diff --git a/CHANGELOG.md b/CHANGELOG.md
index dabc23c5aeb..8401642fa9e 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -39,6 +39,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Made `postcard_deserialize`, `postcard_serialize` and
   `postcard_serialize_bytes` private.
 - Changed `&PathBuf` to `&Path` where possible.
+- Put `CounterClient` and `CryptoClient::attest` behind feature flags (enabled
+  by default).
 
 ### Fixed
 
diff --git a/Cargo.toml b/Cargo.toml
index 6084de22824..db144704176 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -60,7 +60,7 @@ serde_cbor = { feature = "0.11.2", features = ["std"] }
 # rand_core = { version = "0.5", features = ["getrandom"] }
 
 [features]
-default = ["default-mechanisms", "clients-5"]
+default = ["default-mechanisms", "default-syscalls", "clients-5"]
 serde-extensions = []
 std = []
 verbose-tests = ["littlefs2/ll-assertions"]
@@ -75,7 +75,6 @@ log-warn = []
 log-error = []
 
 # mechanisms
-# default-mechanisms = ["aes256-cbc", "chacha8-poly1305", "ed255", "hmac-sha256", "p256", "sha256", "trng"]
 default-mechanisms = [
     "aes256-cbc",
     "chacha8-poly1305",
@@ -107,6 +106,11 @@ tdes = ["des"]
 totp = ["sha-1"]
 trng = ["sha-1"]
 
+# syscalls
+default-syscalls = ["counter-client", "crypto-client-attest"]
+counter-client = []
+crypto-client-attest = []
+
 clients-1 = []
 clients-2 = []
 clients-3 = []
diff --git a/src/client.rs b/src/client.rs
index b3456dfd13b..1c9cf1d9c02 100644
--- a/src/client.rs
+++ b/src/client.rs
@@ -305,6 +305,7 @@ pub trait CryptoClient: PollClient {
         })
     }
 
+    #[cfg(feature = "crypto-client-attest")]
     fn attest(
         &mut self,
         signing_mechanism: Mechanism,
@@ -568,6 +569,7 @@ pub trait CryptoClient: PollClient {
 
 /// Create counters, increment existing counters.
 pub trait CounterClient: PollClient {
+    #[cfg(feature = "counter-client")]
     fn create_counter(
         &mut self,
         location: Location,
@@ -575,6 +577,7 @@ pub trait CounterClient: PollClient {
         self.request(request::CreateCounter { location })
     }
 
+    #[cfg(feature = "counter-client")]
     fn increment_counter(
         &mut self,
         id: CounterId,
diff --git a/src/service.rs b/src/service.rs
index 03b88ca97c8..3e8bc3e1f36 100644
--- a/src/service.rs
+++ b/src/service.rs
@@ -150,6 +150,7 @@ impl<P: Platform> ServiceResources<P> {
 
         let keystore = once(|this, ctx| this.keystore(ctx.path.clone()));
         let certstore = once(|this, ctx| this.certstore(ctx));
+        #[cfg(feature = "counter-client")]
         let counterstore = once(|this, ctx| this.counterstore(ctx));
 
         let filestore = &mut self.filestore(ctx.path.clone());
@@ -170,6 +171,7 @@ impl<P: Platform> ServiceResources<P> {
                 }.map(Reply::Agree)
             },
 
+            #[cfg(feature = "crypto-client-attest")]
             Request::Attest(request) => {
                 let mut attn_keystore: ClientKeystore<P::S> = ClientKeystore::new(
                     PathBuf::from("attn"),
@@ -179,6 +181,9 @@ impl<P: Platform> ServiceResources<P> {
                 attest::try_attest(&mut attn_keystore, &mut certstore(self, ctx)?, &mut keystore(self, ctx)?, request).map(Reply::Attest)
             }
 
+            #[cfg(not(feature = "crypto-client-attest"))]
+            Request::Attest(_) => Err(Error::RequestNotAvailable),
+
             Request::Decrypt(request) => {
                 match request.mechanism {
 
@@ -609,16 +614,24 @@ impl<P: Platform> ServiceResources<P> {
                 Ok(Reply::SetCustomStatus(reply::SetCustomStatus {}))
             }
 
+            #[cfg(feature = "counter-client")]
             Request::CreateCounter(request) => {
                 counterstore(self, ctx)?.create(request.location)
                     .map(|id| Reply::CreateCounter(reply::CreateCounter { id } ))
             }
 
+            #[cfg(not(feature = "counter-client"))]
+            Request::CreateCounter(_) => Err(Error::RequestNotAvailable),
+
+            #[cfg(feature = "counter-client")]
             Request::IncrementCounter(request) => {
                 counterstore(self, ctx)?.increment(request.id)
                     .map(|counter| Reply::IncrementCounter(reply::IncrementCounter { counter } ))
             }
 
+            #[cfg(not(feature = "counter-client"))]
+            Request::IncrementCounter(_) => Err(Error::RequestNotAvailable),
+
             Request::DeleteCertificate(request) => {
                  certstore(self, ctx)?.delete_certificate(request.id)
                     .map(|_| Reply::DeleteCertificate(reply::DeleteCertificate {} ))
diff --git a/tests/counter.rs b/tests/counter.rs
index 8c94fc0038f..0e177d2eb1f 100644
--- a/tests/counter.rs
+++ b/tests/counter.rs
@@ -1,4 +1,5 @@
 #![cfg(feature = "virt")]
+#![cfg(feature = "counter-client")]
 
 mod client;
 mod store;