diff --git a/tests/scripts/components-basic-checks.sh b/tests/scripts/components-basic-checks.sh
index 85731a1710..c7d8161893 100644
--- a/tests/scripts/components-basic-checks.sh
+++ b/tests/scripts/components-basic-checks.sh
@@ -123,4 +123,7 @@ component_check_test_helpers () {
 
     msg "unit test: translate_ciphers.py"
     python3 -m unittest framework/scripts/translate_ciphers.py 2>&1
+
+    msg "unit test: generate_config_checks.py"
+    tests/scripts/test_config_checks.py 2>&1
 }
diff --git a/tests/scripts/test_config_checks.py b/tests/scripts/test_config_checks.py
new file mode 100755
index 0000000000..540144923e
--- /dev/null
+++ b/tests/scripts/test_config_checks.py
@@ -0,0 +1,63 @@
+#!/usr/bin/env python3
+"""Test the configuration checks generated by generate_config_checks.py.
+"""
+
+## Copyright The Mbed TLS Contributors
+## SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+
+import unittest
+
+import scripts_path # pylint: disable=unused-import
+from mbedtls_framework import unittest_config_checks
+
+
+class MbedtlsTestConfigChecks(unittest_config_checks.TestConfigChecks):
+    """Mbed TLS unit tests for checks generated by config_checks_generator."""
+
+    #pylint: disable=invalid-name # uppercase letters make sense here
+
+    PROJECT_CONFIG_C = 'library/mbedtls_config.c'
+    PROJECT_SPECIFIC_INCLUDE_DIRECTORIES = [
+        'tf-psa-crypto/include',
+        'tf-psa-crypto/drivers/builtin/include',
+    ]
+
+    @unittest.skip("At this time, mbedtls does not go through crypto's check_config.h.")
+    def test_crypto_no_fs_io(self) -> None:
+        """A sample error expected from crypto's check_config.h."""
+        self.bad_case('#undef MBEDTLS_FS_IO',
+                      None,
+                      error=('MBEDTLS_PSA_ITS_FILE_C'))
+
+    def test_mbedtls_no_session_tickets_for_early_data(self) -> None:
+        """An error expected from mbedtls_check_config.h based on the TLS configuration."""
+        self.bad_case(None,
+                      '''
+                      #define MBEDTLS_SSL_EARLY_DATA
+                      #undef MBEDTLS_SSL_SESSION_TICKETS
+                      ''',
+                      error=('MBEDTLS_SSL_EARLY_DATA'))
+
+    def test_mbedtls_no_ecdsa(self) -> None:
+        """An error expected from mbedtls_check_config.h based on crypto+TLS configuration."""
+        self.bad_case('''
+                      #undef PSA_WANT_ALG_ECDSA
+                      #undef PSA_WANT_ALG_DETERMINISTIC_ECDSA
+                      #undef MBEDTLS_ECDSA_C
+                      ''',
+                      '''
+                      #if defined(PSA_WANT_ALG_ECDSA)
+                      #error PSA_WANT_ALG_ECDSA unexpected
+                      #endif
+                      #if defined(PSA_WANT_ALG_DETERMINSTIC_ECDSA)
+                      #error PSA_WANT_ALG_DETERMINSTIC_ECDSA unexpected
+                      #endif
+                      #if defined(MBEDTLS_ECDSA_C)
+                      #error MBEDTLS_ECDSA_C unexpected
+                      #endif
+                      ''',
+                      error=('MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED'))
+
+
+if __name__ == '__main__':
+    unittest.main()