diff --git a/modules/trusted-firmware-m/tfm_boards/external_core.cmake b/modules/trusted-firmware-m/tfm_boards/external_core.cmake
index d5768050002..c936e60e06a 100644
--- a/modules/trusted-firmware-m/tfm_boards/external_core.cmake
+++ b/modules/trusted-firmware-m/tfm_boards/external_core.cmake
@@ -1,6 +1,5 @@
 #-------------------------------------------------------------------------------
-# Copyright (c) 2024, Arm Limited. All rights reserved.
-# Copyright (c) 2024, Nordic Semiconductor ASA.
+# Copyright (c) 2024, Nordic Semiconductor
 #
 # SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
 #
@@ -93,7 +92,6 @@ if(TARGET psa_crypto_library_config)
     target_compile_definitions(psa_crypto_library_config
         INTERFACE
             MBEDTLS_PSA_CRYPTO_DRIVERS
-            MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS
             $<$<BOOL:${CRYPTO_TFM_BUILTIN_KEYS_DRIVER}>:PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER>
     )
 endif()
diff --git a/subsys/nrf_security/CMakeLists.txt b/subsys/nrf_security/CMakeLists.txt
index ba2ae96196a..07aaa82639a 100644
--- a/subsys/nrf_security/CMakeLists.txt
+++ b/subsys/nrf_security/CMakeLists.txt
@@ -117,14 +117,6 @@ target_compile_definitions(psa_crypto_library_config
 # The name and intent of this comes from TF-M distribution
 add_library(psa_interface INTERFACE)
 
-if(CONFIG_MBEDTLS_ENABLE_BUILTIN_KEYS)
-# Add config files required for PSA crypto interface
-target_compile_definitions(psa_interface
-  INTERFACE
-  MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS
-)
-endif()
-
 # Add the includes from nrf_security, Oberon PSA core, and Arm Mbed TLS
 # to the psa_interface library
 target_include_directories(psa_interface
diff --git a/subsys/nrf_security/Kconfig b/subsys/nrf_security/Kconfig
index 4efddd0d41c..2d7559017e1 100644
--- a/subsys/nrf_security/Kconfig
+++ b/subsys/nrf_security/Kconfig
@@ -53,12 +53,12 @@ config PSA_PROMPTLESS
 
 if NRF_SECURITY
 
-config MBEDTLS_ENABLE_BUILTIN_KEYS
+config MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS
 	bool
-	default y if SOC_SERIES_NRF54LX && (HW_UNIQUE_KEY || IDENTITY_KEY)
+	default y if SOC_SERIES_NRF54LX && PSA_CRYPTO_DRIVER_CRACEN
 	default y if SOC_SERIES_NRF54HX && (SOC_NRF54H20_CPUSEC || SOC_NRF54H20_ENGB_CPUSEC)
 	help
-	  Promptless option used to control if MBEDTLS should have support for builtin keys or not.
+	  Promptless option used to control if the PSA Crypto core should have support for builtin keys or not.
 
 config MBEDTLS_CFG_FILE
 	string "mbed TLS configuration file"
diff --git a/subsys/nrf_security/cmake/nrf_config.cmake b/subsys/nrf_security/cmake/nrf_config.cmake
index ff4b0f8673b..3a19409c6ce 100644
--- a/subsys/nrf_security/cmake/nrf_config.cmake
+++ b/subsys/nrf_security/cmake/nrf_config.cmake
@@ -14,6 +14,7 @@ kconfig_check_and_set_base(MBEDTLS_PSA_CRYPTO_CLIENT)
 kconfig_check_and_set_base(MBEDTLS_PSA_CRYPTO_C)
 kconfig_check_and_set_base(MBEDTLS_USE_PSA_CRYPTO)
 kconfig_check_and_set_base(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)
+kconfig_check_and_set_base(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS)
 
 # Platform
 kconfig_check_and_set_base(MBEDTLS_PLATFORM_C)
diff --git a/subsys/nrf_security/configs/legacy_crypto_config.h.template b/subsys/nrf_security/configs/legacy_crypto_config.h.template
index d167b14a01d..d4c8823f655 100644
--- a/subsys/nrf_security/configs/legacy_crypto_config.h.template
+++ b/subsys/nrf_security/configs/legacy_crypto_config.h.template
@@ -1114,22 +1114,6 @@
  */
 #cmakedefine MBEDTLS_PKCS1_V21
 
-/** \def MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS
- *
- * Enable support for platform built-in keys. If you enable this feature,
- * you must implement the function mbedtls_psa_platform_get_builtin_key().
- * See the documentation of that function for more information.
- *
- * Built-in keys are typically derived from a hardware unique key or
- * stored in a secure element.
- *
- * Requires: MBEDTLS_PSA_CRYPTO_C.
- *
- * \warning This interface is experimental and may change or be removed
- * without notice.
- */
-//#define MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS
-
 /** \def MBEDTLS_PSA_CRYPTO_CLIENT
  *
  * Enable support for PSA crypto client.
diff --git a/subsys/nrf_security/configs/nrf-config.h.template b/subsys/nrf_security/configs/nrf-config.h.template
index 86879b82349..abfff20d344 100644
--- a/subsys/nrf_security/configs/nrf-config.h.template
+++ b/subsys/nrf_security/configs/nrf-config.h.template
@@ -23,6 +23,7 @@
 #cmakedefine MBEDTLS_PSA_CRYPTO_CLIENT
 #cmakedefine MBEDTLS_PSA_CRYPTO_C
 #cmakedefine MBEDTLS_USE_PSA_CRYPTO
+#cmakedefine MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS
 /* Avoid redefinition as TF-M defines this on the command line */
 #ifndef MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
 #cmakedefine MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
diff --git a/subsys/nrf_security/src/drivers/cracen/cracenpsa/cracenpsa.cmake b/subsys/nrf_security/src/drivers/cracen/cracenpsa/cracenpsa.cmake
index 727570a57ce..d18cc88822d 100644
--- a/subsys/nrf_security/src/drivers/cracen/cracenpsa/cracenpsa.cmake
+++ b/subsys/nrf_security/src/drivers/cracen/cracenpsa/cracenpsa.cmake
@@ -59,7 +59,7 @@ if(CONFIG_PSA_NEED_CRACEN_MAC_DRIVER)
   )
 endif()
 
-if(CONFIG_PSA_NEED_CRACEN_KEY_MANAGEMENT_DRIVER OR CONFIG_PSA_NEED_CRACEN_KMU_DRIVER)
+if(CONFIG_PSA_NEED_CRACEN_KEY_MANAGEMENT_DRIVER OR CONFIG_PSA_NEED_CRACEN_KMU_DRIVER OR CONFIG_MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS)
   list(APPEND cracen_driver_sources
     ${CMAKE_CURRENT_LIST_DIR}/src/key_management.c
   )