tfm: do not enable all PSA features by default when BUILD_WITH_TFM

Do not enable all PSA features by default when BUILD_WITH_TFM

Signed-off-by: Valerio Setti <vsetti@baylibre.com>

modules/trusted-firmware-m/Kconfig.tfm

@@ -33,7 +33,6 @@ menuconfig BUILD_WITH_TFM
 	imply INIT_ARCH_HW_AT_BOOT
 	imply ARM_NONSECURE_PREEMPTIBLE_SECURE_CALLS
 	imply MBEDTLS
-	imply PSA_CRYPTO_ENABLE_ALL
 	help
 	  When enabled, this option instructs the Zephyr build process to
 	  additionally generate a TF-M image for the Secure Execution

samples/tfm_integration/psa_crypto/prj.conf

@@ -29,6 +29,11 @@ CONFIG_MBEDTLS_USER_CONFIG_ENABLE=y
 CONFIG_MBEDTLS_USER_CONFIG_FILE="config_mbedtls.h"
 
 CONFIG_MBEDTLS_PSA_CRYPTO_C=y
+CONFIG_PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY=y
+CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC=y
+CONFIG_PSA_WANT_ECC_SECP_R1_256=y
+CONFIG_PSA_WANT_ALG_ECDSA=y
+CONFIG_PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY=y
 CONFIG_MBEDTLS_ENTROPY_ENABLED=y
 CONFIG_MBEDTLS_ECP_C=y
 CONFIG_MBEDTLS_ECP_DP_SECP256R1_ENABLED=y