diff --git a/plat/intel/soc/common/sip/socfpga_sip_fcs.c b/plat/intel/soc/common/sip/socfpga_sip_fcs.c
index 843ec69b2..adeb069d7 100644
--- a/plat/intel/soc/common/sip/socfpga_sip_fcs.c
+++ b/plat/intel/soc/common/sip/socfpga_sip_fcs.c
@@ -2175,14 +2175,28 @@ int intel_fcs_aes_crypt_init(uint32_t session_id, uint32_t context_id,
 
 	param_addr_ptr = (uint64_t *) param_addr;
 
-	/*
-	 * Since crypto param size vary between mode.
-	 * Check ECB here and limit to size 12 bytes
-	 */
-	if (((*param_addr_ptr & FCS_CRYPTO_BLOCK_MODE_MASK) == FCS_CRYPTO_ECB_MODE) &&
-		(param_size > FCS_CRYPTO_ECB_BUFFER_SIZE)) {
+	/* Check if mbox_error is not NULL or 0xF or 0x3FF */
+	if (mbox_error == NULL || *mbox_error > 0xF ||
+		(*mbox_error != 0 && *mbox_error != 0x3FF)) {
 		return INTEL_SIP_SMC_STATUS_REJECTED;
 	}
+
+	/* Check if param_addr is not 0 or larger that 0xFFFFFFFFFF */
+	if (param_addr == 0 || param_addr > 0xFFFFFFFFFF) {
+		return INTEL_SIP_SMC_STATUS_REJECTED;
+	}
+
+	/*
+	 * Check if not ECB, CBC and CTR mode, addr ptr is NULL.
+	 * Return "Reject" status
+	 */
+	if ((param_addr_ptr == NULL) ||
+		(((*param_addr_ptr & FCS_CRYPTO_BLOCK_MODE_MASK) != FCS_CRYPTO_ECB_MODE) &&
+		((*param_addr_ptr & FCS_CRYPTO_BLOCK_MODE_MASK) != FCS_CRYPTO_CBC_MODE) &&
+		((*param_addr_ptr & FCS_CRYPTO_BLOCK_MODE_MASK) != FCS_CRYPTO_CTR_MODE))) {
+		return INTEL_SIP_SMC_STATUS_REJECTED;
+	}
+
 	/*
 	 * Since crypto param size vary between mode.
 	 * Check CBC/CTR here and limit to size 28 bytes
@@ -2193,7 +2207,12 @@ int intel_fcs_aes_crypt_init(uint32_t session_id, uint32_t context_id,
 		return INTEL_SIP_SMC_STATUS_REJECTED;
 	}
 
-	if (mbox_error == NULL) {
+	/*
+	 * Since crypto param size vary between mode.
+	 * Check ECB here and limit to size 12 bytes
+	 */
+	if (((*param_addr_ptr & FCS_CRYPTO_BLOCK_MODE_MASK) == FCS_CRYPTO_ECB_MODE) &&
+		(param_size > FCS_CRYPTO_ECB_BUFFER_SIZE)) {
 		return INTEL_SIP_SMC_STATUS_REJECTED;
 	}