diff --git a/src/crypto/BUILD.gn b/src/crypto/BUILD.gn
index d1751178f33115..6df86dbdf6b8cc 100644
--- a/src/crypto/BUILD.gn
+++ b/src/crypto/BUILD.gn
@@ -87,6 +87,7 @@ static_library("crypto") {
 
   if (chip_with_se05x == 1) {
     sources += [ "hsm/nxp/CHIPCryptoPALHsm_SE05X_Spake2p.cpp" ]
+    sources += [ "hsm/nxp/CHIPCryptoPALHsm_SE05X_P256.cpp" ]
     sources += [ "hsm/nxp/CHIPCryptoPALHsm_SE05X_utils.cpp" ]
     public_deps += [ "${chip_root}/third_party/simw-top-mini:se05x" ]
     public_configs += [ "${chip_root}/third_party/simw-top-mini:se05x_config" ]
diff --git a/src/crypto/CHIPCryptoPAL.h b/src/crypto/CHIPCryptoPAL.h
index 1bd00bb9e9116c..a62eec9fb86e4a 100644
--- a/src/crypto/CHIPCryptoPAL.h
+++ b/src/crypto/CHIPCryptoPAL.h
@@ -243,17 +243,17 @@ class P256Keypair : public ECPKeypair<P256PublicKey, P256ECDHDerivedSecret, P256
     /** @brief Initialize the keypair.
      * @return Returns a CHIP_ERROR on error, CHIP_NO_ERROR otherwise
      **/
-    CHIP_ERROR Initialize();
+    virtual CHIP_ERROR Initialize();
 
     /** @brief Serialize the keypair.
      * @return Returns a CHIP_ERROR on error, CHIP_NO_ERROR otherwise
      **/
-    CHIP_ERROR Serialize(P256SerializedKeypair & output);
+    virtual CHIP_ERROR Serialize(P256SerializedKeypair & output);
 
     /** @brief Deserialize the keypair.
      * @return Returns a CHIP_ERROR on error, CHIP_NO_ERROR otherwise
      **/
-    CHIP_ERROR Deserialize(P256SerializedKeypair & input);
+    virtual CHIP_ERROR Deserialize(P256SerializedKeypair & input);
 
     /** @brief Generate a new Certificate Signing Request (CSR).
      * @param csr Newly generated CSR
@@ -271,7 +271,7 @@ class P256Keypair : public ECPKeypair<P256PublicKey, P256ECDHDerivedSecret, P256
      *represented as ASN.1 DER integers, plus the ASN.1 sequence Header
      * @return Returns a CHIP_ERROR on error, CHIP_NO_ERROR otherwise
      **/
-    CHIP_ERROR ECDSA_sign_msg(const uint8_t * msg, size_t msg_length, P256ECDSASignature & out_signature) override;
+    virtual CHIP_ERROR ECDSA_sign_msg(const uint8_t * msg, size_t msg_length, P256ECDSASignature & out_signature) override;
 
     /**
      * @brief A function to sign a hash using ECDSA
@@ -281,7 +281,7 @@ class P256Keypair : public ECPKeypair<P256PublicKey, P256ECDHDerivedSecret, P256
      *represented as ASN.1 DER integers, plus the ASN.1 sequence Header
      * @return Returns a CHIP_ERROR on error, CHIP_NO_ERROR otherwise
      **/
-    CHIP_ERROR ECDSA_sign_hash(const uint8_t * hash, size_t hash_length, P256ECDSASignature & out_signature) override;
+    virtual CHIP_ERROR ECDSA_sign_hash(const uint8_t * hash, size_t hash_length, P256ECDSASignature & out_signature) override;
 
     /** @brief A function to derive a shared secret using ECDH
      * @param remote_public_key Public key of remote peer with which we are trying to establish secure channel. remote_public_key is
@@ -290,7 +290,7 @@ class P256Keypair : public ECPKeypair<P256PublicKey, P256ECDHDerivedSecret, P256
      * @param out_secret Buffer to write out secret into. This is a byte array representing the x coordinate of the shared secret.
      * @return Returns a CHIP_ERROR on error, CHIP_NO_ERROR otherwise
      **/
-    CHIP_ERROR ECDH_derive_secret(const P256PublicKey & remote_public_key, P256ECDHDerivedSecret & out_secret) const override;
+    virtual CHIP_ERROR ECDH_derive_secret(const P256PublicKey & remote_public_key, P256ECDHDerivedSecret & out_secret) const override;
 
     /** @brief Return public key for the keypair.
      **/
diff --git a/src/crypto/hsm/CHIPCryptoPALHsm.h b/src/crypto/hsm/CHIPCryptoPALHsm.h
index 0709f4646fcdb2..1679204e6b7ce5 100644
--- a/src/crypto/hsm/CHIPCryptoPALHsm.h
+++ b/src/crypto/hsm/CHIPCryptoPALHsm.h
@@ -30,7 +30,6 @@
 #endif
 
 #if ((ENABLE_HSM_SPAKE_VERIFIER) || (ENABLE_HSM_SPAKE_PROVER))
-
 typedef struct hsm_pake_context_s
 {
     uint8_t spake_context[32];
@@ -39,10 +38,15 @@ typedef struct hsm_pake_context_s
     SE05x_CryptoObjectID_t spake_objId;
 #endif
 } hsm_pake_context_t;
+#endif //#if ((ENABLE_HSM_SPAKE_VERIFIER) || (ENABLE_HSM_SPAKE_PROVER))
 
 namespace chip {
 namespace Crypto {
 
+
+#if ((ENABLE_HSM_SPAKE_VERIFIER) || (ENABLE_HSM_SPAKE_PROVER))
+/* Spake HSM class */
+
 class Spake2pHSM_P256_SHA256_HKDF_HMAC : public Spake2p_P256_SHA256_HKDF_HMAC
 {
 public:
@@ -50,30 +54,69 @@ class Spake2pHSM_P256_SHA256_HKDF_HMAC : public Spake2p_P256_SHA256_HKDF_HMAC
 
     ~Spake2pHSM_P256_SHA256_HKDF_HMAC() {}
 
-    CHIP_ERROR Init(const uint8_t * context, size_t context_len);
+    CHIP_ERROR Init(const uint8_t * context, size_t context_len) override;
 
 #if ENABLE_HSM_SPAKE_VERIFIER
     CHIP_ERROR BeginVerifier(const uint8_t * my_identity, size_t my_identity_len, const uint8_t * peer_identity,
-                             size_t peer_identity_len, const uint8_t * w0in, size_t w0in_len, const uint8_t * Lin, size_t Lin_len);
+                             size_t peer_identity_len, const uint8_t * w0in, size_t w0in_len, const uint8_t * Lin, size_t Lin_len) override;
 #endif
 
 #if ENABLE_HSM_SPAKE_PROVER
     CHIP_ERROR BeginProver(const uint8_t * my_identity, size_t my_identity_len, const uint8_t * peer_identity,
-                           size_t peer_identity_len, const uint8_t * w0in, size_t w0in_len, const uint8_t * w1in, size_t w1in_len);
+                           size_t peer_identity_len, const uint8_t * w0in, size_t w0in_len, const uint8_t * w1in, size_t w1in_len) override;
 #endif
 
-    CHIP_ERROR ComputeRoundOne(const uint8_t * pab, size_t pab_len, uint8_t * out, size_t * out_len);
+    CHIP_ERROR ComputeRoundOne(const uint8_t * pab, size_t pab_len, uint8_t * out, size_t * out_len) override;
 
-    CHIP_ERROR ComputeRoundTwo(const uint8_t * in, size_t in_len, uint8_t * out, size_t * out_len);
+    CHIP_ERROR ComputeRoundTwo(const uint8_t * in, size_t in_len, uint8_t * out, size_t * out_len) override;
 
-    CHIP_ERROR KeyConfirm(const uint8_t * in, size_t in_len);
+    CHIP_ERROR KeyConfirm(const uint8_t * in, size_t in_len) override;
 
     hsm_pake_context_t hsm_pake_context;
 };
 
+#endif //#if ((ENABLE_HSM_SPAKE_VERIFIER) || (ENABLE_HSM_SPAKE_PROVER))
+
+
+#if ENABLE_HSM_GENERATE_EC_KEY
+/* Nist256 Key pair HSM class */
+
+class P256KeypairHSM : public P256Keypair
+{
+public:
+    P256KeypairHSM()
+    {
+        provisioned_key = false;
+        keyid = 0;
+    }
+
+    ~P256KeypairHSM();
+
+    virtual CHIP_ERROR Initialize() override;
+
+    virtual CHIP_ERROR Serialize(P256SerializedKeypair & output) override;
+
+    virtual CHIP_ERROR Deserialize(P256SerializedKeypair & input) override;
+
+    virtual CHIP_ERROR ECDSA_sign_msg(const uint8_t * msg, size_t msg_length, P256ECDSASignature & out_signature) override;
+
+    virtual CHIP_ERROR ECDSA_sign_hash(const uint8_t * hash, size_t hash_length, P256ECDSASignature & out_signature) override;
+
+    virtual CHIP_ERROR ECDH_derive_secret(const P256PublicKey & remote_public_key, P256ECDHDerivedSecret & out_secret) const override;
+
+    bool provisioned_key;
+
+    void SetKeyId(int id) { keyid = id; }
+
+    int GetKeyId( void ) { return keyid; }
+
+private:
+
+    int keyid;
+};
+#endif //#if ENABLE_HSM_GENERATE_EC_KEY
+
 } // namespace Crypto
 } // namespace chip
 
-#endif //#if ((ENABLE_HSM_SPAKE_VERIFIER) || (ENABLE_HSM_SPAKE_PROVER))
-
 #endif //#ifndef _CHIP_CRYPTO_PAL_HSM_H_
diff --git a/src/crypto/hsm/CHIPCryptoPALHsm_config.h b/src/crypto/hsm/CHIPCryptoPALHsm_config.h
index 390019270f6635..e60980221e5828 100644
--- a/src/crypto/hsm/CHIPCryptoPALHsm_config.h
+++ b/src/crypto/hsm/CHIPCryptoPALHsm_config.h
@@ -33,8 +33,18 @@
  */
 #define ENABLE_HSM_SPAKE_PROVER 1
 
+/*
+ * Enable HSM for Generate EC Key
+ */
+#define ENABLE_HSM_GENERATE_EC_KEY 0
+
+
 #if ((CHIP_CRYPTO_HSM) && ((ENABLE_HSM_SPAKE_VERIFIER) || (ENABLE_HSM_SPAKE_PROVER)))
 #define ENABLE_HSM_SPAKE
 #endif
 
+#if ((CHIP_CRYPTO_HSM) && (ENABLE_HSM_GENERATE_EC_KEY))
+#define ENABLE_HSM_EC_KEY
+#endif
+
 #endif //#ifndef _CHIP_CRYPTO_PAL_HSM_CONFIG_H_
diff --git a/src/crypto/hsm/nxp/CHIPCryptoPALHsm_SE05X_P256.cpp b/src/crypto/hsm/nxp/CHIPCryptoPALHsm_SE05X_P256.cpp
new file mode 100644
index 00000000000000..52d15bd7379dd3
--- /dev/null
+++ b/src/crypto/hsm/nxp/CHIPCryptoPALHsm_SE05X_P256.cpp
@@ -0,0 +1,311 @@
+/*
+ *
+ *    Copyright (c) 2020 Project CHIP Authors
+ *
+ *    Licensed under the Apache License, Version 2.0 (the "License");
+ *    you may not use this file except in compliance with the License.
+ *    You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *    Unless required by applicable law or agreed to in writing, software
+ *    distributed under the License is distributed on an "AS IS" BASIS,
+ *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *    See the License for the specific language governing permissions and
+ *    limitations under the License.
+ */
+
+/**
+ *    @file
+ *      HSM based implementation of CHIP crypto primitives
+ *      Based on configurations in CHIPCryptoPALHsm_config.h file,
+ *      chip crypto apis use either HSM or rollback to software implementation.
+ */
+
+#include "CHIPCryptoPALHsm_SE05X_utils.h"
+
+#define MAX_SHA_ONE_SHOT_DATA_LEN   900
+#define NIST256_HEADER_OFFSET       26
+
+namespace chip {
+namespace Crypto {
+
+P256KeypairHSM::~P256KeypairHSM()
+{
+    if (keyid != 0) {
+        if (provisioned_key == false) {
+            ChipLogDetail(Crypto, "Deleting key with id - %x !", keyid);
+            se05x_delete_key(keyid);
+        }
+        else {
+            ChipLogDetail(Crypto, "Provisioned key ! Not deleting key in HSM");
+        }
+    }
+}
+
+CHIP_ERROR P256KeypairHSM::Initialize()
+{
+    CHIP_ERROR error       = CHIP_ERROR_INTERNAL;
+    sss_status_t status    = kStatus_SSS_Success;
+    sss_object_t keyObject = { 0 };
+    uint8_t pubkey[128]    = {0,};
+    size_t pubKeyLen       = sizeof(pubkey);
+    size_t pbKeyBitLen     = sizeof(pubkey) * 8;
+
+    if (keyid == 0) {
+        ChipLogDetail(Crypto, "Keyid not set !. Set key id using 'SetKeyId' member class !");
+        goto exit;
+    }
+
+    se05x_sessionOpen();
+
+    status = sss_key_object_init(&keyObject, &gex_sss_chip_ctx.ks);
+    VerifyOrExit(status == kStatus_SSS_Success, error = CHIP_ERROR_INTERNAL);
+
+    if (provisioned_key == false) {
+
+        status = sss_key_object_allocate_handle(&keyObject, keyid, kSSS_KeyPart_Pair, kSSS_CipherType_EC_NIST_P, 256,
+                                                kKeyObject_Mode_Transient);
+        VerifyOrExit(status == kStatus_SSS_Success, error = CHIP_ERROR_INTERNAL);
+
+        ChipLogDetail(Crypto, "Creating Nist256 key on SE05X !");
+
+        status = sss_key_store_generate_key(&gex_sss_chip_ctx.ks, &keyObject, 256, 0);
+        VerifyOrExit(status == kStatus_SSS_Success, error = CHIP_ERROR_INTERNAL);
+    }
+    else {
+
+        // if the key is provisioned already, only get the public key,
+        // and set it in public key member of this class.
+        ChipLogDetail(Crypto, "Provisioned key ! Not creating key in HSM");
+
+        status = sss_key_object_get_handle(&keyObject, keyid);
+        VerifyOrExit(status == kStatus_SSS_Success, error = CHIP_ERROR_INTERNAL);
+    }
+
+    status = sss_key_store_get_key(&gex_sss_chip_ctx.ks, &keyObject, pubkey, &pubKeyLen, &pbKeyBitLen);
+    VerifyOrExit(status == kStatus_SSS_Success, error = CHIP_ERROR_INTERNAL);
+
+    {
+        /* Set the public key */
+        const P256PublicKey & public_key = Pubkey();
+        VerifyOrExit(pubKeyLen > NIST256_HEADER_OFFSET, error = CHIP_ERROR_INTERNAL);
+        VerifyOrExit( (pubKeyLen - NIST256_HEADER_OFFSET) <= kP256_PublicKey_Length, error = CHIP_ERROR_INTERNAL);
+        memcpy((void*)Uint8::to_const_uchar(public_key), pubkey + NIST256_HEADER_OFFSET, pubKeyLen - NIST256_HEADER_OFFSET);
+    }
+
+    error = CHIP_NO_ERROR;
+exit:
+    return error;
+}
+
+
+CHIP_ERROR P256KeypairHSM::ECDSA_sign_msg(const uint8_t * msg, size_t msg_length, P256ECDSASignature & out_signature)
+{
+    CHIP_ERROR error           = CHIP_ERROR_INTERNAL;
+    sss_digest_t digest_ctx    = { 0 };
+    sss_asymmetric_t asymm_ctx = { 0 };
+    uint8_t hash[32]           = { 0,};
+    size_t hashLen             = sizeof(hash);
+    sss_status_t status    = kStatus_SSS_Success;
+    sss_object_t keyObject = { 0 };
+    size_t siglen = out_signature.Capacity();
+
+    VerifyOrExit(msg != nullptr, error = CHIP_ERROR_INVALID_ARGUMENT);
+    VerifyOrExit(msg_length > 0, error = CHIP_ERROR_INVALID_ARGUMENT);
+    VerifyOrExit(out_signature != nullptr, error = CHIP_ERROR_INVALID_ARGUMENT);
+    VerifyOrExit(keyid != 0, error = CHIP_ERROR_HSM);
+
+    ChipLogDetail(Crypto, "ECDSA_sign_msg: Using SE05X for Ecc Sign!");
+
+    se05x_sessionOpen();
+
+    status = sss_digest_context_init(&digest_ctx, &gex_sss_chip_ctx.session, kAlgorithm_SSS_SHA256, kMode_SSS_Digest);
+    VerifyOrExit(status == kStatus_SSS_Success, error = CHIP_ERROR_INTERNAL);
+
+    if (msg_length <= MAX_SHA_ONE_SHOT_DATA_LEN)
+    {
+        status = sss_digest_one_go(&digest_ctx, msg, msg_length, hash, &hashLen);
+        VerifyOrExit(status == kStatus_SSS_Success, error = CHIP_ERROR_INTERNAL);
+    }
+    else
+    {
+        /* Calculate SHA using multistep calls */
+        size_t datalenTemp = 0;
+        size_t rem_len     = msg_length;
+
+        status = sss_digest_init(&digest_ctx);
+        VerifyOrExit(status == kStatus_SSS_Success, error = CHIP_ERROR_INTERNAL);
+
+        while (rem_len > 0)
+        {
+            datalenTemp = (rem_len > MAX_SHA_ONE_SHOT_DATA_LEN) ? MAX_SHA_ONE_SHOT_DATA_LEN : rem_len;
+            status      = sss_digest_update(&digest_ctx, (msg + (msg_length - rem_len)), datalenTemp);
+            VerifyOrExit(status == kStatus_SSS_Success, error = CHIP_ERROR_INTERNAL);
+            rem_len = rem_len - datalenTemp;
+        }
+
+        status = sss_digest_finish(&digest_ctx, hash, &hashLen);
+        VerifyOrExit(status == kStatus_SSS_Success, error = CHIP_ERROR_INTERNAL);
+    }
+
+    status = sss_key_object_init(&keyObject, &gex_sss_chip_ctx.ks);
+    VerifyOrExit(status == kStatus_SSS_Success, error = CHIP_ERROR_INTERNAL);
+
+    status = sss_key_object_get_handle(&keyObject, keyid);
+    VerifyOrExit(status == kStatus_SSS_Success, error = CHIP_ERROR_INTERNAL);
+
+    status =
+        sss_asymmetric_context_init(&asymm_ctx, &gex_sss_chip_ctx.session, &keyObject, kAlgorithm_SSS_SHA256, kMode_SSS_Sign);
+    VerifyOrExit(status == kStatus_SSS_Success, error = CHIP_ERROR_INTERNAL);
+
+    status = sss_asymmetric_sign_digest(&asymm_ctx, hash, hashLen, Uint8::to_uchar(out_signature), &siglen);
+    VerifyOrExit(status == kStatus_SSS_Success, error = CHIP_ERROR_INTERNAL);
+
+    SuccessOrExit(out_signature.SetLength(siglen));
+
+    error = CHIP_NO_ERROR;
+exit:
+    if (asymm_ctx.session != NULL)
+    {
+        sss_asymmetric_context_free(&asymm_ctx);
+    }
+    if (digest_ctx.session != NULL)
+    {
+        sss_digest_context_free(&digest_ctx);
+    }
+    return error;
+}
+
+
+CHIP_ERROR P256KeypairHSM::ECDSA_sign_hash(const uint8_t * hash, size_t hash_length, P256ECDSASignature & out_signature)
+{
+    CHIP_ERROR error           = CHIP_ERROR_INTERNAL;
+    sss_asymmetric_t asymm_ctx = { 0 };
+    sss_status_t status    = kStatus_SSS_Success;
+    sss_object_t keyObject = { 0 };
+    size_t siglen = out_signature.Capacity();
+
+    VerifyOrExit(hash != nullptr, error = CHIP_ERROR_INVALID_ARGUMENT);
+    VerifyOrExit(hash_length > 0, error = CHIP_ERROR_INVALID_ARGUMENT);
+    VerifyOrExit(out_signature != nullptr, error = CHIP_ERROR_INVALID_ARGUMENT);
+    VerifyOrExit(keyid != 0, error = CHIP_ERROR_HSM);
+
+    ChipLogDetail(Crypto, "ECDSA_sign_hash: Using SE05X for Ecc Sign!");
+
+    se05x_sessionOpen();
+
+    status = sss_key_object_init(&keyObject, &gex_sss_chip_ctx.ks);
+    VerifyOrExit(status == kStatus_SSS_Success, error = CHIP_ERROR_INTERNAL);
+
+    status = sss_key_object_get_handle(&keyObject, keyid);
+    VerifyOrExit(status == kStatus_SSS_Success, error = CHIP_ERROR_INTERNAL);
+
+    status =
+        sss_asymmetric_context_init(&asymm_ctx, &gex_sss_chip_ctx.session, &keyObject, kAlgorithm_SSS_SHA256, kMode_SSS_Sign);
+    VerifyOrExit(status == kStatus_SSS_Success, error = CHIP_ERROR_INTERNAL);
+
+    status = sss_asymmetric_sign_digest(&asymm_ctx, (uint8_t*)hash, hash_length, Uint8::to_uchar(out_signature), &siglen);
+    VerifyOrExit(status == kStatus_SSS_Success, error = CHIP_ERROR_INTERNAL);
+
+    SuccessOrExit(out_signature.SetLength(siglen));
+
+    error = CHIP_NO_ERROR;
+exit:
+    if (asymm_ctx.session != NULL)
+    {
+        sss_asymmetric_context_free(&asymm_ctx);
+    }
+
+    return error;
+}
+
+CHIP_ERROR P256KeypairHSM::Serialize(P256SerializedKeypair & output)
+{
+    CHIP_ERROR error = CHIP_ERROR_INTERNAL;
+    size_t len       = output.Length() == 0 ? output.Capacity() : output.Length();
+    Encoding::BufferWriter bbuf(output, len);
+    uint8_t privkey[kP256_PrivateKey_Length];
+
+    {
+        /* Set the public key */
+        const P256PublicKey & public_key = Pubkey();
+        bbuf.Put((void*)Uint8::to_const_uchar(public_key), public_key.Length());
+    }
+
+    VerifyOrExit(bbuf.Available() == sizeof(privkey), error = CHIP_ERROR_INTERNAL);
+
+    /* When HSM is used for ECC key generation, store key info in private key buffer */
+    privkey[0] = (uint8_t)(keyid >> 24) & 0xFF;
+    privkey[1] = (uint8_t)(keyid >> 16) & 0xFF;
+    privkey[2] = (uint8_t)(keyid >> 8) & 0xFF;
+    privkey[3] = (uint8_t) keyid & 0xFF;
+
+    bbuf.Put(privkey, sizeof(privkey));
+    VerifyOrExit(bbuf.Fit(), error = CHIP_ERROR_BUFFER_TOO_SMALL);
+
+    output.SetLength(bbuf.Needed());
+
+    error = CHIP_NO_ERROR;
+exit:
+    return error;
+}
+
+CHIP_ERROR P256KeypairHSM::Deserialize(P256SerializedKeypair & input)
+{
+    CHIP_ERROR error = CHIP_ERROR_INTERNAL;
+
+    /* Set the public key */
+    const P256PublicKey & public_key = Pubkey();
+    Encoding::BufferWriter bbuf((uint8_t*)Uint8::to_const_uchar(public_key), public_key.Length());
+
+    VerifyOrExit(input.Length() == public_key.Length() + kP256_PrivateKey_Length, error = CHIP_ERROR_INVALID_ARGUMENT);
+    bbuf.Put((const uint8_t *) input, public_key.Length());
+
+    /* Set private key info */
+    VerifyOrExit(bbuf.Fit(), error = CHIP_ERROR_NO_MEMORY);
+    {
+        const uint8_t * privkey = Uint8::to_const_uchar(input) + public_key.Length();
+        /* When HSM is used for ECC key generation, key info in stored in private key buffer */
+        keyid = privkey[3] | privkey[2] << 8 | privkey[1] << 16 | privkey[0] << 24;
+    }
+
+    error = CHIP_NO_ERROR;
+exit:
+    return error;
+}
+
+CHIP_ERROR P256KeypairHSM::ECDH_derive_secret(const P256PublicKey & remote_public_key, P256ECDHDerivedSecret & out_secret) const
+{
+    CHIP_ERROR error = CHIP_ERROR_INTERNAL;
+    const uint8_t *rem_pubKey = NULL;
+    size_t rem_pubKeyLen = 0;
+    size_t secret_length = (out_secret.Length() == 0) ? out_secret.Capacity() : out_secret.Length();
+    smStatus_t smstatus = SM_NOT_OK;
+
+    VerifyOrExit(keyid != 0, error = CHIP_ERROR_HSM);
+
+    ChipLogDetail(Crypto, "ECDH_derive_secret: Using SE05X for ECDH !");
+
+    se05x_sessionOpen();
+
+    rem_pubKey = Uint8::to_const_uchar(remote_public_key);
+    rem_pubKeyLen = remote_public_key.Length();
+
+    VerifyOrExit(rem_pubKey != nullptr, error = CHIP_ERROR_INVALID_ARGUMENT);
+    VerifyOrExit(out_secret != nullptr, error = CHIP_ERROR_INVALID_ARGUMENT);
+    VerifyOrExit(gex_sss_chip_ctx.ks.session != NULL, error = CHIP_ERROR_INTERNAL);
+
+    smstatus = Se05x_API_ECGenSharedSecret(&((sss_se05x_session_t *) &gex_sss_chip_ctx.session)->s_ctx, keyid, rem_pubKey,
+                                           rem_pubKeyLen, Uint8::to_uchar(out_secret), &secret_length);
+    VerifyOrExit(smstatus == SM_OK, error = CHIP_ERROR_INTERNAL);
+
+    SuccessOrExit(out_secret.SetLength(secret_length));
+
+    error = CHIP_NO_ERROR;
+exit:
+    return error;
+}
+
+} // namespace Crypto {
+} // namespace chip {
\ No newline at end of file
diff --git a/src/crypto/tests/CHIPCryptoPALTest.cpp b/src/crypto/tests/CHIPCryptoPALTest.cpp
index 903ffd35b17304..84f47a330a6daf 100644
--- a/src/crypto/tests/CHIPCryptoPALTest.cpp
+++ b/src/crypto/tests/CHIPCryptoPALTest.cpp
@@ -662,7 +662,12 @@ static void TestECDSA_Signing_SHA256_Msg(nlTestSuite * inSuite, void * inContext
     const char * msg  = "Hello World!";
     size_t msg_length = strlen(msg);
 
+#ifdef ENABLE_HSM_EC_KEY
+    P256KeypairHSM keypair;
+    keypair.SetKeyId(0x11223344);
+#else
     P256Keypair keypair;
+#endif
     NL_TEST_ASSERT(inSuite, keypair.Initialize() == CHIP_NO_ERROR);
 
     P256ECDSASignature signature;
@@ -680,7 +685,13 @@ static void TestECDSA_Signing_SHA256_Hash(nlTestSuite * inSuite, void * inContex
                              0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F };
     size_t hash_length   = sizeof(hash);
 
+#ifdef ENABLE_HSM_EC_KEY
+    P256KeypairHSM keypair;
+    keypair.SetKeyId(0x11223344);
+#else
     P256Keypair keypair;
+#endif
+
     NL_TEST_ASSERT(inSuite, keypair.Initialize() == CHIP_NO_ERROR);
 
     P256ECDSASignature signature;
@@ -849,10 +860,21 @@ static void TestECDSA_ValidationHashInvalidParam(nlTestSuite * inSuite, void * i
 
 static void TestECDH_EstablishSecret(nlTestSuite * inSuite, void * inContext)
 {
+#ifdef ENABLE_HSM_EC_KEY
+    P256KeypairHSM keypair1;
+    keypair1.SetKeyId(0x11223344);
+#else
     P256Keypair keypair1;
+#endif
+
     NL_TEST_ASSERT(inSuite, keypair1.Initialize() == CHIP_NO_ERROR);
 
+#ifdef ENABLE_HSM_EC_KEY
+    P256KeypairHSM keypair2;
+    keypair2.SetKeyId(0x11223355);
+#else
     P256Keypair keypair2;
+#endif
     NL_TEST_ASSERT(inSuite, keypair2.Initialize() == CHIP_NO_ERROR);
 
     P256ECDHDerivedSecret out_secret1;
@@ -959,13 +981,23 @@ static void TestCSR_Gen(nlTestSuite * inSuite, void * inContext)
 
 static void TestKeypair_Serialize(nlTestSuite * inSuite, void * inContext)
 {
+#ifdef ENABLE_HSM_EC_KEY
+    P256KeypairHSM keypair;
+    keypair.SetKeyId(0x11223344);
+#else
     P256Keypair keypair;
+#endif
+
     NL_TEST_ASSERT(inSuite, keypair.Initialize() == CHIP_NO_ERROR);
 
     P256SerializedKeypair serialized;
     NL_TEST_ASSERT(inSuite, keypair.Serialize(serialized) == CHIP_NO_ERROR);
 
+#ifdef ENABLE_HSM_EC_KEY
+    P256KeypairHSM keypair_dup;
+#else
     P256Keypair keypair_dup;
+#endif
     NL_TEST_ASSERT(inSuite, keypair_dup.Deserialize(serialized) == CHIP_NO_ERROR);
 
     const char * msg         = "Test Message for Keygen";
@@ -989,7 +1021,7 @@ static void TestSPAKE2P_spake2p_FEMul(nlTestSuite * inSuite, void * inContext)
     for (int vectorIndex = 0; vectorIndex < numOfTestVectors; vectorIndex++)
     {
         const struct spake2p_fe_mul_tv * vector = fe_mul_tvs[vectorIndex];
-#if CHIP_CRYPTO_HSM
+#ifdef ENABLE_HSM_SPAKE
         Spake2pHSM_P256_SHA256_HKDF_HMAC spake2p;
 #else
         Spake2p_P256_SHA256_HKDF_HMAC spake2p;
@@ -1026,7 +1058,7 @@ static void TestSPAKE2P_spake2p_FELoadWrite(nlTestSuite * inSuite, void * inCont
     {
         const struct spake2p_fe_rw_tv * vector = fe_rw_tvs[vectorIndex];
 
-#if CHIP_CRYPTO_HSM
+#ifdef ENABLE_HSM_SPAKE
         Spake2pHSM_P256_SHA256_HKDF_HMAC spake2p;
 #else
         Spake2p_P256_SHA256_HKDF_HMAC spake2p;
@@ -1057,7 +1089,7 @@ static void TestSPAKE2P_spake2p_Mac(nlTestSuite * inSuite, void * inContext)
     {
         const struct spake2p_hmac_tv * vector = hmac_tvs[vectorIndex];
 
-#if CHIP_CRYPTO_HSM
+#ifdef ENABLE_HSM_SPAKE
         Spake2pHSM_P256_SHA256_HKDF_HMAC spake2p;
 #else
         Spake2p_P256_SHA256_HKDF_HMAC spake2p;
@@ -1091,7 +1123,7 @@ static void TestSPAKE2P_spake2p_PointMul(nlTestSuite * inSuite, void * inContext
         out_len                                    = sizeof(output);
         const struct spake2p_point_mul_tv * vector = point_mul_tvs[vectorIndex];
 
-#if CHIP_CRYPTO_HSM
+#ifdef ENABLE_HSM_SPAKE
         Spake2pHSM_P256_SHA256_HKDF_HMAC spake2p;
 #else
         Spake2p_P256_SHA256_HKDF_HMAC spake2p;
@@ -1131,7 +1163,7 @@ static void TestSPAKE2P_spake2p_PointMulAdd(nlTestSuite * inSuite, void * inCont
         out_len                                       = sizeof(output);
         const struct spake2p_point_muladd_tv * vector = point_muladd_tvs[vectorIndex];
 
-#if CHIP_CRYPTO_HSM
+#ifdef ENABLE_HSM_SPAKE
         Spake2pHSM_P256_SHA256_HKDF_HMAC spake2p;
 #else
         Spake2p_P256_SHA256_HKDF_HMAC spake2p;
@@ -1177,7 +1209,7 @@ static void TestSPAKE2P_spake2p_PointLoadWrite(nlTestSuite * inSuite, void * inC
         out_len                                   = sizeof(output);
         const struct spake2p_point_rw_tv * vector = point_rw_tvs[vectorIndex];
 
-#if CHIP_CRYPTO_HSM
+#ifdef ENABLE_HSM_SPAKE
         Spake2pHSM_P256_SHA256_HKDF_HMAC spake2p;
 #else
         Spake2p_P256_SHA256_HKDF_HMAC spake2p;
@@ -1207,7 +1239,7 @@ static void TestSPAKE2P_spake2p_PointIsValid(nlTestSuite * inSuite, void * inCon
     {
         const struct spake2p_point_valid_tv * vector = point_valid_tvs[vectorIndex];
 
-#if CHIP_CRYPTO_HSM
+#ifdef ENABLE_HSM_SPAKE
         Spake2pHSM_P256_SHA256_HKDF_HMAC spake2p;
 #else
         Spake2p_P256_SHA256_HKDF_HMAC spake2p;
@@ -1231,7 +1263,7 @@ static void TestSPAKE2P_spake2p_PointIsValid(nlTestSuite * inSuite, void * inCon
 // We need to "generate" specific field elements
 // to do so we need to override the specific method
 class Test_Spake2p_P256_SHA256_HKDF_HMAC :
-#if CHIP_CRYPTO_HSM
+#ifdef ENABLE_HSM_SPAKE
     public Spake2pHSM_P256_SHA256_HKDF_HMAC
 #else
     public Spake2p_P256_SHA256_HKDF_HMAC