diff --git a/CODEOWNERS b/CODEOWNERS
index c8f24c7e5e75..93aad7cde063 100644
--- a/CODEOWNERS
+++ b/CODEOWNERS
@@ -824,6 +824,7 @@
 /tests/modules/mcuboot/direct_xip/        @nrfconnect/ncs-pluto
 /tests/modules/mcuboot/external_flash/    @nrfconnect/ncs-pluto
 /tests/nrf5340_audio/                     @nrfconnect/ncs-audio @nordic-auko
+/tests/psa_crypto/                        @nrfconnect/ncs-aegir
 /tests/subsys/app_event_manager/          @nrfconnect/ncs-si-muffin @nrfconnect/ncs-si-bluebagel
 /tests/subsys/audio/audio_module_template/ @nrfconnect/ncs-audio
 /tests/subsys/audio_module/               @nrfconnect/ncs-audio
diff --git a/tests/psa_crypto/CMakeLists.txt b/tests/psa_crypto/CMakeLists.txt
new file mode 100644
index 000000000000..1af522ee4413
--- /dev/null
+++ b/tests/psa_crypto/CMakeLists.txt
@@ -0,0 +1,16 @@
+#
+# Copyright (c) 2024 Nordic Semiconductor ASA
+#
+# SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
+#
+
+cmake_minimum_required(VERSION 3.13.1)
+
+find_package(Zephyr REQUIRED HINTS $ENV{ZEPHYR_BASE})
+project(NONE)
+
+FILE(GLOB app_sources src/*.c)
+target_sources(app PRIVATE ${app_sources})
+target_include_directories(app PRIVATE src)
+
+add_subdirectory(tests)
diff --git a/tests/psa_crypto/prj.conf b/tests/psa_crypto/prj.conf
new file mode 100644
index 000000000000..eb5d651f3fe4
--- /dev/null
+++ b/tests/psa_crypto/prj.conf
@@ -0,0 +1,41 @@
+#
+# Copyright (c) 2021-2024 Nordic Semiconductor ASA
+#
+# SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
+#
+
+CONFIG_ZTEST=y
+CONFIG_ZTEST_STACK_SIZE=15360
+
+CONFIG_SYS_CLOCK_TICKS_PER_SEC=1000
+CONFIG_MAIN_STACK_SIZE=8192
+CONFIG_HEAP_MEM_POOL_SIZE=8192
+
+# Enable logging
+CONFIG_CONSOLE=y
+CONFIG_LOG=n
+
+# Enable nordic security backend and PSA APIs
+CONFIG_NRF_SECURITY=y
+CONFIG_MBEDTLS_PSA_CRYPTO_C=y
+CONFIG_PSA_CRYPTO_DRIVER_CRACEN=y
+
+CONFIG_HW_UNIQUE_KEY=y
+CONFIG_HW_UNIQUE_KEY_WRITE_ON_CRYPTO_INIT=y
+
+CONFIG_MBEDTLS_ENABLE_HEAP=y
+CONFIG_MBEDTLS_HEAP_SIZE=8192
+
+CONFIG_PSA_WANT_ECC_TWISTED_EDWARDS_255=y
+CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT=y
+
+CONFIG_PSA_WANT_ALG_ECDSA=y
+CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT=y
+CONFIG_PSA_WANT_ECC_SECP_R1_256=y
+CONFIG_PSA_WANT_ALG_SHA_256=y
+CONFIG_PSA_WANT_ALG_SHA_512=y
+CONFIG_PSA_WANT_KEY_TYPE_AES=y
+CONFIG_PSA_WANT_ALG_PURE_EDDSA=y
+
+CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE=y
+CONFIG_PSA_WANT_GENERATE_RANDOM=y
diff --git a/tests/psa_crypto/src/psa_tests_common.c b/tests/psa_crypto/src/psa_tests_common.c
new file mode 100644
index 000000000000..14baaeecccad
--- /dev/null
+++ b/tests/psa_crypto/src/psa_tests_common.c
@@ -0,0 +1,69 @@
+/*
+ * Copyright (c) 2024 Nordic Semiconductor ASA
+ *
+ * SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
+ */
+
+#include <stdarg.h>
+#include <string.h>
+#include <stdint.h>
+#include <stddef.h>
+#include <zephyr/sys/printk.h>
+
+#include <psa/crypto.h>
+#include <psa/crypto_values.h>
+#include <psa/crypto_extra.h>
+
+#include <zephyr/sys/util.h>
+#include <zephyr/sys_clock.h>
+#include <zephyr/logging/log.h>
+#include <zephyr/ztest.h>
+#include <pm_config.h>
+#include "psa_tests_common.h"
+#include <hw_unique_key.h>
+
+#ifdef CONFIG_BUILD_WITH_TFM
+#include <tfm_ns_interface.h>
+#include <tfm_builtin_key_ids.h>
+#include "cracen_psa_kmu.h"
+#include <tfm_crypto_defs.h>
+#else
+#include <cracen_psa.h>
+#endif
+
+LOG_MODULE_REGISTER(ikg, LOG_LEVEL_INF);
+
+ZTEST_SUITE(test_suite_ikg, NULL, NULL, NULL, NULL, NULL);
+
+static psa_key_id_t key_id;
+
+int crypto_init(void)
+{
+	psa_status_t status;
+
+#if !defined(CONFIG_BUILD_WITH_TFM)
+	if (!hw_unique_key_are_any_written()) {
+		status = hw_unique_key_write_random();
+		if (status != HW_UNIQUE_KEY_SUCCESS) {
+			return status;
+		}
+	}
+#endif
+	status = psa_crypto_init();
+	if (status != PSA_SUCCESS) {
+		return status;
+	}
+	return APP_SUCCESS;
+}
+
+int crypto_finish(void)
+{
+	psa_status_t status;
+
+	status = psa_destroy_key(key_id);
+	if (status != PSA_SUCCESS) {
+		return status;
+	}
+
+	return APP_SUCCESS;
+}
diff --git a/tests/psa_crypto/src/psa_tests_common.h b/tests/psa_crypto/src/psa_tests_common.h
new file mode 100644
index 000000000000..6720a42752bc
--- /dev/null
+++ b/tests/psa_crypto/src/psa_tests_common.h
@@ -0,0 +1,47 @@
+/*
+ * Copyright (c) 2024 Nordic Semiconductor ASA
+ *
+ * SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
+ */
+
+#include <stdio.h>
+#include <stdarg.h>
+#include <stdint.h>
+#include "common.h"
+#include <zephyr/toolchain.h>
+#include <zephyr/sys/util.h>
+#include <zephyr/drivers/entropy.h>
+
+#if defined(CONFIG_ZTEST)
+#include <zephyr/ztest.h>
+#endif
+
+#define APP_SUCCESS		(0)
+#define APP_ERROR		(-1)
+#define APP_SUCCESS_MESSAGE "Example finished successfully!"
+#define APP_ERROR_MESSAGE "Example exited with error!"
+
+#ifndef TEST_MEMCMP
+#define TEST_MEMCMP(x, y, size) ((memcmp(x, y, size) == 0) ? 0 : 1)
+#endif
+
+/**@brief Macro asserting equality.
+ */
+#ifndef TEST_VECTOR_ASSERT_EQUAL
+#define TEST_VECTOR_ASSERT_EQUAL(expected, actual)                             \
+	zassert_equal((expected), (actual),                                    \
+			  "\tAssert values: 0x%04X != -0x%04X", (expected),        \
+			  (-actual))
+#endif
+
+/**@brief Macro asserting inequality.
+ */
+#ifndef TEST_VECTOR_ASSERT_NOT_EQUAL
+#define TEST_VECTOR_ASSERT_NOT_EQUAL(expected, actual)                         \
+	zassert_not_equal((expected), (actual),                                \
+			  "\tAssert values: 0x%04X == -0x%04X", (expected),    \
+			  (-actual))
+#endif
+
+int crypto_finish(void);
+int crypto_init(void);
diff --git a/tests/psa_crypto/testcase.yaml b/tests/psa_crypto/testcase.yaml
new file mode 100644
index 000000000000..224e7f7f251a
--- /dev/null
+++ b/tests/psa_crypto/testcase.yaml
@@ -0,0 +1,11 @@
+tests:
+  crypto.cracen:
+    sysbuild: true
+    platform_allow:
+      - nrf54l15dk/nrf54l15/cpuapp
+      - nrf54l15dk/nrf54l15/cpuapp/ns
+
+    tags: tfm psa_crypto sysbuild ci_tests_tfm
+    integration_platforms:
+      - nrf54l15dk/nrf54l15/cpuapp
+      - nrf54l15dk/nrf54l15/cpuapp/ns
diff --git a/tests/psa_crypto/tests/CMakeLists.txt b/tests/psa_crypto/tests/CMakeLists.txt
new file mode 100644
index 000000000000..b842f480a003
--- /dev/null
+++ b/tests/psa_crypto/tests/CMakeLists.txt
@@ -0,0 +1,13 @@
+#
+# Copyright (c) 2024 Nordic Semiconductor ASA
+#
+# SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
+#
+
+zephyr_include_directories(
+    ${CMAKE_CURRENT_SOURCE_DIR}/../src
+)
+zephyr_sources(test_ikg_identity_key_sign_verify.c)
+zephyr_sources(test_ikg_key_derivation.c)
+zephyr_sources(test_kmu_write.c)
+zephyr_sources(test_kmu_use.c)
diff --git a/tests/psa_crypto/tests/test_ikg_identity_key_sign_verify.c b/tests/psa_crypto/tests/test_ikg_identity_key_sign_verify.c
new file mode 100644
index 000000000000..adce981fa1fe
--- /dev/null
+++ b/tests/psa_crypto/tests/test_ikg_identity_key_sign_verify.c
@@ -0,0 +1,163 @@
+/*
+ * Copyright (c) 2024 Nordic Semiconductor ASA
+ *
+ * SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
+ */
+
+#include <zephyr/ztest.h>
+#include <pm_config.h>
+#include <zephyr/kernel.h>
+#include <zephyr/sys/printk.h>
+#include <zephyr/logging/log.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <psa/crypto.h>
+#include <psa/crypto_values.h>
+#include <psa/crypto_extra.h>
+#include <zephyr/sys/printk.h>
+#include "psa_tests_common.h"
+
+#ifdef CONFIG_BUILD_WITH_TFM
+#include <tfm_ns_interface.h>
+#include <tfm_builtin_key_ids.h>
+#include "cracen_psa_kmu.h"
+static psa_key_id_t identity_key_id = TFM_BUILTIN_KEY_ID_IAK;
+#else
+#include <cracen_psa.h>
+static psa_key_id_t identity_key_id = CRACEN_BUILTIN_IDENTITY_KEY_ID;
+#endif
+
+/* ====================================================================== */
+/*			Global variables/defines for the IKG signing tests		  */
+
+#define NRF_CRYPTO_TEST_IKG_TEXT_SIZE (68)
+#define NRF_CRYPTO_TEST_IKG_SIGNATURE_SIZE (64)
+#define NRF_CRYPTO_EXAMPLE_ECDSA_PUBLIC_KEY_SIZE (65)
+
+
+/* Below text is used as plaintext for signing/verification */
+static uint8_t m_plain_text[NRF_CRYPTO_TEST_IKG_TEXT_SIZE] = {
+	"Example string to demonstrate basic usage of the IKG identity key."
+};
+
+static uint8_t m_pub_key[NRF_CRYPTO_EXAMPLE_ECDSA_PUBLIC_KEY_SIZE];
+static uint8_t m_signature[NRF_CRYPTO_TEST_IKG_SIGNATURE_SIZE];
+static psa_key_handle_t key_handle;
+static psa_key_id_t key_id;
+/* ====================================================================== */
+
+LOG_MODULE_DECLARE(app, LOG_LEVEL_DBG);
+
+int get_identity_key(void)
+{
+	psa_status_t status;
+	psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT;
+	size_t data_length;
+
+	key_handle = mbedtls_svc_key_id_make(0, identity_key_id);
+	psa_key_attributes_t attr = key_attributes;
+
+	status = psa_get_key_attributes(key_handle, &attr);
+	if (status != APP_SUCCESS) {
+		return status;
+	}
+
+	status = psa_export_public_key(key_handle,
+		m_pub_key,
+		sizeof(m_pub_key),
+		&data_length);
+
+	if (status != PSA_SUCCESS) {
+		return status;
+	}
+	return APP_SUCCESS;
+}
+
+int import_ecdsa_pub_key(void)
+{
+	psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT;
+	psa_status_t status;
+
+	psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_VERIFY_MESSAGE);
+	psa_set_key_lifetime(&key_attributes, PSA_KEY_LIFETIME_VOLATILE);
+	psa_set_key_algorithm(&key_attributes, PSA_ALG_ECDSA(PSA_ALG_SHA_256));
+	psa_set_key_type(&key_attributes, PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1));
+	psa_set_key_bits(&key_attributes, 256);
+
+	status = psa_import_key(&key_attributes, m_pub_key, sizeof(m_pub_key), &key_id);
+	if (status != PSA_SUCCESS) {
+		return status;
+	}
+
+	psa_reset_key_attributes(&key_attributes);
+
+	return APP_SUCCESS;
+}
+
+int sign_message(void)
+{
+	uint32_t output_len;
+	psa_status_t status;
+
+	status = psa_sign_message(identity_key_id,
+		PSA_ALG_ECDSA(PSA_ALG_SHA_256),
+		m_plain_text,
+		sizeof(m_plain_text),
+		m_signature,
+		sizeof(m_signature),
+		&output_len);
+
+	if (status != PSA_SUCCESS) {
+		return status;
+	}
+
+	return APP_SUCCESS;
+}
+
+int verify_message(void)
+{
+	psa_status_t status;
+
+	status = psa_verify_message(key_id,
+		PSA_ALG_ECDSA(PSA_ALG_SHA_256),
+		m_plain_text,
+		sizeof(m_plain_text),
+		m_signature,
+		NRF_CRYPTO_TEST_IKG_SIGNATURE_SIZE);
+
+	if (status != PSA_SUCCESS) {
+		return status;
+	}
+
+	return APP_SUCCESS;
+}
+
+int ikg_identity_key_test(void)
+{
+	int status;
+
+	status = crypto_init();
+	TEST_VECTOR_ASSERT_EQUAL(APP_SUCCESS, status);
+
+	status = get_identity_key();
+	TEST_VECTOR_ASSERT_EQUAL(APP_SUCCESS, status);
+
+	status = import_ecdsa_pub_key();
+	TEST_VECTOR_ASSERT_EQUAL(APP_SUCCESS, status);
+
+	status = sign_message();
+	TEST_VECTOR_ASSERT_EQUAL(APP_SUCCESS, status);
+
+	status = verify_message();
+	TEST_VECTOR_ASSERT_EQUAL(APP_SUCCESS, status);
+
+	status = crypto_finish();
+	TEST_VECTOR_ASSERT_EQUAL(APP_SUCCESS, status);
+
+	return status;
+}
+
+ZTEST(test_suite_ikg, ikg_identity_key_test)
+{
+	ikg_identity_key_test();
+}
diff --git a/tests/psa_crypto/tests/test_ikg_key_derivation.c b/tests/psa_crypto/tests/test_ikg_key_derivation.c
new file mode 100644
index 000000000000..e2f9a6a6466b
--- /dev/null
+++ b/tests/psa_crypto/tests/test_ikg_key_derivation.c
@@ -0,0 +1,221 @@
+/*
+ * Copyright (c) 2024 Nordic Semiconductor ASA
+ *
+ * SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
+ */
+
+#include <zephyr/ztest.h>
+#include <pm_config.h>
+#include <zephyr/kernel.h>
+#include <zephyr/logging/log.h>
+#include <string.h>
+#include <stdio.h>
+#include <psa/crypto.h>
+#include <psa/crypto_extra.h>
+#include "psa/crypto_types.h"
+#include "psa/crypto_values.h"
+#include "cracen_psa_kmu.h"
+#include "psa_tests_common.h"
+#include <hw_unique_key.h>
+
+#ifdef CONFIG_BUILD_WITH_TFM
+#include <tfm_crypto_defs.h>
+#include <tfm_builtin_key_ids.h>
+#include "cracen_psa_kmu.h"
+#include "cracen_psa_key_ids.h"
+#define KEYSLOT CRACEN_MKEK_SLOT_NUMBER
+static psa_key_id_t huk_key_id = TFM_BUILTIN_KEY_ID_HUK;
+#else
+#define KEYSLOT HUK_KEYSLOT_MKEK
+#endif /* CONFIG_BUILD_WITH_TFM */
+
+/* ====================================================================== */
+/*			Global variables/defines for the ikg key derivation test	  */
+
+#define ENCRYPT_ALG PSA_ALG_GCM
+#define IV_LEN 12
+#define NRF_CRYPTO_TEST_AES_MAX_TEXT_SIZE (52)
+#define NRF_CRYPTO_TEST_AES_CCM_TAG_LENGTH (16)
+
+static uint8_t m_plain_text[] = "Lorem ipsum dolor sit amet. This will be encrypted.";
+static uint8_t m_encrypted_text[NRF_CRYPTO_TEST_AES_MAX_TEXT_SIZE +  +
+				NRF_CRYPTO_TEST_AES_CCM_TAG_LENGTH];
+static uint8_t m_decrypted_text[NRF_CRYPTO_TEST_AES_MAX_TEXT_SIZE];
+static uint8_t m_additional_data[] = "This will be authenticated";
+static uint32_t output_len;
+static uint8_t iv[IV_LEN];
+static psa_key_id_t key_id;
+/* ====================================================================== */
+
+LOG_MODULE_DECLARE(app, LOG_LEVEL_DBG);
+
+psa_status_t derive_key(psa_key_attributes_t *attributes, uint8_t *key_label,
+			uint32_t label_size, psa_key_id_t *key_id_out)
+{
+	uint8_t key_out[PSA_BITS_TO_BYTES(128)];
+	psa_status_t status;
+	*key_id_out = PSA_KEY_ID_NULL;
+
+#if defined(CONFIG_BUILD_WITH_TFM)
+	psa_key_attributes_t mkek_attr = PSA_KEY_ATTRIBUTES_INIT;
+	psa_key_derivation_operation_t op = PSA_KEY_DERIVATION_OPERATION_INIT;
+
+	psa_set_key_id(&mkek_attr, mbedtls_svc_key_id_make(0, huk_key_id));
+	psa_set_key_type(&mkek_attr, PSA_KEY_TYPE_AES);
+	psa_set_key_lifetime(&mkek_attr,
+			     PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(
+				     PSA_KEY_PERSISTENCE_READ_ONLY, PSA_KEY_LOCATION_CRACEN));
+
+	status = psa_key_derivation_setup(&op, PSA_ALG_SP800_108_COUNTER_CMAC);
+	if (status != PSA_SUCCESS) {
+		return status;
+	}
+	status = psa_key_derivation_input_key(&op, PSA_KEY_DERIVATION_INPUT_SECRET, huk_key_id);
+	if (status != PSA_SUCCESS) {
+		return status;
+	}
+	status = psa_key_derivation_input_bytes(&op, PSA_KEY_DERIVATION_INPUT_LABEL, key_label,
+						   label_size);
+	if (status != PSA_SUCCESS) {
+		return status;
+	}
+	/* Context is optional to use, so it is set to NULL with zero length */
+	status = psa_key_derivation_input_bytes(&op, PSA_KEY_DERIVATION_INPUT_CONTEXT, NULL,
+						   0);
+	if (status != PSA_SUCCESS) {
+		return status;
+	}
+	status = psa_key_derivation_output_bytes(&op, key_out, sizeof(key_out));
+	if (status != PSA_SUCCESS) {
+		return status;
+	}
+		status = psa_import_key(attributes, key_out, sizeof(key_out), &key_id);
+	if (status != PSA_SUCCESS) {
+		return status;
+	}
+
+	*key_id_out = key_id;
+
+#else
+	status = hw_unique_key_derive_key(KEYSLOT, NULL, 0,
+					   key_label, label_size,
+					   key_out, sizeof(key_out));
+	if (status != HW_UNIQUE_KEY_SUCCESS) {
+		return status;
+	}
+
+	status = psa_import_key(attributes, key_out, sizeof(key_out), &key_id);
+	if (status != PSA_SUCCESS) {
+		return status;
+	}
+
+	*key_id_out = key_id;
+
+#endif /* CONFIG_BUILD_WITH_TFM */
+
+	return APP_SUCCESS;
+
+}
+
+int generate_key(void)
+{
+	psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT;
+	uint8_t key_label[] = "IKG derivation sample label";
+	psa_status_t status;
+
+	/* Set the key attributes for the storage key */
+	psa_set_key_usage_flags(&key_attributes,
+			(PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT));
+	psa_set_key_algorithm(&key_attributes, ENCRYPT_ALG);
+	psa_set_key_type(&key_attributes, PSA_KEY_TYPE_AES);
+	psa_set_key_bits(&key_attributes, 128);
+
+	status = derive_key(&key_attributes, key_label, sizeof(key_label) - 1, &key_id);
+	if (status != PSA_SUCCESS) {
+		return status;
+	}
+
+	return APP_SUCCESS;
+
+}
+
+int encrypt_message(void)
+{
+	psa_status_t status;
+
+	status = psa_generate_random(iv, IV_LEN);
+	if (status != PSA_SUCCESS) {
+		return status;
+	}
+
+	status = psa_aead_encrypt(key_id,
+			ENCRYPT_ALG,
+			iv,
+			IV_LEN,
+			m_additional_data,
+			sizeof(m_additional_data),
+			m_plain_text,
+			sizeof(m_plain_text),
+			m_encrypted_text,
+			sizeof(m_encrypted_text),
+			&output_len);
+
+	if (status != PSA_SUCCESS) {
+		LOG_DBG("psa_aead_encrypt returned error: %d", status);
+		return status;
+	}
+	return APP_SUCCESS;
+}
+
+int decrypt_message(void)
+{
+	psa_status_t status;
+	uint32_t output_len;
+
+	status = psa_aead_decrypt(key_id,
+		ENCRYPT_ALG,
+		iv,
+		IV_LEN,
+		m_additional_data,
+		sizeof(m_additional_data),
+		m_encrypted_text,
+		sizeof(m_encrypted_text),
+		m_decrypted_text,
+		sizeof(m_decrypted_text),
+		&output_len);
+
+	if (status != PSA_SUCCESS) {
+		LOG_INF("Status is %d", status);
+		return status;
+	}
+	return APP_SUCCESS;
+
+}
+
+
+int ikg_key_derivation_test(void)
+{
+	int status;
+
+	status = crypto_init();
+	TEST_VECTOR_ASSERT_EQUAL(APP_SUCCESS, status);
+
+	status = generate_key();
+	TEST_VECTOR_ASSERT_EQUAL(APP_SUCCESS, status);
+
+	status = encrypt_message();
+	TEST_VECTOR_ASSERT_EQUAL(APP_SUCCESS, status);
+
+	status = decrypt_message();
+	TEST_VECTOR_ASSERT_EQUAL(APP_SUCCESS, status);
+
+	status = crypto_finish();
+	TEST_VECTOR_ASSERT_EQUAL(APP_SUCCESS, status);
+
+	return status;
+}
+
+ZTEST(test_suite_ikg, ikg_key_derivation_test)
+{
+	ikg_key_derivation_test();
+}
diff --git a/tests/psa_crypto/tests/test_kmu_use.c b/tests/psa_crypto/tests/test_kmu_use.c
new file mode 100644
index 000000000000..74373a51ef91
--- /dev/null
+++ b/tests/psa_crypto/tests/test_kmu_use.c
@@ -0,0 +1,108 @@
+/*
+ * Copyright (c) 2024 Nordic Semiconductor ASA
+ *
+ * SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
+ */
+#include <zephyr/ztest.h>
+#include <pm_config.h>
+#include <zephyr/kernel.h>
+#include <zephyr/sys/printk.h>
+#include <zephyr/logging/log.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <psa/crypto.h>
+#include <psa/crypto_extra.h>
+#include "cracen_psa_kmu.h"
+#include "psa_tests_common.h"
+
+#ifdef CONFIG_BUILD_WITH_TFM
+#include <tfm_ns_interface.h>
+#endif
+
+LOG_MODULE_DECLARE(app, LOG_LEVEL_DBG);
+
+/* ====================================================================== */
+/*			Global variables/defines for the IKG encryption sample		  */
+#define NRF_CRYPTO_EXAMPLE_EDDSA_TEXT_SIZE (100)
+#define NRF_CRYPTO_EXAMPLE_EDDSA_SIGNATURE_SIZE (64)
+#define KMU_SLOT_NUM 125
+
+/* Below text is used as plaintext for signing/verification */
+static uint8_t m_plain_text[NRF_CRYPTO_EXAMPLE_EDDSA_TEXT_SIZE] = {
+	"Example string to demonstrate basic usage of EDDSA."
+};
+
+/* Below signature is pregenerated for use with verifying the message */
+static uint8_t m_signature[NRF_CRYPTO_EXAMPLE_EDDSA_SIGNATURE_SIZE] = {
+	0x81, 0xf5, 0x22, 0xd3, 0xa1, 0x6d, 0x26, 0x0d, 0xc8, 0xc4, 0xd6, 0xbd, 0x51,
+	0xf0, 0xf8, 0x46, 0x09, 0xdc, 0x00, 0x85, 0x60, 0x56, 0x99, 0xbd, 0xc3, 0x97,
+	0x5e, 0xa6, 0x6f, 0x7d, 0x0c, 0x97, 0xd9, 0xeb, 0xf0, 0x1c, 0xeb, 0xff, 0xbd,
+	0x6f, 0x16, 0x7b, 0xa8, 0x58, 0x7f, 0xc2, 0x86, 0xbb, 0x5e, 0x8d, 0x46, 0xef,
+	0xf0, 0x58, 0x41, 0xe5, 0xac, 0x42, 0x2c, 0xd1, 0xed, 0x29, 0x74, 0x0e
+};
+static psa_key_handle_t key_handle;
+/* ====================================================================== */
+
+
+int get_eddsa_pub_key(void)
+{
+	/* Configure the key attributes */
+	psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT;
+	psa_status_t status;
+
+	key_handle = PSA_KEY_HANDLE_FROM_CRACEN_KMU_SLOT(
+		CRACEN_KMU_KEY_USAGE_SCHEME_RAW, KMU_SLOT_NUM);
+
+	psa_key_attributes_t attr = PSA_KEY_ATTRIBUTES_INIT;
+
+	status = psa_get_key_attributes(key_handle, &attr);
+	if (status != PSA_SUCCESS) {
+		return status;
+	}
+
+	/* Reset key attributes and free any allocated resources. */
+	psa_reset_key_attributes(&key_attributes);
+
+	return APP_SUCCESS;
+}
+
+int verify_message_kmu(void)
+{
+	psa_status_t status;
+
+	status = get_eddsa_pub_key();
+	if (status != PSA_SUCCESS) {
+		return status;
+	}
+
+	/* Verify the signature of the message */
+	status = psa_verify_message(key_handle,
+		PSA_ALG_PURE_EDDSA,
+		m_plain_text,
+		sizeof(m_plain_text),
+		m_signature,
+		NRF_CRYPTO_EXAMPLE_EDDSA_SIGNATURE_SIZE);
+	if (status != PSA_SUCCESS) {
+		return status;
+	}
+
+	return APP_SUCCESS;
+}
+
+int kmu_use(void)
+{
+	int status;
+
+	status = crypto_init();
+	TEST_VECTOR_ASSERT_EQUAL(APP_SUCCESS, status);
+
+	status = verify_message_kmu();
+	TEST_VECTOR_ASSERT_EQUAL(APP_SUCCESS, status);
+
+	return status;
+}
+
+ZTEST(test_suite_ikg, kmu_test_2_use)
+{
+	kmu_use();
+}
diff --git a/tests/psa_crypto/tests/test_kmu_write.c b/tests/psa_crypto/tests/test_kmu_write.c
new file mode 100644
index 000000000000..8d9516a6bd19
--- /dev/null
+++ b/tests/psa_crypto/tests/test_kmu_write.c
@@ -0,0 +1,81 @@
+/*
+ * Copyright (c) 2024 Nordic Semiconductor ASA
+ *
+ * SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
+ */
+#include <zephyr/ztest.h>
+#include <pm_config.h>
+#include "psa/crypto_types.h"
+#include "psa/crypto_values.h"
+#include "cracen_psa_kmu.h"
+#include <zephyr/kernel.h>
+#include <zephyr/sys/printk.h>
+#include <zephyr/logging/log.h>
+#include <stdio.h>
+#include <psa/crypto.h>
+#include <psa/crypto_extra.h>
+#include "psa_tests_common.h"
+
+#ifdef CONFIG_BUILD_WITH_TFM
+#include <tfm_ns_interface.h>
+#endif
+
+LOG_MODULE_DECLARE(app, LOG_LEVEL_DBG);
+/* ====================================================================== */
+/*			Global variables/defines for the kmu write test				  */
+
+static psa_key_handle_t key_handle;
+#define KMU_SLOT_NUM 125
+/*
+ *This is a sample public key for testing purposes only.
+ *Uses sample key to ensure key generation is causing issues.
+ */
+static uint8_t m_pub_key[32] = {
+	0x29, 0x06, 0xA6, 0xA5, 0x5F, 0x9E, 0xB0, 0x5E,
+	0x19, 0xC0, 0x41, 0xB8, 0x58, 0xB1, 0xB9, 0x5D,
+	0x51, 0xA3, 0xD9, 0x3F, 0x4D, 0x29, 0x0D, 0x86,
+	0xBE, 0x7C, 0x96, 0xD6, 0x2D, 0x3B, 0xB2, 0x5E};
+
+/* ====================================================================== */
+
+int write_key_to_kmu(void)
+{
+	psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT;
+	psa_status_t status;
+
+	psa_set_key_usage_flags(&key_attributes,
+		PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH);
+	psa_set_key_algorithm(&key_attributes, PSA_ALG_PURE_EDDSA);
+	psa_set_key_type(&key_attributes,
+			 PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_TWISTED_EDWARDS));
+	psa_set_key_bits(&key_attributes, 255);
+	psa_set_key_lifetime(&key_attributes,
+				 PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(
+					 PSA_KEY_PERSISTENCE_DEFAULT, PSA_KEY_LOCATION_CRACEN_KMU));
+	psa_set_key_id(&key_attributes,
+		PSA_KEY_HANDLE_FROM_CRACEN_KMU_SLOT(CRACEN_KMU_KEY_USAGE_SCHEME_RAW, KMU_SLOT_NUM));
+
+	status = psa_import_key(&key_attributes, m_pub_key, sizeof(m_pub_key), &key_handle);
+	if (status != PSA_SUCCESS) {
+		return APP_ERROR;
+	}
+	return APP_SUCCESS;
+}
+
+int kmu_write(void)
+{
+	psa_status_t status;
+
+	status = crypto_init();
+	TEST_VECTOR_ASSERT_EQUAL(APP_SUCCESS, status);
+
+	status = write_key_to_kmu();
+	TEST_VECTOR_ASSERT_EQUAL(APP_SUCCESS, status);
+
+	return status;
+}
+
+ZTEST(test_suite_ikg, kmu_test_1_write)
+{
+	kmu_write();
+}