diff --git a/features/mbedtls/importer/Makefile b/features/mbedtls/importer/Makefile
index 1819990c9c..c5fe5a703c 100644
--- a/features/mbedtls/importer/Makefile
+++ b/features/mbedtls/importer/Makefile
@@ -68,8 +68,9 @@ deploy: rsync
 	# Adjusting the default mbed TLS config file to mbed purposes
 	./adjust-config.sh $(MBED_TLS_DIR)/scripts/config.pl $(TARGET_INC)/mbedtls/config.h
 	#
-	# Copy the trimmed config that does not require entropy source
+	# Copy and adjust the trimmed config that does not require entropy source
 	cp $(MBED_TLS_DIR)/configs/config-no-entropy.h $(TARGET_INC)/mbedtls/.
+	./adjust-no-entropy-config.sh $(MBED_TLS_DIR)/scripts/config.pl $(TARGET_INC)/mbedtls/config-no-entropy.h
 
 deploy-tests: deploy
 	#
diff --git a/features/mbedtls/importer/adjust-config.sh b/features/mbedtls/importer/adjust-config.sh
index 751c90a3f6..a585d6d0e3 100755
--- a/features/mbedtls/importer/adjust-config.sh
+++ b/features/mbedtls/importer/adjust-config.sh
@@ -112,6 +112,8 @@ conf unset MBEDTLS_RIPEMD160_C
 conf unset MBEDTLS_SHA1_C
 conf unset MBEDTLS_XTEA_C
 
+conf set MBEDTLS_CMAC_C
+
 conf set MBEDTLS_AES_ROM_TABLES
 
 conf unset MBEDTLS_X509_RSASSA_PSS_SUPPORT
diff --git a/features/mbedtls/importer/adjust-no-entropy-config.sh b/features/mbedtls/importer/adjust-no-entropy-config.sh
new file mode 100755
index 0000000000..814893de30
--- /dev/null
+++ b/features/mbedtls/importer/adjust-no-entropy-config.sh
@@ -0,0 +1,38 @@
+#!/bin/sh
+#
+# This file is part of mbed TLS (https://tls.mbed.org)
+#
+# Copyright (c) 2015-2018, ARM Limited, All Rights Reserved
+#
+# Purpose
+#
+# Comments and uncomments #define lines in the given configuration header file
+# to configure the file for use in mbed OS.
+#
+# Usage: adjust-config.sh [path to config script] [path to no-entropy config file]
+#
+set -eu
+
+if [ $# -ne 2 ]; then
+    echo "Usage: $0 path/to/config.pl path/to/config.h" >&2
+    exit 1
+fi
+
+SCRIPT=$1
+FILE=$2
+
+conf() {
+    $SCRIPT -o -f $FILE $@
+}
+
+add_code() {
+    MATCH_PATTERN="$1"
+    shift
+    CODE=$(IFS=""; printf "%s" "$*")
+
+    perl -i -pe                                    \
+        "s/$MATCH_PATTERN/$MATCH_PATTERN$CODE/igs" \
+        "$FILE"
+}
+
+conf set MBEDTLS_CMAC_C