diff --git a/external/MbedTLS/MbedTLS.cmake b/external/MbedTLS/MbedTLS.cmake
index 06dfad2..a041a8f 100644
--- a/external/MbedTLS/MbedTLS.cmake
+++ b/external/MbedTLS/MbedTLS.cmake
@@ -32,7 +32,6 @@
 		COMMAND git branch -f bf-am
 		COMMAND git am ${CMAKE_CURRENT_LIST_DIR}/0001-Add-capability-to-selectively-build-libraries.patch
 		COMMAND git reset bf-am
-		COMMAND ${Python3_EXECUTABLE} scripts/config.py crypto
 )
 
 # Only pass libc settings to Mbed TLS if needed. For environments where the standard
diff --git a/external/MbedTLS/config/crypto_posix.h b/external/MbedTLS/config/crypto_posix.h
index eaec37e..9c396bf 100644
--- a/external/MbedTLS/config/crypto_posix.h
+++ b/external/MbedTLS/config/crypto_posix.h
@@ -11,17 +11,30 @@
  * Mbed TLS configuration for using libmbedcrypto in
  * a Posix environment (normal world demo and test applications).
  */
+
+/*
+ * Enable using crypto_config.h, but do not define custom crypto header with
+ * MBEDTLS_PSA_CRYPTO_CONFIG_FILE to enable all the supported algorithms.
+ */
 #define MBEDTLS_PSA_CRYPTO_CONFIG
+
+#define MBEDTLS_BASE64_C
+#define MBEDTLS_BIGNUM_C
+#define MBEDTLS_ECP_NIST_OPTIM
+#define MBEDTLS_ENTROPY_C
+#define MBEDTLS_HAVE_ASM
+#define MBEDTLS_LMS_C
+#define MBEDTLS_NIST_KW_C
 #define MBEDTLS_NO_UDBL_DIVISION
-#undef MBEDTLS_HAVE_TIME
-#undef MBEDTLS_HAVE_TIME_DATE
-#undef MBEDTLS_FS_IO
-#undef MBEDTLS_SELF_TEST
-#undef MBEDTLS_AESNI_C
-#undef MBEDTLS_PADLOCK_C
-#undef MBEDTLS_PLATFORM_C
-#undef MBEDTLS_PSA_CRYPTO_STORAGE_C
-#undef MBEDTLS_PSA_ITS_FILE_C
-#undef MBEDTLS_TIMING_C
+#define MBEDTLS_OID_C
+#define MBEDTLS_PKCS12_C
+#define MBEDTLS_PKCS5_C
+#define MBEDTLS_PK_C
+#define MBEDTLS_PK_PARSE_C
+#define MBEDTLS_PK_WRITE_C
+#define MBEDTLS_PSA_CRYPTO_C
+#define MBEDTLS_X509_CRL_PARSE_C
+#define MBEDTLS_X509_CRT_PARSE_C
+#define MBEDTLS_X509_USE_C
 
 #endif /* CONFIG_CRYPTO_POSIX_H */
diff --git a/external/MbedTLS/config/crypto_provider_x509.h b/external/MbedTLS/config/crypto_provider_x509.h
new file mode 100644
index 0000000..979afc7
--- /dev/null
+++ b/external/MbedTLS/config/crypto_provider_x509.h
@@ -0,0 +1,52 @@
+/*
+ * Copyright (c) 2020-2023, Arm Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef CONFIG_CRYPTO_PROVIDER_X509_H
+#define CONFIG_CRYPTO_PROVIDER_X509_H
+
+/*
+ * MbedTLS configuration for building libmbedcrypto and libx509 to act as a backend
+ * for the crypto service provider.
+ */
+
+/*
+ * Enable using crypto_config.h, but do not define custom crypto header with
+ * MBEDTLS_PSA_CRYPTO_CONFIG_FILE to enable all the supported algorithms.
+ */
+#define MBEDTLS_PSA_CRYPTO_CONFIG
+
+#define MBEDTLS_BASE64_C
+#define MBEDTLS_BIGNUM_C
+#define MBEDTLS_ECP_NIST_OPTIM
+#define MBEDTLS_ENTROPY_C
+#define MBEDTLS_ENTROPY_HARDWARE_ALT
+#define MBEDTLS_GENPRIME
+#define MBEDTLS_HAVE_ASM
+#define MBEDTLS_LMS_C
+#define MBEDTLS_NIST_KW_C
+#define MBEDTLS_NO_PLATFORM_ENTROPY
+#define MBEDTLS_NO_UDBL_DIVISION
+#define MBEDTLS_OID_C
+#define MBEDTLS_ASN1_PARSE_C
+#define MBEDTLS_PEM_PARSE_C
+#define MBEDTLS_PEM_WRITE_C
+#define MBEDTLS_PKCS12_C
+#define MBEDTLS_PKCS5_C
+#define MBEDTLS_PKCS7_C
+#define MBEDTLS_PK_C
+#define MBEDTLS_PK_PARSE_C
+#define MBEDTLS_PK_WRITE_C
+#define MBEDTLS_PSA_CRYPTO_C
+#define MBEDTLS_PSA_CRYPTO_STORAGE_C
+#define MBEDTLS_X509_CRL_PARSE_C
+#define MBEDTLS_X509_CRT_PARSE_C
+#define MBEDTLS_X509_USE_C
+
+#define MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
+#define BACKEND_CRYPTO_API_ADD_PREFIX(f) __mbedtls_backend_##f
+#include "../../../components/service/crypto/backend/prefixed_crypto_api.h"
+
+#endif /* CONFIG_CRYPTO_PROVIDER_X509_H */
diff --git a/external/MbedTLS/config/internal_crypto_smmgw.h b/external/MbedTLS/config/internal_crypto_smmgw.h
new file mode 100644
index 0000000..5d85cf7
--- /dev/null
+++ b/external/MbedTLS/config/internal_crypto_smmgw.h
@@ -0,0 +1,37 @@
+/*
+ * Copyright (c) 2023, Arm Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+#ifndef CONFIG_INTERNAL_CRYPTO_SMMGW_H
+#define CONFIG_INTERNAL_CRYPTO_SMMGW_H
+
+/*
+ * Enable using crypto_config.h, but do not define custom crypto header with
+ * MBEDTLS_PSA_CRYPTO_CONFIG_FILE to enable all the supported algorithms.
+ */
+#define MBEDTLS_PSA_CRYPTO_CONFIG
+
+#define MBEDTLS_BASE64_C
+#define MBEDTLS_BIGNUM_C
+#define MBEDTLS_ENTROPY_C
+#define MBEDTLS_ENTROPY_HARDWARE_ALT
+#define MBEDTLS_HAVE_ASM
+#define MBEDTLS_NO_PLATFORM_ENTROPY
+#define MBEDTLS_NO_UDBL_DIVISION
+#define MBEDTLS_OID_C
+#define MBEDTLS_ASN1_PARSE_C
+#define MBEDTLS_PEM_PARSE_C
+#define MBEDTLS_PEM_WRITE_C
+#define MBEDTLS_PKCS12_C
+#define MBEDTLS_PKCS5_C
+#define MBEDTLS_PKCS7_C
+#define MBEDTLS_PK_C
+#define MBEDTLS_PK_PARSE_C
+#define MBEDTLS_PK_WRITE_C
+#define MBEDTLS_PSA_CRYPTO_C
+#define MBEDTLS_X509_CRL_PARSE_C
+#define MBEDTLS_X509_CRT_PARSE_C
+#define MBEDTLS_X509_USE_C
+
+#endif /* CONFIG_INTERNAL_CRYPTO_SMMGW_H */
diff --git a/external/MbedTLS/config/libmbedx509.h b/external/MbedTLS/config/libmbedx509.h
deleted file mode 100644
index 0039d3c..0000000
--- a/external/MbedTLS/config/libmbedx509.h
+++ /dev/null
@@ -1,42 +0,0 @@
-/*
- * Copyright (c) 2020-2023, Arm Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#ifndef CONFIG_LIBMBEDX509_H
-#define CONFIG_LIBMBEDX509_H
-
-/*
- * MbedTLS configuration for building libmbedcrypto and libx509 to act as a backend
- * for the crypto service provider running in an isolated secure processing environment.
- */
-#define MBEDTLS_PSA_CRYPTO_CONFIG
-#define MBEDTLS_NO_UDBL_DIVISION
-#undef MBEDTLS_HAVE_TIME
-#undef MBEDTLS_HAVE_TIME_DATE
-#undef MBEDTLS_FS_IO
-#define MBEDTLS_ENTROPY_HARDWARE_ALT
-#define MBEDTLS_NO_PLATFORM_ENTROPY
-#undef MBEDTLS_SELF_TEST
-#undef MBEDTLS_PLATFORM_C
-#undef MBEDTLS_PSA_ITS_FILE_C
-#undef MBEDTLS_TIMING_C
-#undef MBEDTLS_AESNI_C
-#undef MBEDTLS_AESCE_C
-#undef MBEDTLS_PADLOCK_C
-
-#define MBEDTLS_BIGNUM_C
-#define MBEDTLS_X509_USE_C
-#define MBEDTLS_X509_CRL_PARSE_C
-#define MBEDTLS_X509_CRT_PARSE_C
-#define MBEDTLS_PK_PARSE_C
-#define MBEDTLS_OID_C
-#define MBEDTLS_ASN1_PARSE_C
-#define MBEDTLS_PKCS7_C
-
-#define MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
-#define BACKEND_CRYPTO_API_ADD_PREFIX(f) __mbedtls_backend_##f
-#include "../../../components/service/crypto/backend/prefixed_crypto_api.h"
-
-#endif /* CONFIG_LIBMBEDX509_H */
diff --git a/external/MbedTLS/config/x509_only.h b/external/MbedTLS/config/x509_only.h
deleted file mode 100644
index 5c615fa..0000000
--- a/external/MbedTLS/config/x509_only.h
+++ /dev/null
@@ -1,32 +0,0 @@
-/*
- * Copyright (c) 2023, Arm Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#ifndef CONFIG_X509_ONLY_H
-#define CONFIG_X509_ONLY_H
-
-#undef MBEDTLS_LMS_C
-#undef MBEDTLS_HAVE_TIME
-#undef MBEDTLS_HAVE_TIME_DATE
-#undef MBEDTLS_FS_IO
-#undef MBEDTLS_SELF_TEST
-#undef MBEDTLS_AESNI_C
-#undef MBEDTLS_AESCE_C
-#undef MBEDTLS_PADLOCK_C
-#undef MBEDTLS_PLATFORM_C
-#undef MBEDTLS_PSA_CRYPTO_STORAGE_C
-#undef MBEDTLS_PSA_ITS_FILE_C
-#undef MBEDTLS_TIMING_C
-
-#define MBEDTLS_BIGNUM_C
-#define MBEDTLS_X509_USE_C
-#define MBEDTLS_X509_CRL_PARSE_C
-#define MBEDTLS_X509_CRT_PARSE_C
-#define MBEDTLS_PK_PARSE_C
-#define MBEDTLS_OID_C
-#define MBEDTLS_ASN1_PARSE_C
-#define MBEDTLS_PKCS7_C
-
-#endif /* CONFIG_X509_ONLY_H */
diff --git a/external/MbedTLS/mbedtls-init-cache.cmake.in b/external/MbedTLS/mbedtls-init-cache.cmake.in
index bf93f1b..a633781 100644
--- a/external/MbedTLS/mbedtls-init-cache.cmake.in
+++ b/external/MbedTLS/mbedtls-init-cache.cmake.in
@@ -11,7 +11,7 @@
 set(ENABLE_PROGRAMS Off CACHE BOOL "")
 set(ENABLE_TESTING Off CACHE BOOL "")
 set(UNSAFE_BUILD On CACHE BOOL "")
-set(EXTERNAL_DEFINITIONS -DMBEDTLS_USER_CONFIG_FILE="@MBEDTLS_USER_CONFIG_FILE@" CACHE STRING "")
+set(EXTERNAL_DEFINITIONS -DMBEDTLS_CONFIG_FILE="@MBEDTLS_CONFIG_FILE@" CACHE STRING "")
 set(EXTERNAL_INCLUDE_PATHS @MBEDTLS_EXTRA_INCLUDES@ CACHE STRING "")
 set(BRANCH_PROTECTION @BRANCH_PROTECTION@ CACHE STRING "")