Hi,
Your analysis is correct, but it's not only about mbedtls, but also
about the library code itself. See
https://gramine.readthedocs.io/en/latest/attestation.html - it says that
the library is not thread-safe and the user needs to ensure proper
locking ;)
Whether it should or not be thread-safe: I don't know, so far we didn't
have any use-case where someone would call it from multiple threads, but
this maybe something to consider...
Best,
Michał