modules: mbedtls: enable persistent keys when CONFIG_SECURE_STORAGE

With the secure storage subsystem now providing an implementation of
the PSA ITS API, let Mbed TLS use it when it's enabled.
This allows the use of persistent keys in the PSA Crypto API.

Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>

modules/mbedtls/CMakeLists.txt

@@ -136,7 +136,7 @@ zephyr_interface_library_named(mbedTLS)
 
     zephyr_library_named(mbedTLSCrypto)
 
-    if (CONFIG_MBEDTLS_PSA_CRYPTO_C AND NOT CONFIG_BUILD_WITH_TFM)
+    if (CONFIG_MBEDTLS_PSA_CRYPTO_C)
       list(APPEND crypto_source
         ${ZEPHYR_CURRENT_MODULE_DIR}/library/psa_crypto_aead.c
         ${ZEPHYR_CURRENT_MODULE_DIR}/library/psa_crypto_cipher.c
@@ -176,6 +176,9 @@ zephyr_interface_library_named(mbedTLS)
 
     zephyr_library_sources(${crypto_source})
 
+    # Custom macro to tell that an mbedTLSCrypto source file is being compiled.
+    zephyr_library_compile_definitions(BUILDING_MBEDTLS_CRYPTO)
+
     zephyr_library_link_libraries(mbedTLS)
 
     zephyr_library_link_libraries_ifdef(CONFIG_BUILD_WITH_TFM tfm_api)

modules/mbedtls/configs/config-tls-generic.h

@@ -482,11 +482,12 @@
 #define MBEDTLS_PSA_P256M_DRIVER_ENABLED
 #endif
 
-#if defined(CONFIG_ARCH_POSIX) && !defined(CONFIG_PICOLIBC)
-#define MBEDTLS_PSA_KEY_SLOT_COUNT     64
+#if defined(CONFIG_ARCH_POSIX)
+#define MBEDTLS_PSA_KEY_SLOT_COUNT 64 /* for BLE Mesh tests */
+#endif
+
+#if defined(CONFIG_SECURE_STORAGE)
 #define MBEDTLS_PSA_CRYPTO_STORAGE_C
-#define MBEDTLS_PSA_ITS_FILE_C
-#define MBEDTLS_FS_IO
 #endif
 
 #endif /* CONFIG_MBEDTLS_PSA_CRYPTO_C */
@@ -499,7 +500,6 @@
 #define MBEDTLS_PSA_CRYPTO_CLIENT
 #define MBEDTLS_PSA_CRYPTO_CONFIG
 #define MBEDTLS_PSA_CRYPTO_CONFIG_FILE   "config-psa.h"
-
 #endif
 
 #if defined(CONFIG_MBEDTLS_TLS_VERSION_1_2) && defined(CONFIG_MBEDTLS_PSA_CRYPTO_C)