The build option MBEDTLS_PSA_INJECT_ENTROPY has been broken since Mbed TLS 2.26 (and still is as of 2.28.3 and 3.4.0).

To reproduce:

scripts/config.py set MBEDTLS_PSA_INJECT_ENTROPY
scripts/config.py set MBEDTLS_ENTROPY_NV_SEED
scripts/config.py set MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
make lib

Expected: success. (Building a program would cause a link error due to missing platform functions, that part is expected.)

Actual:

…
library/psa_crypto.c: In function ‘mbedtls_psa_random_init’:
library/psa_crypto.c:6051:33: error: ‘mbedtls_nv_seed_poll’ undeclared (first use in this function); did you mean ‘mbedtls_nv_seed_read’?
 6051 |                                 mbedtls_nv_seed_poll, NULL,
      |                                 ^~~~~~~~~~~~~~~~~~~~
      |                                 mbedtls_nv_seed_read

This option is tricky to use and not well documented, but it is used in Mbed OS (where it was integrated by people who were on the Mbed Crypto team). We want to replace it by a properly integrated mechanism under the PSA API (which may be backward compatible — TBD), but that mechanism isn't implemented yet. In the meantime, MBEDTLS_PSA_INJECT_ENTROPY as currently implemented needs to work.