diff --git a/matter/si91x/siwx917/BRD4338A/autogen/sl_component_catalog.h b/matter/si91x/siwx917/BRD4338A/autogen/sl_component_catalog.h
index 791e02c587..710ad83a7b 100644
--- a/matter/si91x/siwx917/BRD4338A/autogen/sl_component_catalog.h
+++ b/matter/si91x/siwx917/BRD4338A/autogen/sl_component_catalog.h
@@ -1,32 +1,33 @@
-#ifndef SL_COMPONENT_CATALOG_H
-#define SL_COMPONENT_CATALOG_H
-
-// APIs present in project
-#define SL_CATALOG_BTN0_PRESENT
-#define SL_CATALOG_BUTTON_PRESENT
-#define SL_CATALOG_BUTTON_BTN0_PRESENT
-#define SL_CATALOG_BTN1_PRESENT
-#define SL_CATALOG_BUTTON_BTN1_PRESENT
-#define SL_CATALOG_LED0_PRESENT
-#define SL_CATALOG_LED_PRESENT
-#define SL_CATALOG_LED_LED0_PRESENT
-#define SL_CATALOG_LED1_PRESENT
-#define SL_CATALOG_LED_LED1_PRESENT
-#define SL_CATALOG_TIMER0_PRESENT
-#define SL_CATALOG_ULP_TIMERS_INSTANCE_PRESENT
-#define SL_CATALOG_TEMP_ULP_TIMER_TIMER0_PRESENT
-#define SL_CATALOG_CMSIS_OS_COMMON_PRESENT
-#define SL_CATALOG_DEVICE_INIT_NVIC_PRESENT
-#define SL_CATALOG_EMLIB_CORE_PRESENT
-#define SL_CATALOG_EMLIB_CORE_DEBUG_CONFIG_PRESENT
-#define SL_CATALOG_FREERTOS_KERNEL_PRESENT
-#define SL_CATALOG_KERNEL_PRESENT
-#define SL_CATALOG_IOSTREAM_PRESENT
-#define SL_CATALOG_NVM3_PRESENT
-#ifdef DISPLAY_ENABLED
-#define SL_CATALOG_SLEEPTIMER_PRESENT
-#define SL_CATALOG_DMD_MEMLCD_PRESENT
-#define SL_CATALOG_GLIB_PRESENT
-#endif // DISPLAY_ENABLED
-
-#endif // SL_COMPONENT_CATALOG_H
+#ifndef SL_COMPONENT_CATALOG_H
+#define SL_COMPONENT_CATALOG_H
+
+// APIs present in project
+#define SL_CATALOG_BTN0_PRESENT
+#define SL_CATALOG_BUTTON_PRESENT
+#define SL_CATALOG_BUTTON_BTN0_PRESENT
+#define SL_CATALOG_BTN1_PRESENT
+#define SL_CATALOG_BUTTON_BTN1_PRESENT
+#define SL_CATALOG_LED0_PRESENT
+#define SL_CATALOG_LED_PRESENT
+#define SL_CATALOG_LED_LED0_PRESENT
+#define SL_CATALOG_LED1_PRESENT
+#define SL_CATALOG_LED_LED1_PRESENT
+#define SL_CATALOG_TIMER0_PRESENT
+#define SL_CATALOG_ULP_TIMERS_INSTANCE_PRESENT
+#define SL_CATALOG_TEMP_ULP_TIMER_TIMER0_PRESENT
+#define SL_CATALOG_CMSIS_OS_COMMON_PRESENT
+#define SL_CATALOG_DEVICE_INIT_NVIC_PRESENT
+#define SL_CATALOG_EMLIB_CORE_PRESENT
+#define SL_CATALOG_EMLIB_CORE_DEBUG_CONFIG_PRESENT
+#define SL_CATALOG_FREERTOS_KERNEL_PRESENT
+#define SL_CATALOG_KERNEL_PRESENT
+#define SL_CATALOG_IOSTREAM_PRESENT
+#define SL_CATALOG_NVM3_PRESENT
+#define SL_CATALOG_PSA_CRYPTO_PRESENT
+#ifdef DISPLAY_ENABLED
+#define SL_CATALOG_SLEEPTIMER_PRESENT
+#define SL_CATALOG_DMD_MEMLCD_PRESENT
+#define SL_CATALOG_GLIB_PRESENT
+#endif // DISPLAY_ENABLED
+
+#endif // SL_COMPONENT_CATALOG_H
diff --git a/matter/si91x/siwx917/BRD4338A/autogen/sli_mbedtls_config_autogen.h b/matter/si91x/siwx917/BRD4338A/autogen/sli_mbedtls_config_autogen.h
new file mode 100644
index 0000000000..450dca9912
--- /dev/null
+++ b/matter/si91x/siwx917/BRD4338A/autogen/sli_mbedtls_config_autogen.h
@@ -0,0 +1,47 @@
+// This is an autogenerated config file, any changes to this file will be
+// overwritten
+
+#ifndef SLI_MBEDTLS_CONFIG_AUTOGEN_H
+#define SLI_MBEDTLS_CONFIG_AUTOGEN_H
+
+#define MBEDTLS_MPI_MAX_SIZE 32
+
+#define MBEDTLS_NO_PLATFORM_ENTROPY
+#define MBEDTLS_AES_C
+#define MBEDTLS_ASN1_PARSE_C
+#define MBEDTLS_ASN1_WRITE_C
+#define MBEDTLS_BASE64_C
+#define MBEDTLS_CIPHER_C
+#define MBEDTLS_CMAC_C
+#define MBEDTLS_ECP_C
+#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
+#define MBEDTLS_MD_C
+#define MBEDTLS_BIGNUM_C
+#define MBEDTLS_OID_C
+#define MBEDTLS_PEM_PARSE_C
+#define MBEDTLS_PEM_WRITE_C
+#define MBEDTLS_PK_C
+#define MBEDTLS_PK_PARSE_C
+#define MBEDTLS_PK_WRITE_C
+#define MBEDTLS_PLATFORM_C
+#define MBEDTLS_PLATFORM_MEMORY
+#define MBEDTLS_ENTROPY_C
+#define MBEDTLS_ENTROPY_FORCE_SHA256
+#define MBEDTLS_ENTROPY_MAX_SOURCES 2
+#define MBEDTLS_CTR_DRBG_C
+#define MBEDTLS_SHA256_C
+#define MBEDTLS_SHA224_C
+#define MBEDTLS_X509_USE_C
+#define MBEDTLS_X509_CREATE_C
+#define MBEDTLS_X509_CRT_PARSE_C
+#define MBEDTLS_X509_CRT_WRITE_C
+#define MBEDTLS_X509_CRL_PARSE_C
+#define MBEDTLS_X509_CSR_PARSE_C
+#define MBEDTLS_X509_CSR_WRITE_C
+#define MBEDTLS_PSA_CRYPTO_C
+#define MBEDTLS_USE_PSA_CRYPTO
+#define MBEDTLS_PSA_CRYPTO_CONFIG
+#define MBEDTLS_ECDSA_C
+#define MBEDTLS_PSA_CRYPTO_STORAGE_C
+
+#endif // SLI_MBEDTLS_CONFIG_AUTOGEN_H
diff --git a/matter/si91x/siwx917/BRD4338A/autogen/sli_mbedtls_config_transform_autogen.h b/matter/si91x/siwx917/BRD4338A/autogen/sli_mbedtls_config_transform_autogen.h
new file mode 100644
index 0000000000..0ea1e1ea11
--- /dev/null
+++ b/matter/si91x/siwx917/BRD4338A/autogen/sli_mbedtls_config_transform_autogen.h
@@ -0,0 +1,51 @@
+// This is an autogenerated config file, any changes to this file will be
+// overwritten
+
+#ifndef SLI_MBEDTLS_CONFIG_TRANSFORM_AUTOGEN_H
+#define SLI_MBEDTLS_CONFIG_TRANSFORM_AUTOGEN_H
+
+// Convert CMSIS Markup config defines to mbedTLS specific config defines
+
+#if SL_MBEDTLS_RSA_NO_CRT
+#define MBEDTLS_RSA_NO_CRT
+#endif
+
+// Allow undefining the specified cipher suites
+#if defined(SLI_MBEDTLS_AUTODETECT_CIPHERSUITES)
+#undef MBEDTLS_SSL_CIPHERSUITES
+#endif
+
+#if SL_MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+#endif
+#if SL_MBEDTLS_SSL_EXPORT_KEYS
+#define MBEDTLS_SSL_EXPORT_KEYS
+#endif
+#if SL_MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
+#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
+#endif
+#if SL_MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+#define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+#endif
+#if SL_MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+#endif
+#if SL_MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
+#define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
+#endif
+#if SL_MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
+#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
+#endif
+#if SL_MBEDTLS_ECP_ENABLE_COMPRESSED_CURVE_PARSING
+#define MBEDTLS_ECP_ENABLE_COMPRESSED_CURVE_PARSING
+#endif
+
+#if !defined(MBEDTLS_SSL_IN_CONTENT_LEN)
+#define MBEDTLS_SSL_IN_CONTENT_LEN SL_MBEDTLS_SSL_IN_CONTENT_LEN
+#endif
+
+#if !defined(MBEDTLS_SSL_OUT_CONTENT_LEN)
+#define MBEDTLS_SSL_OUT_CONTENT_LEN SL_MBEDTLS_SSL_OUT_CONTENT_LEN
+#endif
+
+#endif // SLI_MBEDTLS_CONFIG_TRANSFORM_AUTOGEN_H
diff --git a/matter/si91x/siwx917/BRD4338A/autogen/sli_psa_builtin_config_autogen.h b/matter/si91x/siwx917/BRD4338A/autogen/sli_psa_builtin_config_autogen.h
new file mode 100644
index 0000000000..1aacce4b52
--- /dev/null
+++ b/matter/si91x/siwx917/BRD4338A/autogen/sli_psa_builtin_config_autogen.h
@@ -0,0 +1,15 @@
+// This is an autogenerated config file, any changes to this file will be
+// overwritten
+
+#ifndef SLI_PSA_BUILTIN_CONFIG_AUTOGEN_H
+#define SLI_PSA_BUILTIN_CONFIG_AUTOGEN_H
+
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY 1
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_BASIC 1
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_IMPORT 1
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_EXPORT 1
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_GENERATE 1
+#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256 1
+#define MBEDTLS_PSA_BUILTIN_ALG_ECDSA 1
+
+#endif // SLI_PSA_BUILTIN_CONFIG_AUTOGEN_H
diff --git a/matter/si91x/siwx917/BRD4338A/autogen/sli_psa_config_autogen.h b/matter/si91x/siwx917/BRD4338A/autogen/sli_psa_config_autogen.h
new file mode 100644
index 0000000000..8dc02c0ce4
--- /dev/null
+++ b/matter/si91x/siwx917/BRD4338A/autogen/sli_psa_config_autogen.h
@@ -0,0 +1,32 @@
+// This is an autogenerated config file, any changes to this file will be
+// overwritten
+
+#ifndef SLI_PSA_CONFIG_AUTOGEN_H
+#define SLI_PSA_CONFIG_AUTOGEN_H
+
+#define MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG
+#define PSA_WANT_KEY_TYPE_AES 1
+#define PSA_WANT_ALG_CCM 1
+#define PSA_WANT_ALG_CMAC 1
+#define PSA_WANT_ALG_SHA_224 1
+#define PSA_WANT_ALG_SHA_256 1
+#define PSA_WANT_ALG_ECB_NO_PADDING 1
+#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR 1
+#define PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1
+#define PSA_WANT_ECC_SECP_R1_256 1
+#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC 1
+#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT 1
+#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT 1
+#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE 1
+#define PSA_WANT_ALG_ECDH 1
+#define PSA_WANT_ALG_ECDSA 1
+#define PSA_WANT_ALG_HKDF 1
+#define PSA_WANT_ALG_HMAC 1
+#define PSA_WANT_KEY_TYPE_HMAC 1
+
+#define MBEDTLS_PSA_KEY_SLOT_COUNT (1 + SL_PSA_KEY_USER_SLOT_COUNT)
+#ifndef SL_PSA_ITS_MAX_FILES
+#define SL_PSA_ITS_MAX_FILES (1 + SL_PSA_ITS_USER_MAX_FILES)
+#endif
+
+#endif // SLI_PSA_CONFIG_AUTOGEN_H
diff --git a/matter/si91x/siwx917/BRD4338A/config/psa_crypto_config.h b/matter/si91x/siwx917/BRD4338A/config/psa_crypto_config.h
new file mode 100644
index 0000000000..7909932a54
--- /dev/null
+++ b/matter/si91x/siwx917/BRD4338A/config/psa_crypto_config.h
@@ -0,0 +1,130 @@
+#ifndef PSA_CRYPTO_CONFIG_H
+#define PSA_CRYPTO_CONFIG_H
+
+// -----------------------------------------------------------------------------
+// User exposed config options
+
+// <<< Use Configuration Wizard in Context Menu >>>
+
+// Key management configuration
+
+// PSA User Maximum Open Keys Count <0-128>
+// Maximum amount of keys that the user application will have open
+// simultaneously. In context of PSA Crypto, an open key means any key
+// either stored in RAM (lifetime set to PSA_KEY_LIFETIME_VOLATILE), or
+// used as part of a cryptographic operation.
+// When using a key for a multi-part (setup/update/finish) operation, a key
+// is considered to be open from the moment the operation is successfully
+// setup, until it finishes or aborts.
+// When an application tries to open more keys than this value accounts for,
+// the PSA API may return PSA_ERROR_INSUFFICIENT_MEMORY. Keep in mind that
+// other software included in the application (e.g. wireless protocol
+// stacks) also can have a need to have open keys in PSA Crypto. This could
+// lead to a race condition when the application key slot count is set too
+// low for the actual usage of the application, as a software stack may not
+// fail gracefully in case an application opens more than its declared
+// amount of keys, thereby precluding the stack from functioning.
+// Default: 4
+#define SL_PSA_KEY_USER_SLOT_COUNT (4)
+
+// PSA Maximum User Persistent Keys Count <0-1024>
+// Maximum amount of keys (or other files) that can be stored persistently
+// by the application through the PSA interface, when persistent storage
+// support for PSA Crypto is included in the project.
+// Due to caching logic, this setting does have an impact on static RAM
+// usage. Note that this number is added to the potential requirements from
+// other software components in the project, such that the total amount of
+// keys which can be stored through the ITS backend can be higher than what
+// is configured here. WARNING: When changing this setting on an
+// application that is already deployed, and thus will get the change
+// through an application upgrade, care should be taken to ensure that the
+// setting is only ever increased, and never decreased. Decreasing this
+// setting might cause previously stored keys/files to become inaccessible.
+//
+// It is not possible to change this setting when using V3 ITS Driver.
+// The file-storage indexing is dependent on the maximum number of files,
+// and if SL_PSA_ITS_USER_MAX_FILES is changed, ITS should be cleared and
+// all files need to be stored again.
+// Default: 128
+#define SL_PSA_ITS_USER_MAX_FILES (128)
+
+// Enable V1 Format Support For ITS Files <0-1>
+// Devices that used PSA ITS together with gecko_sdk_3.1.x or earlier
+// might have keys (or other files) stored in V1 format.
+// If no v1 files are used, its support can be disabled for space
+// optimization.
+// Default: 0
+#define SL_PSA_ITS_SUPPORT_V1_DRIVER 0
+
+// Enable V2 ITS Driver Support <0-1>
+// Devices that have used GSDK 4.1.x and earlier, and used ITS have the keys
+// (or other files) stored using different address range. Enabling this
+// config option adds upgrade code which converts V2 (and V1 if
+// supported) format ITS keys/files to the latest V3 format. Update is
+// fully automatic, needs to be run once and require extra flash space of
+// approximately the size of the largest key.
+// V1 ITS driver support can be disabled if the device has never used ITS
+// driver before in GSDK 4.1.x and earlier, or the keys has been already
+// migrated.
+// Default: 0
+#define SL_PSA_ITS_SUPPORT_V2_DRIVER 0
+
+// Enable support for V3 ITS Driver <0-1>
+// Devices that have used GSDK 4.1.x and earlier, and used ITS have the keys
+// (or other files) stored using different address range. In rare case
+// that those devices have full nvm3 and not enough space for the
+// upgrade, (that requires an extra space to store largest key in memory
+// twice), this config option can disable v3 driver and use v2 one.
+// To upgrade the device, make space for the upgrade, and enable v3 driver
+// again. WARNING: When using V3 driver, it is not possible to increase
+// or decrease the value of SL_PSA_ITS_USER_MAX_FILES. If the change of
+// SL_PSA_ITS_USER_MAX_FILES is required, ITS should be cleared and all
+// files need to be stored again. Default: 1
+#define SL_PSA_ITS_SUPPORT_V3_DRIVER 1
+
+// Built-in AES Key Mode of Operation
+// CTR Mode
+// CFB Mode
+// OFB Mode
+// ECB Mode
+// CBC Mode (no padding)
+// CBC Mode (PKCS#7 padding)
+// PSA Crypto only allows one specific usage algorithm per built-in key ID.
+// Default: PSA_ALG_CTR
+#define SL_SE_BUILTIN_KEY_AES128_ALG_CONFIG (PSA_ALG_CTR)
+
+#ifndef SL_CRYPTOACC_BUILTIN_KEY_PUF_ALG
+// Built-in PUF Key Algorithm
+// PBKDF2 (CMAC-AES-128-PRF)
+// CMAC
+// PSA Crypto only allows one specific usage algorithm per built-in key ID.
+// It is recommended to only use the PUF key for deriving further key
+// material.
+// Default: PSA_ALG_PBKDF2_AES_CMAC_PRF_128
+#define SL_CRYPTOACC_BUILTIN_KEY_PUF_ALG (PSA_ALG_PBKDF2_AES_CMAC_PRF_128)
+#endif // SL_CRYPTOACC_BUILTIN_KEY_PUF_ALG
+
+//
+
+// <<< end of configuration section >>>
+
+// -----------------------------------------------------------------------------
+// Sub-files
+
+#if defined(SLI_PSA_CONFIG_AUTOGEN_OVERRIDE_FILE)
+#include SLI_PSA_CONFIG_AUTOGEN_OVERRIDE_FILE
+#else
+#include "sli_psa_config_autogen.h"
+#endif
+
+#if defined(TFM_CONFIG_SL_SECURE_LIBRARY)
+#include "sli_psa_tfm_translation.h"
+#endif
+
+#if SL_MBEDTLS_DRIVERS_ENABLED
+#include "sli_psa_acceleration.h"
+#endif
+
+#include "sli_psa_builtin_config_autogen.h"
+
+#endif // PSA_CRYPTO_CONFIG_H
diff --git a/matter/si91x/siwx917/BRD4338A/config/sl_mbedtls_config.h b/matter/si91x/siwx917/BRD4338A/config/sl_mbedtls_config.h
new file mode 100644
index 0000000000..e5823c8bd2
--- /dev/null
+++ b/matter/si91x/siwx917/BRD4338A/config/sl_mbedtls_config.h
@@ -0,0 +1,113 @@
+#ifndef SL_MBEDTLS_CONFIG_H
+#define SL_MBEDTLS_CONFIG_H
+
+// -----------------------------------------------------------------------------
+// User exposed config options
+
+// <<< Use Configuration Wizard in Context Menu >>>
+
+// TLS/DTLS configuration
+
+// Complete list of ciphersuites to use, in order
+// of preference. Default: MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8
+// Complete list of ciphersuites to use, in order of preference. The value
+// of this configuration should be updated for the application needs.
+#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8
+
+// Maximum TLS/DTLS fragment length in bytes
+// (input). Default: 768 The size configured here determines the size of
+// the internal I/O buffer used in mbedTLS when receiving data.
+#define SL_MBEDTLS_SSL_IN_CONTENT_LEN 768
+
+// Maximum TLS/DTLS fragment length in bytes
+// (output). Default: 768 The size configured here determines the size
+// of the internal I/O buffer used in mbedTLS when sending data.
+#define SL_MBEDTLS_SSL_OUT_CONTENT_LEN 768
+
+// Enable support for RFC 6066
+// max_fragment_length extension in SSL. Default: 1 Enable support for
+// RFC 6066 max_fragment_length extension in SSL.
+#define SL_MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 1
+
+// Enable support for exporting key block and
+// master secret. Default: 1 Enable support for exporting key block and
+// master secret. This is required for certain users of TLS, e.g. EAP-TLS.
+#define SL_MBEDTLS_SSL_EXPORT_KEYS 1
+
+// Enable the PSK based ciphersuite
+// modes in SSL / TLS. Default: 0 Enable the PSK based ciphersuite modes
+// in SSL / TLS.
+#define SL_MBEDTLS_KEY_EXCHANGE_PSK_ENABLED 0
+
+// Enable the ECDHE-PSK based
+// ciphersuite modes in SSL / TLS. Default: 0 Enable the ECDHE-PSK based
+// ciphersuite modes in SSL / TLS.
+#define SL_MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED 0
+
+// Enable the ECDHE-ECDSA based
+// ciphersuite modes in SSL / TLS. Default: 0 Enable the ECDHE-ECDSA
+// based ciphersuite modes in SSL / TLS.
+#define SL_MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 0
+
+// Enable the ECDHE-RSA based
+// ciphersuite modes in SSL / TLS. Default: 0 Enable the ECDHE-RSA based
+// ciphersuite modes in SSL / TLS.
+#define SL_MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED 0
+
+// Enable the ECDH-ECDSA based
+// ciphersuite modes in SSL / TLS. Default: 0 Enable the ECDH-ECDSA
+// based ciphersuite modes in SSL / TLS.
+#define SL_MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED 0
+
+// Enable parsing of the
+// compressed curves. Default: 0 Enable parsing of the compressed
+// curves.
+#define SL_MBEDTLS_ECP_ENABLE_COMPRESSED_CURVE_PARSING 0
+
+//
+
+// RSA configuration
+
+// Disable use of the Chinese Remainder Theorem for
+// RSA. Default: 0 Disable use of the Chinese Remainder Theorem for RSA
+// private key computations.
+#define SL_MBEDTLS_RSA_NO_CRT 0
+
+//
+
+// Miscellaneous configuration
+
+// Enable Silicon Labs' Mbed TLS- and PSA Crypto
+// drivers. Default: 1 Enable drivers for hardware acceleration (Mbed
+// TLS and PSA Crypto) and secure key handling (PSA Crypto).
+#define SL_MBEDTLS_DRIVERS_ENABLED 1
+
+//
+
+// <<< end of configuration section >>>
+
+// -----------------------------------------------------------------------------
+// Sub-files
+
+#if defined(SLI_MBEDTLS_CONFIG_AUTOGEN_OVERRIDE_FILE)
+#include SLI_MBEDTLS_CONFIG_AUTOGEN_OVERRIDE_FILE
+#else
+#include "sli_mbedtls_config_autogen.h"
+#endif
+
+#include "sli_mbedtls_omnipresent.h"
+
+#if SL_MBEDTLS_DRIVERS_ENABLED
+#include "sli_mbedtls_acceleration.h"
+#endif
+
+#include "sl_mbedtls_device_config.h"
+
+// Include transformation logic to apply CMSIS-config configuration options to
+// the correct Mbed TLS / PSA Crypto options.
+#include "sli_mbedtls_config_transform_autogen.h"
+
+// Included for backward compatibility reasons.
+#include "mbedtls/build_info.h"
+
+#endif // SL_MBEDTLS_CONFIG_H
diff --git a/matter/si91x/siwx917/BRD4338A/config/sl_mbedtls_device_config.h b/matter/si91x/siwx917/BRD4338A/config/sl_mbedtls_device_config.h
new file mode 100644
index 0000000000..fd0858c964
--- /dev/null
+++ b/matter/si91x/siwx917/BRD4338A/config/sl_mbedtls_device_config.h
@@ -0,0 +1,70 @@
+#ifndef SL_MBEDTLS_DEVICE_CONFIG_H
+#define SL_MBEDTLS_DEVICE_CONFIG_H
+
+// -----------------------------------------------------------------------------
+// User exposed config options
+
+// <<< Use Configuration Wizard in Context Menu >>>
+
+// Secure Engine (SE) version configuration
+
+// Support SE firmware versions older
+// than 1.2.2 <0-1> Enable software fallback for ECDH and ECC public key
+// validation on xG21 devices running SE firmware versions lower than 1.2.2.
+//
+// Due to other stability concerns, it is strongly recommended to upgrade
+// these devices to the latest firmware revision instead of turning on
+// software fallback support.
+//
+// Not having fallback support will make ECDH operations, as well as PSA
+// Crypto public key import, return an error code on affected devices.
+//
+// Default: 0
+#define SL_SE_SUPPORT_FW_PRIOR_TO_1_2_2 0
+
+// Assume an SE firmware version newer
+// than 1.2.2 <0-1> For enhanced performance: if it is guaranteed that all
+// devices on which this library will run are updated to at least SE
+// FW 1.2.2, then turning on this option will remove certain fallback
+// checks, thereby reducing the amount of processing required for ECDH and
+// public key verification operations. Default: 0
+#define SL_SE_ASSUME_FW_AT_LEAST_1_2_2 0
+
+// Assume an SE firmware
+// version that is unaffected by Ed25519 errata <0-1> For minimal code size
+// and performance savings: if it is guaranteed that none of the devices
+// running this library has SE FWs in the range [1.2.2, 1.2.8], then
+// enabling this option will disable runtime version checks. Default: 0
+#define SL_SE_ASSUME_FW_UNAFFECTED_BY_ED25519_ERRATA 0
+
+//
+
+// <<< end of configuration section >>>
+
+// -----------------------------------------------------------------------------
+// Additional SE version related logic (DO NOT MODIFY)
+
+// SL_SE_ASSUME_FW_AT_LEAST_1_2_10 is no longer in use, however, it is kept here
+// for backwards compatibility. */
+#if defined(SL_SE_ASSUME_FW_AT_LEAST_1_2_10)
+#undef SL_SE_ASSUME_FW_AT_LEAST_1_2_2
+#define SL_SE_ASSUME_FW_AT_LEAST_1_2_2 1
+#undef SL_SE_ASSUME_FW_UNAFFECTED_BY_ED25519_ERRATA
+#define SL_SE_ASSUME_FW_UNAFFECTED_BY_ED25519_ERRATA 1
+#endif
+
+// SLI_SE_SUPPORT_FW_PRIOR_TO_1_2_2 is no longer in use, however, it is kept
+// here for backwards compatibility. */
+#if defined(SLI_SE_SUPPORT_FW_PRIOR_TO_1_2_2)
+#undef SL_SE_SUPPORT_FW_PRIOR_TO_1_2_2
+#define SL_SE_SUPPORT_FW_PRIOR_TO_1_2_2 1
+#endif
+
+// SLI_SE_ASSUME_FW_AT_LEAST_1_2_2 is no longer in use, however, it is kept
+// here for backwards compatibility. */
+#if defined(SLI_SE_ASSUME_FW_AT_LEAST_1_2_2)
+#undef SL_SE_ASSUME_FW_AT_LEAST_1_2_2
+#define SL_SE_ASSUME_FW_AT_LEAST_1_2_2 1
+#endif
+
+#endif // SL_MBEDTLS_DEVICE_CONFIG_H