Add build with a typical configuration for a PSA crypto service

Disable non-crypto features that can't be called through the PSA API, as
well as algorithms that have no PSA interface.

This serves as a non-regression test for #6408 and #6409.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

tests/scripts/all.sh

@@ -1554,6 +1554,33 @@ component_build_crypto_full () {
   are_empty_libraries library/libmbedx509.* library/libmbedtls.*
 }
 
+component_build_crypto_light () {
+  msg "build: make, config for PSA crypto service"
+  scripts/config.py crypto
+  scripts/config.py set MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
+  # Disable things that are not needed for just cryptography, to
+  # reach a configuration that would be typical for a PSA cryptography
+  # service providing all implemented PSA algorithms.
+  # System stuff
+  scripts/config.py unset MBEDTLS_ERROR_C
+  scripts/config.py unset MBEDTLS_TIMING_C
+  scripts/config.py unset MBEDTLS_VERSION_FEATURES_C
+  # Crypto stuff with no PSA interface
+  scripts/config.py unset MBEDTLS_BASE64_C
+  scripts/config.py unset MBEDTLS_NIST_KW_C
+  scripts/config.py unset MBEDTLS_PEM_PARSE_C
+  scripts/config.py unset MBEDTLS_PEM_WRITE_C
+  scripts/config.py unset MBEDTLS_PKCS12_C
+  scripts/config.py unset MBEDTLS_PKCS5_C
+  # MBEDTLS_PK_WRITE_C is actually currently needed for RSA key export,
+  # but build_info.h will reenable it.
+  scripts/config.py unset MBEDTLS_PK_WRITE_C
+  # At this time, we can't unset MBEDTLS_PK_PARSE_C, because it's needed
+  # for RSA in PSA (see https://github.com/Mbed-TLS/mbedtls/issues/6408).
+  make CFLAGS='-O1 -Werror' all test
+  are_empty_libraries library/libmbedx509.* library/libmbedtls.*
+}
+
 component_build_crypto_baremetal () {
   msg "build: make, crypto only, baremetal config"
   scripts/config.py crypto_baremetal