diff --git a/core/embed/firmware/main.c b/core/embed/firmware/main.c
index 0051b7ddf..3ef503461 100644
--- a/core/embed/firmware/main.c
+++ b/core/embed/firmware/main.c
@@ -47,6 +47,7 @@
#include "model.h"
#include "mpu.h"
#include "random_delays.h"
+#include "secure_aes.h"
#include TREZOR_BOARD
@@ -165,6 +166,10 @@ int main(void) {
touch_init();
#endif
+ secure_aes_init();
+
+ secure_aes_test();
+
#ifdef USE_SD_CARD
sdcard_init();
#endif
diff --git a/core/embed/trezorhal/secure_aes.h b/core/embed/trezorhal/secure_aes.h
new file mode 100644
index 000000000..f9bd51266
--- /dev/null
+++ b/core/embed/trezorhal/secure_aes.h
@@ -0,0 +1,40 @@
+/*
+ * This file is part of the Trezor project, https://trezor.io/
+ *
+ * Copyright (c) SatoshiLabs
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see .
+ */
+
+#ifndef TREZOR_HAL_SECURE_AES_H
+#define TREZOR_HAL_SECURE_AES_H
+
+#include
+#include
+#include
+
+// Initializes secure AES module
+secbool secure_aes_init(void);
+
+// Encrypts a block of data using AES-256 CBC and DHUK key
+// Input and output must be aligned to 32 bits, size is in bytes
+secbool secure_aes_encrypt(uint32_t* input, size_t size, uint32_t* output);
+
+// Decrypts a block of data using AES-256 CBC and DHUK key
+// Input and output must be aligned to 32 bits, size is in bytes
+secbool secure_aes_decrypt(uint32_t* input, size_t size, uint32_t* output);
+
+void secure_aes_test();
+
+#endif // TREZOR_HAL_SECURE_AES_H
\ No newline at end of file
diff --git a/core/embed/trezorhal/stm32u5/secure_aes.c b/core/embed/trezorhal/stm32u5/secure_aes.c
new file mode 100644
index 000000000..ec2ea50ba
--- /dev/null
+++ b/core/embed/trezorhal/stm32u5/secure_aes.c
@@ -0,0 +1,117 @@
+/*
+ * This file is part of the Trezor project, https://trezor.io/
+ *
+ * Copyright (c) SatoshiLabs
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see .
+ */
+
+#include
+#include STM32_HAL_H
+
+#include
+#include
+
+secbool secure_aes_init(void) {
+ RCC_OscInitTypeDef osc_init_def = {0};
+ osc_init_def.OscillatorType = RCC_OSCILLATORTYPE_SHSI;
+ osc_init_def.SHSIState = RCC_SHSI_ON;
+
+ // Enable SHSI clock
+ if (HAL_RCC_OscConfig(&osc_init_def) != HAL_OK) {
+ return secfalse;
+ }
+
+ // Enable SAES peripheral clock
+ __HAL_RCC_SAES_CLK_ENABLE();
+
+ return sectrue;
+}
+
+secbool secure_aes_encrypt(uint32_t* input, size_t size, uint32_t* output) {
+ CRYP_HandleTypeDef hcryp = {0};
+ uint32_t iv[] = {0, 0, 0, 0};
+
+ hcryp.Instance = SAES;
+ hcryp.Init.DataType = CRYP_NO_SWAP;
+ hcryp.Init.KeySelect = CRYP_KEYSEL_HW;
+ hcryp.Init.KeySize = CRYP_KEYSIZE_256B;
+ hcryp.Init.pKey = NULL;
+ hcryp.Init.pInitVect = iv;
+ hcryp.Init.Algorithm = CRYP_AES_CBC;
+ hcryp.Init.Header = NULL;
+ hcryp.Init.HeaderSize = 0;
+ hcryp.Init.DataWidthUnit = CRYP_DATAWIDTHUNIT_WORD;
+ hcryp.Init.HeaderWidthUnit = CRYP_HEADERWIDTHUNIT_BYTE;
+ hcryp.Init.KeyIVConfigSkip = CRYP_KEYIVCONFIG_ALWAYS;
+ hcryp.Init.KeyMode = CRYP_KEYMODE_NORMAL;
+
+ if (HAL_CRYP_Init(&hcryp) != HAL_OK) {
+ return secfalse;
+ }
+
+ if (HAL_CRYP_Encrypt(&hcryp, input, size, output, HAL_MAX_DELAY) != HAL_OK) {
+ return secfalse;
+ }
+
+ HAL_CRYP_DeInit(&hcryp);
+
+ return sectrue;
+}
+
+secbool secure_aes_decrypt(uint32_t* input, size_t size, uint32_t* output) {
+ CRYP_HandleTypeDef hcryp = {0};
+ uint32_t iv[] = {0, 0, 0, 0};
+
+ hcryp.Instance = SAES;
+ hcryp.Init.DataType = CRYP_NO_SWAP;
+ hcryp.Init.KeySelect = CRYP_KEYSEL_HW;
+ hcryp.Init.KeySize = CRYP_KEYSIZE_256B;
+ hcryp.Init.pKey = NULL;
+ hcryp.Init.pInitVect = iv;
+ hcryp.Init.Algorithm = CRYP_AES_CBC;
+ hcryp.Init.Header = NULL;
+ hcryp.Init.HeaderSize = 0;
+ hcryp.Init.DataWidthUnit = CRYP_DATAWIDTHUNIT_BYTE;
+ hcryp.Init.HeaderWidthUnit = CRYP_HEADERWIDTHUNIT_BYTE;
+ hcryp.Init.KeyIVConfigSkip = CRYP_KEYIVCONFIG_ALWAYS;
+ hcryp.Init.KeyMode = CRYP_KEYMODE_NORMAL;
+
+ if (HAL_CRYP_Init(&hcryp) != HAL_OK) {
+ return secfalse;
+ }
+
+ if (HAL_CRYP_Decrypt(&hcryp, input, size, output, HAL_MAX_DELAY) != HAL_OK) {
+ return secfalse;
+ }
+
+ HAL_CRYP_DeInit(&hcryp);
+
+ return sectrue;
+}
+
+void secure_aes_test() {
+ static uint32_t plain_text[4] = {1, 2, 3, 4};
+ static uint32_t encrypted_text[4];
+ static uint32_t decrypted_text[4];
+
+ secbool status;
+
+ status = secure_aes_encrypt(plain_text, sizeof(plain_text), encrypted_text);
+ printf("encryption done (status=%d)\n", status == sectrue);
+
+ status = secure_aes_decrypt(encrypted_text, sizeof(encrypted_text),
+ decrypted_text);
+ printf("decryption done (status=%d)\n", status == sectrue);
+}
diff --git a/core/embed/trezorhal/stm32u5/stm32u5xx_hal_conf.h b/core/embed/trezorhal/stm32u5/stm32u5xx_hal_conf.h
index 325d229bd..564db1b7a 100644
--- a/core/embed/trezorhal/stm32u5/stm32u5xx_hal_conf.h
+++ b/core/embed/trezorhal/stm32u5/stm32u5xx_hal_conf.h
@@ -71,7 +71,7 @@ extern "C" {
/*#define HAL_RNG_MODULE_ENABLED */
/*#define HAL_RTC_MODULE_ENABLED */
/*#define HAL_SAI_MODULE_ENABLED */
-/*#define HAL_CRYP_MODULE_ENABLED */
+#define HAL_CRYP_MODULE_ENABLED
/*#define HAL_SD_MODULE_ENABLED */
/*#define HAL_MMC_MODULE_ENABLED */
/*#define HAL_SMARTCARD_MODULE_ENABLED */
diff --git a/core/site_scons/boards/stm32u5_common.py b/core/site_scons/boards/stm32u5_common.py
index 89bcf5575..5f61673dd 100644
--- a/core/site_scons/boards/stm32u5_common.py
+++ b/core/site_scons/boards/stm32u5_common.py
@@ -16,6 +16,7 @@ def stm32u5_common_files(env, defines, sources, paths):
sources += [
"vendor/stm32cube-u5/Drivers/STM32U5xx_HAL_Driver/Src/stm32u5xx_hal.c",
"vendor/stm32cube-u5/Drivers/STM32U5xx_HAL_Driver/Src/stm32u5xx_hal_cortex.c",
+ "vendor/stm32cube-u5/Drivers/STM32U5xx_HAL_Driver/Src/stm32u5xx_hal_cryp.c",
"vendor/stm32cube-u5/Drivers/STM32U5xx_HAL_Driver/Src/stm32u5xx_hal_dma.c",
"vendor/stm32cube-u5/Drivers/STM32U5xx_HAL_Driver/Src/stm32u5xx_hal_dma2d.c",
"vendor/stm32cube-u5/Drivers/STM32U5xx_HAL_Driver/Src/stm32u5xx_hal_dsi.c",
@@ -50,6 +51,7 @@ def stm32u5_common_files(env, defines, sources, paths):
"embed/trezorhal/stm32u5/lowlevel.c",
"embed/trezorhal/stm32u5/mpu.c",
"embed/trezorhal/stm32u5/platform.c",
+ "embed/trezorhal/stm32u5/secure_aes.c",
"embed/trezorhal/stm32u5/systick.c",
"embed/trezorhal/stm32u5/random_delays.c",
"embed/trezorhal/stm32u5/rng.c",