README.md: Update Configuration section

Signed-off-by: Ronald Cron <ronald.cron@arm.com>

README.md

@@ -6,12 +6,13 @@ Mbed TLS includes the [TF-PSA-Crypto repository](https://github.com/Mbed-TLS/TF-
 
 Configuration
 -------------
+Configuration options related to X.509 and TLS are available in `include/mbedtls/mbedtls_config.h`, while cryptography and platform options are located in the TF-PSA-Crypto configuration file `tf-psa-crypto/include/psa/crypto_config.h`.
 
-Mbed TLS should build out of the box on most systems. Some platform specific options are available in the fully documented configuration file `include/mbedtls/mbedtls_config.h`, which is also the place where features can be selected. This file can be edited manually, or in a more programmatic way using the Python 3 script `scripts/config.py` (use `--help` for usage instructions).
+With the default platform options, Mbed TLS should build out of the box on most systems.
 
-Compiler options can be set using conventional environment variables such as `CC` and `CFLAGS`.
+These configuration files can be edited manually, or programmatically using the Python 3 script scripts/config.py (run with --help for usage instructions).
 
-We provide some non-standard configurations focused on specific use cases in the `configs/` directory. You can read more about those in `configs/README.txt`
+We provide some non-standard configurations focused on specific use cases in the `configs/` directory. You can read more about those in `configs/README.txt`.
 
 Documentation
 -------------

configs/README.txt

@@ -1,24 +1,26 @@
 This directory contains example configuration files.
 
-The examples are generally focused on a particular usage case (eg, support for
+The examples are generally focused on a particular use case (eg, support for
-a restricted number of ciphersuites) and aim at minimizing resource usage for
+a restricted set of ciphersuites) and aim to minimize resource usage for
-this target. They can be used as a basis for custom configurations.
+the target. They can be used as a basis for custom configurations.
 
-These files are complete replacements for the default mbedtls_config.h. To use one of
+These files come in pairs and are complete replacements for the default
-them, you can pick one of the following methods:
+mbedtls_config.h and crypto_config.h. The two files of a pair share the same or
+very similar name, with the crypto file prefixed by "crypto-". Note
+that some of the cryptography configuration files may be located in
+tf-psa-crypto/configs.
 
-1. Replace the default file include/mbedtls/mbedtls_config.h with the chosen one.
+To use one of these pairs, you can pick one of the following methods:
 
-2. Define MBEDTLS_CONFIG_FILE and adjust the include path accordingly.
+1. Replace the default files include/mbedtls/mbedtls_config.h and
-   For example, using make:
+   tf-psa-crypto/include/psa/crypto_config.h with the chosen ones.
 
-    CFLAGS="-I$PWD/configs -DMBEDTLS_CONFIG_FILE='<foo.h>'" make
+2. Use the MBEDTLS_CONFIG_FILE and TF_PSA_CRYPTO_CONFIG_FILE options of the
+   CMake build system:
 
-   Or, using cmake:
+   cmake -DMBEDTLS_CONFIG_FILE="path-to-your-mbedtls-config-file" \
+         -DTF_PSA_CRYPTO_CONFIG_FILE="path-to-your-tf-psa-crypto-config-file" .
+   make
 
-    find . -iname '*cmake*' -not -name CMakeLists.txt -exec rm -rf {} +
+The second method also works if you want to keep your custom configuration
-    CFLAGS="-I$PWD/configs -DMBEDTLS_CONFIG_FILE='<foo.h>'" cmake .
+files outside the Mbed TLS tree.
-    make
-
-Note that the second method also works if you want to keep your custom
-configuration file outside the Mbed TLS tree.