diff --git a/core/embed/firmware/main.c b/core/embed/firmware/main.c
index 0051b7ddf..3ef503461 100644
--- a/core/embed/firmware/main.c
+++ b/core/embed/firmware/main.c
@@ -47,6 +47,7 @@
 #include "model.h"
 #include "mpu.h"
 #include "random_delays.h"
+#include "secure_aes.h"
 
 #include TREZOR_BOARD
 
@@ -165,6 +166,10 @@ int main(void) {
   touch_init();
 #endif
 
+  secure_aes_init();
+
+  secure_aes_test();
+
 #ifdef USE_SD_CARD
   sdcard_init();
 #endif
diff --git a/core/embed/trezorhal/secure_aes.h b/core/embed/trezorhal/secure_aes.h
new file mode 100644
index 000000000..f9bd51266
--- /dev/null
+++ b/core/embed/trezorhal/secure_aes.h
@@ -0,0 +1,40 @@
+/*
+ * This file is part of the Trezor project, https://trezor.io/
+ *
+ * Copyright (c) SatoshiLabs
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef TREZOR_HAL_SECURE_AES_H
+#define TREZOR_HAL_SECURE_AES_H
+
+#include <secbool.h>
+#include <stddef.h>
+#include <stdint.h>
+
+// Initializes secure AES module
+secbool secure_aes_init(void);
+
+// Encrypts a block of data using AES-256 CBC and DHUK key
+// Input and output must be aligned to 32 bits, size is in bytes
+secbool secure_aes_encrypt(uint32_t* input, size_t size, uint32_t* output);
+
+// Decrypts a block of data using AES-256 CBC and DHUK key
+// Input and output must be aligned to 32 bits, size is in bytes
+secbool secure_aes_decrypt(uint32_t* input, size_t size, uint32_t* output);
+
+void secure_aes_test();
+
+#endif  // TREZOR_HAL_SECURE_AES_H
\ No newline at end of file
diff --git a/core/embed/trezorhal/stm32u5/secure_aes.c b/core/embed/trezorhal/stm32u5/secure_aes.c
new file mode 100644
index 000000000..ec2ea50ba
--- /dev/null
+++ b/core/embed/trezorhal/stm32u5/secure_aes.c
@@ -0,0 +1,117 @@
+/*
+ * This file is part of the Trezor project, https://trezor.io/
+ *
+ * Copyright (c) SatoshiLabs
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <secure_aes.h>
+#include STM32_HAL_H
+
+#include <stdio.h>
+#include <stm32u5xx_hal_cryp.h>
+
+secbool secure_aes_init(void) {
+  RCC_OscInitTypeDef osc_init_def = {0};
+  osc_init_def.OscillatorType = RCC_OSCILLATORTYPE_SHSI;
+  osc_init_def.SHSIState = RCC_SHSI_ON;
+
+  // Enable SHSI clock
+  if (HAL_RCC_OscConfig(&osc_init_def) != HAL_OK) {
+    return secfalse;
+  }
+
+  // Enable SAES peripheral clock
+  __HAL_RCC_SAES_CLK_ENABLE();
+
+  return sectrue;
+}
+
+secbool secure_aes_encrypt(uint32_t* input, size_t size, uint32_t* output) {
+  CRYP_HandleTypeDef hcryp = {0};
+  uint32_t iv[] = {0, 0, 0, 0};
+
+  hcryp.Instance = SAES;
+  hcryp.Init.DataType = CRYP_NO_SWAP;
+  hcryp.Init.KeySelect = CRYP_KEYSEL_HW;
+  hcryp.Init.KeySize = CRYP_KEYSIZE_256B;
+  hcryp.Init.pKey = NULL;
+  hcryp.Init.pInitVect = iv;
+  hcryp.Init.Algorithm = CRYP_AES_CBC;
+  hcryp.Init.Header = NULL;
+  hcryp.Init.HeaderSize = 0;
+  hcryp.Init.DataWidthUnit = CRYP_DATAWIDTHUNIT_WORD;
+  hcryp.Init.HeaderWidthUnit = CRYP_HEADERWIDTHUNIT_BYTE;
+  hcryp.Init.KeyIVConfigSkip = CRYP_KEYIVCONFIG_ALWAYS;
+  hcryp.Init.KeyMode = CRYP_KEYMODE_NORMAL;
+
+  if (HAL_CRYP_Init(&hcryp) != HAL_OK) {
+    return secfalse;
+  }
+
+  if (HAL_CRYP_Encrypt(&hcryp, input, size, output, HAL_MAX_DELAY) != HAL_OK) {
+    return secfalse;
+  }
+
+  HAL_CRYP_DeInit(&hcryp);
+
+  return sectrue;
+}
+
+secbool secure_aes_decrypt(uint32_t* input, size_t size, uint32_t* output) {
+  CRYP_HandleTypeDef hcryp = {0};
+  uint32_t iv[] = {0, 0, 0, 0};
+
+  hcryp.Instance = SAES;
+  hcryp.Init.DataType = CRYP_NO_SWAP;
+  hcryp.Init.KeySelect = CRYP_KEYSEL_HW;
+  hcryp.Init.KeySize = CRYP_KEYSIZE_256B;
+  hcryp.Init.pKey = NULL;
+  hcryp.Init.pInitVect = iv;
+  hcryp.Init.Algorithm = CRYP_AES_CBC;
+  hcryp.Init.Header = NULL;
+  hcryp.Init.HeaderSize = 0;
+  hcryp.Init.DataWidthUnit = CRYP_DATAWIDTHUNIT_BYTE;
+  hcryp.Init.HeaderWidthUnit = CRYP_HEADERWIDTHUNIT_BYTE;
+  hcryp.Init.KeyIVConfigSkip = CRYP_KEYIVCONFIG_ALWAYS;
+  hcryp.Init.KeyMode = CRYP_KEYMODE_NORMAL;
+
+  if (HAL_CRYP_Init(&hcryp) != HAL_OK) {
+    return secfalse;
+  }
+
+  if (HAL_CRYP_Decrypt(&hcryp, input, size, output, HAL_MAX_DELAY) != HAL_OK) {
+    return secfalse;
+  }
+
+  HAL_CRYP_DeInit(&hcryp);
+
+  return sectrue;
+}
+
+void secure_aes_test() {
+  static uint32_t plain_text[4] = {1, 2, 3, 4};
+  static uint32_t encrypted_text[4];
+  static uint32_t decrypted_text[4];
+
+  secbool status;
+
+  status = secure_aes_encrypt(plain_text, sizeof(plain_text), encrypted_text);
+  printf("encryption done (status=%d)\n", status == sectrue);
+
+  status = secure_aes_decrypt(encrypted_text, sizeof(encrypted_text),
+                              decrypted_text);
+  printf("decryption done (status=%d)\n", status == sectrue);
+}
diff --git a/core/embed/trezorhal/stm32u5/stm32u5xx_hal_conf.h b/core/embed/trezorhal/stm32u5/stm32u5xx_hal_conf.h
index 325d229bd..564db1b7a 100644
--- a/core/embed/trezorhal/stm32u5/stm32u5xx_hal_conf.h
+++ b/core/embed/trezorhal/stm32u5/stm32u5xx_hal_conf.h
@@ -71,7 +71,7 @@ extern "C" {
 /*#define HAL_RNG_MODULE_ENABLED */
 /*#define HAL_RTC_MODULE_ENABLED */
 /*#define HAL_SAI_MODULE_ENABLED */
-/*#define HAL_CRYP_MODULE_ENABLED */
+#define HAL_CRYP_MODULE_ENABLED
 /*#define HAL_SD_MODULE_ENABLED */
 /*#define HAL_MMC_MODULE_ENABLED */
 /*#define HAL_SMARTCARD_MODULE_ENABLED */
diff --git a/core/site_scons/boards/stm32u5_common.py b/core/site_scons/boards/stm32u5_common.py
index 89bcf5575..5f61673dd 100644
--- a/core/site_scons/boards/stm32u5_common.py
+++ b/core/site_scons/boards/stm32u5_common.py
@@ -16,6 +16,7 @@ def stm32u5_common_files(env, defines, sources, paths):
     sources += [
         "vendor/stm32cube-u5/Drivers/STM32U5xx_HAL_Driver/Src/stm32u5xx_hal.c",
         "vendor/stm32cube-u5/Drivers/STM32U5xx_HAL_Driver/Src/stm32u5xx_hal_cortex.c",
+        "vendor/stm32cube-u5/Drivers/STM32U5xx_HAL_Driver/Src/stm32u5xx_hal_cryp.c",
         "vendor/stm32cube-u5/Drivers/STM32U5xx_HAL_Driver/Src/stm32u5xx_hal_dma.c",
         "vendor/stm32cube-u5/Drivers/STM32U5xx_HAL_Driver/Src/stm32u5xx_hal_dma2d.c",
         "vendor/stm32cube-u5/Drivers/STM32U5xx_HAL_Driver/Src/stm32u5xx_hal_dsi.c",
@@ -50,6 +51,7 @@ def stm32u5_common_files(env, defines, sources, paths):
         "embed/trezorhal/stm32u5/lowlevel.c",
         "embed/trezorhal/stm32u5/mpu.c",
         "embed/trezorhal/stm32u5/platform.c",
+        "embed/trezorhal/stm32u5/secure_aes.c",
         "embed/trezorhal/stm32u5/systick.c",
         "embed/trezorhal/stm32u5/random_delays.c",
         "embed/trezorhal/stm32u5/rng.c",