User-provided Mbed TLS config header
The Kconfig interface and build system ensures that the configuration of nrf_security is valid and working, and ensures that dependencies between different cryptographic APIs are met.
It is therefore highly recommended to let the build system generate the Mbed TLS configuration headers.
However, for special use cases that cannot be achieved using the Kconfig configuration tool, it is possible to provide custom Mbed TLS configuration headers.
When doing so, you must make sure that the system is working. First, use Kconfig and the build system to create Mbed TLS configuration headers as a starting point, and then tweak this file to include settings that are not available in Kconfig.
When providing custom Mbed TLS configuration headers when CryptoCell is in use, it is important that the following criteria are still met:
Entropy length of 144, that is,
#define MBEDTLS_ENTROPY_MAX_GATHER 144
SHA-256 is used for entropy, that is,
#define MBEDTLS_ENTROPY_FORCE_SHA256is set.
Entropy max sources is set to 1, that is
#define MBEDTLS_ENTROPY_MAX_SOURCES 1