Hi

We are using mbedtls 2.28.9 and want to offload crypto operations to HSM from NXP imx-secure-enclave.

is the below approach correct or please suggest alternate approaches if any?

1.Transition all apis from traditional apis to psa in modules
Use PSA crypto module https://github.com/Mbed-TLS/mbedtls/blob/development/docs/psa-transition.md
2. Integrate PSA module with imx-secure-enclave in our custom mbedtls
3. All modules will use custom mbedtls which will internally offload crypto operations to HSM

or Do you recommend to use MBEDTLS_PK_RSA_ALT_SUPPORT? and implement the

key creation/signing/export of public key operations ?

Thanks,

Kavitha