diff --git a/arch/arm/src/lpc43xx/Make.defs b/arch/arm/src/lpc43xx/Make.defs
index 2ec96995545..018b929d4d4 100644
--- a/arch/arm/src/lpc43xx/Make.defs
+++ b/arch/arm/src/lpc43xx/Make.defs
@@ -182,6 +182,10 @@ ifeq ($(CONFIG_LPC43_USBOTG),y)
 CHIP_CSRCS += lpc43_ehci.c
 endif
 
+ifeq ($(CONFIG_CRYPTO_AES),y)
+CHIP_CSRCS += lpc43_aes.c
+endif
+
 ifeq ($(CONFIG_LPC43_USB0),y)
 ifeq ($(CONFIG_USBDEV),y)
 CHIP_CSRCS += lpc43_usb0dev.c
diff --git a/arch/arm/src/lpc43xx/chip/lpc43_aes.h b/arch/arm/src/lpc43xx/chip/lpc43_aes.h
index e5f66d5f1ff..fbd557f3d48 100644
--- a/arch/arm/src/lpc43xx/chip/lpc43_aes.h
+++ b/arch/arm/src/lpc43xx/chip/lpc43_aes.h
@@ -1,7 +1,7 @@
 /************************************************************************************
  * arch/arm/src/lpc43xx/chip/lpc43_aes.h
  *
- *   Copyright (C) 2012 Gregory Nutt. All rights reserved.
+ *   Copyright (C) 2012, 2016 Gregory Nutt. All rights reserved.
  *   Author: Gregory Nutt <gnutt@nuttx.org>
  *
  * Redistribution and use in source and binary forms, with or without
@@ -45,6 +45,7 @@
 /************************************************************************************
  * Pre-processor Definitions
  ************************************************************************************/
+
 /* The AES is controlled through a set of simple API calls located in the LPC43xx
  * ROM.  This value holds the pointer to the AES driver table.
  */
@@ -86,17 +87,32 @@ struct lpc43_aes_s
 
   /* Loads 128-bit AES software defined user key (16 bytes) */
 
-  void (*aes_LoadKeySW)(unsigned char *key);
+  void (*aes_LoadKeySW)(const unsigned char *key);
 
   /* Loads 128-bit AES initialization vector (16 bytes) */
 
-  void (*aes_LoadIV_SW)(unsigned char *iv);
+  void (*aes_LoadIV_SW)(const unsigned char *iv);
 
   /* Loads 128-bit AES IC specific initialization vector, which is used to decrypt
    * a boot image.
    */
 
   void (*aes_LoadIV_IC)(void);
+
+  /* Process data */
+
+  unsigned int (*aes_Operate)(unsigned char* out, const unsigned char* in, unsigned blocks);
+};
+
+enum lpc43_aes_errorcodes_e
+{
+  AES_API_ERR_BASE = 0x30000,
+  AES_API_ERR_WRONG_CMD,
+  AES_API_ERR_NOT_SUPPORTED,
+  AES_API_ERR_KEY_ALREADY_PROGRAMMED,
+  AES_API_ERR_DMA_CHANNEL_CFG,
+  AES_API_ERR_DMA_MUX_CFG,
+  AES_API_ERR_DMA_BUSY
 };
 
 /************************************************************************************
diff --git a/arch/arm/src/lpc43xx/lpc43_aes.c b/arch/arm/src/lpc43xx/lpc43_aes.c
new file mode 100644
index 00000000000..3f9af5ada39
--- /dev/null
+++ b/arch/arm/src/lpc43xx/lpc43_aes.c
@@ -0,0 +1,209 @@
+/****************************************************************************
+ * arch/arm/src/lpc43xx/lpc43_aes.c
+ *
+ *   Copyright (C) 2015 Gregory Nutt. All rights reserved.
+ *   Author:  Alexander Vasiljev <alexvasiljev@gmail.com>
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ * 3. Neither the name NuttX nor the names of its contributors may be
+ *    used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+ * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *
+ ****************************************************************************/
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+
+#include <nuttx/config.h>
+
+#include <sys/types.h>
+#include <stdint.h>
+#include <stdbool.h>
+#include <stdlib.h>
+#include <semaphore.h>
+#include <errno.h>
+#include <debug.h>
+
+#include <nuttx/crypto/crypto.h>
+#include <nuttx/arch.h>
+#include <arch/board/board.h>
+
+#include "up_internal.h"
+#include "up_arch.h"
+
+#include "chip.h"
+#include <chip/lpc43_aes.h>
+
+#define AES_BLOCK_SIZE 16
+
+/****************************************************************************
+ * Private Data
+ ****************************************************************************/
+
+static struct lpc43_aes_s *g_aes;
+
+/****************************************************************************
+ * Public Functions
+ ****************************************************************************/
+
+int aes_cypher(void *out, const void *in, uint32_t size, const void *iv,
+               const void *key, uint32_t keysize, int mode, int encrypt)
+{
+  unsigned int ret = 0;
+  uint32_t outl = size;
+
+  ret = aes_init(iv, key, keysize, mode, encrypt);
+
+  if (ret != OK)
+    {
+      return ret;
+    }
+
+  return aes_update(out, &outl, in, size);
+}
+
+int up_aesreset(void)
+{
+  return OK;
+}
+
+int aes_init(FAR const void *iv, FAR const void *key, uint32_t keysize,
+             int mode, int encrypt)
+{
+  unsigned int cmd = 0;
+  unsigned int ret = 0;
+
+  if (g_aes == NULL)
+    {
+      return -ENOSYS;
+    }
+
+    /* The LPC43 aes engine can load two keys from otp and one random
+     * generated key. This behavior doesn't fit current api.  So if
+     * key == NULL, we will usr keysize as identifier of the special key.
+     */
+
+  if (keysize != 16 && key)
+    {
+      return -EINVAL;
+    }
+
+  if (mode != AES_MODE_ECB && mode != AES_MODE_CBC)
+    {
+      return -EINVAL;
+    }
+
+  if (encrypt == CYPHER_ENCRYPT)
+    {
+      cmd = mode == AES_MODE_ECB ? AES_API_CMD_ENCODE_ECB : AES_API_CMD_ENCODE_CBC;
+    }
+  else
+    {
+      cmd = mode == AES_MODE_ECB ? AES_API_CMD_DECODE_ECB : AES_API_CMD_DECODE_CBC;
+    }
+
+  g_aes->aes_Init();
+
+  if (key != NULL)
+    {
+      g_aes->aes_LoadKeySW(key);
+    }
+  else
+    {
+      switch (keysize)
+      {
+        case 0:
+          g_aes->aes_LoadKey1();
+          break;
+
+        case 1:
+          g_aes->aes_LoadKey2();
+          break;
+
+        case 2:
+          g_aes->aes_LoadKeyRNG();
+          break;
+      }
+    }
+
+  g_aes->aes_LoadIV_SW((const unsigned char*)iv);
+
+  ret = g_aes->aes_SetMode(cmd);
+  switch (ret)
+    {
+      case AES_API_ERR_WRONG_CMD:
+      case AES_API_ERR_NOT_SUPPORTED:
+      case AES_API_ERR_KEY_ALREADY_PROGRAMMED:
+        ret = -EINVAL;
+        break;
+
+      case AES_API_ERR_DMA_CHANNEL_CFG:
+      case AES_API_ERR_DMA_MUX_CFG:
+      case AES_API_ERR_DMA_BUSY:
+        ret = -EBUSY;
+        break;
+    }
+
+  return 0;
+}
+
+int aes_update(FAR const void *out, uint32_t *outl, FAR const void *in,
+               uint32_t inl)
+{
+  if (g_aes == NULL)
+    {
+      return -ENOSYS;
+    }
+
+  if ((inl & (AES_BLOCK_SIZE-1)) != 0)
+    {
+      return -EINVAL;
+    }
+
+  if (inl > *outl)
+    {
+      return -EINVAL;
+    }
+
+  return g_aes->aes_Operate((unsigned char*)out,
+                            (unsigned char*)in, inl / 16);
+}
+
+int up_aesinitialize(void)
+{
+  g_aes = (struct lpc43_g_aes*)*((uint32_t*)LPC43_ROM_AES_DRIVER_TABLE);
+  if (g_aes != NULL)
+    {
+      return OK;
+    }
+
+  return -ENOSYS;
+}
+
+int up_aesuninitialize(void)
+{
+  return OK;
+}