diff --git a/NetBSD/9.0/usr/src/sys/dev/sbus/rdfpga.c b/NetBSD/9.0/usr/src/sys/dev/sbus/rdfpga.c
index 05229a5..6afdcb5 100644
--- a/NetBSD/9.0/usr/src/sys/dev/sbus/rdfpga.c
+++ b/NetBSD/9.0/usr/src/sys/dev/sbus/rdfpga.c
@@ -454,7 +454,10 @@ typedef struct {
   int	Nr;		/* key-length-dependent number of rounds */
   uint32_t ek[4 * (RIJNDAEL_MAXNR + 1)];	/* encrypt key schedule */
   uint32_t dk[4 * (RIJNDAEL_MAXNR + 1)];	/* decrypt key schedule */
+  
   struct rdfpga_softc *sc;
+  int readback;
+  int cbc;
 } rdfpga_rijndael_ctx;
 
 struct rdfpga_enc_xform {
@@ -525,6 +528,8 @@ static int rdfpga_newses(void* arg, u_int32_t* sid, struct cryptoini* cri) {
     return EINVAL;
   }
   ((rdfpga_rijndael_ctx *)sc->sw_kschedule)->sc = sc;
+  ((rdfpga_rijndael_ctx *)sc->sw_kschedule)->readback = 1;
+  ((rdfpga_rijndael_ctx *)sc->sw_kschedule)->cbc = 0;
   
   u_int32_t ctrl;
   while ((ctrl = bus_space_read_4(sc->sc_bustag, sc->sc_bhregs, RDFPGA_REG_AES128_CTRL)) != 0) {
@@ -601,6 +606,8 @@ rdfpga_rijndael128_encrypt(void *key, u_int8_t *blk)
   for (i = 0 ; i < 2 ; i++)
     bus_space_write_8(sc->sc_bustag, sc->sc_bhregs, (RDFPGA_REG_AES128_DATA + (i*8)), ptr[i] );
   ctrl = RDFPGA_MASK_AES128_START;
+  if (ctx->cbc)
+    ctrl |= RDFPGA_MASK_AES128_CBCMOD;
   bus_space_write_4(sc->sc_bustag, sc->sc_bhregs, RDFPGA_REG_AES128_CTRL, ctrl);
   
   /* aprint_normal_dev(sc->sc_dev, "rdfpga_rijndael128_crypt: wait for results\n"); */
@@ -617,15 +624,17 @@ rdfpga_rijndael128_encrypt(void *key, u_int8_t *blk)
   }
   
   /* aprint_normal_dev(sc->sc_dev, "rdfpga_rijndael128_crypt: read results\n"); */
-  
-  for (i = 0 ; i < 2 ; i++)
-    ptr[i] = bus_space_read_8(sc->sc_bustag, sc->sc_bhregs, (RDFPGA_REG_AES128_OUT + (i*8)));
 
-  
-  if (!(((u_int32_t)blk) & 0x7)) {
-    /* nothing */
-  } else {
-    memcpy(blk, data, 16);
+  if (ctx->readback) {
+    for (i = 0 ; i < 2 ; i++)
+      ptr[i] = bus_space_read_8(sc->sc_bustag, sc->sc_bhregs, (RDFPGA_REG_AES128_OUT + (i*8)));
+    
+    
+    if (!(((u_int32_t)blk) & 0x7)) {
+      /* nothing */
+    } else {
+      memcpy(blk, data, 16);
+    }
   }
   
   /* aprint_normal_dev(sc->sc_dev, "rdfpga_rijndael128_crypt: xor\n"); */
@@ -672,6 +681,7 @@ rdfpga_encdec_aes128cbc(struct rdfpga_softc *sw, struct cryptodesc *crd, void *b
 	const struct rdfpga_enc_xform *exf = &rdfpga_enc_xform_rijndael128;
 	int i, k, j, blks, ivlen;
 	int count, ind;
+	rdfpga_rijndael_ctx* ctx = ( rdfpga_rijndael_ctx*)sw->sw_kschedule;
 
 	//exf = sw->sw_exf;
 	blks = 16; //exf->enc_xform->blocksize;
@@ -907,17 +917,20 @@ rdfpga_encdec_aes128cbc(struct rdfpga_softc *sw, struct cryptodesc *crd, void *b
 				/* Actual encryption/decryption */
 				if (crd->crd_flags & CRD_F_ENCRYPT) {
 					/* XOR with previous block */
-					for (j = 0; j < blks; j++)
-						blk[j] ^= ivp[j];
-
+					if (!ctx->cbc) {
+					  for (j = 0; j < blks; j++)
+					    blk[j] ^= ivp[j];
+					}
 					exf->encrypt(sw->sw_kschedule, blk);
-
+					ctx->cbc = 1;
 					/*
 					 * Keep encrypted block for XOR'ing
 					 * with next block
 					 */
-					memcpy(iv, blk, blks);
-					ivp = iv;
+					if (!ctx->cbc) {
+					  memcpy(iv, blk, blks);
+					  ivp = iv;
+					}
 				} else {	/* decrypt */
 					/*
 					 * Keep encrypted block for XOR'ing
@@ -968,10 +981,13 @@ rdfpga_encdec_aes128cbc(struct rdfpga_softc *sw, struct cryptodesc *crd, void *b
 			    i > 0) {
 				if (crd->crd_flags & CRD_F_ENCRYPT) {
 					/* XOR with previous block/IV */
-					for (j = 0; j < blks; j++)
-						idat[j] ^= ivp[j];
+					if (!ctx->cbc) {
+					  for (j = 0; j < blks; j++)
+					    idat[j] ^= ivp[j];
+					}
 
 					exf->encrypt(sw->sw_kschedule, idat);
+					ctx->cbc = 1;
 					ivp = idat;
 				} else {	/* decrypt */
 					/*
diff --git a/NetBSD/9.0/usr/src/sys/dev/sbus/rdfpga.h b/NetBSD/9.0/usr/src/sys/dev/sbus/rdfpga.h
index 1340c55..31445ec 100644
--- a/NetBSD/9.0/usr/src/sys/dev/sbus/rdfpga.h
+++ b/NetBSD/9.0/usr/src/sys/dev/sbus/rdfpga.h
@@ -87,5 +87,6 @@ struct rdfpga_softc {
 #define RDFPGA_MASK_AES128_BUSY   0x40000000
 #define RDFPGA_MASK_AES128_ERR    0x20000000
 #define RDFPGA_MASK_AES128_NEWKEY 0x10000000
+#define RDFPGA_MASK_AES128_CBCMOD 0x08000000
 
 #endif /* _RDFPGA_H_ */
diff --git a/sbus-to-ztex-gateware/sbus_fsm.vhd b/sbus-to-ztex-gateware/sbus_fsm.vhd
index 2742e27..d2961c5 100644
--- a/sbus-to-ztex-gateware/sbus_fsm.vhd
+++ b/sbus-to-ztex-gateware/sbus_fsm.vhd
@@ -132,6 +132,20 @@ ENTITY SBusFSM is
   CONSTANT REG_OFFSET_DMA_CTRL2  : std_logic_vector(8 downto 0) := conv_std_logic_vector(REG_INDEX_DMA_CTRL2 *4, 9); -- placeholder
   CONSTANT REG_OFFSET_DMA_CTRL3  : std_logic_vector(8 downto 0) := conv_std_logic_vector(REG_INDEX_DMA_CTRL3 *4, 9); -- placeholder
   
+  CONSTANT REG_OFFSET_AES128_KEY1 : std_logic_vector(8 downto 0) := conv_std_logic_vector(REG_INDEX_AES128_KEY1*4, 9);
+  CONSTANT REG_OFFSET_AES128_KEY2 : std_logic_vector(8 downto 0) := conv_std_logic_vector(REG_INDEX_AES128_KEY2*4, 9);
+  CONSTANT REG_OFFSET_AES128_KEY3 : std_logic_vector(8 downto 0) := conv_std_logic_vector(REG_INDEX_AES128_KEY3*4, 9);
+  CONSTANT REG_OFFSET_AES128_KEY4 : std_logic_vector(8 downto 0) := conv_std_logic_vector(REG_INDEX_AES128_KEY4*4, 9);
+  CONSTANT REG_OFFSET_AES128_DATA1 : std_logic_vector(8 downto 0) := conv_std_logic_vector(REG_INDEX_AES128_DATA1*4, 9);
+  CONSTANT REG_OFFSET_AES128_DATA2 : std_logic_vector(8 downto 0) := conv_std_logic_vector(REG_INDEX_AES128_DATA2*4, 9);
+  CONSTANT REG_OFFSET_AES128_DATA3 : std_logic_vector(8 downto 0) := conv_std_logic_vector(REG_INDEX_AES128_DATA3*4, 9);
+  CONSTANT REG_OFFSET_AES128_DATA4 : std_logic_vector(8 downto 0) := conv_std_logic_vector(REG_INDEX_AES128_DATA4*4, 9);
+  CONSTANT REG_OFFSET_AES128_OUT1 : std_logic_vector(8 downto 0) := conv_std_logic_vector(REG_INDEX_AES128_OUT1*4, 9);
+  CONSTANT REG_OFFSET_AES128_OUT2 : std_logic_vector(8 downto 0) := conv_std_logic_vector(REG_INDEX_AES128_OUT2*4, 9);
+  CONSTANT REG_OFFSET_AES128_OUT3 : std_logic_vector(8 downto 0) := conv_std_logic_vector(REG_INDEX_AES128_OUT3*4, 9);
+  CONSTANT REG_OFFSET_AES128_OUT4 : std_logic_vector(8 downto 0) := conv_std_logic_vector(REG_INDEX_AES128_OUT4*4, 9);
+  CONSTANT REG_OFFSET_AES128_CTRL : std_logic_vector(8 downto 0) := conv_std_logic_vector(REG_INDEX_AES128_CTRL*4, 9);
+
   constant c_CLKS_PER_BIT : integer := 417; -- 48M/115200
   -- constant c_CLKS_PER_BIT : integer := 50; -- 5.76M/115200
   END ENTITY;
@@ -266,19 +280,66 @@ ARCHITECTURE RTL OF SBusFSM IS
            (REG_OFFSET_GCM_C3 = value) OR
            (REG_OFFSET_GCM_C4 = value);
   end function;
-  pure function REG_OFFSET_IS_DMA(value : in std_logic_vector(8 downto 0)) return boolean is
+  pure function REG_OFFSET_IS_ANYDMA(value : in std_logic_vector(8 downto 0)) return boolean is
   begin
     return (REG_OFFSET_DMA_ADDR  = value) OR
            (REG_OFFSET_DMA_CTRL  = value) OR
            (REG_OFFSET_DMA_CTRL2  = value) OR
            (REG_OFFSET_DMA_CTRL3  = value);
   end function;
+  
+  pure function REG_OFFSET_IS_AESKEY(value : in std_logic_vector(8 downto 0)) return boolean is
+  begin
+    return (REG_OFFSET_AES128_KEY1 = value) OR
+           (REG_OFFSET_AES128_KEY2 = value) OR
+           (REG_OFFSET_AES128_KEY3 = value) OR
+           (REG_OFFSET_AES128_KEY4 = value);
+  end function;
+  
+  pure function REG_OFFSET_IS_AESDATA(value : in std_logic_vector(8 downto 0)) return boolean is
+  begin
+    return (REG_OFFSET_AES128_DATA1 = value) OR
+           (REG_OFFSET_AES128_DATA2 = value) OR
+           (REG_OFFSET_AES128_DATA3 = value) OR
+           (REG_OFFSET_AES128_DATA4 = value);
+  end function;
+  
+  pure function REG_OFFSET_IS_AESOUT(value : in std_logic_vector(8 downto 0)) return boolean is
+  begin
+    return (REG_OFFSET_AES128_OUT1 = value) OR
+           (REG_OFFSET_AES128_OUT2 = value) OR
+           (REG_OFFSET_AES128_OUT3 = value) OR
+           (REG_OFFSET_AES128_OUT4 = value);
+  end function;
 
   pure function REG_OFFSET_IS_ANYGCM(value : in std_logic_vector(8 downto 0)) return boolean is
   begin
     return REG_OFFSET_IS_GCMINPUT(value) or REG_OFFSET_IS_GCMH(value) or REG_OFFSET_IS_GCMC(value);
   end function;
 
+  pure function REG_OFFSET_IS_ANYAES(value : in std_logic_vector(8 downto 0)) return boolean is
+  begin
+    return REG_OFFSET_IS_AESKEY(value) OR REG_OFFSET_IS_AESDATA(value) OR REG_OFFSET_IS_AESOUT(value) OR
+           (REG_OFFSET_AES128_CTRL = value);
+  end function;
+
+  pure function REG_OFFSET_IS_ANYREAD(value : in std_logic_vector(8 downto 0)) return boolean is
+  begin
+    return REG_OFFSET_IS_GCMC(value) OR
+           REG_OFFSET_IS_AESOUT(value) OR
+           (REG_OFFSET_DMA_CTRL = value) OR
+           (REG_OFFSET_AES128_CTRL = value)
+           ;
+  end function;
+
+  pure function REG_OFFSET_IS_ANYWRITE(value : in std_logic_vector(8 downto 0)) return boolean is
+  begin
+    return (REG_OFFSET_LED = value) OR
+           REG_OFFSET_IS_ANYGCM(value) OR
+           REG_OFFSET_IS_ANYAES(value) OR
+           REG_OFFSET_IS_ANYDMA(value);
+  end function;
+
   pure function REG_OFFSET_IS_ANY(value : in std_logic_vector(8 downto 0)) return boolean is
   begin
     return true;
@@ -568,7 +629,7 @@ BEGIN
               -- word address goes to the p_addr lines
               p_addr <= last_pa(8 downto 2);
               State <= SBus_Slave_Ack_Read_Prom_Burst;
-            ELSIF ((last_pa(27 downto 9) = REG_ADDR_PFX) AND REG_OFFSET_IS_ANY(last_pa(8 downto 0))) then
+            ELSIF ((last_pa(27 downto 9) = REG_ADDR_PFX) AND REG_OFFSET_IS_ANYREAD(last_pa(8 downto 0))) then
               -- 32 bits read from aligned memory IN REG space ------------------------------------
               BUF_ACKs_O <= ACK_WORD;
               BUF_ERRs_O <= '1'; -- no late error
@@ -620,7 +681,7 @@ BEGIN
             SBUS_DATA_OE_LED_2 <= '1';
             BURST_COUNTER := 0;
             BURST_LIMIT := SIZ_TO_BURSTSIZE(BUF_SIZ_I);
-            IF ((last_pa(27 downto 9) = REG_ADDR_PFX) and REG_OFFSET_IS_ANY(last_pa(8 downto 0))) then
+            IF ((last_pa(27 downto 9) = REG_ADDR_PFX) and REG_OFFSET_IS_ANYWRITE(last_pa(8 downto 0))) then
               -- 32 bits write to register  ------------------------------------
               BUF_ACKs_O <=  ACK_WORD; -- acknowledge the Word
               BUF_ERRs_O <= '1'; -- no late error
@@ -998,8 +1059,18 @@ BEGIN
           -- start & !busy & !aesbusy -> start processing
           aes_Cipherkey_DI <= REGISTERS(REG_INDEX_AES128_KEY1) & REGISTERS(REG_INDEX_AES128_KEY2) &
                               REGISTERS(REG_INDEX_AES128_KEY3) & REGISTERS(REG_INDEX_AES128_KEY4);
-          aes_Plaintext_DI <= REGISTERS(REG_INDEX_AES128_DATA1) & REGISTERS(REG_INDEX_AES128_DATA2) &
-                              REGISTERS(REG_INDEX_AES128_DATA3) & REGISTERS(REG_INDEX_AES128_DATA4);
+          IF (REGISTERS(REG_INDEX_AES128_CTRL)(27) = '0') THEN
+            -- normal mode
+            aes_Plaintext_DI <= REGISTERS(REG_INDEX_AES128_DATA1) & REGISTERS(REG_INDEX_AES128_DATA2) &
+                                REGISTERS(REG_INDEX_AES128_DATA3) & REGISTERS(REG_INDEX_AES128_DATA4);
+          ELSE
+            -- cbc mode
+            aes_Plaintext_DI <=
+               (REGISTERS(REG_INDEX_AES128_DATA1) XOR REGISTERS(REG_INDEX_AES128_OUT1))
+             & (REGISTERS(REG_INDEX_AES128_DATA2) XOR REGISTERS(REG_INDEX_AES128_OUT2))
+             & (REGISTERS(REG_INDEX_AES128_DATA3) XOR REGISTERS(REG_INDEX_AES128_OUT3))
+             & (REGISTERS(REG_INDEX_AES128_DATA4) XOR REGISTERS(REG_INDEX_AES128_OUT4));
+          END IF;
           aes_NewCipherkey_SI <= REGISTERS(REG_INDEX_AES128_CTRL)(28);
           aes_Start_SI <= '1';
           REGISTERS(REG_INDEX_AES128_CTRL)(30) <= '1'; -- busy