15 files changed, 954 insertions, 20 deletions
diff --git a/arch/sandbox/dts/test.dts b/arch/sandbox/dts/test.dts
index 7026c73bc69..bb696c5ef7f 100644
--- a/arch/sandbox/dts/test.dts
+++ b/arch/sandbox/dts/test.dts
@@ -2150,6 +2150,10 @@
 			};
 		};
 	};
+
+	aes-engine {
+		compatible = "software-aes-engine";
+	};
 };
 
 #include "sandbox_pmic.dtsi"
diff --git a/cmd/aes.c b/cmd/aes.c
index 87ad1ab82b9..3fd83013ffe 100644
--- a/cmd/aes.c
+++ b/cmd/aes.c
@@ -1,8 +1,9 @@
 // SPDX-License-Identifier: GPL-2.0+
 /*
  * Copyright (C) 2014 Marek Vasut <marex@denx.de>
+ * Copyright (C) 2025 Ion Agorria <ion@agorria.com>
  *
- * Command for en/de-crypting block of memory with AES-[128/192/256]-CBC cipher.
+ * Command for AES-[128/192/256] operations.
  */
 
 #include <command.h>
@@ -12,6 +13,8 @@
 #include <linux/compiler.h>
 #include <mapmem.h>
 #include <vsprintf.h>
+#include <dm/uclass.h>
+#include <dm/device.h>
 
 u32 aes_get_key_len(char *command)
 {
@@ -25,29 +28,30 @@ u32 aes_get_key_len(char *command)
 	return key_len;
 }
 
-/**
- * do_aes() - Handle the "aes" command-line command
- * @cmdtp:	Command data struct pointer
- * @flag:	Command flag
- * @argc:	Command-line argument count
- * @argv:	Array of command-line arguments
- *
- * Returns zero on success, CMD_RET_USAGE in case of misuse and negative
- * on error.
- */
-static int do_aes(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[])
+int aes_get_driver(struct udevice **dev)
+{
+	int ret;
+
+	ret = uclass_get_device(UCLASS_AES, 0, dev);
+	if (ret) {
+		printf("Failed to get AES driver: %d\n", ret);
+		return ret;
+	}
+
+	return 0;
+}
+
+int cmd_aes_cbc_simple(int argc, char *const argv[], u32 key_len)
 {
 	uint32_t key_addr, iv_addr, src_addr, dst_addr, len;
 	uint8_t *key_ptr, *iv_ptr, *src_ptr, *dst_ptr;
 	u8 key_exp[AES256_EXPAND_KEY_LENGTH];
-	u32 aes_blocks, key_len;
+	u32 aes_blocks;
 	int enc;
 
 	if (argc != 7)
 		return CMD_RET_USAGE;
 
-	key_len = aes_get_key_len(argv[0]);
-
 	if (!strncmp(argv[1], "enc", 3))
 		enc = 1;
 	else if (!strncmp(argv[1], "dec", 3))
@@ -84,26 +88,257 @@ static int do_aes(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[])
 	unmap_sysmem(src_ptr);
 	unmap_sysmem(dst_ptr);
 
-	return 0;
+	return CMD_RET_SUCCESS;
+}
+
+int cmd_aes_get_slots(void)
+{
+	struct udevice *dev;
+	u8 slots;
+	int ret;
+
+	ret = aes_get_driver(&dev);
+	if (ret)
+		return ret;
+
+	slots = dm_aes_get_available_key_slots(dev);
+	printf("Available slots: %d\n", slots);
+
+	return CMD_RET_SUCCESS;
+}
+
+int cmd_aes_set_key(int argc, char *const argv[], u32 key_len)
+{
+	struct udevice *dev;
+	u32 key_addr, slot;
+	u8 *key_ptr;
+	int ret;
+
+	if (argc != 4)
+		return CMD_RET_USAGE;
+
+	ret = aes_get_driver(&dev);
+	if (ret)
+		return ret;
+
+	key_addr = hextoul(argv[2], NULL);
+	slot = hextoul(argv[3], NULL);
+
+	key_ptr = (uint8_t *)map_sysmem(key_addr, key_len);
+
+	ret = dm_aes_set_key_for_key_slot(dev, key_len * 8, key_ptr, slot);
+	unmap_sysmem(key_ptr);
+	if (ret) {
+		printf("Unable to set key at slot: %d\n", ret);
+		return CMD_RET_FAILURE;
+	}
+
+	return CMD_RET_SUCCESS;
+}
+
+int cmd_aes_select_slot(int argc, char *const argv[], u32 key_len)
+{
+	struct udevice *dev;
+	u32 slot;
+	int ret;
+
+	if (argc != 3)
+		return CMD_RET_USAGE;
+
+	ret = aes_get_driver(&dev);
+	if (ret)
+		return ret;
+
+	slot = hextoul(argv[2], NULL);
+
+	ret = dm_aes_select_key_slot(dev, key_len * 8, slot);
+	if (ret) {
+		printf("Unable to select key slot: %d\n", ret);
+		return CMD_RET_FAILURE;
+	}
+
+	return CMD_RET_SUCCESS;
+}
+
+int cmd_aes_ecb(int argc, char *const argv[], u32 key_len)
+{
+	struct udevice *dev;
+	u32 src_addr, dst_addr, len;
+	u8 *src_ptr, *dst_ptr;
+	u32 aes_blocks;
+	int enc, ret;
+
+	if (argc != 6)
+		return CMD_RET_USAGE;
+
+	ret = aes_get_driver(&dev);
+	if (ret)
+		return ret;
+
+	if (!strncmp(argv[1], "enc", 3))
+		enc = 1;
+	else if (!strncmp(argv[1], "dec", 3))
+		enc = 0;
+	else
+		return CMD_RET_USAGE;
+
+	src_addr = hextoul(argv[3], NULL);
+	dst_addr = hextoul(argv[4], NULL);
+	len = hextoul(argv[5], NULL);
+
+	src_ptr = (uint8_t *)map_sysmem(src_addr, len);
+	dst_ptr = (uint8_t *)map_sysmem(dst_addr, len);
+
+	/* Calculate the number of AES blocks to encrypt. */
+	aes_blocks = DIV_ROUND_UP(len, AES_BLOCK_LENGTH);
+
+	if (enc)
+		ret = dm_aes_ecb_encrypt(dev, src_ptr, dst_ptr, aes_blocks);
+	else
+		ret = dm_aes_ecb_decrypt(dev, src_ptr, dst_ptr, aes_blocks);
+
+	unmap_sysmem(src_ptr);
+	unmap_sysmem(dst_ptr);
+
+	if (ret) {
+		printf("Unable to do ecb operation: %d\n", ret);
+		return CMD_RET_FAILURE;
+	}
+
+	return CMD_RET_SUCCESS;
+}
+
+int cmd_aes_cbc(int argc, char *const argv[], u32 key_len)
+{
+	struct udevice *dev;
+	u32 iv_addr, src_addr, dst_addr, len;
+	u8 *iv_ptr, *src_ptr, *dst_ptr;
+	u32 aes_blocks;
+	int enc, ret;
+
+	if (argc != 7)
+		return CMD_RET_USAGE;
+
+	ret = aes_get_driver(&dev);
+	if (ret)
+		return ret;
+
+	if (!strncmp(argv[1], "enc", 3))
+		enc = 1;
+	else if (!strncmp(argv[1], "dec", 3))
+		enc = 0;
+	else
+		return CMD_RET_USAGE;
+
+	iv_addr = hextoul(argv[3], NULL);
+	src_addr = hextoul(argv[4], NULL);
+	dst_addr = hextoul(argv[5], NULL);
+	len = hextoul(argv[6], NULL);
+
+	iv_ptr = (uint8_t *)map_sysmem(iv_addr, AES_BLOCK_LENGTH);
+	src_ptr = (uint8_t *)map_sysmem(src_addr, len);
+	dst_ptr = (uint8_t *)map_sysmem(dst_addr, len);
+
+	/* Calculate the number of AES blocks to encrypt. */
+	aes_blocks = DIV_ROUND_UP(len, AES_BLOCK_LENGTH);
+
+	if (enc)
+		ret = dm_aes_cbc_encrypt(dev, iv_ptr, src_ptr, dst_ptr, aes_blocks);
+	else
+		ret = dm_aes_cbc_decrypt(dev, iv_ptr, src_ptr, dst_ptr, aes_blocks);
+
+	unmap_sysmem(iv_ptr);
+	unmap_sysmem(src_ptr);
+	unmap_sysmem(dst_ptr);
+
+	if (ret) {
+		printf("Unable to do cbc operation: %d\n", ret);
+		return CMD_RET_FAILURE;
+	}
+
+	return CMD_RET_SUCCESS;
+}
+
+/**
+ * do_aes() - Handle the "aes" command-line command
+ * @cmdtp:	Command data struct pointer
+ * @flag:	Command flag
+ * @argc:	Command-line argument count
+ * @argv:	Array of command-line arguments
+ *
+ * Returns zero on success, CMD_RET_USAGE in case of misuse and negative
+ * on error.
+ */
+static int do_aes(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[])
+{
+	u32 key_len;
+
+	if (argc < 2)
+		return CMD_RET_USAGE;
+
+	key_len = aes_get_key_len(argv[0]);
+
+	if (!strncmp(argv[1], "enc", 3) || !strncmp(argv[1], "dec", 3))
+		return cmd_aes_cbc_simple(argc, argv, key_len);
+	else if (CONFIG_IS_ENABLED(DM_AES) && !strncmp(argv[1], "get_slots", 9))
+		return cmd_aes_get_slots();
+	else if (CONFIG_IS_ENABLED(DM_AES) && !strncmp(argv[1], "set_key", 7))
+		return cmd_aes_set_key(argc, argv, key_len);
+	else if (CONFIG_IS_ENABLED(DM_AES) && !strncmp(argv[1], "select_slot", 11))
+		return cmd_aes_select_slot(argc, argv, key_len);
+	else if (CONFIG_IS_ENABLED(DM_AES) && !strncmp(argv[1], "ecb", 3))
+		return cmd_aes_ecb(argc, argv, key_len);
+	else if (CONFIG_IS_ENABLED(DM_AES) && !strncmp(argv[1], "cbc", 3))
+		return cmd_aes_cbc(argc, argv, key_len);
+	else
+		return CMD_RET_USAGE;
 }
 
 /***************************************************/
 U_BOOT_LONGHELP(aes,
-	"[.128,.192,.256] enc key iv src dst len - Encrypt block of data $len bytes long\n"
+	"[.128,.192,.256] enc key iv src dst len - CBC encrypt block of data $len bytes long\n"
 	"                             at address $src using a key at address\n"
 	"                             $key with initialization vector at address\n"
 	"                             $iv. Store the result at address $dst.\n"
 	"                             The $len size must be multiple of 16 bytes.\n"
 	"                             The $key and $iv must be 16 bytes long.\n"
-	"aes [.128,.192,.256] dec key iv src dst len - Decrypt block of data $len bytes long\n"
+	"aes [.128,.192,.256] dec key iv src dst len - CBC decrypt block of data $len bytes long\n"
 	"                             at address $src using a key at address\n"
 	"                             $key with initialization vector at address\n"
 	"                             $iv. Store the result at address $dst.\n"
 	"                             The $len size must be multiple of 16 bytes.\n"
-	"                             The $key and $iv must be 16 bytes long.");
+	"                             The $key and $iv must be 16 bytes long."
+
+#if CONFIG_IS_ENABLED(DM_AES)
+	"\n"
+	"aes get_slots - Gives number of available key slots\n"
+	"aes [.128,.192,.256] set_key key slot - Load key at address $key into the slot $slot\n"
+	"aes [.128,.192,.256] select_slot slot - Select current active key slot\n"
+	"aes [.128,.192,.256] ecb enc src dst len - ECB encrypt block of data $len bytes long\n"
+	"                             at address $src using a key at current\n"
+	"                             slot. Store the result at address $dst.\n"
+	"                             The $len size must be multiple of 16 bytes.\n"
+	"aes [.128,.192,.256] ecb dec src dst len - ECB decrypt block of data $len bytes long\n"
+	"                             at address $src using a key at current\n"
+	"                             slot. Store the result at address $dst.\n"
+	"                             The $len size must be multiple of 16 bytes.\n"
+	"aes [.128,.192,.256] cbc enc iv src dst len - CBC encrypt block of data $len bytes long\n"
+	"                             at address $src using a key at current\n"
+	"                             slot with initialization vector at address\n"
+	"                             $iv. Store the result at address $dst.\n"
+	"                             The $len size must be multiple of 16 bytes.\n"
+	"                             The $iv must be 16 bytes long.\n"
+	"aes [.128,.192,.256] cbc dec iv src dst len - CBC decrypt block of data $len bytes long\n"
+	"                             at address $src using a key at current\n"
+	"                             slot with initialization vector at address\n"
+	"                             $iv. Store the result at address $dst.\n"
+	"                             The $len size must be multiple of 16 bytes.\n"
+	"                             The $iv must be 16 bytes long."
+#endif
+);
 
 U_BOOT_CMD(
 	aes, 7, 1, do_aes,
-	"AES 128/192/256 CBC encryption",
+	"AES 128/192/256 operations",
 	aes_help_text
 );
diff --git a/configs/sandbox64_defconfig b/configs/sandbox64_defconfig
index 1cefaa0a138..374dcb1d5ba 100644
--- a/configs/sandbox64_defconfig
+++ b/configs/sandbox64_defconfig
@@ -136,6 +136,8 @@ CONFIG_CLK_K210=y
 CONFIG_CLK_K210_SET_RATE=y
 CONFIG_SANDBOX_CLK_CCF=y
 CONFIG_CPU=y
+CONFIG_DM_AES=y
+CONFIG_AES_SOFTWARE=y
 CONFIG_DM_DEMO=y
 CONFIG_DM_DEMO_SIMPLE=y
 CONFIG_DM_DEMO_SHAPE=y
diff --git a/configs/sandbox_defconfig b/configs/sandbox_defconfig
index d6768e291d0..2eba02e1f07 100644
--- a/configs/sandbox_defconfig
+++ b/configs/sandbox_defconfig
@@ -185,6 +185,8 @@ CONFIG_CLK_K210_SET_RATE=y
 CONFIG_SANDBOX_CLK_CCF=y
 CONFIG_CLK_SCMI=y
 CONFIG_CPU=y
+CONFIG_DM_AES=y
+CONFIG_AES_SOFTWARE=y
 CONFIG_DM_DEMO=y
 CONFIG_DM_DEMO_SIMPLE=y
 CONFIG_DM_DEMO_SHAPE=y
diff --git a/configs/sandbox_flattree_defconfig b/configs/sandbox_flattree_defconfig
index f0a69a414db..e81941fb14f 100644
--- a/configs/sandbox_flattree_defconfig
+++ b/configs/sandbox_flattree_defconfig
@@ -74,6 +74,7 @@ CONFIG_CMD_QFW=y
 CONFIG_CMD_BOOTSTAGE=y
 CONFIG_CMD_PMIC=y
 CONFIG_CMD_REGULATOR=y
+CONFIG_CMD_AES=y
 CONFIG_CMD_TPM=y
 CONFIG_CMD_TPM_TEST=y
 CONFIG_CMD_EXT4_WRITE=y
@@ -114,6 +115,8 @@ CONFIG_CLK_K210=y
 CONFIG_CLK_K210_SET_RATE=y
 CONFIG_SANDBOX_CLK_CCF=y
 CONFIG_CPU=y
+CONFIG_DM_AES=y
+CONFIG_AES_SOFTWARE=y
 CONFIG_DM_DEMO=y
 CONFIG_DM_DEMO_SIMPLE=y
 CONFIG_DM_DEMO_SHAPE=y
diff --git a/drivers/crypto/Kconfig b/drivers/crypto/Kconfig
index 8b49997030b..d26f87364f9 100644
--- a/drivers/crypto/Kconfig
+++ b/drivers/crypto/Kconfig
@@ -2,6 +2,8 @@ menu "Hardware crypto devices"
 
 source "drivers/crypto/hash/Kconfig"
 
+source "drivers/crypto/aes/Kconfig"
+
 source "drivers/crypto/fsl/Kconfig"
 
 source "drivers/crypto/aspeed/Kconfig"
diff --git a/drivers/crypto/Makefile b/drivers/crypto/Makefile
index b9105186097..2bd99fc2763 100644
--- a/drivers/crypto/Makefile
+++ b/drivers/crypto/Makefile
@@ -4,6 +4,7 @@
 #	http://www.samsung.com
 
 obj-$(CONFIG_EXYNOS_ACE_SHA)	+= ace_sha.o
+obj-y += aes/
 obj-y += rsa_mod_exp/
 obj-y += fsl/
 obj-y += hash/
diff --git a/drivers/crypto/aes/Kconfig b/drivers/crypto/aes/Kconfig
new file mode 100644
index 00000000000..7e1b1b2875d
--- /dev/null
+++ b/drivers/crypto/aes/Kconfig
@@ -0,0 +1,12 @@
+config DM_AES
+	bool "Enable Driver Model for AES crypto operations"
+	depends on DM
+	help
+	  If you want to use driver model for AES crypto operations, say Y.
+
+config AES_SOFTWARE
+	bool "Enable driver for AES in software"
+	depends on DM_AES && AES
+	help
+	  Enable driver for AES crypto operations in software. Uses U-Boot
+	  AES library.
diff --git a/drivers/crypto/aes/Makefile b/drivers/crypto/aes/Makefile
new file mode 100644
index 00000000000..d38a2e1526d
--- /dev/null
+++ b/drivers/crypto/aes/Makefile
@@ -0,0 +1,4 @@
+# SPDX-License-Identifier: GPL-2.0+
+
+obj-$(CONFIG_$(PHASE_)DM_AES) += aes-uclass.o
+obj-$(CONFIG_$(PHASE_)AES_SOFTWARE) += aes-sw.o
diff --git a/drivers/crypto/aes/aes-sw.c b/drivers/crypto/aes/aes-sw.c
new file mode 100644
index 00000000000..a65200fb79b
--- /dev/null
+++ b/drivers/crypto/aes/aes-sw.c
@@ -0,0 +1,167 @@
+// SPDX-License-Identifier: GPL-2.0+
+
+#include <config.h>
+#include <dm.h>
+#include <log.h>
+#include <malloc.h>
+#include <uboot_aes.h>
+
+#define SW_KEY_SLOTS 2
+
+struct sw_aes_priv {
+	u8 key_slots[SW_KEY_SLOTS][AES256_KEY_LENGTH];
+	u8 key_schedule[AES256_EXPAND_KEY_LENGTH];
+	u8 selected_slot;
+	u32 selected_key_size;
+	bool key_expanded;
+};
+
+static int prepare_aes(struct sw_aes_priv *priv)
+{
+	if (!priv->selected_key_size) {
+		log_debug("%s: AES key size not set, setup a slot first\n", __func__);
+		return 1;
+	}
+
+	if (priv->key_expanded)
+		return 0;
+
+	priv->key_expanded = 1;
+
+	aes_expand_key(priv->key_slots[priv->selected_slot], priv->selected_key_size,
+		       priv->key_schedule);
+
+	return 0;
+}
+
+static int sw_aes_ops_available_key_slots(struct udevice *dev)
+{
+	return SW_KEY_SLOTS;
+}
+
+static int sw_aes_ops_select_key_slot(struct udevice *dev, u32 key_size, u8 slot)
+{
+	struct sw_aes_priv *priv = dev_get_priv(dev);
+
+	if (slot >= SW_KEY_SLOTS)
+		return 1;
+
+	priv->selected_slot = slot;
+	priv->selected_key_size = key_size;
+	priv->key_expanded = 0;
+
+	return 0;
+}
+
+static int sw_aes_ops_set_key_for_key_slot(struct udevice *dev, u32 key_size,
+					   u8 *key, u8 slot)
+{
+	struct sw_aes_priv *priv = dev_get_priv(dev);
+
+	if (slot >= SW_KEY_SLOTS)
+		return 1;
+
+	memcpy(priv->key_slots[slot], key, key_size / 8);
+
+	if (priv->selected_slot == slot)
+		priv->selected_key_size = key_size;
+
+	priv->key_expanded = 0;
+
+	return 0;
+}
+
+static int sw_aes_ops_aes_ecb_encrypt(struct udevice *dev, u8 *src, u8 *dst,
+				      u32 num_aes_blocks)
+{
+	struct sw_aes_priv *priv = dev_get_priv(dev);
+	int ret;
+
+	ret = prepare_aes(priv);
+	if (ret)
+		return ret;
+
+	while (num_aes_blocks > 0) {
+		aes_encrypt(priv->selected_key_size, src, priv->key_schedule, dst);
+		num_aes_blocks -= 1;
+		src += AES_BLOCK_LENGTH;
+		dst += AES_BLOCK_LENGTH;
+	}
+
+	return 0;
+}
+
+static int sw_aes_ops_aes_ecb_decrypt(struct udevice *dev, u8 *src, u8 *dst,
+				      u32 num_aes_blocks)
+{
+	struct sw_aes_priv *priv = dev_get_priv(dev);
+	int ret;
+
+	ret = prepare_aes(priv);
+	if (ret)
+		return ret;
+
+	while (num_aes_blocks > 0) {
+		aes_decrypt(priv->selected_key_size, src, priv->key_schedule, dst);
+		num_aes_blocks -= 1;
+		src += AES_BLOCK_LENGTH;
+		dst += AES_BLOCK_LENGTH;
+	}
+
+	return 0;
+}
+
+static int sw_aes_ops_aes_cbc_encrypt(struct udevice *dev, u8 *iv, u8 *src,
+				      u8 *dst, u32 num_aes_blocks)
+{
+	struct sw_aes_priv *priv = dev_get_priv(dev);
+	int ret;
+
+	ret = prepare_aes(priv);
+	if (ret)
+		return ret;
+
+	aes_cbc_encrypt_blocks(priv->selected_key_size, priv->key_schedule, iv,
+			       src, dst, num_aes_blocks);
+
+	return 0;
+}
+
+static int sw_aes_ops_aes_cbc_decrypt(struct udevice *dev, u8 *iv, u8 *src,
+				      u8 *dst, u32 num_aes_blocks)
+{
+	struct sw_aes_priv *priv = dev_get_priv(dev);
+	int ret;
+
+	ret = prepare_aes(priv);
+	if (ret)
+		return ret;
+
+	aes_cbc_decrypt_blocks(priv->selected_key_size, priv->key_schedule,
+			       iv, src, dst, num_aes_blocks);
+
+	return 0;
+}
+
+static const struct aes_ops aes_ops_sw = {
+	.available_key_slots = sw_aes_ops_available_key_slots,
+	.select_key_slot = sw_aes_ops_select_key_slot,
+	.set_key_for_key_slot = sw_aes_ops_set_key_for_key_slot,
+	.aes_ecb_encrypt = sw_aes_ops_aes_ecb_encrypt,
+	.aes_ecb_decrypt = sw_aes_ops_aes_ecb_decrypt,
+	.aes_cbc_encrypt = sw_aes_ops_aes_cbc_encrypt,
+	.aes_cbc_decrypt = sw_aes_ops_aes_cbc_decrypt,
+};
+
+static const struct udevice_id sw_aes_ids[] = {
+	{ .compatible = "software-aes-engine" },
+	{ }
+};
+
+U_BOOT_DRIVER(aes_sw) = {
+	.name = "aes_sw",
+	.id = UCLASS_AES,
+	.of_match = sw_aes_ids,
+	.ops = &aes_ops_sw,
+	.priv_auto = sizeof(struct sw_aes_priv),
+};
diff --git a/drivers/crypto/aes/aes-uclass.c b/drivers/crypto/aes/aes-uclass.c
new file mode 100644
index 00000000000..745c6ce57a9
--- /dev/null
+++ b/drivers/crypto/aes/aes-uclass.c
@@ -0,0 +1,192 @@
+// SPDX-License-Identifier: GPL-2.0+
+
+#define LOG_CATEGORY UCLASS_AES
+
+#include <dm.h>
+#include <malloc.h>
+#include <log.h>
+#include <uboot_aes.h>
+#include <linux/string.h>
+
+int dm_aes_get_available_key_slots(struct udevice *dev)
+{
+	const struct aes_ops *ops;
+
+	if (!dev)
+		return -ENODEV;
+
+	ops = aes_get_ops(dev);
+
+	if (!ops->available_key_slots)
+		return -ENOSYS;
+
+	return ops->available_key_slots(dev);
+}
+
+int dm_aes_select_key_slot(struct udevice *dev, u32 key_size, u8 slot)
+{
+	const struct aes_ops *ops;
+
+	if (!dev)
+		return -ENODEV;
+
+	ops = aes_get_ops(dev);
+
+	if (!ops->select_key_slot)
+		return -ENOSYS;
+
+	return ops->select_key_slot(dev, key_size, slot);
+}
+
+int dm_aes_set_key_for_key_slot(struct udevice *dev, u32 key_size, u8 *key, u8 slot)
+{
+	const struct aes_ops *ops;
+
+	if (!dev)
+		return -ENODEV;
+
+	ops = aes_get_ops(dev);
+
+	if (!ops->set_key_for_key_slot)
+		return -ENOSYS;
+
+	return ops->set_key_for_key_slot(dev, key_size, key, slot);
+}
+
+int dm_aes_ecb_encrypt(struct udevice *dev, u8 *src, u8 *dst, u32 num_aes_blocks)
+{
+	const struct aes_ops *ops;
+
+	if (!dev)
+		return -ENODEV;
+
+	ops = aes_get_ops(dev);
+
+	if (!ops->aes_ecb_encrypt)
+		return -ENOSYS;
+
+	return ops->aes_ecb_encrypt(dev, src, dst, num_aes_blocks);
+}
+
+int dm_aes_ecb_decrypt(struct udevice *dev, u8 *src, u8 *dst, u32 num_aes_blocks)
+{
+	const struct aes_ops *ops;
+
+	if (!dev)
+		return -ENODEV;
+
+	ops = aes_get_ops(dev);
+
+	if (!ops->aes_ecb_decrypt)
+		return -ENOSYS;
+
+	return ops->aes_ecb_decrypt(dev, src, dst, num_aes_blocks);
+}
+
+int dm_aes_cbc_encrypt(struct udevice *dev, u8 *iv, u8 *src, u8 *dst, u32 num_aes_blocks)
+{
+	const struct aes_ops *ops;
+
+	if (!dev)
+		return -ENODEV;
+
+	ops = aes_get_ops(dev);
+
+	if (!ops->aes_cbc_encrypt)
+		return -ENOSYS;
+
+	return ops->aes_cbc_encrypt(dev, iv, src, dst, num_aes_blocks);
+}
+
+int dm_aes_cbc_decrypt(struct udevice *dev, u8 *iv, u8 *src, u8 *dst, u32 num_aes_blocks)
+{
+	const struct aes_ops *ops;
+
+	if (!dev)
+		return -ENODEV;
+
+	ops = aes_get_ops(dev);
+
+	if (!ops->aes_cbc_decrypt)
+		return -ENOSYS;
+
+	return ops->aes_cbc_decrypt(dev, iv, src, dst, num_aes_blocks);
+}
+
+static void left_shift_vector(u8 *in, u8 *out, int size)
+{
+	int carry = 0;
+	int i;
+
+	for (i = size - 1; i >= 0; i--) {
+		out[i] = (in[i] << 1) | carry;
+		carry = in[i] >> 7;	/* get most significant bit */
+	}
+}
+
+int dm_aes_cmac(struct udevice *dev, u8 *src, u8 *dst, u32 num_aes_blocks)
+{
+	const u8 AES_CMAC_CONST_RB = 0x87; /* from RFC 4493, Figure 2.2 */
+	const u32 TMP_BUFFER_LEN = 128;
+	u8 tmp_block[AES128_KEY_LENGTH] = { };
+	u8 k1[AES128_KEY_LENGTH];
+	u8 *tmp_buffer;
+	int ret;
+
+	log_debug("%s: 0x%p -> %p blocks %d\n", __func__, src, dst, num_aes_blocks);
+
+	if (!num_aes_blocks) {
+		log_debug("%s: called with 0 blocks!\n", __func__);
+		return -1;
+	}
+
+	/* Compute K1 constant needed by AES-CMAC calculation */
+	ret = dm_aes_cbc_encrypt(dev, (u8 *)AES_ZERO_BLOCK, (u8 *)AES_ZERO_BLOCK, tmp_block, 1);
+	if (ret)
+		return -1;
+
+	left_shift_vector(tmp_block, k1, AES_BLOCK_LENGTH);
+
+	if ((tmp_block[0] >> 7) != 0) /* get MSB of L */
+		k1[AES128_KEY_LENGTH - 1] ^= AES_CMAC_CONST_RB;
+
+	/* Set what will be the initial IV as zero */
+	memset(tmp_block, 0, AES_BLOCK_LENGTH);
+
+	/* Process all blocks except last by calling engine several times per dma buffer size */
+	if (num_aes_blocks > 1) {
+		tmp_buffer = malloc(AES_BLOCK_LENGTH * min(num_aes_blocks - 1, TMP_BUFFER_LEN));
+		while (num_aes_blocks > 1) {
+			u32 blocks = min(num_aes_blocks - 1, TMP_BUFFER_LEN);
+
+			/* Encrypt the current remaining set of blocks that fits in tmp buffer */
+			ret = dm_aes_cbc_encrypt(dev, tmp_block, src, tmp_buffer, blocks);
+			if (ret)
+				return -1;
+
+			num_aes_blocks -= blocks;
+			src += blocks * AES_BLOCK_LENGTH;
+
+			/* Copy the last encrypted block to tmp_block as IV */
+			memcpy(tmp_block, tmp_buffer + ((blocks - 1) * AES_BLOCK_LENGTH),
+			       AES_BLOCK_LENGTH);
+		}
+		free(tmp_buffer);
+	}
+
+	if (num_aes_blocks != 1) {
+		log_debug("%s: left with %d blocks! must be 1\n", __func__, num_aes_blocks);
+		return -1;
+	}
+
+	/* XOR last IV with K1 */
+	aes_apply_cbc_chain_data(tmp_block, k1, tmp_block);
+
+	/* Encrypt the last src block already with tmp_block as IV and output to dst */
+	return dm_aes_cbc_encrypt(dev, tmp_block, src, dst, 1);
+}
+
+UCLASS_DRIVER(aes) = {
+	.id	= UCLASS_AES,
+	.name	= "aes",
+};
diff --git a/include/dm/uclass-id.h b/include/dm/uclass-id.h
index 270088ad94f..5c0fd6d171b 100644
--- a/include/dm/uclass-id.h
+++ b/include/dm/uclass-id.h
@@ -38,6 +38,7 @@ enum uclass_id {
 	/* U-Boot uclasses start here - in alphabetical order */
 	UCLASS_ACPI_PMC,	/* (x86) Power-management controller (PMC) */
 	UCLASS_ADC,		/* Analog-to-digital converter */
+	UCLASS_AES,		/* AES cryptographic engine */
 	UCLASS_AHCI,		/* SATA disk controller */
 	UCLASS_AUDIO_CODEC,	/* Audio codec with control and data path */
 	UCLASS_AXI,		/* AXI bus */
diff --git a/include/uboot_aes.h b/include/uboot_aes.h
index d2583bed992..592b7dbee43 100644
--- a/include/uboot_aes.h
+++ b/include/uboot_aes.h
@@ -7,6 +7,8 @@
 #ifndef _AES_REF_H_
 #define _AES_REF_H_
 
+#include <errno.h>
+
 #ifdef USE_HOSTCC
 /* Define compat stuff for use in fw_* tools. */
 typedef unsigned char u8;
@@ -107,4 +109,253 @@ void aes_cbc_encrypt_blocks(u32 key_size, u8 *key_exp, u8 *iv, u8 *src, u8 *dst,
 void aes_cbc_decrypt_blocks(u32 key_size, u8 *key_exp, u8 *iv, u8 *src, u8 *dst,
 			    u32 num_aes_blocks);
 
+/* An AES block filled with zeros */
+static const u8 AES_ZERO_BLOCK[AES_BLOCK_LENGTH] = { 0 };
+struct udevice;
+
+/**
+ * struct struct aes_ops - Driver model for AES related operations
+ *
+ * The uclass interface is implemented by AES crypto devices which use driver model.
+ *
+ * Some AES crypto devices use key slots to store the key for the encrypt/decrypt
+ * operations, while others may simply pass the key on each operation.
+ *
+ * In case the device does not implement hardware slots, driver can emulate or simply
+ * store one active key slot at 0 in the driver state and pass it on each underlying
+ * hw calls for AES operations.
+ *
+ * Note that some devices like Tegra AES engine may contain preloaded keys by bootrom,
+ * thus in those cases the set_key_for_key_slot() may be skipped.
+ *
+ * Sequence for a series of AES CBC encryption, one decryption and a CMAC hash example
+ * with 128bits key at slot 0 would be as follow:
+ *
+ * set_key_for_key_slot(DEV, 128, KEY, 0);
+ * select_key_slot(DEV, 128, 0);
+ * aes_cbc_encrypt(DEV, IV1, SRC1, DST1, LEN1);
+ * aes_cbc_encrypt(DEV, IV2, SRC2, DST2, LEN2);
+ * aes_cbc_decrypt(DEV, IV3, SRC3, DST3, LEN3);
+ */
+struct aes_ops {
+	/**
+	 * available_key_slots() - How many key slots this AES device has
+	 *
+	 * @dev			The AES udevice
+	 * @return		Available slots to use, 0 for none
+	 */
+	int (*available_key_slots)(struct udevice *dev);
+
+	/**
+	 * select_key_slot() - Selects the AES key slot to use for following operations
+	 *
+	 * @dev			The AES udevice
+	 * @key_size		Size of the aes key (in bits)
+	 * @slot		The key slot to set as selected
+	 * @return		0 on success, negative value on failure
+	 */
+	int (*select_key_slot)(struct udevice *dev, u32 key_size, u8 slot);
+
+	/**
+	 * set_key_for_key_slot() - Sets the AES key to use for specified key slot
+	 *
+	 * @dev			The AES udevice
+	 * @key_size		Size of the aes key (in bits)
+	 * @key			An AES key to set
+	 * @slot		The slot to load the key at
+	 * @return		0 on success, negative value on failure
+	 */
+	int (*set_key_for_key_slot)(struct udevice *dev, u32 key_size, u8 *key,
+				    u8 slot);
+
+	/**
+	 * aes_ecb_encrypt() - Encrypt multiple blocks of data with AES ECB.
+	 *
+	 * @dev			The AES udevice
+	 * @src			Source data of length 'num_aes_blocks' blocks
+	 * @dst			Destination data of length 'num_aes_blocks' blocks
+	 * @num_aes_blocks	Number of AES blocks to encrypt/decrypt
+	 * @return		0 on success, negative value on failure
+	 */
+	int (*aes_ecb_encrypt)(struct udevice *dev, u8 *src, u8 *dst, u32 num_aes_blocks);
+
+	/**
+	 * aes_ecb_decrypt() - Decrypt multiple blocks of data with AES ECB.
+	 *
+	 * @dev			The AES udevice
+	 * @src			Source data of length 'num_aes_blocks' blocks
+	 * @dst			Destination data of length 'num_aes_blocks' blocks
+	 * @num_aes_blocks	Number of AES blocks to encrypt/decrypt
+	 * @return		0 on success, negative value on failure
+	 */
+	int (*aes_ecb_decrypt)(struct udevice *dev, u8 *src, u8 *dst, u32 num_aes_blocks);
+
+	/**
+	 * aes_cbc_encrypt() - Encrypt multiple blocks of data with AES CBC.
+	 *
+	 * @dev			The AES udevice
+	 * @iv			Initialization vector
+	 * @src			Source data of length 'num_aes_blocks' blocks
+	 * @dst			Destination data of length 'num_aes_blocks' blocks
+	 * @num_aes_blocks	Number of AES blocks to encrypt/decrypt
+	 * @return		0 on success, negative value on failure
+	 */
+	int (*aes_cbc_encrypt)(struct udevice *dev, u8 *iv,
+			       u8 *src, u8 *dst, u32 num_aes_blocks);
+
+	/**
+	 * aes_cbc_decrypt() - Decrypt multiple blocks of data with AES CBC.
+	 *
+	 * @dev			The AES udevice
+	 * @iv			Initialization vector
+	 * @src			Source data of length 'num_aes_blocks' blocks
+	 * @dst			Destination data of length 'num_aes_blocks' blocks
+	 * @num_aes_blocks	Number of AES blocks to encrypt/decrypt
+	 * @return		0 on success, negative value on failure
+	 */
+	int (*aes_cbc_decrypt)(struct udevice *dev, u8 *iv,
+			       u8 *src, u8 *dst, u32 num_aes_blocks);
+};
+
+#define aes_get_ops(dev)	((struct aes_ops *)(dev)->driver->ops)
+
+#if CONFIG_IS_ENABLED(DM_AES)
+
+/**
+ * dm_aes_get_available_key_slots - How many key slots this AES device has
+ *
+ * @dev			The AES udevice
+ * Return:		Available slots to use, 0 for none, -ve on failure
+ */
+int dm_aes_get_available_key_slots(struct udevice *dev);
+
+/**
+ * dm_aes_select_key_slot - Selects the AES key slot to use for following operations
+ *
+ * @dev			The AES udevice
+ * @key_size		Size of the aes key (in bits)
+ * @slot		The key slot to set as selected
+ * Return:		0 on success, -ve on failure
+ */
+int dm_aes_select_key_slot(struct udevice *dev, u32 key_size, u8 slot);
+
+/**
+ * dm_aes_set_key_for_key_slot - Sets the AES key to use for specified key slot
+ *
+ * @dev			The AES udevice
+ * @key_size		Size of the aes key (in bits)
+ * @key			An AES key to set
+ * @slot		The slot to load the key at
+ * Return:		0 on success, negative value on failure
+ */
+int dm_aes_set_key_for_key_slot(struct udevice *dev, u32 key_size, u8 *key, u8 slot);
+
+/**
+ * dm_aes_ecb_encrypt - Encrypt multiple blocks of data with AES ECB.
+ *
+ * @dev			The AES udevice
+ * @src			Source data of length 'num_aes_blocks' blocks
+ * @dst			Destination data of length 'num_aes_blocks' blocks
+ * @num_aes_blocks	Number of AES blocks to encrypt/decrypt
+ * Return:		0 on success, negative value on failure
+ */
+int dm_aes_ecb_encrypt(struct udevice *dev, u8 *src, u8 *dst, u32 num_aes_blocks);
+
+/**
+ * dm_aes_ecb_decrypt - Decrypt multiple blocks of data with AES ECB.
+ *
+ * @dev			The AES udevice
+ * @src			Source data of length 'num_aes_blocks' blocks
+ * @dst			Destination data of length 'num_aes_blocks' blocks
+ * @num_aes_blocks	Number of AES blocks to encrypt/decrypt
+ * Return:		0 on success, negative value on failure
+ */
+int dm_aes_ecb_decrypt(struct udevice *dev, u8 *src, u8 *dst, u32 num_aes_blocks);
+
+/**
+ * dm_aes_cbc_encrypt - Encrypt multiple blocks of data with AES CBC.
+ *
+ * @dev			The AES udevice
+ * @iv			Initialization vector
+ * @src			Source data of length 'num_aes_blocks' blocks
+ * @dst			Destination data of length 'num_aes_blocks' blocks
+ * @num_aes_blocks	Number of AES blocks to encrypt/decrypt
+ * Return:		0 on success, negative value on failure
+ */
+int dm_aes_cbc_encrypt(struct udevice *dev, u8 *iv, u8 *src, u8 *dst, u32 num_aes_blocks);
+
+/**
+ * dm_aes_cbc_decrypt - Decrypt multiple blocks of data with AES CBC.
+ *
+ * @dev			The AES udevice
+ * @iv			Initialization vector
+ * @src			Source data of length 'num_aes_blocks' blocks
+ * @dst			Destination data of length 'num_aes_blocks' blocks
+ * @num_aes_blocks	Number of AES blocks to encrypt/decrypt
+ * Return:		0 on success, negative value on failure
+ */
+int dm_aes_cbc_decrypt(struct udevice *dev, u8 *iv, u8 *src, u8 *dst, u32 num_aes_blocks);
+
+/**
+ * dm_aes_cmac - Hashes the input data with AES-CMAC, putting the result into dst.
+ * The key slot must be selected already.
+ *
+ * @dev			The AES udevice
+ * @key_size		Size of the aes key (in bits)
+ * @src			Source data of length 'num_aes_blocks' blocks
+ * @dst			Destination for hash result
+ * @num_aes_blocks	Number of AES blocks to encrypt
+ * Return:		0 on success, negative value on failure.
+ */
+int dm_aes_cmac(struct udevice *dev, u8 *src, u8 *dst, u32 num_aes_blocks);
+
+#else
+
+static inline int dm_aes_get_available_key_slots(struct udevice *dev)
+{
+	return -ENOSYS;
+}
+
+static inline int dm_aes_select_key_slot(struct udevice *dev, u32 key_size, u8 slot)
+{
+	return -ENOSYS;
+}
+
+static inline int dm_aes_set_key_for_key_slot(struct udevice *dev, u32 key_size, u8 *key,
+					      u8 slot)
+{
+	return -ENOSYS;
+}
+
+static inline int dm_aes_ecb_encrypt(struct udevice *dev, u8 *src, u8 *dst,
+				     u32 num_aes_blocks)
+{
+	return -ENOSYS;
+}
+
+static inline int dm_aes_ecb_decrypt(struct udevice *dev, u8 *src, u8 *dst,
+				     u32 num_aes_blocks)
+{
+	return -ENOSYS;
+}
+
+static inline int dm_aes_cbc_encrypt(struct udevice *dev, u8 *iv, u8 *src,
+				     u8 *dst, u32 num_aes_blocks)
+{
+	return -ENOSYS;
+}
+
+static inline int dm_aes_cbc_decrypt(struct udevice *dev, u8 *iv, u8 *src,
+				     u8 *dst, u32 num_aes_blocks)
+{
+	return -ENOSYS;
+}
+
+static inline int dm_aes_cmac(struct udevice *dev, u8 *src, u8 *dst, u32 num_aes_blocks)
+{
+	return -ENOSYS;
+}
+
+#endif /* CONFIG_DM_AES */
+
 #endif /* _AES_REF_H_ */
diff --git a/test/dm/Makefile b/test/dm/Makefile
index 917dafe7d22..d15859eca30 100644
--- a/test/dm/Makefile
+++ b/test/dm/Makefile
@@ -29,6 +29,7 @@ obj-(CONFIG_DM_GPIO) += gpio.o
 obj-y += irq.o
 endif
 obj-$(CONFIG_ADC) += adc.o
+obj-$(CONFIG_AES_SOFTWARE) += aes.o
 obj-$(CONFIG_SOUND) += audio.o
 obj-$(CONFIG_AXI) += axi.o
 obj-$(CONFIG_BLK) += blk.o
diff --git a/test/dm/aes.c b/test/dm/aes.c
new file mode 100644
index 00000000000..702e4db2b35
--- /dev/null
+++ b/test/dm/aes.c
@@ -0,0 +1,57 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * Tests for the driver model AES API
+ *
+ * Copyright (c) 2025 Svyatoslav Ryhel <clamor95@gmail.com>
+ */
+
+#include <dm.h>
+#include <dm/test.h>
+#include <uboot_aes.h>
+#include <test/test.h>
+#include <test/ut.h>
+
+#define AES128_KEYSIZE		128
+
+static int dm_test_aes(struct unit_test_state *uts)
+{
+	struct udevice *dev;
+	u8 test_key[AES128_KEY_LENGTH] = { 0x63, 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x20,
+					   0x74, 0x65, 0x72, 0x69, 0x79, 0x61, 0x6b, 0x69 };
+	u8 test_iv[AES128_KEY_LENGTH] = { 0 };
+
+	u8 test_input[AES_BLOCK_LENGTH] = { 0x49, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20,
+					    0x6c, 0x69, 0x6b, 0x65, 0x20, 0x74, 0x68, 0x65 };
+	u8 exp_output[AES_BLOCK_LENGTH] = { 0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
+					    0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84 };
+	u8 exp_cmac[AES_BLOCK_LENGTH] = { 0xfc, 0x89, 0x20, 0xc8, 0x46, 0x97, 0xb1, 0x3d,
+					  0x31, 0x2c, 0xc2, 0x49, 0x5c, 0x5a, 0x0b, 0x9f };
+	u8 test_output[AES_BLOCK_LENGTH];
+
+	ut_assertok(uclass_first_device_err(UCLASS_AES, &dev));
+
+	/* software AES exposes 2 key slots */
+	ut_asserteq(2, dm_aes_get_available_key_slots(dev));
+
+	ut_assertok(dm_aes_select_key_slot(dev, AES128_KEYSIZE, 0));
+	ut_assertok(dm_aes_set_key_for_key_slot(dev, AES128_KEYSIZE, test_key, 0));
+
+	ut_assertok(dm_aes_ecb_encrypt(dev, test_input, test_output, 1));
+	ut_assertok(memcmp(exp_output, test_output, 16));
+
+	ut_assertok(dm_aes_ecb_decrypt(dev, test_output, test_output, 1));
+	ut_assertok(memcmp(test_input, test_output, 16));
+
+	ut_assertok(dm_aes_cbc_encrypt(dev, test_iv, test_input, test_output, 1));
+	ut_assertok(memcmp(exp_output, test_output, 16));
+
+	ut_assertok(dm_aes_cbc_decrypt(dev, test_iv, test_output, test_output, 1));
+	ut_assertok(memcmp(test_input, test_output, 16));
+
+	ut_assertok(dm_aes_cmac(dev, test_input, test_output, 1));
+	ut_assertok(memcmp(exp_cmac, test_output, 16));
+
+	return 0;
+}
+
+DM_TEST(dm_test_aes, UTF_SCAN_FDT);