We are interested in PSA API usage in mbedtls. There is a branch called developent-psa.
First of all, tests (make check) fails in this branch.
As we saw, mbedtls makes use of mbed-crypto library and mbed-crypto calls PSA API. but the problem is that PSA API(psa_crypto.c) is also implemented by mbed-crypto like a circular dependency.
mbed-crypto is a crypto solution which can implement PSA API but we believe that mbed-crypto should not call PSA API.
I am saying that if there could be clean PSA API abstraction for mbed-tls, mbed-tls could use PSA API which is implemented by any custom vendor or mbed-crypto.
Actually, we are seeing that there are two copies of the similar files (e.g. cipher.c) in both mbed-tls and mbed-crypto but somehow build system includes the file from the mbed-crypto which creates a dependency to mbed-crypto. If the build system could include the source file from mbed-tls, it might solve the issue and we could include our custom PSA API Implementation which does not use mbed-crypto.
It may seem like a design decision but we wanted to hear the thoughts.