At the bottom of <tf-m>/platform/ext/common/tfm_mbedcrypto_config.h, it looks to me that, for the platform that does NOT use CC312 as H.W. Crypto Acceleration Engine, one should define MBEDTLS_USER_CONFIG_FILE to include its own definitions, instead of including "mbedtls_accelerator_config.h", which is for CC312.
tfm_mbedcrypto_config.h (MBEDTLS_CONFIG_FILE)
#ifdef CRYPTO_HW_ACCELERATOR
#include "mbedtls_accelerator_config.h" # for CC312
#endif
#if defined(MBEDTLS_USER_CONFIG_FILE) # for other H.W. Acceleration Engine
#include MBEDTLS_USER_CONFIG_FILE
#endifIn my bare knowledge, to build Isolation level 2, H.W. Crypto Acceleration Engine has to be built with crypto service (<tf-m>/secure_fw/services/crypto/CMakeLists.txt), by defining:
CRYPTO_HW_ACCELERATOR_CMAKE_BUILD CRYPTO_HW_ACCELERATOR_CMAKE_LINK
However, it would only work by enabling CRYPTO_HW_ACCELERATOR, which in turn will include "mbedtls_accelerator_config.h" (under <tf-m>/platform/ext/common/cc312/).
Is it by design that one should always define CRYPTO_HW_ACCELERATOR and include CC312 header file then override it (by MBEDTLS_USER_CONFIG_FILE) ?