diff --git a/include/tfm/platform_otp_ids.h b/include/tfm/platform_otp_ids.h
index 71332c445df..5361a9b1224 100644
--- a/include/tfm/platform_otp_ids.h
+++ b/include/tfm/platform_otp_ids.h
@@ -14,7 +14,7 @@ extern "C" {
 #endif
 
 enum tfm_otp_element_id_t {
-	PLAT_OTP_ID_LCS = UINT32_MAX -1,
+	PLAT_OTP_ID_LCS = UINT32_MAX - 1,
 	PLAT_OTP_ID_MAX = UINT32_MAX,
 };
 
diff --git a/modules/trusted-firmware-m/tfm_boards/external_core.cmake b/modules/trusted-firmware-m/tfm_boards/external_core.cmake
index eadd46718bf..a88ffd672cf 100644
--- a/modules/trusted-firmware-m/tfm_boards/external_core.cmake
+++ b/modules/trusted-firmware-m/tfm_boards/external_core.cmake
@@ -13,8 +13,6 @@ if(NOT PSA_CRYPTO_EXTERNAL_CORE)
     return()
 endif()
 
-# Note that 
-
 # Adjusting includes from spe-CMakeLists.txt which has the following heading:
 #
 # This CMake script is prepard by TF-M for building the non-secure side
@@ -47,7 +45,7 @@ if(TARGET psa_interface)
             # Mbed TLS (mbedcrypto) PSA headers
             ${ARM_MBEDTLS_PATH}/library
             ${ARM_MBEDTLS_PATH}/include
-            ${ARM_MBEDTLS_PATH}/include/library 
+            ${ARM_MBEDTLS_PATH}/include/library
     )
 endif()
 
diff --git a/modules/trusted-firmware-m/tfm_boards/external_core_install.cmake b/modules/trusted-firmware-m/tfm_boards/external_core_install.cmake
index 8a0981edf65..88a0aadd407 100644
--- a/modules/trusted-firmware-m/tfm_boards/external_core_install.cmake
+++ b/modules/trusted-firmware-m/tfm_boards/external_core_install.cmake
@@ -30,7 +30,7 @@ install(
   FILES
     ${OBERON_PSA_CORE_PATH}/include/mbedtls/build_info.h
     ${OBERON_PSA_CORE_PATH}/include/mbedtls/config_psa.h
-  DESTINATION 
+  DESTINATION
     ${INSTALL_INTERFACE_INC_DIR}/mbedtls
 )
 
diff --git a/subsys/nrf_security/cmake/extensions.cmake b/subsys/nrf_security/cmake/extensions.cmake
index 877fcabf3db..ce49edf8311 100644
--- a/subsys/nrf_security/cmake/extensions.cmake
+++ b/subsys/nrf_security/cmake/extensions.cmake
@@ -167,16 +167,16 @@ endmacro()
 #
 macro(nrf_security_add_zephyr_options_library lib_name)
   if(TARGET zephyr_interface)
-    # Add an an filtered version of zephyr_interface (PSA crypto interface filtered out)
+    # Add an filtered version of zephyr_interface (PSA crypto interface filtered out)
     target_compile_options(${lib_name} PRIVATE $<TARGET_PROPERTY:zephyr_interface,INTERFACE_COMPILE_OPTIONS>)
     target_compile_definitions(${lib_name} PRIVATE $<TARGET_PROPERTY:zephyr_interface,INTERFACE_COMPILE_DEFINITIONS>)
     # Ensure that the PSA crypto interface include folder isn't added in library builds (filtered out)
-    target_include_directories(${lib_name} 
+    target_include_directories(${lib_name}
       PRIVATE
         $<FILTER:$<TARGET_PROPERTY:zephyr_interface,INTERFACE_INCLUDE_DIRECTORIES>,EXCLUDE,${PSA_CRYPTO_CONFIG_INTERFACE_PATH_REGEX}>
     )
     # Ensure that the PSA crypto interface include folder isn't added in library builds (filtered out)
-    target_include_directories(${lib_name} 
+    target_include_directories(${lib_name}
       PRIVATE
         $<FILTER:$<TARGET_PROPERTY:zephyr_interface,INTERFACE_SYSTEM_INCLUDE_DIRECTORIES>,EXCLUDE,${PSA_CRYPTO_CONFIG_INTERFACE_PATH_REGEX}>
     )
diff --git a/subsys/nrf_security/cmake/generate_configs.cmake b/subsys/nrf_security/cmake/generate_configs.cmake
index 9ed6aed6dc3..48b8b06ff1a 100644
--- a/subsys/nrf_security/cmake/generate_configs.cmake
+++ b/subsys/nrf_security/cmake/generate_configs.cmake
@@ -44,7 +44,7 @@ macro(generate_mbedcrypto_interface_configs)
     # Empty out previous versions of interface config-files
     file(REMOVE_RECURSE ${generated_include_path})
 
-    # Generate MBEDCRYPTO_CONFIG_FILE 
+    # Generate MBEDCRYPTO_CONFIG_FILE
     if(CONFIG_MBEDTLS_LEGACY_CRYPTO_C)
       include(${NRF_SECURITY_ROOT}/cmake/legacy_crypto_config.cmake)
     else()
@@ -56,7 +56,7 @@ macro(generate_mbedcrypto_interface_configs)
 
     # Note: Interface doesn't need PSA_CRYPTO_USER_CONFIG_FILE
 
-    # Restore the backup configurations 
+    # Restore the backup configurations
     kconfig_restore_backup_config(CONFIG_MBEDTLS_PSA_CRYPTO_SPM)
     kconfig_restore_backup_config(CONFIG_MBEDTLS_PSA_CRYPTO_C)
     kconfig_restore_backup_config(CONFIG_MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)
@@ -129,7 +129,7 @@ macro(generate_mbedcrypto_library_configs)
     # Generate the PSA_CRYPTO_USER_CONFIG_FILE (PSA_NEED configurations)
     include(${NRF_SECURITY_ROOT}/cmake/psa_crypto_config.cmake)
 
-    # Restore the backup configurations 
+    # Restore the backup configurations
     kconfig_restore_backup_config(CONFIG_MBEDTLS_PSA_CRYPTO_C)
     kconfig_restore_backup_config(CONFIG_MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)
     kconfig_restore_backup_config(CONFIG_MBEDTLS_PSA_CRYPTO_SPM)
diff --git a/subsys/nrf_security/cmake/nrf_config.cmake b/subsys/nrf_security/cmake/nrf_config.cmake
index 78e7da10bcc..ff4b0f8673b 100644
--- a/subsys/nrf_security/cmake/nrf_config.cmake
+++ b/subsys/nrf_security/cmake/nrf_config.cmake
@@ -3,7 +3,7 @@
 #
 # SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
 #
-# Convert all platform and TLS/DTLS and X.509 Kconfig variables for Mbed TLS 
+# Convert all platform and TLS/DTLS and X.509 Kconfig variables for Mbed TLS
 # (strip CONFIG_)
 
 # TF-M
diff --git a/subsys/nrf_security/configs/config_extra.cmake.in b/subsys/nrf_security/configs/config_extra.cmake.in
index 375e7858918..b003f1ed6bc 100644
--- a/subsys/nrf_security/configs/config_extra.cmake.in
+++ b/subsys/nrf_security/configs/config_extra.cmake.in
@@ -9,7 +9,7 @@
 set(PSA_CRYPTO_EXTERNAL_CORE                  ON    CACHE BOOL      "Enable building PSA core externally")
 
 # This file is populated with paths needed building nrf_security with and without TF-M
-# It is added to circumvent issues with install-targets inside TF-M and to unify the 
+# It is added to circumvent issues with install-targets inside TF-M and to unify the
 # CMake code with Zephyr builds
 set(NRFXLIB_DIR          ${ZEPHYR_NRFXLIB_MODULE_DIR}            CACHE STRING "nrfxlib folder")
 set(NRF_SECURITY_ROOT    ${NRF_DIR}/subsys/nrf_security          CACHE STRING "nrf_security root folder")
diff --git a/subsys/nrf_security/configs/nrf-config.h.template b/subsys/nrf_security/configs/nrf-config.h.template
index 47f6caac316..86879b82349 100644
--- a/subsys/nrf_security/configs/nrf-config.h.template
+++ b/subsys/nrf_security/configs/nrf-config.h.template
@@ -5,7 +5,7 @@
  *
  */
 /* The include guards used here ensures that a different Mbed TLS config is not
- * added to the build and used by accident. Hence, this guard is not 
+ * added to the build and used by accident. Hence, this guard is not
  * equivalent to naming of this file.
  */
 #ifndef MBEDTLS_CONFIG_FILE_H
diff --git a/subsys/nrf_security/include/crypto_compat.h b/subsys/nrf_security/include/crypto_compat.h
index 3bca941f092..10f6077edf7 100644
--- a/subsys/nrf_security/include/crypto_compat.h
+++ b/subsys/nrf_security/include/crypto_compat.h
@@ -40,7 +40,7 @@ typedef mbedtls_svc_key_id_t psa_key_handle_t;
  */
 static inline int psa_key_handle_is_null(psa_key_handle_t handle)
 {
-    return mbedtls_svc_key_id_is_null(handle);
+	return mbedtls_svc_key_id_is_null(handle);
 }
 
 /** Open a handle to an existing persistent key.
@@ -104,7 +104,7 @@ static inline int psa_key_handle_is_null(psa_key_handle_t handle)
  *         results in this error code.
  */
 psa_status_t psa_open_key(mbedtls_svc_key_id_t key,
-                          psa_key_handle_t *handle);
+						  psa_key_handle_t *handle);
 
 /** Close a key handle.
  *
@@ -160,7 +160,7 @@ psa_status_t psa_close_key(psa_key_handle_t handle);
  *             a future version of the library.
  */
 #define PSA_DH_FAMILY_CUSTOM                                            \
-    ((psa_dh_family_t) MBEDTLS_DEPRECATED_NUMERIC_CONSTANT(0x7e))
+	((psa_dh_family_t) MBEDTLS_DEPRECATED_NUMERIC_CONSTANT(0x7e))
 
 /**
  * \brief Set domain parameters for a key.
@@ -179,15 +179,15 @@ psa_status_t psa_close_key(psa_key_handle_t handle);
  * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
  */
 static inline psa_status_t MBEDTLS_DEPRECATED psa_set_key_domain_parameters(
-    psa_key_attributes_t *attributes,
-    psa_key_type_t type, const uint8_t *data, size_t data_length)
+	psa_key_attributes_t *attributes,
+	psa_key_type_t type, const uint8_t *data, size_t data_length)
 {
-    (void) data;
-    if (data_length != 0) {
-        return PSA_ERROR_NOT_SUPPORTED;
-    }
-    psa_set_key_type(attributes, type);
-    return PSA_SUCCESS;
+	(void) data;
+	if (data_length != 0) {
+		return PSA_ERROR_NOT_SUPPORTED;
+	}
+	psa_set_key_type(attributes, type);
+	return PSA_SUCCESS;
 }
 
 /**
@@ -205,21 +205,21 @@ static inline psa_status_t MBEDTLS_DEPRECATED psa_set_key_domain_parameters(
  * \retval #PSA_SUCCESS \emptydescription
  */
 static inline psa_status_t MBEDTLS_DEPRECATED psa_get_key_domain_parameters(
-    const psa_key_attributes_t *attributes,
-    uint8_t *data, size_t data_size, size_t *data_length)
+	const psa_key_attributes_t *attributes,
+	uint8_t *data, size_t data_size, size_t *data_length)
 {
-    (void) attributes;
-    (void) data;
-    (void) data_size;
-    *data_length = 0;
-    return PSA_SUCCESS;
+	(void) attributes;
+	(void) data;
+	(void) data_size;
+	*data_length = 0;
+	return PSA_SUCCESS;
 }
 
 /** Safe output buffer size for psa_get_key_domain_parameters().
  *
  */
 #define PSA_KEY_DOMAIN_PARAMETERS_SIZE(key_type, key_bits)      \
-    MBEDTLS_DEPRECATED_NUMERIC_CONSTANT(1u)
+	MBEDTLS_DEPRECATED_NUMERIC_CONSTANT(1u)
 #endif /* MBEDTLS_DEPRECATED_REMOVED */
 
 /**@}*/