):
+ *         - Dynamic setup via mbedtls_platform_set_calloc_free is now possible with a default value MBEDTLS_PLATFORM_STD_CALLOC.
+ *         - How is MBEDTLS_PLATFORM_STD_CALLOC handled?
+ *         - if MBEDTLS_PLATFORM_NO_STD_FUNCTIONS:
+ *             - MBEDTLS_PLATFORM_STD_CALLOC is not set to anything;
+ *             - MBEDTLS_PLATFORM_STD_MEM_HDR can be included if present;
+ *         - if !MBEDTLS_PLATFORM_NO_STD_FUNCTIONS:
+ *             - if MBEDTLS_PLATFORM_STD_CALLOC is present:
+ *                 - User-defined MBEDTLS_PLATFORM_STD_CALLOC is respected;
+ *             - if !MBEDTLS_PLATFORM_STD_CALLOC:
+ *                 - MBEDTLS_PLATFORM_STD_CALLOC = calloc
+ *
+ *         - At this point the presence of MBEDTLS_PLATFORM_STD_CALLOC is checked.
+ *         - if !MBEDTLS_PLATFORM_STD_CALLOC
+ *             - MBEDTLS_PLATFORM_STD_CALLOC = uninitialized_calloc
+ *
+ *         - mbedtls_calloc = MBEDTLS_PLATFORM_STD_CALLOC.
+ *
+ * Defining MBEDTLS_PLATFORM_CALLOC_MACRO and #MBEDTLS_PLATFORM_STD_CALLOC at the same time is not possible.
+ * MBEDTLS_PLATFORM_CALLOC_MACRO and MBEDTLS_PLATFORM_FREE_MACRO must both be defined or undefined at the same time.
+ * #MBEDTLS_PLATFORM_STD_CALLOC and #MBEDTLS_PLATFORM_STD_FREE do not have to be defined at the same time, as, if they are used,
+ * dynamic setup of these functions is possible. See the tree above to see how are they handled in all cases.
+ * An uninitialized #MBEDTLS_PLATFORM_STD_CALLOC always fails, returning a null pointer.
+ * An uninitialized #MBEDTLS_PLATFORM_STD_FREE does not do anything.
+ *
+ * Requires: MBEDTLS_PLATFORM_C
+ *
+ * Enable this layer to allow use of alternative memory allocators.
+ */
+#define MBEDTLS_PLATFORM_MEMORY
+
+/**
+ * \def MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
+ *
+ * Do not assign standard functions in the platform layer (e.g. calloc() to
+ * MBEDTLS_PLATFORM_STD_CALLOC and printf() to MBEDTLS_PLATFORM_STD_PRINTF)
+ *
+ * This makes sure there are no linking errors on platforms that do not support
+ * these functions. You will HAVE to provide alternatives, either at runtime
+ * via the platform_set_xxx() functions or at compile time by setting
+ * the MBEDTLS_PLATFORM_STD_XXX defines, or enabling a
+ * MBEDTLS_PLATFORM_XXX_MACRO.
+ *
+ * Requires: MBEDTLS_PLATFORM_C
+ *
+ * Uncomment to prevent default assignment of standard functions in the
+ * platform layer.
+ */
+#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
+
+#define MBEDTLS_PLATFORM_PRINTF_ALT
+
+/* To use the following function macros, MBEDTLS_PLATFORM_C must be enabled. */
+/* MBEDTLS_PLATFORM_XXX_MACRO and MBEDTLS_PLATFORM_XXX_ALT cannot both be defined */
+
+#include <stdio.h>
+
+#define MBEDTLS_PLATFORM_SNPRINTF_MACRO    snprintf
+#define MBEDTLS_PLATFORM_STD_EXIT_FAILURE  EXIT_FAILURE
+#define MBEDTLS_PLATFORM_STD_EXIT_SUCCESS  EXIT_SUCCESS
+
+#define MBEDTLS_PLATFORM_STD_MEM_HDR   <stdlib.h>
+
+/** \} name SECTION: Platform abstraction layer */
+
+/**
+ * \name SECTION: SECTION Cryptographic mechanism selection (PSA API)
+ *
+ * This section sets PSA API settings.
+ * \{
+ */
 /*
  * CBC-MAC is not yet supported via the PSA API in Mbed TLS.
  */
@@ -125,6 +237,406 @@
 #define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE 1
 //#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE   1
 
+/** \} name SECTION Cryptographic mechanism selection (PSA API) */
+
+/**
+ * \name SECTION: PSA core
+ *
+ * This section sets PSA specific settings.
+ * \{
+ */
+
+/**
+ * \def MBEDTLS_ENTROPY_C
+ *
+ * Enable the platform-specific entropy code.
+ *
+ * Module:  library/entropy.c
+ * Caller:
+ *
+ * Requires: MBEDTLS_SHA512_C or MBEDTLS_SHA256_C
+ *
+ * This module provides a generic entropy pool
+ */
+#define MBEDTLS_ENTROPY_C
+
+/**
+ * \def MBEDTLS_ENTROPY_NV_SEED
+ *
+ * Enable the non-volatile (NV) seed file-based entropy source.
+ * (Also enables the NV seed read/write functions in the platform layer)
+ *
+ * This is crucial (if not required) on systems that do not have a
+ * cryptographic entropy source (in hardware or kernel) available.
+ *
+ * Requires: MBEDTLS_ENTROPY_C, MBEDTLS_PLATFORM_C
+ *
+ * \note The read/write functions that are used by the entropy source are
+ *       determined in the platform layer, and can be modified at runtime and/or
+ *       compile-time depending on the flags (MBEDTLS_PLATFORM_NV_SEED_*) used.
+ *
+ * \note If you use the default implementation functions that read a seedfile
+ *       with regular fopen(), please make sure you make a seedfile with the
+ *       proper name (defined in MBEDTLS_PLATFORM_STD_NV_SEED_FILE) and at
+ *       least MBEDTLS_ENTROPY_BLOCK_SIZE bytes in size that can be read from
+ *       and written to or you will get an entropy source error! The default
+ *       implementation will only use the first MBEDTLS_ENTROPY_BLOCK_SIZE
+ *       bytes from the file.
+ *
+ * \note The entropy collector will write to the seed file before entropy is
+ *       given to an external source, to update it.
+ */
+#define MBEDTLS_ENTROPY_NV_SEED
+
+/**
+ * \def MBEDTLS_NO_PLATFORM_ENTROPY
+ *
+ * Do not use built-in platform entropy functions.
+ * This is useful if your platform does not support
+ * standards like the /dev/urandom or Windows CryptoAPI.
+ *
+ * Uncomment this macro to disable the built-in platform entropy functions.
+ */
+#define MBEDTLS_NO_PLATFORM_ENTROPY
+
+/**
+ * \def MBEDTLS_PSA_CRYPTO_C
+ *
+ * Enable the Platform Security Architecture cryptography API.
+ *
+ * Module:  library/psa_crypto.c
+ *
+ * Requires: either MBEDTLS_CTR_DRBG_C and MBEDTLS_ENTROPY_C,
+ *           or MBEDTLS_HMAC_DRBG_C and MBEDTLS_ENTROPY_C,
+ *           or MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG.
+ * Auto-enables: MBEDTLS_CIPHER_C if any unauthenticated (ie, non-AEAD) cipher
+ *               is enabled in PSA (unless it's fully accelerated, see
+ *               docs/driver-only-builds.md about that).
+ */
+#define MBEDTLS_PSA_CRYPTO_C
+
+/**
+ * \def MBEDTLS_PSA_CRYPTO_SPM
+ *
+ * When MBEDTLS_PSA_CRYPTO_SPM is defined, the code is built for SPM (Secure
+ * Partition Manager) integration which separates the code into two parts: a
+ * NSPE (Non-Secure Process Environment) and an SPE (Secure Process
+ * Environment).
+ *
+ * If you enable this option, your build environment must include a header
+ * file `"crypto_spe.h"` (either in the `psa` subdirectory of the Mbed TLS
+ * header files, or in another directory on the compiler's include search
+ * path). Alternatively, your platform may customize the header
+ * `psa/crypto_platform.h`, in which case it can skip or replace the
+ * inclusion of `"crypto_spe.h"`.
+ *
+ * Module:  library/psa_crypto.c
+ * Requires: MBEDTLS_PSA_CRYPTO_C
+ *
+ */
+#define MBEDTLS_PSA_CRYPTO_SPM
+
+/**
+ * \def MBEDTLS_PSA_CRYPTO_STORAGE_C
+ *
+ * Enable the Platform Security Architecture persistent key storage.
+ *
+ * Module:  library/psa_crypto_storage.c
+ *
+ * Requires: MBEDTLS_PSA_CRYPTO_C,
+ *           either MBEDTLS_PSA_ITS_FILE_C or a native implementation of
+ *           the PSA ITS interface
+ */
+#define MBEDTLS_PSA_CRYPTO_STORAGE_C
+
+/** \} name SECTION: PSA core */
+
+/**
+ * \name SECTION: Builtin drivers
+ *
+ * This section sets driver specific settings.
+ * \{
+ */
+
+/**
+ * \def MBEDTLS_AES_ROM_TABLES
+ *
+ * Use precomputed AES tables stored in ROM.
+ *
+ * Uncomment this macro to use precomputed AES tables stored in ROM.
+ * Comment this macro to generate AES tables in RAM at runtime.
+ *
+ * Tradeoff: Using precomputed ROM tables reduces RAM usage by ~8kb
+ * (or ~2kb if \c MBEDTLS_AES_FEWER_TABLES is used) and reduces the
+ * initialization time before the first AES operation can be performed.
+ * It comes at the cost of additional ~8kb ROM use (resp. ~2kb if \c
+ * MBEDTLS_AES_FEWER_TABLES below is used), and potentially degraded
+ * performance if ROM access is slower than RAM access.
+ *
+ * This option is independent of \c MBEDTLS_AES_FEWER_TABLES.
+ */
+#define MBEDTLS_AES_ROM_TABLES
+
+/**
+ * \def MBEDTLS_AES_FEWER_TABLES
+ *
+ * Use less ROM/RAM for AES tables.
+ *
+ * Uncommenting this macro omits 75% of the AES tables from
+ * ROM / RAM (depending on the value of \c MBEDTLS_AES_ROM_TABLES)
+ * by computing their values on the fly during operations
+ * (the tables are entry-wise rotations of one another).
+ *
+ * Tradeoff: Uncommenting this reduces the RAM / ROM footprint
+ * by ~6kb but at the cost of more arithmetic operations during
+ * runtime. Specifically, one has to compare 4 accesses within
+ * different tables to 4 accesses with additional arithmetic
+ * operations within the same table. The performance gain/loss
+ * depends on the system and memory details.
+ *
+ * This option is independent of \c MBEDTLS_AES_ROM_TABLES.
+ */
+#define MBEDTLS_AES_FEWER_TABLES
+
+/**
+ * \def MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+ *
+ * Use only 128-bit keys in AES operations to save ROM.
+ *
+ * Uncomment this macro to remove support for AES operations that use 192-
+ * or 256-bit keys.
+ *
+ * Uncommenting this macro reduces the size of AES code by ~300 bytes
+ * on v8-M/Thumb2.
+ *
+ * Module:  library/aes.c
+ *
+ * Requires: MBEDTLS_AES_C
+ */
+#define MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+
+/**
+ * \def MBEDTLS_ECP_NIST_OPTIM
+ *
+ * Enable specific 'modulo p' routines for each NIST prime.
+ * Depending on the prime and architecture, makes operations 4 to 8 times
+ * faster on the corresponding curve.
+ *
+ * Comment this macro to disable NIST curves optimisation.
+ */
+#define MBEDTLS_ECP_NIST_OPTIM
+
+/**
+ * \def MBEDTLS_HAVE_ASM
+ *
+ * The compiler has support for asm().
+ *
+ * Requires support for asm() in compiler.
+ *
+ * Used in:
+ *      library/aesni.h
+ *      library/aria.c
+ *      library/bn_mul.h
+ *      library/constant_time.c
+ *
+ * Required by:
+ *      MBEDTLS_AESCE_C
+ *      MBEDTLS_AESNI_C (on some platforms)
+ *
+ * Comment to disable the use of assembly code.
+ */
+#define MBEDTLS_HAVE_ASM
+
+/**
+ * Uncomment to enable p256-m. This is an alternative implementation of
+ * key generation, ECDH and (randomized) ECDSA on the curve SECP256R1.
+ * Compared to the default implementation:
+ *
+ * - p256-m has a much smaller code size and RAM footprint.
+ * - p256-m is only available via the PSA API. This includes the pk module.
+ * - p256-m does not support deterministic ECDSA, EC-JPAKE, custom protocols
+ *   over the core arithmetic, or deterministic derivation of keys.
+ *
+ * We recommend enabling this option if your application uses the PSA API
+ * and the only elliptic curve support it needs is ECDH and ECDSA over
+ * SECP256R1.
+ *
+ * If you enable this option, you do not need to enable any ECC-related
+ * MBEDTLS_xxx option. You do need to separately request support for the
+ * cryptographic mechanisms through the PSA API:
+ * - #MBEDTLS_PSA_CRYPTO_C for PSA-based configuration;
+ * - #PSA_WANT_ECC_SECP_R1_256;
+ * - #PSA_WANT_ALG_ECDH and/or #PSA_WANT_ALG_ECDSA as needed;
+ * - #PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY, #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC,
+ *   #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT,
+ *   #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT and/or
+ *   #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE as needed.
+ *
+ * \note To benefit from the smaller code size of p256-m, make sure that you
+ *       do not enable any ECC-related option not supported by p256-m: this
+ *       would cause the built-in ECC implementation to be built as well, in
+ *       order to provide the required option.
+ *       Make sure #PSA_WANT_ALG_DETERMINISTIC_ECDSA, #PSA_WANT_ALG_JPAKE and
+ *       #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE, and curves other than
+ *       SECP256R1 are disabled as they are not supported by this driver.
+ *       Also, avoid defining #MBEDTLS_PK_PARSE_EC_COMPRESSED or
+ *       #MBEDTLS_PK_PARSE_EC_EXTENDED as those currently require a subset of
+ *       the built-in ECC implementation, see docs/driver-only-builds.md.
+ */
+#define MBEDTLS_PSA_P256M_DRIVER_ENABLED
+
+/**
+ * \def MBEDTLS_SHA256_SMALLER
+ *
+ * Enable an implementation of SHA-256 that has lower ROM footprint but also
+ * lower performance.
+ *
+ * The default implementation is meant to be a reasonable compromise between
+ * performance and size. This version optimizes more aggressively for size at
+ * the expense of performance. Eg on Cortex-M4 it reduces the size of
+ * mbedtls_sha256_process() from ~2KB to ~0.5KB for a performance hit of about
+ * 30%.
+ *
+ * Uncomment to enable the smaller implementation of SHA256.
+ */
+#define MBEDTLS_SHA256_SMALLER
+
+/* ECP options */
+#define MBEDTLS_ECP_FIXED_POINT_OPTIM        0 /**< Disable fixed-point speed-up */
+
+/** \} name SECTION: Builtin drivers */
+
+/**
+ * \name SECTION: Legacy cryptography
+ *
+ * This section sets legacy settings.
+ * \{
+ */
+
+/**
+ * \def MBEDTLS_AES_C
+ *
+ * Enable the AES block cipher.
+ *
+ * Module:  library/aes.c
+ * Caller:  library/cipher.c
+ *          library/pem.c
+ *          library/ctr_drbg.c
+ *
+ * This module enables the following ciphersuites (if other requisites are
+ * enabled as well):
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA
+ *
+ * PEM_PARSE uses AES for decrypting encrypted keys.
+ */
+#define MBEDTLS_AES_C
+
+/**
+ * \def MBEDTLS_CIPHER_C
+ *
+ * Enable the generic cipher layer.
+ *
+ * Module:  library/cipher.c
+ * Caller:  library/ccm.c
+ *          library/cmac.c
+ *          library/gcm.c
+ *          library/nist_kw.c
+ *          library/pkcs12.c
+ *          library/pkcs5.c
+ *          library/psa_crypto_aead.c
+ *          library/psa_crypto_mac.c
+ *          library/ssl_ciphersuites.c
+ *          library/ssl_msg.c
+ * Auto-enabled by: MBEDTLS_PSA_CRYPTO_C depending on which ciphers are enabled
+ *                  (see the documentation of that option for details).
+ *
+ * Uncomment to enable generic cipher wrappers.
+ */
+#define MBEDTLS_CIPHER_C
+
+/**
+ * \def MBEDTLS_CTR_DRBG_C
+ *
+ * Enable the CTR_DRBG AES-based random generator.
+ * The CTR_DRBG generator uses AES-256 by default.
+ * To use AES-128 instead, enable \c MBEDTLS_CTR_DRBG_USE_128_BIT_KEY above.
+ *
+ * AES support can either be achieved through builtin (MBEDTLS_AES_C) or PSA.
+ * Builtin is the default option when MBEDTLS_AES_C is defined otherwise PSA
+ * is used.
+ *
+ * \warning When using PSA, the user should call `psa_crypto_init()` before
+ *          using any CTR_DRBG operation (except `mbedtls_ctr_drbg_init()`).
+ *
+ * \note AES-128 will be used if \c MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH is set.
+ *
+ * \note To achieve a 256-bit security strength with CTR_DRBG,
+ *       you must use AES-256 *and* use sufficient entropy.
+ *       See ctr_drbg.h for more details.
+ *
+ * Module:  library/ctr_drbg.c
+ * Caller:
+ *
+ * Requires: MBEDTLS_AES_C or
+ *           (PSA_WANT_KEY_TYPE_AES and PSA_WANT_ALG_ECB_NO_PADDING and
+ *            MBEDTLS_PSA_CRYPTO_C)
+ *
+ * This module provides the CTR_DRBG AES random number generator.
+ */
+#define MBEDTLS_CTR_DRBG_C
+/** \} name SECTION: Legacy cryptography */
+
 /***********************************************************/
 /* Tweak the configuration to remove dependencies on TF-M. */
 /***********************************************************/
@@ -178,6 +690,14 @@
  * to reduce code size further. */
 #undef MBEDTLS_CIPHER_C
 
+#if CRYPTO_NV_SEED
+#include "tfm_mbedcrypto_config_extra_nv_seed.h"
+#endif /* CRYPTO_NV_SEED */
+
+#if !defined(CRYPTO_HW_ACCELERATOR) && defined(MBEDTLS_ENTROPY_NV_SEED)
+#include "mbedtls_entropy_nv_seed_config.h"
+#endif
+
 #ifdef CRYPTO_HW_ACCELERATOR
 #include "crypto_accelerator_config.h"
 #endif
diff --git a/configs/ext/tfm_mbedcrypto_config_profile_medium.h b/configs/ext/tfm_mbedcrypto_config_profile_medium.h
index 8ef28ee..ee62cf6 100644
--- a/configs/ext/tfm_mbedcrypto_config_profile_medium.h
+++ b/configs/ext/tfm_mbedcrypto_config_profile_medium.h
@@ -36,385 +36,6 @@
 #endif
 
 /**
- * \name SECTION: System support
- *
- * This section sets system specific settings.
- * \{
- */
-
-/**
- * \def MBEDTLS_HAVE_ASM
- *
- * The compiler has support for asm().
- *
- * Requires support for asm() in compiler.
- *
- * Used in:
- *      library/aria.c
- *      library/timing.c
- *      include/mbedtls/bn_mul.h
- *
- * Required by:
- *      MBEDTLS_AESNI_C
- *
- * Comment to disable the use of assembly code.
- */
-#define MBEDTLS_HAVE_ASM
-
-/**
- * \def MBEDTLS_PLATFORM_MEMORY
- *
- * Enable the memory allocation layer.
- *
- * By default mbed TLS uses the system-provided calloc() and free().
- * This allows different allocators (self-implemented or provided) to be
- * provided to the platform abstraction layer.
- *
- * Enabling MBEDTLS_PLATFORM_MEMORY without the
- * MBEDTLS_PLATFORM_{FREE,CALLOC}_MACROs will provide
- * "mbedtls_platform_set_calloc_free()" allowing you to set an alternative calloc() and
- * free() function pointer at runtime.
- *
- * Enabling MBEDTLS_PLATFORM_MEMORY and specifying
- * MBEDTLS_PLATFORM_{CALLOC,FREE}_MACROs will allow you to specify the
- * alternate function at compile time.
- *
- * Requires: MBEDTLS_PLATFORM_C
- *
- * Enable this layer to allow use of alternative memory allocators.
- */
-#define MBEDTLS_PLATFORM_MEMORY
-
-/* \} name SECTION: System support */
-
-/**
- * \name SECTION: mbed TLS feature support
- *
- * This section sets support for features that are or are not needed
- * within the modules that are enabled.
- * \{
- */
-
-/**
- * \def MBEDTLS_AES_ROM_TABLES
- *
- * Use precomputed AES tables stored in ROM.
- *
- * Uncomment this macro to use precomputed AES tables stored in ROM.
- * Comment this macro to generate AES tables in RAM at runtime.
- *
- * Tradeoff: Using precomputed ROM tables reduces RAM usage by ~8kb
- * (or ~2kb if \c MBEDTLS_AES_FEWER_TABLES is used) and reduces the
- * initialization time before the first AES operation can be performed.
- * It comes at the cost of additional ~8kb ROM use (resp. ~2kb if \c
- * MBEDTLS_AES_FEWER_TABLES below is used), and potentially degraded
- * performance if ROM access is slower than RAM access.
- *
- * This option is independent of \c MBEDTLS_AES_FEWER_TABLES.
- *
- */
-#define MBEDTLS_AES_ROM_TABLES
-
-/**
- * \def MBEDTLS_AES_FEWER_TABLES
- *
- * Use less ROM/RAM for AES tables.
- *
- * Uncommenting this macro omits 75% of the AES tables from
- * ROM / RAM (depending on the value of \c MBEDTLS_AES_ROM_TABLES)
- * by computing their values on the fly during operations
- * (the tables are entry-wise rotations of one another).
- *
- * Tradeoff: Uncommenting this reduces the RAM / ROM footprint
- * by ~6kb but at the cost of more arithmetic operations during
- * runtime. Specifically, one has to compare 4 accesses within
- * different tables to 4 accesses with additional arithmetic
- * operations within the same table. The performance gain/loss
- * depends on the system and memory details.
- *
- * This option is independent of \c MBEDTLS_AES_ROM_TABLES.
- *
- */
-#define MBEDTLS_AES_FEWER_TABLES
-
-/**
- * \def MBEDTLS_ECP_NIST_OPTIM
- *
- * Enable specific 'modulo p' routines for each NIST prime.
- * Depending on the prime and architecture, makes operations 4 to 8 times
- * faster on the corresponding curve.
- *
- * Comment this macro to disable NIST curves optimisation.
- */
-#define MBEDTLS_ECP_NIST_OPTIM
-
-/**
- * \def MBEDTLS_NO_PLATFORM_ENTROPY
- *
- * Do not use built-in platform entropy functions.
- * This is useful if your platform does not support
- * standards like the /dev/urandom or Windows CryptoAPI.
- *
- * Uncomment this macro to disable the built-in platform entropy functions.
- */
-#define MBEDTLS_NO_PLATFORM_ENTROPY
-
-/**
- * \def MBEDTLS_ENTROPY_NV_SEED
- *
- * Enable the non-volatile (NV) seed file-based entropy source.
- * (Also enables the NV seed read/write functions in the platform layer)
- *
- * This is crucial (if not required) on systems that do not have a
- * cryptographic entropy source (in hardware or kernel) available.
- *
- * Requires: MBEDTLS_ENTROPY_C, MBEDTLS_PLATFORM_C
- *
- * \note The read/write functions that are used by the entropy source are
- *       determined in the platform layer, and can be modified at runtime and/or
- *       compile-time depending on the flags (MBEDTLS_PLATFORM_NV_SEED_*) used.
- *
- * \note If you use the default implementation functions that read a seedfile
- *       with regular fopen(), please make sure you make a seedfile with the
- *       proper name (defined in MBEDTLS_PLATFORM_STD_NV_SEED_FILE) and at
- *       least MBEDTLS_ENTROPY_BLOCK_SIZE bytes in size that can be read from
- *       and written to or you will get an entropy source error! The default
- *       implementation will only use the first MBEDTLS_ENTROPY_BLOCK_SIZE
- *       bytes from the file.
- *
- * \note The entropy collector will write to the seed file before entropy is
- *       given to an external source, to update it.
- */
-#define MBEDTLS_ENTROPY_NV_SEED
-
-/**
- * \def MBEDTLS_PSA_CRYPTO_SPM
- *
- * When MBEDTLS_PSA_CRYPTO_SPM is defined, the code is built for SPM (Secure
- * Partition Manager) integration which separates the code into two parts: a
- * NSPE (Non-Secure Process Environment) and an SPE (Secure Process
- * Environment).
- *
- * Module:  library/psa_crypto.c
- * Requires: MBEDTLS_PSA_CRYPTO_C
- *
- */
-#define MBEDTLS_PSA_CRYPTO_SPM
-
-/**
- * \def MBEDTLS_SHA256_SMALLER
- *
- * Enable an implementation of SHA-256 that has lower ROM footprint but also
- * lower performance.
- *
- * The default implementation is meant to be a reasonnable compromise between
- * performance and size. This version optimizes more aggressively for size at
- * the expense of performance. Eg on Cortex-M4 it reduces the size of
- * mbedtls_sha256_process() from ~2KB to ~0.5KB for a performance hit of about
- * 30%.
- *
- * Uncomment to enable the smaller implementation of SHA256.
- */
-#define MBEDTLS_SHA256_SMALLER
-
-/**
- * \def MBEDTLS_PSA_CRYPTO_CONFIG
- *
- * This setting allows support for cryptographic mechanisms through the PSA
- * API to be configured separately from support through the mbedtls API.
- *
- * When this option is disabled, the PSA API exposes the cryptographic
- * mechanisms that can be implemented on top of the `mbedtls_xxx` API
- * configured with `MBEDTLS_XXX` symbols.
- *
- * When this option is enabled, the PSA API exposes the cryptographic
- * mechanisms requested by the `PSA_WANT_XXX` symbols defined in
- * include/psa/crypto_config.h. The corresponding `MBEDTLS_XXX` settings are
- * automatically enabled if required (i.e. if no PSA driver provides the
- * mechanism). You may still freely enable additional `MBEDTLS_XXX` symbols
- * in mbedtls_config.h.
- *
- * If the symbol #TF_PSA_CRYPTO_CONFIG_FILE is defined, it specifies
- * an alternative header to include instead of include/psa/crypto_config.h.
- *
- * This feature is still experimental and is not ready for production since
- * it is not completed.
- */
-#define MBEDTLS_PSA_CRYPTO_CONFIG
-
-/* \} name SECTION: mbed TLS feature support */
-
-/**
- * \name SECTION: mbed TLS modules
- *
- * This section enables or disables entire modules in mbed TLS
- * \{
- */
-
-/**
- * \def MBEDTLS_AES_C
- *
- * Enable the AES block cipher.
- *
- * Module:  library/aes.c
- * Caller:  library/cipher.c
- *          library/pem.c
- *          library/ctr_drbg.c
- *
- * This module is required to support the TLS ciphersuites that use the AES
- * cipher.
- *
- * PEM_PARSE uses AES for decrypting encrypted keys.
- */
-#define MBEDTLS_AES_C
-
-/**
- * \def MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
- *
- * Use only 128-bit keys in AES operations to save ROM.
- *
- * Uncomment this macro to remove support for AES operations that use 192-
- * or 256-bit keys.
- *
- * Uncommenting this macro reduces the size of AES code by ~300 bytes
- * on v8-M/Thumb2.
- *
- * Module:  library/aes.c
- *
- * Requires: MBEDTLS_AES_C
- */
-#define MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
-
-/**
- * \def MBEDTLS_CIPHER_C
- *
- * Enable the generic cipher layer.
- *
- * Module:  library/cipher.c
- *
- * Uncomment to enable generic cipher wrappers.
- */
-#define MBEDTLS_CIPHER_C
-
-/**
- * \def MBEDTLS_CTR_DRBG_C
- *
- * Enable the CTR_DRBG AES-based random generator.
- * The CTR_DRBG generator uses AES-256 by default.
- * To use AES-128 instead, enable MBEDTLS_CTR_DRBG_USE_128_BIT_KEY below.
- *
- * Module:  library/ctr_drbg.c
- * Caller:
- *
- * Requires: MBEDTLS_AES_C
- *
- * This module provides the CTR_DRBG AES random number generator.
- */
-#define MBEDTLS_CTR_DRBG_C
-
-/**
- * \def MBEDTLS_ENTROPY_C
- *
- * Enable the platform-specific entropy code.
- *
- * Module:  library/entropy.c
- * Caller:
- *
- * Requires: MBEDTLS_SHA512_C or MBEDTLS_SHA256_C
- *
- * This module provides a generic entropy pool
- */
-#define MBEDTLS_ENTROPY_C
-
-/**
- * \def MBEDTLS_HKDF_C
- *
- * Enable the HKDF algorithm (RFC 5869).
- *
- * Module:  library/hkdf.c
- * Caller:
- *
- * Requires: MBEDTLS_MD_C
- *
- * This module adds support for the Hashed Message Authentication Code
- * (HMAC)-based key derivation function (HKDF).
- */
-//#define MBEDTLS_HKDF_C /* Used for HUK deriviation */
-
-/**
- * \def MBEDTLS_MEMORY_BUFFER_ALLOC_C
- *
- * Enable the buffer allocator implementation that makes use of a (stack)
- * based buffer to 'allocate' dynamic memory. (replaces calloc() and free()
- * calls)
- *
- * Module:  library/memory_buffer_alloc.c
- *
- * Requires: MBEDTLS_PLATFORM_C
- *           MBEDTLS_PLATFORM_MEMORY (to use it within mbed TLS)
- *
- * Enable this module to enable the buffer memory allocator.
- */
-#define MBEDTLS_MEMORY_BUFFER_ALLOC_C
-
-/**
- * \def MBEDTLS_PLATFORM_C
- *
- * Enable the platform abstraction layer that allows you to re-assign
- * functions like calloc(), free(), snprintf(), printf(), fprintf(), exit().
- *
- * Enabling MBEDTLS_PLATFORM_C enables to use of MBEDTLS_PLATFORM_XXX_ALT
- * or MBEDTLS_PLATFORM_XXX_MACRO directives, allowing the functions mentioned
- * above to be specified at runtime or compile time respectively.
- *
- * \note This abstraction layer must be enabled on Windows (including MSYS2)
- * as other module rely on it for a fixed snprintf implementation.
- *
- * Module:  library/platform.c
- * Caller:  Most other .c files
- *
- * This module enables abstraction of common (libc) functions.
- */
-#define MBEDTLS_PLATFORM_C
-
-#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
-#define MBEDTLS_PLATFORM_STD_MEM_HDR   <stdlib.h>
-
-#include <stdio.h>
-
-#define MBEDTLS_PLATFORM_SNPRINTF_MACRO      snprintf
-#define MBEDTLS_PLATFORM_PRINTF_ALT
-#define MBEDTLS_PLATFORM_STD_EXIT_SUCCESS  EXIT_SUCCESS
-#define MBEDTLS_PLATFORM_STD_EXIT_FAILURE  EXIT_FAILURE
-
-/**
- * \def MBEDTLS_PSA_CRYPTO_C
- *
- * Enable the Platform Security Architecture cryptography API.
- *
- * Module:  library/psa_crypto.c
- *
- * Requires: MBEDTLS_CTR_DRBG_C, MBEDTLS_ENTROPY_C
- *
- */
-#define MBEDTLS_PSA_CRYPTO_C
-
-/**
- * \def MBEDTLS_PSA_CRYPTO_STORAGE_C
- *
- * Enable the Platform Security Architecture persistent key storage.
- *
- * Module:  library/psa_crypto_storage.c
- *
- * Requires: MBEDTLS_PSA_CRYPTO_C,
- *           either MBEDTLS_PSA_ITS_FILE_C or a native implementation of
- *           the PSA ITS interface
- */
-#define MBEDTLS_PSA_CRYPTO_STORAGE_C
-
-/* \} name SECTION: mbed TLS modules */
-
-/**
  * \name SECTION: General configuration options
  *
  * This section contains Mbed TLS build settings that are not associated
@@ -459,112 +80,6 @@
  */
 //#define MBEDTLS_USER_CONFIG_FILE "/dev/null"
 
-/**
- * \def TF_PSA_CRYPTO_CONFIG_FILE
- *
- * If defined, this is a header which will be included instead of
- * `"psa/crypto_config.h"`.
- * This header file specifies which cryptographic mechanisms are available
- * through the PSA API when #MBEDTLS_PSA_CRYPTO_CONFIG is enabled, and
- * is not used when #MBEDTLS_PSA_CRYPTO_CONFIG is disabled.
- *
- * This macro is expanded after an <tt>\#include</tt> directive. This is a popular but
- * non-standard feature of the C language, so this feature is only available
- * with compilers that perform macro expansion on an <tt>\#include</tt> line.
- *
- * The value of this symbol is typically a path in double quotes, either
- * absolute or relative to a directory on the include search path.
- */
-//#define TF_PSA_CRYPTO_CONFIG_FILE "psa/crypto_config.h"
-
-/**
- * \def TF_PSA_CRYPTO_USER_CONFIG_FILE
- *
- * If defined, this is a header which will be included after
- * `"psa/crypto_config.h"` or #TF_PSA_CRYPTO_CONFIG_FILE.
- * This allows you to modify the default configuration, including the ability
- * to undefine options that are enabled by default.
- *
- * This macro is expanded after an <tt>\#include</tt> directive. This is a popular but
- * non-standard feature of the C language, so this feature is only available
- * with compilers that perform macro expansion on an <tt>\#include</tt> line.
- *
- * The value of this symbol is typically a path in double quotes, either
- * absolute or relative to a directory on the include search path.
- */
-//#define TF_PSA_CRYPTO_USER_CONFIG_FILE "/dev/null"
-
 /** \} name SECTION: General configuration options */
 
-/**
- * \name SECTION: Module configuration options
- *
- * This section allows for the setting of module specific sizes and
- * configuration options. The default values are already present in the
- * relevant header files and should suffice for the regular use cases.
- *
- * Our advice is to enable options and change their values here
- * only if you have a good reason and know the consequences.
- *
- * Please check the respective header file for documentation on these
- * parameters (to prevent duplicate documentation).
- * \{
- */
-
-/* ECP options */
-#define MBEDTLS_ECP_FIXED_POINT_OPTIM        0 /**< Disable fixed-point speed-up */
-
-/**
- * Uncomment to enable p256-m. This is an alternative implementation of
- * key generation, ECDH and (randomized) ECDSA on the curve SECP256R1.
- * Compared to the default implementation:
- *
- * - p256-m has a much smaller code size and RAM footprint.
- * - p256-m is only available via the PSA API. This includes the pk module.
- * - p256-m does not support deterministic ECDSA, EC-JPAKE, custom protocols
- *   over the core arithmetic, or deterministic derivation of keys.
- *
- * We recommend enabling this option if your application uses the PSA API
- * and the only elliptic curve support it needs is ECDH and ECDSA over
- * SECP256R1.
- *
- * If you enable this option, you do not need to enable any ECC-related
- * MBEDTLS_xxx option. You do need to separately request support for the
- * cryptographic mechanisms through the PSA API:
- * - #MBEDTLS_PSA_CRYPTO_C and #MBEDTLS_PSA_CRYPTO_CONFIG for PSA-based
- *   configuration;
- * - #PSA_WANT_ECC_SECP_R1_256;
- * - #PSA_WANT_ALG_ECDH and/or #PSA_WANT_ALG_ECDSA as needed;
- * - #PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY, #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC,
- *   #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT,
- *   #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT and/or
- *   #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE as needed.
- *
- * \note To benefit from the smaller code size of p256-m, make sure that you
- *       do not enable any ECC-related option not supported by p256-m: this
- *       would cause the built-in ECC implementation to be built as well, in
- *       order to provide the required option.
- *       Make sure #PSA_WANT_ALG_DETERMINISTIC_ECDSA, #PSA_WANT_ALG_JPAKE and
- *       #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE, and curves other than
- *       SECP256R1 are disabled as they are not supported by this driver.
- *       Also, avoid defining #MBEDTLS_PK_PARSE_EC_COMPRESSED or
- *       #MBEDTLS_PK_PARSE_EC_EXTENDED as those currently require a subset of
- *       the built-in ECC implementation, see docs/driver-only-builds.md.
- */
-#define MBEDTLS_PSA_P256M_DRIVER_ENABLED
-
-/* \} name SECTION: Customisation configuration options */
-
-#if CRYPTO_NV_SEED
-#include "tfm_mbedcrypto_config_extra_nv_seed.h"
-#endif /* CRYPTO_NV_SEED */
-
-#if !defined(CRYPTO_HW_ACCELERATOR) && defined(MBEDTLS_ENTROPY_NV_SEED)
-#include "mbedtls_entropy_nv_seed_config.h"
-#endif
-
-#ifdef CRYPTO_HW_ACCELERATOR
-#include "mbedtls_accelerator_config.h"
-#endif
-
 #endif /* PROFILE_M_MBEDTLS_CONFIG_H */
diff --git a/framework b/framework
index 150bf84..ff4c336 160000
--- a/framework
+++ b/framework
@@ -1 +1 @@
-Subproject commit 150bf842819e8680a2733774cdceabf60ffbe164
+Subproject commit ff4c33600afc0def98d190f7d10210370f47bd9f
diff --git a/programs/CMakeLists.txt b/programs/CMakeLists.txt
index 87b9a1b..2c23c48 100644
--- a/programs/CMakeLists.txt
+++ b/programs/CMakeLists.txt
@@ -8,7 +8,6 @@
 endif()
 add_subdirectory(hash)
 add_subdirectory(pkey)
-add_subdirectory(../tf-psa-crypto/programs/psa ../tf-psa-crypto/programs/psa)
 add_subdirectory(random)
 add_subdirectory(ssl)
 add_subdirectory(test)
diff --git a/programs/Makefile b/programs/Makefile
index 0b3025d..c177c28 100644
--- a/programs/Makefile
+++ b/programs/Makefile
@@ -132,14 +132,14 @@
 	$(MAKE) -C ../tests mbedtls_test
 
 .PHONY: generated_files
-GENERATED_FILES = psa/psa_constant_names_generated.c test/query_config.c
+GENERATED_FILES = ../tf-psa-crypto/programs/psa/psa_constant_names_generated.c test/query_config.c
 generated_files: $(GENERATED_FILES)
 
-../tf-psa-crypto/psa/psa_constant_names_generated.c: $(gen_file_dep) ../tf-psa-crypto/scripts/generate_psa_constants.py
-psa/psa_constant_names_generated.c: $(gen_file_dep) ../tf-psa-crypto/include/psa/crypto_values.h
-psa/psa_constant_names_generated.c: $(gen_file_dep) ../tf-psa-crypto/include/psa/crypto_extra.h
-psa/psa_constant_names_generated.c: $(gen_file_dep) ../tf-psa-crypto/tests/suites/test_suite_psa_crypto_metadata.data
-psa/psa_constant_names_generated.c:
+../tf-psa-crypto/programs/psa/psa_constant_names_generated.c: $(gen_file_dep) ../tf-psa-crypto/scripts/generate_psa_constants.py
+../tf-psa-crypto/programs/psa/psa_constant_names_generated.c: $(gen_file_dep) ../tf-psa-crypto/include/psa/crypto_values.h
+../tf-psa-crypto/programs/psa/psa_constant_names_generated.c: $(gen_file_dep) ../tf-psa-crypto/include/psa/crypto_extra.h
+../tf-psa-crypto/programs/psa/psa_constant_names_generated.c: $(gen_file_dep) ../tf-psa-crypto/tests/suites/test_suite_psa_crypto_metadata.data
+../tf-psa-crypto/programs/psa/psa_constant_names_generated.c:
 	echo "  Gen   $@"
 	cd ../tf-psa-crypto; $(PYTHON) ./scripts/generate_psa_constants.py
 
@@ -271,7 +271,7 @@
 	echo "  CC    psa/key_ladder_demo.c"
 	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) ../tf-psa-crypto/programs/psa/key_ladder_demo.c    $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
 
-../tf-psa-crypto/programs/psa/psa_constant_names$(EXEXT): ../tf-psa-crypto/programs/psa/psa_constant_names.c psa/psa_constant_names_generated.c $(DEP)
+../tf-psa-crypto/programs/psa/psa_constant_names$(EXEXT): ../tf-psa-crypto/programs/psa/psa_constant_names.c ../tf-psa-crypto/programs/psa/psa_constant_names_generated.c $(DEP)
 	echo "  CC    psa/psa_constant_names.c"
 	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) ../tf-psa-crypto/programs/psa/psa_constant_names.c    $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
 
diff --git a/programs/aes/CMakeLists.txt b/programs/aes/CMakeLists.txt
index 08bf095..c5128b1 100644
--- a/programs/aes/CMakeLists.txt
+++ b/programs/aes/CMakeLists.txt
@@ -4,7 +4,7 @@
 add_dependencies(${programs_target} ${executables})
 
 foreach(exe IN LISTS executables)
-    add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:tf_psa_crypto_test>)
+    add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>)
     set_base_compile_options(${exe})
     target_link_libraries(${exe} ${tfpsacrypto_target} ${CMAKE_THREAD_LIBS_INIT})
     target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include)
diff --git a/programs/cipher/CMakeLists.txt b/programs/cipher/CMakeLists.txt
index 3bc1a9e..d648301 100644
--- a/programs/cipher/CMakeLists.txt
+++ b/programs/cipher/CMakeLists.txt
@@ -4,7 +4,7 @@
 add_dependencies(${programs_target} ${executables})
 
 foreach(exe IN LISTS executables)
-    add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:tf_psa_crypto_test>)
+    add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>)
     set_base_compile_options(${exe})
     target_link_libraries(${exe} ${tfpsacrypto_target} ${CMAKE_THREAD_LIBS_INIT})
     target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include)
diff --git a/programs/fuzz/CMakeLists.txt b/programs/fuzz/CMakeLists.txt
index 57cfeee..8f46317 100644
--- a/programs/fuzz/CMakeLists.txt
+++ b/programs/fuzz/CMakeLists.txt
@@ -31,7 +31,7 @@
     set(exe_sources
         ${exe}.c
         $<TARGET_OBJECTS:mbedtls_test_helpers>
-        $<TARGET_OBJECTS:tf_psa_crypto_test>)
+        $<TARGET_OBJECTS:mbedtls_test>)
     if(NOT FUZZINGENGINE_LIB)
         list(APPEND exe_sources onefile.c)
     endif()
diff --git a/programs/hash/CMakeLists.txt b/programs/hash/CMakeLists.txt
index 3eabb97..d23db04 100644
--- a/programs/hash/CMakeLists.txt
+++ b/programs/hash/CMakeLists.txt
@@ -6,7 +6,7 @@
 add_dependencies(${programs_target} ${executables})
 
 foreach(exe IN LISTS executables)
-    add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:tf_psa_crypto_test>)
+    add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>)
     set_base_compile_options(${exe})
     target_link_libraries(${exe} ${tfpsacrypto_target} ${CMAKE_THREAD_LIBS_INIT})
     target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include)
diff --git a/programs/pkey/CMakeLists.txt b/programs/pkey/CMakeLists.txt
index 34987c3..c782ad4 100644
--- a/programs/pkey/CMakeLists.txt
+++ b/programs/pkey/CMakeLists.txt
@@ -5,7 +5,7 @@
 add_dependencies(${programs_target} ${executables_mbedtls})
 
 foreach(exe IN LISTS executables_mbedtls)
-    add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:tf_psa_crypto_test>)
+    add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>)
     set_base_compile_options(${exe})
     target_link_libraries(${exe} ${mbedtls_target} ${CMAKE_THREAD_LIBS_INIT})
     target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include)
@@ -34,7 +34,7 @@
 add_dependencies(${programs_target} ${executables_mbedcrypto})
 
 foreach(exe IN LISTS executables_mbedcrypto)
-    add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:tf_psa_crypto_test>)
+    add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>)
     set_base_compile_options(${exe})
     target_link_libraries(${exe} ${tfpsacrypto_target} ${CMAKE_THREAD_LIBS_INIT})
     target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include)
diff --git a/programs/random/CMakeLists.txt b/programs/random/CMakeLists.txt
index d7c0782..76cb840 100644
--- a/programs/random/CMakeLists.txt
+++ b/programs/random/CMakeLists.txt
@@ -5,7 +5,7 @@
 add_dependencies(${programs_target} ${executables})
 
 foreach(exe IN LISTS executables)
-    add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:tf_psa_crypto_test>)
+    add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>)
     set_base_compile_options(${exe})
     target_link_libraries(${exe} ${tfpsacrypto_target} ${CMAKE_THREAD_LIBS_INIT})
     target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include)
diff --git a/programs/ssl/CMakeLists.txt b/programs/ssl/CMakeLists.txt
index 513c866..a27c626 100644
--- a/programs/ssl/CMakeLists.txt
+++ b/programs/ssl/CMakeLists.txt
@@ -40,8 +40,8 @@
     endif()
     add_executable(${exe}
         ${exe}.c
+        $<TARGET_OBJECTS:mbedtls_test>
         $<TARGET_OBJECTS:mbedtls_test_helpers>
-        $<TARGET_OBJECTS:tf_psa_crypto_test>
         ${extra_sources})
     set_base_compile_options(${exe})
     target_link_libraries(${exe} ${libs} ${CMAKE_THREAD_LIBS_INIT})
@@ -59,8 +59,8 @@
 if(THREADS_FOUND)
     add_executable(ssl_pthread_server
         ssl_pthread_server.c
-        $<TARGET_OBJECTS:mbedtls_test_helpers>
-        $<TARGET_OBJECTS:tf_psa_crypto_test>)
+        $<TARGET_OBJECTS:mbedtls_test>
+        $<TARGET_OBJECTS:mbedtls_test_helpers>)
     set_base_compile_options(ssl_pthread_server)
     target_include_directories(ssl_pthread_server PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include
                                                           ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)
diff --git a/programs/test/CMakeLists.txt b/programs/test/CMakeLists.txt
index 285da13..dec1e8c 100644
--- a/programs/test/CMakeLists.txt
+++ b/programs/test/CMakeLists.txt
@@ -82,7 +82,7 @@
             ${CMAKE_CURRENT_SOURCE_DIR}/query_config.h
             ${CMAKE_CURRENT_BINARY_DIR}/query_config.c)
     endif()
-    add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:tf_psa_crypto_test>
+    add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>
         ${extra_sources})
     set_base_compile_options(${exe})
     target_include_directories(${exe}
diff --git a/programs/util/CMakeLists.txt b/programs/util/CMakeLists.txt
index ae1b467..c1b6b75 100644
--- a/programs/util/CMakeLists.txt
+++ b/programs/util/CMakeLists.txt
@@ -10,7 +10,7 @@
 add_dependencies(${programs_target} ${executables})
 
 foreach(exe IN LISTS executables)
-    add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:tf_psa_crypto_test>)
+    add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>)
     set_base_compile_options(${exe})
     target_link_libraries(${exe} ${libs} ${CMAKE_THREAD_LIBS_INIT})
     target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include)
diff --git a/programs/x509/CMakeLists.txt b/programs/x509/CMakeLists.txt
index c3ee348..9e63bf1 100644
--- a/programs/x509/CMakeLists.txt
+++ b/programs/x509/CMakeLists.txt
@@ -13,7 +13,7 @@
 add_dependencies(${programs_target} ${executables})
 
 foreach(exe IN LISTS executables)
-    add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:tf_psa_crypto_test>)
+    add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>)
     set_base_compile_options(${exe})
     target_link_libraries(${exe} ${libs} ${CMAKE_THREAD_LIBS_INIT})
     target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include)
diff --git a/scripts/make_generated_files.bat b/scripts/make_generated_files.bat
index fb4a225..e1f0962 100644
--- a/scripts/make_generated_files.bat
+++ b/scripts/make_generated_files.bat
@@ -29,6 +29,6 @@
 python framework\scripts\generate_config_tests.py --directory tf-psa-crypto\tests\suites tests\suites\test_suite_config.psa_boolean.data || exit /b 1

 python framework\scripts\generate_ecp_tests.py --directory tf-psa-crypto\tests\suites || exit /b 1

 python framework\scripts\generate_psa_tests.py --directory tf-psa-crypto\tests\suites || exit /b 1

-python framework\scripts\generate_test_keys.py --output framework\tests\src\test_keys.h || exit /b 1

+python framework\scripts\generate_test_keys.py --output framework\tests\include\test\test_keys.h || exit /b 1

 python framework\scripts\generate_test_cert_macros.py --output tests\src\test_certs.h || exit /b 1

 python framework\scripts\generate_tls13_compat_tests.py || exit /b 1

diff --git a/scripts/output_env.sh b/scripts/output_env.sh
deleted file mode 100755
index 32f1f86..0000000
--- a/scripts/output_env.sh
+++ /dev/null
@@ -1,183 +0,0 @@
-#! /usr/bin/env sh
-
-# output_env.sh
-#
-# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
-#
-# Purpose
-#
-# To print out all the relevant information about the development environment.
-#
-# This includes:
-#   - architecture of the system
-#   - type and version of the operating system
-#   - version of make and cmake
-#   - version of armcc, clang, gcc-arm and gcc compilers
-#   - version of libc, clang, asan and valgrind if installed
-#   - version of gnuTLS and OpenSSL
-
-print_version()
-{
-    BIN="$1"
-    shift
-    ARGS="$1"
-    shift
-    VARIANT="$1"
-    shift
-
-    if [ -n "$VARIANT" ]; then
-        VARIANT=" ($VARIANT)"
-    fi
-
-    if ! type "$BIN" > /dev/null 2>&1; then
-        echo " * ${BIN##*/}$VARIANT: Not found."
-        return 0
-    fi
-
-    BIN=`which "$BIN"`
-    VERSION_STR=`$BIN $ARGS 2>&1`
-
-    # Apply all filters
-    while [ $# -gt 0 ]; do
-        FILTER="$1"
-        shift
-        VERSION_STR=`echo "$VERSION_STR" | $FILTER`
-    done
-
-    if [ -z "$VERSION_STR" ]; then
-        VERSION_STR="Version could not be determined."
-    fi
-
-    echo " * ${BIN##*/}$VARIANT: ${BIN} : ${VERSION_STR} "
-}
-
-echo "** Platform:"
-echo
-
-if [ `uname -s` = "Linux" ]; then
-    echo "Linux variant"
-    lsb_release -d -c
-else
-    echo "Unknown Unix variant"
-fi
-
-echo
-
-print_version "uname" "-a" ""
-
-echo
-echo
-echo "** Tool Versions:"
-echo
-
-print_version "make" "--version" "" "head -n 1"
-echo
-
-print_version "cmake" "--version" "" "head -n 1"
-echo
-
-if [ "${RUN_ARMCC:-1}" -ne 0 ]; then
-    : "${ARMC6_CC:=armclang}"
-    print_version "$ARMC6_CC" "--vsn" "" "head -n 2"
-    echo
-fi
-
-print_version "arm-none-eabi-gcc" "--version" "" "head -n 1"
-echo
-
-print_version "gcc" "--version" "" "head -n 1"
-echo
-
-if [ -n "${GCC_EARLIEST+set}" ]; then
-    print_version "${GCC_EARLIEST}" "--version" "" "head -n 1"
-else
-    echo " GCC_EARLIEST : Not configured."
-fi
-echo
-
-if [ -n "${GCC_LATEST+set}" ]; then
-    print_version "${GCC_LATEST}" "--version" "" "head -n 1"
-else
-    echo " GCC_LATEST : Not configured."
-fi
-echo
-
-print_version "clang" "--version" "" "head -n 2"
-echo
-
-if [ -n "${CLANG_EARLIEST+set}" ]; then
-    print_version "${CLANG_EARLIEST}" "--version" "" "head -n 2"
-else
-    echo " CLANG_EARLIEST : Not configured."
-fi
-echo
-
-if [ -n "${CLANG_LATEST+set}" ]; then
-    print_version "${CLANG_LATEST}" "--version" "" "head -n 2"
-else
-    echo " CLANG_LATEST : Not configured."
-fi
-echo
-
-print_version "ldd" "--version" "" "head -n 1"
-echo
-
-print_version "valgrind" "--version" ""
-echo
-
-print_version "gdb" "--version" "" "head -n 1"
-echo
-
-print_version "perl" "--version" "" "head -n 2" "grep ."
-echo
-
-print_version "python" "--version" "" "head -n 1"
-echo
-
-print_version "python3" "--version" "" "head -n 1"
-echo
-
-# Find the installed version of Pylint. Installed as a distro package this can
-# be pylint3 and as a PEP egg, pylint. In test scripts We prefer pylint over
-# pylint3
-if type pylint >/dev/null 2>/dev/null; then
-    print_version "pylint" "--version" "" "sed /^.*config/d" "grep pylint"
-elif type pylint3 >/dev/null 2>/dev/null; then
-    print_version "pylint3" "--version" "" "sed /^.*config/d" "grep pylint"
-else
-    echo " * pylint or pylint3: Not found."
-fi
-echo
-
-: ${OPENSSL:=openssl}
-print_version "$OPENSSL" "version" "default"
-echo
-
-if [ -n "${OPENSSL_NEXT+set}" ]; then
-    print_version "$OPENSSL_NEXT" "version" "next"
-else
-    echo " * openssl (next): Not configured."
-fi
-echo
-
-: ${GNUTLS_CLI:=gnutls-cli}
-print_version "$GNUTLS_CLI" "--version" "default" "head -n 1"
-echo
-
-: ${GNUTLS_SERV:=gnutls-serv}
-print_version "$GNUTLS_SERV" "--version" "default" "head -n 1"
-echo
-
-echo " * Installed asan versions:"
-if type dpkg-query >/dev/null 2>/dev/null; then
-    if ! dpkg-query -f '${Status} ${Package}: ${Version}\n' -W 'libasan*' |
-         awk '$3 == "installed" && $4 !~ /-/ {print $4, $5}' |
-         grep .
-    then
-        echo "   No asan versions installed."
-    fi
-else
-    echo "  Unable to determine the asan version without dpkg."
-fi
-echo
diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
index 402b8cb..950c365 100644
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -154,7 +154,7 @@
     )
 
     add_executable(test_suite_${data_name} test_suite_${data_name}.c
-                   $<TARGET_OBJECTS:tf_psa_crypto_test>
+                   $<TARGET_OBJECTS:mbedtls_test>
                    $<TARGET_OBJECTS:mbedtls_test_helpers>)
     set_base_compile_options(test_suite_${data_name})
     target_compile_options(test_suite_${data_name} PRIVATE ${TEST_C_FLAGS})
diff --git a/tests/Makefile b/tests/Makefile
index 69285b6..7063d81 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -57,7 +57,7 @@
 GENERATED_CRYPTO_DATA_FILES += $(GENERATED_PSA_DATA_FILES)
 
 GENERATED_FILES = $(GENERATED_DATA_FILES) $(GENERATED_CRYPTO_DATA_FILES)
-GENERATED_FILES += ../framework/tests/src/test_keys.h src/test_certs.h
+GENERATED_FILES += ../framework/tests/include/test/test_keys.h src/test_certs.h
 
 # Generated files needed to (fully) run ssl-opt.sh
 .PHONY: ssl-opt
@@ -172,7 +172,7 @@
 	echo "  Gen   $@"
 	$(PYTHON) ../framework/scripts/generate_test_cert_macros.py --output $@
 
-../framework/tests/src/test_keys.h: ../framework/scripts/generate_test_keys.py
+../framework/tests/include/test/test_keys.h: ../framework/scripts/generate_test_keys.py
 	echo "  Gen   $@"
 	$(PYTHON) ../framework/scripts/generate_test_keys.py --output $@
 
@@ -183,7 +183,7 @@
 # therefore the wildcard enumeration above doesn't include it.
 TEST_OBJS_DEPS += ../framework/tests/include/test/instrument_record_status.h
 endif
-TEST_OBJS_DEPS += src/test_certs.h ../framework/tests/src/test_keys.h
+TEST_OBJS_DEPS += src/test_certs.h ../framework/tests/include/test/test_keys.h
 
 # Rule to compile common test C files in framework
 ../framework/tests/src/%.o : ../framework/tests/src/%.c $(TEST_OBJS_DEPS)
@@ -323,13 +323,14 @@
 libtestdriver1.a:
 	rm -Rf ./libtestdriver1
 	mkdir ./libtestdriver1
+	mkdir ./libtestdriver1/framework
 	mkdir ./libtestdriver1/tf-psa-crypto
 	mkdir ./libtestdriver1/tf-psa-crypto/drivers
 	mkdir ./libtestdriver1/tf-psa-crypto/drivers/everest
 	mkdir ./libtestdriver1/tf-psa-crypto/drivers/p256-m
 	touch ./libtestdriver1/tf-psa-crypto/drivers/everest/Makefile.inc
 	touch ./libtestdriver1/tf-psa-crypto/drivers/p256-m/Makefile.inc
-	cp -Rf ../framework ./libtestdriver1
+	cp -Rf ../framework/scripts ./libtestdriver1/framework
 	cp -Rf ../library ./libtestdriver1
 	cp -Rf ../include ./libtestdriver1
 	cp -Rf ../scripts ./libtestdriver1
diff --git a/tests/configs/tls13-only.h b/tests/configs/tls13-only.h
index d825ee9..342bbed 100644
--- a/tests/configs/tls13-only.h
+++ b/tests/configs/tls13-only.h
@@ -26,6 +26,3 @@
 #undef MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
 #undef MBEDTLS_SSL_DTLS_CONNECTION_ID
 #undef MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT
-
-/* Enable some invasive tests */
-#define MBEDTLS_TEST_HOOKS
diff --git a/tests/configs/user-config-malloc-0-null.h b/tests/configs/user-config-malloc-0-null.h
index fada9ee..c1a1214 100644
--- a/tests/configs/user-config-malloc-0-null.h
+++ b/tests/configs/user-config-malloc-0-null.h
@@ -1,4 +1,4 @@
-/* mbedtls_config.h modifier that forces calloc(0) to return NULL.
+/* crypto_config.h modifier that forces calloc(0) to return NULL.
  * Used for testing.
  */
 /*
diff --git a/tests/configs/user-config-zeroize-memset.h b/tests/configs/user-config-zeroize-memset.h
index 52d4b08..270d125 100644
--- a/tests/configs/user-config-zeroize-memset.h
+++ b/tests/configs/user-config-zeroize-memset.h
@@ -1,4 +1,4 @@
-/* mbedtls_config.h modifier that defines mbedtls_platform_zeroize() to be
+/* crypto_config.h modifier that defines mbedtls_platform_zeroize() to be
  * memset(), so that the compile can check arguments for us.
  * Used for testing.
  */
diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py
index 3a31fdb..ad1cf37 100755
--- a/tests/scripts/analyze_outcomes.py
+++ b/tests/scripts/analyze_outcomes.py
@@ -195,6 +195,11 @@
             'PBES2 Encrypt, pad=6 (PKCS7 padding disabled)',
             'PBES2 Encrypt, pad=8 (PKCS7 padding disabled)',
         ],
+        'test_suite_psa_crypto': [
+            # We don't test this unusual, but sensible configuration.
+            # https://github.com/Mbed-TLS/mbedtls/issues/9592
+            re.compile(r'.*ECDSA.*only deterministic supported'),
+        ],
         'test_suite_psa_crypto_generate_key.generated': [
             # Ignore mechanisms that are not implemented, except
             # for public keys for which we always test that
@@ -247,12 +252,19 @@
             # "PSA test case generation: dependency inference class: operation fail"
             # from https://github.com/Mbed-TLS/mbedtls/pull/9025 .
             re.compile(r'.* with (?:DH|ECC)_(?:KEY_PAIR|PUBLIC_KEY)\(.*'),
-
+            # We don't test this unusual, but sensible configuration.
+            # https://github.com/Mbed-TLS/mbedtls/issues/9592
+            re.compile(r'.*: !ECDSA but DETERMINISTIC_ECDSA with ECC_.*'),
             # We never test with the HMAC algorithm enabled but the HMAC
             # key type disabled. Those dependencies don't really make sense.
             # https://github.com/Mbed-TLS/mbedtls/issues/9573
             re.compile(r'.* !HMAC with HMAC'),
         ],
+        'test_suite_psa_crypto_op_fail.misc': [
+            # We don't test this unusual, but sensible configuration.
+            # https://github.com/Mbed-TLS/mbedtls/issues/9592
+            'PSA sign DETERMINISTIC_ECDSA(SHA_256): !ECDSA but DETERMINISTIC_ECDSA with ECC_KEY_PAIR(SECP_R1)', #pylint: disable=line-too-long
+        ],
         'test_suite_psa_crypto_storage_format.current': [
             PSA_MECHANISM_NOT_IMPLEMENTED_SEARCH_RE,
         ],
diff --git a/tests/scripts/basic-build-test.sh b/tests/scripts/basic-build-test.sh
index 4adae9a..80012b9 100755
--- a/tests/scripts/basic-build-test.sh
+++ b/tests/scripts/basic-build-test.sh
@@ -65,7 +65,7 @@
 OPENSSL="$OPENSSL"                           \
     GNUTLS_CLI="$GNUTLS_CLI"                 \
     GNUTLS_SERV="$GNUTLS_SERV"               \
-    scripts/output_env.sh
+    framework/scripts/output_env.sh
 echo
 
 # Step 1 - Make and instrumented build for code coverage
diff --git a/tests/scripts/check-generated-files.sh b/tests/scripts/check-generated-files.sh
index a66c370..3b186d6 100755
--- a/tests/scripts/check-generated-files.sh
+++ b/tests/scripts/check-generated-files.sh
@@ -146,10 +146,15 @@
     check ../framework/scripts/generate_ecp_tests.py $(../framework/scripts/generate_ecp_tests.py --list)
     check ../framework/scripts/generate_psa_tests.py $(../framework/scripts/generate_psa_tests.py --list)
     cd ..
+    # Generated files that are present in the repository even in the development
+    # branch. (This is intended to be temporary, until the generator scripts are
+    # fully reviewed and the build scripts support a generated header file.)
+    check framework/scripts/generate_psa_wrappers.py tf-psa-crypto/tests/include/test/psa_test_wrappers.h tf-psa-crypto/tests/src/psa_test_wrappers.c
     check tf-psa-crypto/scripts/generate_driver_wrappers.py ${crypto_core_dir}/psa_crypto_driver_wrappers.h \
                                                             ${crypto_core_dir}/psa_crypto_driver_wrappers_no_static.c
     check framework/scripts/generate_config_tests.py tests/suites/test_suite_config.mbedtls_boolean.data
 else
+    check scripts/generate_psa_constants.py ./programs/psa/psa_constant_names_generated.c
     check framework/scripts/generate_bignum_tests.py $(framework/scripts/generate_bignum_tests.py --list)
     if in_tf_psa_crypto_repo; then
         check framework/scripts/generate_config_tests.py tests/suites/test_suite_config.psa_boolean.data
@@ -160,9 +165,13 @@
     check framework/scripts/generate_psa_tests.py $(framework/scripts/generate_psa_tests.py --list)
     check scripts/generate_driver_wrappers.py ${crypto_core_dir}/psa_crypto_driver_wrappers.h \
                                               ${crypto_core_dir}/psa_crypto_driver_wrappers_no_static.c
+    # Generated files that are present in the repository even in the development
+    # branch. (This is intended to be temporary, until the generator scripts are
+    # fully reviewed and the build scripts support a generated header file.)
+    check framework/scripts/generate_psa_wrappers.py tests/include/test/psa_test_wrappers.h tests/src/psa_test_wrappers.c
 fi
 
-check framework/scripts/generate_test_keys.py framework/tests/src/test_keys.h
+check framework/scripts/generate_test_keys.py framework/tests/include/test/test_keys.h
 
 # Additional checks for Mbed TLS only
 if in_mbedtls_repo; then
@@ -177,8 +186,3 @@
     # the step that creates or updates these files.
     check scripts/generate_visualc_files.pl visualc/VS2017
 fi
-
-# Generated files that are present in the repository even in the development
-# branch. (This is intended to be temporary, until the generator scripts are
-# fully reviewed and the build scripts support a generated header file.)
-check framework/scripts/generate_psa_wrappers.py tf-psa-crypto/tests/include/test/psa_test_wrappers.h tf-psa-crypto/tests/src/psa_test_wrappers.c
diff --git a/tests/scripts/check_files.py b/tests/scripts/check_files.py
index 87326e8..d3fbe85 100755
--- a/tests/scripts/check_files.py
+++ b/tests/scripts/check_files.py
@@ -106,6 +106,8 @@
 BINARY_FILE_PATH_RE_LIST = [
     r'docs/.*\.pdf\Z',
     r'docs/.*\.png\Z',
+    r'tf-psa-crypto/docs/.*\.pdf\Z',
+    r'tf-psa-crypto/docs/.*\.png\Z',
     r'programs/fuzz/corpuses/[^.]+\Z',
     r'framework/data_files/[^.]+\Z',
     r'framework/data_files/.*\.(crt|csr|db|der|key|pubkey)\Z',
@@ -173,7 +175,7 @@
         b'sh': 'sh',
     }
 
-    path_exemptions = re.compile(r'tests/scripts/quiet/.*')
+    path_exemptions = re.compile(r'framework/scripts/quiet/.*')
 
     def is_valid_shebang(self, first_line, filepath):
         m = re.match(self._shebang_re, first_line)
diff --git a/tests/scripts/components-compiler.sh b/tests/scripts/components-compiler.sh
index 4237305..0598b2d 100644
--- a/tests/scripts/components-compiler.sh
+++ b/tests/scripts/components-compiler.sh
@@ -114,7 +114,7 @@
     scripts/config.py full
 
     # Only compile - we're looking for sizeof-pointer-memaccess warnings
-    make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/user-config-zeroize-memset.h\"' -DMBEDTLS_TEST_DEFINES_ZEROIZE -Werror -Wsizeof-pointer-memaccess"
+    make CFLAGS="'-DTF_PSA_CRYPTO_USER_CONFIG_FILE=\"../tests/configs/user-config-zeroize-memset.h\"' -DMBEDTLS_TEST_DEFINES_ZEROIZE -Werror -Wsizeof-pointer-memaccess"
 }
 
 component_test_zeroize () {
diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh
index fe8fe91..b7cef0d 100644
--- a/tests/scripts/components-configuration-crypto.sh
+++ b/tests/scripts/components-configuration-crypto.sh
@@ -413,16 +413,7 @@
     msg "build: configs/config-symmetric-only.h"
     MBEDTLS_CONFIG="configs/config-symmetric-only.h"
     CRYPTO_CONFIG="configs/crypto-config-symmetric-only.h"
-    # test-ref-configs works by overwriting mbedtls_config.h; this makes cmake
-    # want to re-generate generated files that depend on it, quite correctly.
-    # However this doesn't work as the generation script expects a specific
-    # format for mbedtls_config.h, which the other files don't follow. Also,
-    # cmake can't know this, but re-generation is actually not necessary as
-    # the generated files only depend on the list of available options, not
-    # whether they're on or off. So, disable cmake's (over-sensitive here)
-    # dependency resolution for generated files and just rely on them being
-    # present (thanks to pre_generate_files) by turning GEN_FILES off.
-    CC=$ASAN_CC cmake -D GEN_FILES=Off -DMBEDTLS_CONFIG_FILE="$MBEDTLS_CONFIG" -DTF_PSA_CRYPTO_CONFIG_FILE="$CRYPTO_CONFIG" -D CMAKE_BUILD_TYPE:String=Asan .
+    CC=$ASAN_CC cmake -DMBEDTLS_CONFIG_FILE="$MBEDTLS_CONFIG" -DTF_PSA_CRYPTO_CONFIG_FILE="$CRYPTO_CONFIG" -D CMAKE_BUILD_TYPE:String=Asan .
     make
 
     msg "test: configs/config-symmetric-only.h - unit tests"
@@ -2167,6 +2158,8 @@
 
     # Setting a blank config disables everyhing in the library side.
     echo '#define MBEDTLS_CONFIG_H ' >"$CONFIG_H"
+    cp configs/crypto-config-ccm-aes-sha256.h "$CRYPTO_CONFIG_H"
+
     make
     msg "test: CCM + AES + SHA256 configuration"
     make test
@@ -2299,11 +2292,6 @@
 
     # define minimal config sufficient to test SHA3
      cat > include/mbedtls/mbedtls_config.h << END
-         #define MBEDTLS_AES_C
-         #define MBEDTLS_CTR_DRBG_C
-         #define MBEDTLS_ENTROPY_C
-         #define MBEDTLS_PSA_CRYPTO_C
-         #define MBEDTLS_SELF_TEST
 END
 
     cat > tf-psa-crypto/include/psa/crypto_config.h << END
@@ -2312,6 +2300,11 @@
         #define PSA_WANT_ALG_SHA3_256  1
         #define PSA_WANT_ALG_SHA3_384  1
         #define PSA_WANT_ALG_SHA3_512  1
+        #define MBEDTLS_AES_C
+        #define MBEDTLS_CTR_DRBG_C
+        #define MBEDTLS_ENTROPY_C
+        #define MBEDTLS_PSA_CRYPTO_C
+        #define MBEDTLS_SELF_TEST
 END
 
     msg "all loops unrolled"
diff --git a/tests/scripts/components-configuration-tls.sh b/tests/scripts/components-configuration-tls.sh
index a60bb93..8379501 100644
--- a/tests/scripts/components-configuration-tls.sh
+++ b/tests/scripts/components-configuration-tls.sh
@@ -13,16 +13,7 @@
     msg "build: configs/config-suite-b.h"
     MBEDTLS_CONFIG="configs/config-suite-b.h"
     CRYPTO_CONFIG="configs/crypto-config-suite-b.h"
-    # test-ref-configs works by overwriting mbedtls_config.h; this makes cmake
-    # want to re-generate generated files that depend on it, quite correctly.
-    # However this doesn't work as the generation script expects a specific
-    # format for mbedtls_config.h, which the other files don't follow. Also,
-    # cmake can't know this, but re-generation is actually not necessary as
-    # the generated files only depend on the list of available options, not
-    # whether they're on or off. So, disable cmake's (over-sensitive here)
-    # dependency resolution for generated files and just rely on them being
-    # present (thanks to pre_generate_files) by turning GEN_FILES off.
-    CC=$ASAN_CC cmake -D GEN_FILES=Off -DMBEDTLS_CONFIG_FILE="$MBEDTLS_CONFIG" -DTF_PSA_CRYPTO_CONFIG_FILE="$CRYPTO_CONFIG" -D CMAKE_BUILD_TYPE:String=Asan .
+    CC=$ASAN_CC cmake -DMBEDTLS_CONFIG_FILE="$MBEDTLS_CONFIG" -DTF_PSA_CRYPTO_CONFIG_FILE="$CRYPTO_CONFIG" -D CMAKE_BUILD_TYPE:String=Asan .
     make
 
     msg "test: configs/config-suite-b.h - unit tests"
@@ -161,16 +152,7 @@
     msg "build: configs/config-thread.h"
     MBEDTLS_CONFIG="configs/config-thread.h"
     CRYPTO_CONFIG="configs/crypto-config-thread.h"
-    # test-ref-configs works by overwriting mbedtls_config.h; this makes cmake
-    # want to re-generate generated files that depend on it, quite correctly.
-    # However this doesn't work as the generation script expects a specific
-    # format for mbedtls_config.h, which the other files don't follow. Also,
-    # cmake can't know this, but re-generation is actually not necessary as
-    # the generated files only depend on the list of available options, not
-    # whether they're on or off. So, disable cmake's (over-sensitive here)
-    # dependency resolution for generated files and just rely on them being
-    # present (thanks to pre_generate_files) by turning GEN_FILES off.
-    CC=$ASAN_CC cmake -D GEN_FILES=Off -DMBEDTLS_CONFIG_FILE="$MBEDTLS_CONFIG" -DTF_PSA_CRYPTO_CONFIG_FILE="$CRYPTO_CONFIG" -D CMAKE_BUILD_TYPE:String=Asan .
+    CC=$ASAN_CC cmake -DMBEDTLS_CONFIG_FILE="$MBEDTLS_CONFIG" -DTF_PSA_CRYPTO_CONFIG_FILE="$CRYPTO_CONFIG" -D CMAKE_BUILD_TYPE:String=Asan .
     make
 
     msg "test: configs/config-thread.h - unit tests"
@@ -184,16 +166,7 @@
     msg "build: configs/config-ccm-psk-tls1_2.h"
     MBEDTLS_CONFIG="configs/config-ccm-psk-tls1_2.h"
     CRYPTO_CONFIG="configs/crypto-config-ccm-psk-tls1_2.h"
-    # test-ref-configs works by overwriting mbedtls_config.h; this makes cmake
-    # want to re-generate generated files that depend on it, quite correctly.
-    # However this doesn't work as the generation script expects a specific
-    # format for mbedtls_config.h, which the other files don't follow. Also,
-    # cmake can't know this, but re-generation is actually not necessary as
-    # the generated files only depend on the list of available options, not
-    # whether they're on or off. So, disable cmake's (over-sensitive here)
-    # dependency resolution for generated files and just rely on them being
-    # present (thanks to pre_generate_files) by turning GEN_FILES off.
-    CC=$ASAN_CC cmake -D GEN_FILES=Off -DMBEDTLS_CONFIG_FILE="$MBEDTLS_CONFIG" -DTF_PSA_CRYPTO_CONFIG_FILE="$CRYPTO_CONFIG" -D CMAKE_BUILD_TYPE:String=Asan .
+    CC=$ASAN_CC cmake -DMBEDTLS_CONFIG_FILE="$MBEDTLS_CONFIG" -DTF_PSA_CRYPTO_CONFIG_FILE="$CRYPTO_CONFIG" -D CMAKE_BUILD_TYPE:String=Asan .
     make
 
     msg "test: configs/config-ccm-psk-tls1_2.h - unit tests"
@@ -207,16 +180,7 @@
     msg "build: configs/config-ccm-psk-dtls1_2.h"
     MBEDTLS_CONFIG="configs/config-ccm-psk-dtls1_2.h"
     CRYPTO_CONFIG="configs/crypto-config-ccm-psk-tls1_2.h"
-    # test-ref-configs works by overwriting mbedtls_config.h; this makes cmake
-    # want to re-generate generated files that depend on it, quite correctly.
-    # However this doesn't work as the generation script expects a specific
-    # format for mbedtls_config.h, which the other files don't follow. Also,
-    # cmake can't know this, but re-generation is actually not necessary as
-    # the generated files only depend on the list of available options, not
-    # whether they're on or off. So, disable cmake's (over-sensitive here)
-    # dependency resolution for generated files and just rely on them being
-    # present (thanks to pre_generate_files) by turning GEN_FILES off.
-    CC=$ASAN_CC cmake -D GEN_FILES=Off -DMBEDTLS_CONFIG_FILE="$MBEDTLS_CONFIG" -DTF_PSA_CRYPTO_CONFIG_FILE="$CRYPTO_CONFIG" -D CMAKE_BUILD_TYPE:String=Asan .
+    CC=$ASAN_CC cmake -DMBEDTLS_CONFIG_FILE="$MBEDTLS_CONFIG" -DTF_PSA_CRYPTO_CONFIG_FILE="$CRYPTO_CONFIG" -D CMAKE_BUILD_TYPE:String=Asan .
     make
 
     msg "test: configs/config-ccm-psk-dtls1_2.h - unit tests"
@@ -463,6 +427,8 @@
     msg "build: default config without MBEDTLS_SSL_PROTO_TLS1_2"
     scripts/config.py set MBEDTLS_SSL_EARLY_DATA
     scripts/config.py set MBEDTLS_SSL_RECORD_SIZE_LIMIT
+
+    scripts/config.py set MBEDTLS_TEST_HOOKS
     make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'"
 
     msg "test: TLS 1.3 only, all key exchange modes enabled"
@@ -482,6 +448,7 @@
     scripts/config.py unset MBEDTLS_PKCS7_C
     scripts/config.py set   MBEDTLS_SSL_EARLY_DATA
 
+    scripts/config.py set MBEDTLS_TEST_HOOKS
     scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECDH
     scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECDSA
     scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_DETERMINISTIC_ECDSA
@@ -518,6 +485,8 @@
     scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
     scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
     scripts/config.py unset MBEDTLS_SSL_EARLY_DATA
+
+    scripts/config.py set MBEDTLS_TEST_HOOKS
     make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'"
 
     msg "test_suite_ssl: TLS 1.3 only, only ephemeral key exchange mode"
@@ -533,6 +502,7 @@
     scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
     scripts/config.py unset MBEDTLS_SSL_EARLY_DATA
 
+    scripts/config.py set MBEDTLS_TEST_HOOKS
     scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECDH
     # Note: The unset below is to be removed for Mbed TLS 4.0
     scripts/config.py unset MBEDTLS_ECDH_C
@@ -556,6 +526,7 @@
     scripts/config.py unset MBEDTLS_PKCS7_C
     scripts/config.py set   MBEDTLS_SSL_EARLY_DATA
 
+    scripts/config.py set MBEDTLS_TEST_HOOKS
     scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECDSA
     scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_DETERMINISTIC_ECDSA
     scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_RSA_OAEP
@@ -583,6 +554,7 @@
     scripts/config.py unset MBEDTLS_PKCS7_C
     scripts/config.py set   MBEDTLS_SSL_EARLY_DATA
 
+    scripts/config.py set MBEDTLS_TEST_HOOKS
     scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECDH
     scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECDSA
     scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_DETERMINISTIC_ECDSA
@@ -611,6 +583,7 @@
     scripts/config.py unset MBEDTLS_PKCS7_C
     scripts/config.py set   MBEDTLS_SSL_EARLY_DATA
 
+    scripts/config.py set MBEDTLS_TEST_HOOKS
     scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECDSA
     scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_DETERMINISTIC_ECDSA
     scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_RSA_OAEP
@@ -632,6 +605,8 @@
     msg "build: TLS 1.3 only from default, without PSK key exchange mode"
     scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
     scripts/config.py set   MBEDTLS_SSL_EARLY_DATA
+
+    scripts/config.py set MBEDTLS_TEST_HOOKS
     make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'"
 
     msg "test_suite_ssl: TLS 1.3 only, ephemeral and PSK ephemeral key exchange modes"
diff --git a/tests/scripts/components-configuration.sh b/tests/scripts/components-configuration.sh
index 6d1f2a8..7440845 100644
--- a/tests/scripts/components-configuration.sh
+++ b/tests/scripts/components-configuration.sh
@@ -249,7 +249,7 @@
 component_test_malloc_0_null () {
     msg "build: malloc(0) returns NULL (ASan+UBSan build)"
     scripts/config.py full
-    make CC=$ASAN_CC CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"$PWD/tests/configs/user-config-malloc-0-null.h\"' $ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS"
+    make CC=$ASAN_CC CFLAGS="'-DTF_PSA_CRYPTO_USER_CONFIG_FILE=\"$PWD/tests/configs/user-config-malloc-0-null.h\"' $ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS"
 
     msg "test: malloc(0) returns NULL (ASan+UBSan build)"
     make test
diff --git a/tests/scripts/quiet/cmake b/tests/scripts/quiet/cmake
deleted file mode 100755
index a34365b..0000000
--- a/tests/scripts/quiet/cmake
+++ /dev/null
@@ -1,19 +0,0 @@
-#! /usr/bin/env bash
-#
-# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
-#
-# This swallows the output of the wrapped tool, unless there is an error.
-# This helps reduce excess logging in the CI.
-
-# If you are debugging a build / CI issue, you can get complete unsilenced logs
-# by un-commenting the following line (or setting VERBOSE_LOGS in your environment):
-
-# export VERBOSE_LOGS=1
-
-# don't silence invocations containing these arguments
-NO_SILENCE=" --version "
-
-TOOL="cmake"
-
-. "$(dirname "$0")/quiet.sh"
diff --git a/tests/scripts/quiet/make b/tests/scripts/quiet/make
deleted file mode 100755
index 920e5b8..0000000
--- a/tests/scripts/quiet/make
+++ /dev/null
@@ -1,19 +0,0 @@
-#! /usr/bin/env bash
-#
-# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
-#
-# This swallows the output of the wrapped tool, unless there is an error.
-# This helps reduce excess logging in the CI.
-
-# If you are debugging a build / CI issue, you can get complete unsilenced logs
-# by un-commenting the following line (or setting VERBOSE_LOGS in your environment):
-
-# export VERBOSE_LOGS=1
-
-# don't silence invocations containing these arguments
-NO_SILENCE=" --version | test "
-
-TOOL="make"
-
-. "$(dirname "$0")/quiet.sh"
diff --git a/tests/scripts/quiet/quiet.sh b/tests/scripts/quiet/quiet.sh
deleted file mode 100644
index 0f26184..0000000
--- a/tests/scripts/quiet/quiet.sh
+++ /dev/null
@@ -1,79 +0,0 @@
-# -*-mode: sh; sh-shell: bash -*-
-#
-# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
-#
-# This swallows the output of the wrapped tool, unless there is an error.
-# This helps reduce excess logging in the CI.
-
-# If you are debugging a build / CI issue, you can get complete unsilenced logs
-# by un-commenting the following line (or setting VERBOSE_LOGS in your environment):
-#
-# VERBOSE_LOGS=1
-#
-# This script provides most of the functionality for the adjacent make and cmake
-# wrappers.
-#
-# It requires two variables to be set:
-#
-# TOOL       - the name of the tool that is being wrapped (with no path), e.g. "make"
-#
-# NO_SILENCE - a regex that describes the commandline arguments for which output will not
-#              be silenced, e.g. " --version | test ". In this example, "make lib test" will
-#              not be silent, but "make lib" will be.
-
-# Identify path to original tool. There is an edge-case here where the quiet wrapper is on the path via
-# a symlink or relative path, but "type -ap" yields the wrapper with it's normalised path. We use
-# the -ef operator to compare paths, to avoid picking the wrapper in this case (to avoid infinitely
-# recursing).
-while IFS= read -r ORIGINAL_TOOL; do
-    if ! [[ $ORIGINAL_TOOL -ef "$0" ]]; then break; fi
-done < <(type -ap -- "$TOOL")
-
-print_quoted_args() {
-    # similar to printf '%q' "$@"
-    # but produce more human-readable results for common/simple cases like "a b"
-    for a in "$@"; do
-        # Get bash to quote the string
-        printf -v q '%q' "$a"
-        simple_pattern="^([-[:alnum:]_+./:@]+=)?([^']*)$"
-        if [[ "$a" != "$q" && $a =~ $simple_pattern ]]; then
-            # a requires some quoting (a != q), but has no single quotes, so we can
-            # simplify the quoted form - e.g.:
-            #   a b        -> 'a b'
-            #   CFLAGS=a b -> CFLAGS='a b'
-            q="${BASH_REMATCH[1]}'${BASH_REMATCH[2]}'"
-        fi
-        printf " %s" "$q"
-    done
-}
-
-if [[ ! " $* " =~ " --version " ]]; then
-    # Display the command being invoked - if it succeeds, this is all that will
-    # be displayed. Don't do this for invocations with --version, because
-    # this output is often parsed by scripts, so we don't want to modify it.
-    printf %s "${TOOL}"    1>&2
-    print_quoted_args "$@" 1>&2
-    echo                   1>&2
-fi
-
-if [[ " $@ " =~ $NO_SILENCE || -n "${VERBOSE_LOGS}" ]]; then
-    # Run original command with no output supression
-    exec "${ORIGINAL_TOOL}" "$@"
-else
-    # Run original command and capture output & exit status
-    TMPFILE=$(mktemp "quiet-${TOOL}.XXXXXX")
-    "${ORIGINAL_TOOL}" "$@" > "${TMPFILE}" 2>&1
-    EXIT_STATUS=$?
-
-    if [[ $EXIT_STATUS -ne 0 ]]; then
-        # On error, display the full output
-        cat "${TMPFILE}"
-    fi
-
-    # Remove tmpfile
-    rm "${TMPFILE}"
-
-    # Propagate the exit status
-    exit $EXIT_STATUS
-fi
diff --git a/tf-psa-crypto/CMakeLists.txt b/tf-psa-crypto/CMakeLists.txt
index a55b162..bbc191f 100644
--- a/tf-psa-crypto/CMakeLists.txt
+++ b/tf-psa-crypto/CMakeLists.txt
@@ -400,33 +400,31 @@
 # files to define the test executables.
 #
 if(ENABLE_TESTING OR ENABLE_PROGRAMS)
-    file(GLOB MBEDTLS_TEST_FILES
+    file(GLOB TF_PSA_CRYPTO_TEST_FILES
          ${TF_PSA_CRYPTO_FRAMEWORK_DIR}/tests/src/*.c
          ${TF_PSA_CRYPTO_FRAMEWORK_DIR}/tests/src/drivers/*.c
-         ${TF_PSA_CRYPTO_DIR}/tests/src/*.c)
-    add_library(tf_psa_crypto_test OBJECT ${MBEDTLS_TEST_FILES})
+         tests/src/*.c)
+    add_library(tf_psa_crypto_test OBJECT ${TF_PSA_CRYPTO_TEST_FILES})
     set_base_compile_options(tf_psa_crypto_test)
     if(GEN_FILES)
         add_custom_command(
             OUTPUT
-                ${TF_PSA_CRYPTO_FRAMEWORK_DIR}/tests/src/test_keys.h
-            WORKING_DIRECTORY
-                ${MBEDTLS_DIR}/tests
+                ${TF_PSA_CRYPTO_FRAMEWORK_DIR}/tests/include/test/test_keys.h
             COMMAND
                 "${TF_PSA_CRYPTO_PYTHON_EXECUTABLE}"
                 "${TF_PSA_CRYPTO_FRAMEWORK_DIR}/scripts/generate_test_keys.py"
                 "--output"
-                "${TF_PSA_CRYPTO_FRAMEWORK_DIR}/tests/src/test_keys.h"
+                "${TF_PSA_CRYPTO_FRAMEWORK_DIR}/tests/include/test/test_keys.h"
             DEPENDS
                 ${TF_PSA_CRYPTO_FRAMEWORK_DIR}/scripts/generate_test_keys.py
         )
         add_custom_target(tf_psa_crypto_test_keys_header
-            DEPENDS ${TF_PSA_CRYPTO_FRAMEWORK_DIR}/tests/src/test_keys.h)
+            DEPENDS ${TF_PSA_CRYPTO_FRAMEWORK_DIR}/tests/include/test/test_keys.h)
         add_dependencies(tf_psa_crypto_test tf_psa_crypto_test_keys_header)
     endif()
     target_include_directories(tf_psa_crypto_test
         PRIVATE ${TF_PSA_CRYPTO_FRAMEWORK_DIR}/tests/include
-        PRIVATE ${TF_PSA_CRYPTO_DIR}/tests/include
+        PRIVATE tests/include
         PRIVATE ${MBEDTLS_DIR}/include
         PRIVATE include
         PRIVATE drivers/builtin/include
diff --git a/tf-psa-crypto/core/psa_crypto.c b/tf-psa-crypto/core/psa_crypto.c
index e823966..4db4fbc 100644
--- a/tf-psa-crypto/core/psa_crypto.c
+++ b/tf-psa-crypto/core/psa_crypto.c
@@ -2452,6 +2452,58 @@
 /* Message digests */
 /****************************************************************/
 
+static int is_hash_supported(psa_algorithm_t alg)
+{
+    switch (alg) {
+#if defined(PSA_WANT_ALG_MD5)
+        case PSA_ALG_MD5:
+            return 1;
+#endif
+#if defined(PSA_WANT_ALG_RIPEMD160)
+        case PSA_ALG_RIPEMD160:
+            return 1;
+#endif
+#if defined(PSA_WANT_ALG_SHA_1)
+        case PSA_ALG_SHA_1:
+            return 1;
+#endif
+#if defined(PSA_WANT_ALG_SHA_224)
+        case PSA_ALG_SHA_224:
+            return 1;
+#endif
+#if defined(PSA_WANT_ALG_SHA_256)
+        case PSA_ALG_SHA_256:
+            return 1;
+#endif
+#if defined(PSA_WANT_ALG_SHA_384)
+        case PSA_ALG_SHA_384:
+            return 1;
+#endif
+#if defined(PSA_WANT_ALG_SHA_512)
+        case PSA_ALG_SHA_512:
+            return 1;
+#endif
+#if defined(PSA_WANT_ALG_SHA3_224)
+        case PSA_ALG_SHA3_224:
+            return 1;
+#endif
+#if defined(PSA_WANT_ALG_SHA3_256)
+        case PSA_ALG_SHA3_256:
+            return 1;
+#endif
+#if defined(PSA_WANT_ALG_SHA3_384)
+        case PSA_ALG_SHA3_384:
+            return 1;
+#endif
+#if defined(PSA_WANT_ALG_SHA3_512)
+        case PSA_ALG_SHA3_512:
+            return 1;
+#endif
+        default:
+            return 0;
+    }
+}
+
 psa_status_t psa_hash_abort(psa_hash_operation_t *operation)
 {
     /* Aborting a non-active operation is allowed */
@@ -3095,16 +3147,44 @@
         if (!PSA_ALG_IS_SIGN_MESSAGE(alg)) {
             return PSA_ERROR_INVALID_ARGUMENT;
         }
+    }
 
-        if (PSA_ALG_IS_SIGN_HASH(alg)) {
-            if (!PSA_ALG_IS_HASH(PSA_ALG_SIGN_GET_HASH(alg))) {
-                return PSA_ERROR_INVALID_ARGUMENT;
-            }
-        }
-    } else {
-        if (!PSA_ALG_IS_SIGN_HASH(alg)) {
-            return PSA_ERROR_INVALID_ARGUMENT;
-        }
+    psa_algorithm_t hash_alg = 0;
+    if (PSA_ALG_IS_SIGN_HASH(alg)) {
+        hash_alg = PSA_ALG_SIGN_GET_HASH(alg);
+    }
+
+    /* Now hash_alg==0 if alg by itself doesn't need a hash.
+     * This is good enough for sign-hash, but a guaranteed failure for
+     * sign-message which needs to hash first for all algorithms
+     * supported at the moment. */
+
+    if (hash_alg == 0 && input_is_message) {
+        return PSA_ERROR_INVALID_ARGUMENT;
+    }
+    if (hash_alg == PSA_ALG_ANY_HASH) {
+        return PSA_ERROR_INVALID_ARGUMENT;
+    }
+    /* Give up immediately if the hash is not supported. This has
+     * several advantages:
+     * - For mechanisms that don't use the hash at all (e.g.
+     *   ECDSA verification, randomized ECDSA signature), without
+     *   this check, the operation would succeed even though it has
+     *   been given an invalid argument. This would not be insecure
+     *   since the hash was not necessary, but it would be weird.
+     * - For mechanisms that do use the hash, we avoid an error
+     *   deep inside the execution. In principle this doesn't matter,
+     *   but there is a little more risk of a bug in error handling
+     *   deep inside than in this preliminary check.
+     * - When calling a driver, the driver might be capable of using
+     *   a hash that the core doesn't support. This could potentially
+     *   result in a buffer overflow if the hash is larger than the
+     *   maximum hash size assumed by the core.
+     * - Returning a consistent error makes it possible to test
+     *   not-supported hashes in a consistent way.
+     */
+    if (hash_alg != 0 && !is_hash_supported(hash_alg)) {
+        return PSA_ERROR_NOT_SUPPORTED;
     }
 
     return PSA_SUCCESS;
@@ -3985,6 +4065,34 @@
         * defined( MBEDTLS_ECP_RESTARTABLE ) */
 }
 
+/* Detect supported interruptible sign/verify mechanisms precisely.
+ * This is not strictly needed: we could accept everything, and let the
+ * code fail later during complete() if the mechanism is unsupported
+ * (e.g. attempting deterministic ECDSA when only the randomized variant
+ * is available). But it's easier for applications and especially for our
+ * test code to detect all not-supported errors during start().
+ *
+ * Note that this function ignores the hash component. The core code
+ * is supposed to check the hash part by calling is_hash_supported().
+ */
+static inline int can_do_interruptible_sign_verify(psa_algorithm_t alg)
+{
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)
+    if (PSA_ALG_IS_DETERMINISTIC_ECDSA(alg)) {
+        return 1;
+    }
+#endif
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA)
+    if (PSA_ALG_IS_RANDOMIZED_ECDSA(alg)) {
+        return 1;
+    }
+#endif
+#endif /* defined(MBEDTLS_ECP_RESTARTABLE) */
+    (void) alg;
+    return 0;
+}
+
 psa_status_t mbedtls_psa_sign_hash_start(
     mbedtls_psa_sign_hash_interruptible_operation_t *operation,
     const psa_key_attributes_t *attributes, const uint8_t *key_buffer,
@@ -3998,7 +4106,7 @@
         return PSA_ERROR_NOT_SUPPORTED;
     }
 
-    if (!PSA_ALG_IS_ECDSA(alg)) {
+    if (!can_do_interruptible_sign_verify(alg)) {
         return PSA_ERROR_NOT_SUPPORTED;
     }
 
@@ -4214,7 +4322,7 @@
         return PSA_ERROR_NOT_SUPPORTED;
     }
 
-    if (!PSA_ALG_IS_ECDSA(alg)) {
+    if (!can_do_interruptible_sign_verify(alg)) {
         return PSA_ERROR_NOT_SUPPORTED;
     }
 
diff --git a/docs/architecture/mbed-crypto-storage-specification.md b/tf-psa-crypto/docs/architecture/mbed-crypto-storage-specification.md
similarity index 100%
rename from docs/architecture/mbed-crypto-storage-specification.md
rename to tf-psa-crypto/docs/architecture/mbed-crypto-storage-specification.md
diff --git a/docs/architecture/psa-crypto-implementation-structure.md b/tf-psa-crypto/docs/architecture/psa-crypto-implementation-structure.md
similarity index 100%
rename from docs/architecture/psa-crypto-implementation-structure.md
rename to tf-psa-crypto/docs/architecture/psa-crypto-implementation-structure.md
diff --git a/docs/architecture/psa-keystore-design.md b/tf-psa-crypto/docs/architecture/psa-keystore-design.md
similarity index 100%
rename from docs/architecture/psa-keystore-design.md
rename to tf-psa-crypto/docs/architecture/psa-keystore-design.md
diff --git a/docs/architecture/psa-shared-memory.md b/tf-psa-crypto/docs/architecture/psa-shared-memory.md
similarity index 100%
rename from docs/architecture/psa-shared-memory.md
rename to tf-psa-crypto/docs/architecture/psa-shared-memory.md
diff --git a/docs/architecture/psa-storage-resilience.md b/tf-psa-crypto/docs/architecture/psa-storage-resilience.md
similarity index 100%
rename from docs/architecture/psa-storage-resilience.md
rename to tf-psa-crypto/docs/architecture/psa-storage-resilience.md
diff --git a/docs/architecture/psa-thread-safety/key-slot-state-transitions.png b/tf-psa-crypto/docs/architecture/psa-thread-safety/key-slot-state-transitions.png
similarity index 100%
rename from docs/architecture/psa-thread-safety/key-slot-state-transitions.png
rename to tf-psa-crypto/docs/architecture/psa-thread-safety/key-slot-state-transitions.png
Binary files differ
diff --git a/docs/architecture/psa-thread-safety/psa-thread-safety.md b/tf-psa-crypto/docs/architecture/psa-thread-safety/psa-thread-safety.md
similarity index 100%
rename from docs/architecture/psa-thread-safety/psa-thread-safety.md
rename to tf-psa-crypto/docs/architecture/psa-thread-safety/psa-thread-safety.md
diff --git a/docs/architecture/testing/driver-interface-test-strategy.md b/tf-psa-crypto/docs/architecture/testing/driver-interface-test-strategy.md
similarity index 100%
rename from docs/architecture/testing/driver-interface-test-strategy.md
rename to tf-psa-crypto/docs/architecture/testing/driver-interface-test-strategy.md
diff --git a/docs/architecture/testing/psa-storage-format-testing.md b/tf-psa-crypto/docs/architecture/testing/psa-storage-format-testing.md
similarity index 100%
rename from docs/architecture/testing/psa-storage-format-testing.md
rename to tf-psa-crypto/docs/architecture/testing/psa-storage-format-testing.md
diff --git a/docs/driver-only-builds.md b/tf-psa-crypto/docs/driver-only-builds.md
similarity index 100%
rename from docs/driver-only-builds.md
rename to tf-psa-crypto/docs/driver-only-builds.md
diff --git a/docs/proposed/psa-conditional-inclusion-c.md b/tf-psa-crypto/docs/proposed/psa-conditional-inclusion-c.md
similarity index 100%
rename from docs/proposed/psa-conditional-inclusion-c.md
rename to tf-psa-crypto/docs/proposed/psa-conditional-inclusion-c.md
diff --git a/docs/proposed/psa-driver-developer-guide.md b/tf-psa-crypto/docs/proposed/psa-driver-developer-guide.md
similarity index 100%
rename from docs/proposed/psa-driver-developer-guide.md
rename to tf-psa-crypto/docs/proposed/psa-driver-developer-guide.md
diff --git a/docs/proposed/psa-driver-integration-guide.md b/tf-psa-crypto/docs/proposed/psa-driver-integration-guide.md
similarity index 100%
rename from docs/proposed/psa-driver-integration-guide.md
rename to tf-psa-crypto/docs/proposed/psa-driver-integration-guide.md
diff --git a/docs/proposed/psa-driver-interface.md b/tf-psa-crypto/docs/proposed/psa-driver-interface.md
similarity index 100%
rename from docs/proposed/psa-driver-interface.md
rename to tf-psa-crypto/docs/proposed/psa-driver-interface.md
diff --git a/docs/proposed/psa-driver-wrappers-codegen-migration-guide.md b/tf-psa-crypto/docs/proposed/psa-driver-wrappers-codegen-migration-guide.md
similarity index 100%
rename from docs/proposed/psa-driver-wrappers-codegen-migration-guide.md
rename to tf-psa-crypto/docs/proposed/psa-driver-wrappers-codegen-migration-guide.md
diff --git a/docs/psa-driver-example-and-guide.md b/tf-psa-crypto/docs/psa-driver-example-and-guide.md
similarity index 100%
rename from docs/psa-driver-example-and-guide.md
rename to tf-psa-crypto/docs/psa-driver-example-and-guide.md
diff --git a/tf-psa-crypto/programs/CMakeLists.txt b/tf-psa-crypto/programs/CMakeLists.txt
index e69de29..c394db6 100644
--- a/tf-psa-crypto/programs/CMakeLists.txt
+++ b/tf-psa-crypto/programs/CMakeLists.txt
@@ -0,0 +1,4 @@
+set(programs_target "${TF_PSA_CRYPTO_TARGET_PREFIX}tfpsacrypto-programs")
+add_custom_target(${programs_target})
+
+add_subdirectory(psa)
diff --git a/tf-psa-crypto/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.h.jinja b/tf-psa-crypto/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.h.jinja
index d3b7d6f..ed5c9a0 100644
--- a/tf-psa-crypto/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.h.jinja
+++ b/tf-psa-crypto/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.h.jinja
@@ -307,8 +307,7 @@
 #endif /* PSA_CRYPTO_DRIVER_TEST */
 #if defined (MBEDTLS_PSA_P256M_DRIVER_ENABLED)
             if( PSA_KEY_TYPE_IS_ECC( psa_get_key_type(attributes) ) &&
-                PSA_ALG_IS_ECDSA(alg) &&
-                !PSA_ALG_ECDSA_IS_DETERMINISTIC( alg ) &&
+                PSA_ALG_IS_RANDOMIZED_ECDSA(alg) &&
                 PSA_KEY_TYPE_ECC_GET_FAMILY(psa_get_key_type(attributes)) == PSA_ECC_FAMILY_SECP_R1 &&
                 psa_get_key_bits(attributes) == 256 )
             {
@@ -412,7 +411,6 @@
 #if defined (MBEDTLS_PSA_P256M_DRIVER_ENABLED)
             if( PSA_KEY_TYPE_IS_ECC( psa_get_key_type(attributes) ) &&
                 PSA_ALG_IS_ECDSA(alg) &&
-                !PSA_ALG_ECDSA_IS_DETERMINISTIC( alg ) &&
                 PSA_KEY_TYPE_ECC_GET_FAMILY(psa_get_key_type(attributes)) == PSA_ECC_FAMILY_SECP_R1 &&
                 psa_get_key_bits(attributes) == 256 )
             {
diff --git a/tf-psa-crypto/tests/suites/test_suite_pk.function b/tf-psa-crypto/tests/suites/test_suite_pk.function
index 96ea591..259e3cb 100644
--- a/tf-psa-crypto/tests/suites/test_suite_pk.function
+++ b/tf-psa-crypto/tests/suites/test_suite_pk.function
@@ -177,7 +177,7 @@
 #define MBEDTLS_MD_ALG_FOR_TEST         MBEDTLS_MD_SHA512
 #endif
 
-#include <../src/test_keys.h>
+#include <test/test_keys.h>
 
 /* Define an RSA key size we know it's present in predefined_key[] array. */
 #define RSA_KEY_SIZE   1024
diff --git a/tf-psa-crypto/tests/suites/test_suite_psa_crypto.data b/tf-psa-crypto/tests/suites/test_suite_psa_crypto.data
index f042a13..fc8ebb5 100644
--- a/tf-psa-crypto/tests/suites/test_suite_psa_crypto.data
+++ b/tf-psa-crypto/tests/suites/test_suite_psa_crypto.data
@@ -4485,11 +4485,11 @@
 
 PSA sign hash int (ops=inf): det ECDSA not supported
 depends_on:!PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:PSA_WANT_ECC_SECP_R1_384
-sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824":96:PSA_SUCCESS:PSA_ERROR_NOT_SUPPORTED:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED
+sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824":96:PSA_ERROR_NOT_SUPPORTED:PSA_ERROR_BAD_STATE:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED
 
 PSA sign hash int (ops=min): det ECDSA not supported
 depends_on:!PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:PSA_WANT_ECC_SECP_R1_384
-sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824":96:PSA_SUCCESS:PSA_ERROR_NOT_SUPPORTED:0
+sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824":96:PSA_ERROR_NOT_SUPPORTED:PSA_ERROR_BAD_STATE:0
 
 PSA sign/verify hash: RSA PKCS#1 v1.5, raw
 depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT
@@ -4731,6 +4731,29 @@
 depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:PSA_WANT_ECC_SECP_R1_384
 verify_hash_interruptible:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04d9c662b50ba29ca47990450e043aeaf4f0c69b15676d112f622a71c93059af999691c5680d2b44d111579db12f4a413a2ed5c45fcfb67b5b63e00b91ebe59d09a6b1ac2c0c4282aa12317ed5914f999bc488bb132e8342cc36f2ca5e3379c747":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"bed412df472eef873fb0839f91a6867d1c6824d4c5781d4b851faa43c7df904d99dbdd28c0d2fd3a4a006e89d34993a120aff166deb4974e96449a7ffe93c66726ad9443b14b87330c86bdde3faff5fd1cbfdc9afe46f8090376f9664cb116b4":PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED
 
+# The next 4 test cases check what happens if only one of the two ECDSA
+# variants is supported. The ECDSA variants (deterministic and randomized)
+# are different signature algorithms that can be enabled independently,
+# but they have the same verification. Mbed TLS accepts either variant
+# as the algorithm requested for verification even if that variant is not
+# supported. Test that this works. It would also be acceptable if the
+# library returned NOT_SUPPORTED in this case.
+PSA verify hash: ECDSA SECP256R1, only deterministic supported
+depends_on:!PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_256
+verify_hash:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f"
+
+PSA verify hash with keypair: ECDSA SECP256R1, only deterministic supported
+depends_on:!PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_ECC_SECP_R1_256
+verify_hash:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f"
+
+PSA verify hash: deterministic ECDSA SECP256R1, only randomized supported
+depends_on:PSA_WANT_ALG_ECDSA:!PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
+verify_hash:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f"
+
+PSA verify hash with keypair: deterministic ECDSA SECP256R1, only randomized supported
+depends_on:PSA_WANT_ALG_ECDSA:!PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
+verify_hash:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f"
+
 PSA verify hash: ECDSA SECP256R1, wrong signature size (correct but ASN1-encoded)
 depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_256
 verify_hash_fail:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"304502206a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151022100ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_ERROR_INVALID_SIGNATURE
@@ -4840,14 +4863,14 @@
 sign_message_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:"616263":0:PSA_ERROR_INVALID_ARGUMENT
 
 PSA sign message: RSA PKCS#1 v1.5 SHA-256, invalid key type
-depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_CHACHA20
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_CHACHA20
 sign_message_fail:PSA_KEY_TYPE_CHACHA20:"4bddc98c551a95395ef719557f813656b566bc45aac04eca3866324cc75489f2":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"616263":128:PSA_ERROR_INVALID_ARGUMENT
 
-PSA sign message: ECDSA SECP256R1 SHA-256, invalid hash (wildcard)
+PSA sign message: ECDSA SECP256R1, invalid hash (wildcard)
 depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:PSA_WANT_ECC_SECP_R1_256
 sign_message_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):"616263":64:PSA_ERROR_INVALID_ARGUMENT
 
-PSA sign message: ECDSA SECP256R1 SHA-256, invalid hash algorithm (0)
+PSA sign message: ECDSA SECP256R1, invalid hash algorithm (0)
 depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:PSA_WANT_ECC_SECP_R1_256
 sign_message_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(0):"616263":64:PSA_ERROR_INVALID_ARGUMENT
 
diff --git a/tf-psa-crypto/tests/suites/test_suite_psa_crypto_not_supported.function b/tf-psa-crypto/tests/suites/test_suite_psa_crypto_not_supported.function
index e5e66f4..4f15a3f 100644
--- a/tf-psa-crypto/tests/suites/test_suite_psa_crypto_not_supported.function
+++ b/tf-psa-crypto/tests/suites/test_suite_psa_crypto_not_supported.function
@@ -20,10 +20,28 @@
 
     PSA_ASSERT(psa_crypto_init());
     psa_set_key_type(&attributes, key_type);
-    TEST_EQUAL(psa_import_key(&attributes,
-                              key_material->x, key_material->len,
-                              &key_id),
-               PSA_ERROR_NOT_SUPPORTED);
+    psa_status_t actual_status =
+        psa_import_key(&attributes, key_material->x, key_material->len, &key_id);
+
+#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
+    if (actual_status == PSA_ERROR_INVALID_ARGUMENT) {
+        /* Edge case: when importing an ECC public key with an unspecified
+         * bit-size (as we do here), the implementation of psa_import_key()
+         * infers the bit-size from the input. If the key type specifies an
+         * unknown curve, the validation might reject the data as invalid
+         * before it checks that the curve is supported. If so, that's ok.
+         * In practice, at the time of writing, this happens with Ed25519,
+         * for which a valid but unsupported 32-byte input causes
+         * psa_import_key() to fail because it assumes a Weierstrass curve
+         * which must have an odd-length encoding.
+         *
+         * In other cases, we do not expect an INVALID_ARGUMENT error here. */
+        TEST_ASSERT(PSA_KEY_TYPE_IS_ECC(key_type));
+    } else
+#endif /* defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) */
+    {
+        TEST_EQUAL(actual_status, PSA_ERROR_NOT_SUPPORTED);
+    }
     TEST_ASSERT(mbedtls_svc_key_id_equal(key_id, MBEDTLS_SVC_KEY_ID_INIT));
 
 exit:
diff --git a/tf-psa-crypto/tests/suites/test_suite_psa_crypto_op_fail.function b/tf-psa-crypto/tests/suites/test_suite_psa_crypto_op_fail.function
index d88b4fa..c7b6844 100644
--- a/tf-psa-crypto/tests/suites/test_suite_psa_crypto_op_fail.function
+++ b/tf-psa-crypto/tests/suites/test_suite_psa_crypto_op_fail.function
@@ -223,12 +223,9 @@
     size_t length = SIZE_MAX;
     psa_sign_hash_interruptible_operation_t sign_operation =
         psa_sign_hash_interruptible_operation_init();
-
     psa_verify_hash_interruptible_operation_t verify_operation =
         psa_verify_hash_interruptible_operation_init();
 
-
-
     PSA_INIT();
 
     psa_set_key_type(&attributes, key_type);
@@ -252,8 +249,8 @@
     PSA_ASSERT(psa_sign_hash_abort(&sign_operation));
 
     if (!private_only) {
-        /* Determine a plausible signature size to avoid an INVALID_SIGNATURE
-         * error based on this. */
+        /* Construct a signature candidate of a plausible size to avoid an
+         * INVALID_SIGNATURE error based on an early size verification. */
         PSA_ASSERT(psa_get_key_attributes(key_id, &attributes));
         size_t key_bits = psa_get_key_bits(&attributes);
         size_t output_length = sizeof(output);
@@ -277,6 +274,8 @@
     }
 
 exit:
+    psa_sign_hash_abort(&sign_operation);
+    psa_verify_hash_abort(&verify_operation);
     psa_destroy_key(key_id);
     psa_reset_key_attributes(&attributes);
     PSA_DONE();
diff --git a/tf-psa-crypto/tests/suites/test_suite_psa_crypto_op_fail.misc.data b/tf-psa-crypto/tests/suites/test_suite_psa_crypto_op_fail.misc.data
index 7158f2d..0c69fa8 100644
--- a/tf-psa-crypto/tests/suites/test_suite_psa_crypto_op_fail.misc.data
+++ b/tf-psa-crypto/tests/suites/test_suite_psa_crypto_op_fail.misc.data
@@ -13,3 +13,24 @@
 PSA sign RSA_PSS(SHA_256): RSA_PSS not enabled, key pair
 depends_on:!PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT
 sign_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):0:PSA_ERROR_NOT_SUPPORTED
+
+# There is a special case with ECDSA: deterministic and randomized ECDSA are
+# different signature algorithms that can be enabled independently, but
+# the verification algorithms are the same. Mbed TLS supports verification
+# of either variant when either variant is enabled. (It would also be correct
+# to reject the not-supported algorithm, but it would require a few more lines
+# of code.) In the automatically generated test cases, we avoid this difficulty
+# by making the not-supported test cases require neither variant to be
+# enabled. Here, test the signature operation when one variant is supported
+# but not the other. Testing the positive cases for the verification
+# operation is the job of test_suite_psa_crypto.
+#
+# We only test with one curve and one hash, because we know from a gray-box
+# approach that the curve and hash don't matter here.
+PSA sign DETERMINISTIC_ECDSA(SHA_256): !DETERMINISTIC_ECDSA but ECDSA with ECC_KEY_PAIR(SECP_R1)
+depends_on:!PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_192:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT
+sign_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"d83b57a59c51358d9c8bbb898aff507f44dd14cf16917190":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):1:PSA_ERROR_NOT_SUPPORTED
+
+PSA sign DETERMINISTIC_ECDSA(SHA_256): !ECDSA but DETERMINISTIC_ECDSA with ECC_KEY_PAIR(SECP_R1)
+depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:!PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_192:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT
+sign_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"d83b57a59c51358d9c8bbb898aff507f44dd14cf16917190":PSA_ALG_ECDSA(PSA_ALG_SHA_256):1:PSA_ERROR_NOT_SUPPORTED
diff --git a/tf-psa-crypto/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.function b/tf-psa-crypto/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.function
index efd24e9..b430096 100644
--- a/tf-psa-crypto/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.function
+++ b/tf-psa-crypto/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.function
@@ -196,6 +196,9 @@
     return mock_export_public_data.return_value;
 }
 
+#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT) && \
+    defined(PSA_WANT_ALG_ECDSA) && \
+    defined(PSA_WANT_ALG_SHA_256)
 static psa_status_t mock_sign(psa_drv_se_context_t *context,
                               psa_key_slot_number_t key_slot,
                               psa_algorithm_t alg,
@@ -218,7 +221,9 @@
 
     return mock_sign_data.return_value;
 }
+#endif
 
+#if defined(PSA_WANT_ALG_ECDSA) && defined(PSA_WANT_ALG_SHA_256)
 static psa_status_t mock_verify(psa_drv_se_context_t *context,
                                 psa_key_slot_number_t key_slot,
                                 psa_algorithm_t alg,
@@ -239,6 +244,7 @@
 
     return mock_verify_data.return_value;
 }
+#endif
 
 static psa_status_t mock_allocate(psa_drv_se_context_t *drv_context,
                                   void *persistent_data,
@@ -550,7 +556,7 @@
 }
 /* END_CASE */
 
-/* BEGIN_CASE */
+/* BEGIN_CASE depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256 */
 void mock_sign(int mock_sign_return_value, int expected_result)
 {
     psa_drv_se_t driver;
@@ -611,7 +617,7 @@
 }
 /* END_CASE */
 
-/* BEGIN_CASE */
+/* BEGIN_CASE depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256 */
 void mock_verify(int mock_verify_return_value, int expected_result)
 {
     psa_drv_se_t driver;