diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 086677a60..652b48174 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -1024,6 +1024,43 @@ component_check_test_cases () {
     unset opt
 }
 
+component_check_test_dependencies () {
+    msg "Check: test case dependencies: legacy vs PSA" # < 1s
+
+    found="check-test-deps-found-$$"
+    expected="check-test-deps-expected-$$"
+
+    # Find legacy dependencies in PSA tests
+    grep 'depends_on' tests/suites/test_suite_psa* |
+        grep -Eo '!?MBEDTLS_[^: ]*' |
+        grep -v MBEDTLS_PSA_ |
+        sort -u > $found
+
+    # Expected ones with justification - keep in sorted order!
+    rm -f $expected
+    # No PSA equivalent - WANT_KEY_TYPE_AES means all sizes
+    echo "!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH" >> $expected
+    # This is used by import_rsa_made_up() in test_suite_psa_crypto in order
+    # to build a fake RSA key of the wanted size based on
+    # PSA_VENDOR_RSA_MAX_KEY_BITS. The legacy module is only used by
+    # the test code and that's probably the most convenient way of achieving
+    # the test's goal.
+    echo "MBEDTLS_ASN1_WRITE_C" >> $expected
+    # No PSA equivalent - we should probably have one in the future.
+    echo "MBEDTLS_ECP_RESTARTABLE" >> $expected
+    # No PSA equivalent - needed by some init tests
+    echo "MBEDTLS_ENTROPY_NV_SEED" >> $expected
+    # Used by two tests that are about an extension to the PSA standard;
+    # as such, no PSA equivalent.
+    echo "MBEDTLS_PEM_PARSE_C" >> $expected
+
+    # Compare reality with expectation.
+    # We want an exact match, to ensure the above list remains up-to-date.
+    diff -U0 $expected $found
+
+    rm $found $expected
+}
+
 component_check_doxygen_warnings () {
     msg "Check: doxygen warnings (builds the documentation)" # ~ 3s
     tests/scripts/doxygen.sh