config-tfm: disable CIPHER_C

We also add a check in "all.sh" components:
- component_test_tfm_config_p256m_driver_accel_ec
- component_test_tfm_config
to ensure that CIPHER_C was not re-enabled accidentally.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>

configs/config-tfm.h

@@ -45,6 +45,11 @@
 #undef MBEDTLS_PLATFORM_STD_EXIT_SUCCESS
 #undef MBEDTLS_PLATFORM_STD_EXIT_FAILURE
 
+/* CCM is the only cipher/AEAD enabled in TF-M configuration files, but it
+ * does not need CIPHER_C to be enabled, so we can disabled it in order
+ * to reduce code size further. */
+#undef MBEDTLS_CIPHER_C
+
 /*
  * In order to get an example config that works cleanly out-of-the-box
  * for both baremetal and non-baremetal builds, we detect baremetal builds

tests/scripts/all.sh

@@ -3265,6 +3265,10 @@ component_test_tfm_config_p256m_driver_accel_ec () {
     # Check that p256m was built
     grep -q p256_ecdsa_ library/libmbedcrypto.a
 
+    # In "config-tfm.h" we disabled CIPHER_C tweaking TF-M's configuration
+    # files, so we want to ensure that it has not be re-enabled accidentally.
+    not grep mbedtls_cipher library/cipher.o
+
     # Run the tests
     msg "test: TF-M config + p256m driver + accel ECDH(E)/ECDSA"
     make test
@@ -3286,6 +3290,10 @@ component_test_tfm_config() {
     # Check that p256m was not built
     not grep p256_ecdsa_ library/libmbedcrypto.a
 
+    # In "config-tfm.h" we disabled CIPHER_C tweaking TF-M's configuration
+    # files, so we want to ensure that it has not be re-enabled accidentally.
+    not grep mbedtls_cipher library/cipher.o
+
     msg "test: TF-M config"
     make test
 }