diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index fd91d7074..41a97b1ed 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -2773,19 +2773,16 @@
  *
  * Enable the Platform Security Architecture cryptography API.
  *
- * \note This option only has an effect when the build option
- * USE_CRYPTO_SUBMODULE is also in use.
- *
- * \warning This feature is experimental and available on an opt-in basis only.
- * PSA APIs are subject to change at any time. The implementation comes with
- * less assurance and support than the rest of Mbed TLS.
+ * \warning The PSA Crypto API is still beta status. While you're welcome to
+ * experiment using it, incompatible API changes are still possible, and some
+ * parts may not have reached the same quality as the rest of Mbed TLS yet.
  *
  * Module:  crypto/library/psa_crypto.c
  *
  * Requires: MBEDTLS_CTR_DRBG_C, MBEDTLS_ENTROPY_C
  *
  */
-//#define MBEDTLS_PSA_CRYPTO_C
+#define MBEDTLS_PSA_CRYPTO_C
 
 /**
  * \def MBEDTLS_PSA_CRYPTO_STORAGE_C
diff --git a/scripts/config.pl b/scripts/config.pl
index 6300362fa..0528143a0 100755
--- a/scripts/config.pl
+++ b/scripts/config.pl
@@ -28,7 +28,6 @@
 #   MBEDTLS_ECP_DP_M511_ENABLED
 #   MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
 #   MBEDTLS_NO_PLATFORM_ENTROPY
-#   MBEDTLS_PSA_CRYPTO_C
 #   MBEDTLS_REMOVE_ARC4_CIPHERSUITES
 #   MBEDTLS_REMOVE_3DES_CIPHERSUITES
 #   MBEDTLS_SSL_HW_RECORD_ACCEL
@@ -40,7 +39,6 @@
 #   MBEDTLS_PKCS11_C
 #   MBEDTLS_USE_PSA_CRYPTO
 #       - experimental, and more an alternative implementation than a feature
-#   MBEDTLS_PSA_CRYPTO_STORAGE_C
 #   MBEDTLS_PSA_ITS_FILE_C
 #   MBEDTLS_PSA_CRYPTO_SPM
 #   MBEDTLS_PSA_INJECT_ENTROPY
@@ -95,7 +93,6 @@ MBEDTLS_ECP_DP_M383_ENABLED
 MBEDTLS_ECP_DP_M511_ENABLED
 MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
 MBEDTLS_NO_PLATFORM_ENTROPY
-MBEDTLS_PSA_CRYPTO_C
 MBEDTLS_RSA_NO_CRT
 MBEDTLS_REMOVE_ARC4_CIPHERSUITES
 MBEDTLS_REMOVE_3DES_CIPHERSUITES
@@ -107,7 +104,6 @@ MBEDTLS_PKCS11_C
 MBEDTLS_NO_UDBL_DIVISION
 MBEDTLS_NO_64BIT_MULTIPLICATION
 MBEDTLS_USE_PSA_CRYPTO
-MBEDTLS_PSA_CRYPTO_STORAGE_C
 MBEDTLS_PSA_ITS_FILE_C
 MBEDTLS_PSA_CRYPTO_SPM
 MBEDTLS_PSA_INJECT_ENTROPY
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index e8d36fd75..304eaeede 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -837,6 +837,9 @@ component_test_not_submodule_make () {
     msg "build: make, full config without USE_CRYPTO_SUBMODULE, gcc+debug"
     scripts/config.pl full
     scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests
+    scripts/config.pl unset MBEDTLS_USE_PSA_CRYPTO # depends on PSA
+    scripts/config.pl unset MBEDTLS_PSA_CRYPTO_C # only works from submodule
+    scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_C # depends on PSA
     make CC=gcc CFLAGS='-g' USE_CRYPTO_SUBMODULE=0
 
     msg "test: submodule libmbedcrypto wasn't built (no USE_CRYPTO_SUBMODULE, make)"
@@ -858,6 +861,8 @@ component_test_not_submodule_cmake () {
     msg "build: cmake, full config without USE_CRYPTO_SUBMODULE, gcc+debug"
     scripts/config.pl full
     scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests
+    scripts/config.pl unset MBEDTLS_PSA_CRYPTO_C # only works from submodule
+    scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_C # depends on PSA
     CC=gcc cmake -D CMAKE_BUILD_TYPE=Debug -D USE_CRYPTO_SUBMODULE=Off .
     make