diff --git a/drivers/builtin/include/mbedtls/config_adjust_mbedtls_from_tf_psa_crypto.h b/drivers/builtin/include/mbedtls/config_adjust_mbedtls_from_tf_psa_crypto.h
index 2d2e9c2ea..b186ca22e 100644
--- a/drivers/builtin/include/mbedtls/config_adjust_mbedtls_from_tf_psa_crypto.h
+++ b/drivers/builtin/include/mbedtls/config_adjust_mbedtls_from_tf_psa_crypto.h
@@ -15,6 +15,8 @@
 #ifndef MBEDTLS_CONFIG_ADJUST_MBEDTLS_FROM_TF_PSA_CRYPTO_H
 #define MBEDTLS_CONFIG_ADJUST_MBEDTLS_FROM_TF_PSA_CRYPTO_H
 
+/* General configuration options. */
+
 #if defined(TF_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)
 #define MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
 #endif
@@ -50,6 +52,14 @@
 #define mbedtls_platform_zeroize tf_psa_crypto_platform_zeroize
 #endif
 
+#if defined(PSA_CRYPTO_DEPRECATED_WARNING)
+#define MBEDTLS_DEPRECATED_WARNING
+#endif
+
+#if defined(PSA_CRYPTO_DEPRECATED_REMOVED)
+#define MBEDTLS_DEPRECATED_REMOVED
+#endif
+
 #if defined(TF_PSA_CRYPTO_BUILTIN_KEYS)
 #define MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS
 #endif
diff --git a/include/psa/crypto_config.h b/include/psa/crypto_config.h
index 01ea9e8f3..1573c3b7a 100644
--- a/include/psa/crypto_config.h
+++ b/include/psa/crypto_config.h
@@ -120,6 +120,33 @@
  */
 //#define TF_PSA_CRYPTO_PLATFORM_ZEROIZE
 
+/**
+ * \def PSA_CRYPTO_DEPRECATED_WARNING
+ *
+ * Mark deprecated functions and features so that they generate a warning if
+ * used. Functionality deprecated in one version will usually be removed in the
+ * next version. You can enable this to help you prepare the transition to a
+ * new major version by making sure your code is not using this functionality.
+ *
+ * This only works with GCC and Clang. With other compilers, you may want to
+ * use PSA_CRYPTO_DEPRECATED_REMOVED
+ *
+ * Uncomment to get warnings on using deprecated functions and features.
+ */
+//#define PSA_CRYPTO_DEPRECATED_WARNING
+
+/**
+ * \def PSA_CRYPTO_DEPRECATED_REMOVED
+ *
+ * Remove deprecated functions and features so that they generate an error if
+ * used. Functionality deprecated in one version will usually be removed in the
+ * next version. You can enable this to help you prepare the transition to a
+ * new major version by making sure your code is not using this functionality.
+ *
+ * Uncomment to get errors on using deprecated functions and features.
+ */
+//#define PSA_CRYPTO_DEPRECATED_REMOVED
+
 /*
  * Platform exit macros
  */
diff --git a/tests/all_sh_components.txt b/tests/all_sh_components.txt
index c29f2f107..83841a56e 100644
--- a/tests/all_sh_components.txt
+++ b/tests/all_sh_components.txt
@@ -206,3 +206,23 @@ component_test_cmake_shared () {
     cd "$TF_PSA_CRYPTO_ROOT_DIR"
     rm -rf "$OUT_OF_SOURCE_DIR"
 }
+
+component_test_default_no_deprecated () {
+    # Test that removing the deprecated features from the default
+    # configuration leaves something consistent.
+    msg "build: make, default + PSA_CRYPTO_DEPRECATED_REMOVED" # ~ 30s
+    scripts/config.py -f "include/psa/crypto_config.h" set PSA_CRYPTO_DEPRECATED_REMOVED
+
+    TF_PSA_CRYPTO_ROOT_DIR="$PWD"
+    mkdir "$OUT_OF_SOURCE_DIR"
+    cd "$OUT_OF_SOURCE_DIR"
+
+    CC=gcc cmake -DCMAKE_C_FLAGS="-O -Werror -Wall -Wextra" ..
+    make
+
+    msg "test: make, default + PSA_CRYPTO_DEPRECATED_REMOVED" # ~ 5s
+    make test
+
+    cd "$TF_PSA_CRYPTO_ROOT_DIR"
+    rm -rf "$OUT_OF_SOURCE_DIR"
+}
\ No newline at end of file