diff --git a/components/mbedtls/Kconfig b/components/mbedtls/Kconfig
index 9aaad9646a..d0fc97a097 100644
--- a/components/mbedtls/Kconfig
+++ b/components/mbedtls/Kconfig
@@ -1071,42 +1071,6 @@ menu "mbedTLS"
                 This reduces code size, but disables support for 192-bit and
                 256-bit AES keys.
 
-        config MBEDTLS_AES_USE_PSEUDO_ROUND_FUNC
-            bool "Enable AES hardware's pseudo round function"
-            default n
-            depends on SOC_AES_SUPPORT_PSEUDO_ROUND_FUNCTION
-            help
-                Enables the pseudo round function of the AES peripheral.
-                Enabling this would impact the performance of the AES operations.
-                For more info regarding the performance impact, please checkout
-                the pseudo round function section of the security guide.
-
-        choice MBEDTLS_AES_USE_PSEUDO_ROUND_FUNC_STRENGTH
-            prompt "Strength of the pseudo rounds function"
-            depends on MBEDTLS_AES_USE_PSEUDO_ROUND_FUNC
-            default MBEDTLS_AES_USE_PSEUDO_ROUND_FUNC_STRENGTH_LOW
-            help
-                The strength of the pseudo rounds functions can be configured to low, medium and high.
-                You can configure the strength of the pseudo rounds functions according to your use cases,
-                for example, increasing the strength would provide higher security but would slow down the
-                hardware AES encryption/decryption operations.
-
-            config MBEDTLS_AES_USE_PSEUDO_ROUND_FUNC_STRENGTH_LOW
-                bool "Low"
-
-            config MBEDTLS_AES_USE_PSEUDO_ROUND_FUNC_STRENGTH_MEDIUM
-                bool "Medium"
-
-            config MBEDTLS_AES_USE_PSEUDO_ROUND_FUNC_STRENGTH_HIGH
-                bool "High"
-        endchoice
-
-        config MBEDTLS_AES_USE_PSEUDO_ROUND_FUNC_STRENGTH
-            int
-            default 1 if MBEDTLS_AES_USE_PSEUDO_ROUND_FUNC_STRENGTH_LOW
-            default 2 if MBEDTLS_AES_USE_PSEUDO_ROUND_FUNC_STRENGTH_MEDIUM
-            default 3 if MBEDTLS_AES_USE_PSEUDO_ROUND_FUNC_STRENGTH_HIGH
-
         config MBEDTLS_CMAC_C
             bool "Enable CMAC mode for block ciphers"
             default y
@@ -1647,6 +1611,42 @@ menu "mbedTLS"
                 priority level and any level from 1 to 3 can be selected (based on the availability).
                 Note: Higher value indicates high interrupt priority.
 
+        config MBEDTLS_AES_USE_PSEUDO_ROUND_FUNC
+            bool "Enable AES hardware's pseudo round function"
+            default n
+            depends on SOC_AES_SUPPORT_PSEUDO_ROUND_FUNCTION && MBEDTLS_HARDWARE_AES
+            help
+                Enables the pseudo round function of the AES peripheral.
+                Enabling this would impact the performance of the AES operations.
+                For more info regarding the performance impact, please checkout
+                the pseudo round function section of the security guide.
+
+        choice MBEDTLS_AES_USE_PSEUDO_ROUND_FUNC_STRENGTH
+            prompt "Strength of the pseudo rounds function"
+            depends on MBEDTLS_AES_USE_PSEUDO_ROUND_FUNC
+            default MBEDTLS_AES_USE_PSEUDO_ROUND_FUNC_STRENGTH_LOW
+            help
+                The strength of the pseudo rounds functions can be configured to low, medium and high.
+                You can configure the strength of the pseudo rounds functions according to your use cases,
+                for example, increasing the strength would provide higher security but would slow down the
+                hardware AES encryption/decryption operations.
+
+            config MBEDTLS_AES_USE_PSEUDO_ROUND_FUNC_STRENGTH_LOW
+                bool "Low"
+
+            config MBEDTLS_AES_USE_PSEUDO_ROUND_FUNC_STRENGTH_MEDIUM
+                bool "Medium"
+
+            config MBEDTLS_AES_USE_PSEUDO_ROUND_FUNC_STRENGTH_HIGH
+                bool "High"
+        endchoice
+
+        config MBEDTLS_AES_USE_PSEUDO_ROUND_FUNC_STRENGTH
+            int
+            default 1 if MBEDTLS_AES_USE_PSEUDO_ROUND_FUNC_STRENGTH_LOW
+            default 2 if MBEDTLS_AES_USE_PSEUDO_ROUND_FUNC_STRENGTH_MEDIUM
+            default 3 if MBEDTLS_AES_USE_PSEUDO_ROUND_FUNC_STRENGTH_HIGH
+
         config MBEDTLS_AES_HW_SMALL_DATA_LEN_OPTIM
             bool "Enable performance optimisation for the small data length hardware AES operations"
             depends on MBEDTLS_HARDWARE_AES && SOC_AES_SUPPORT_DMA
diff --git a/components/mbedtls/port/aes/dma/include/esp_aes_dma_priv.h b/components/mbedtls/port/aes/dma/include/esp_aes_dma_priv.h
index 72c56dc034..c3d733c3d3 100644
--- a/components/mbedtls/port/aes/dma/include/esp_aes_dma_priv.h
+++ b/components/mbedtls/port/aes/dma/include/esp_aes_dma_priv.h
@@ -15,6 +15,7 @@
 extern "C" {
 #endif
 
+#if SOC_AES_SUPPORT_DMA
 /**
  * @brief Start the DMA engine
  *
@@ -41,6 +42,7 @@ bool esp_aes_dma_done(const crypto_dma_desc_t *output);
  */
 void esp_aes_intr_alloc(void);
 
+#endif /* SOC_AES_SUPPORT_DMA */
 #ifdef __cplusplus
 }
 #endif
diff --git a/components/mbedtls/port/include/esp_crypto_shared_gdma.h b/components/mbedtls/port/include/esp_crypto_shared_gdma.h
index 8caec460be..892f1d8746 100644
--- a/components/mbedtls/port/include/esp_crypto_shared_gdma.h
+++ b/components/mbedtls/port/include/esp_crypto_shared_gdma.h
@@ -10,12 +10,13 @@
 #include "esp_private/gdma.h"
 #include "esp_err.h"
 #include "soc/lldesc.h"
+#include "soc/soc_caps.h"
 
 #ifdef __cplusplus
 extern "C" {
 #endif
 
-
+#if (SOC_AES_GDMA) || (SOC_SHA_GDMA)
 /**
  * @brief Start a GDMA transfer on the shared crypto DMA channel
  *        Supports AXI-DMA and AHB-DMA.
@@ -52,6 +53,7 @@ bool esp_crypto_shared_gdma_done(void);
  *       and need the DMA channel for other peripherals. An example would be doing some processing after disconnecting WiFi
  */
 void esp_crypto_shared_gdma_free(void);
+#endif /* (SOC_AES_GDMA) || (SOC_SHA_GDMA) */
 
 #ifdef __cplusplus
 }
diff --git a/components/soc/esp32h4/include/soc/Kconfig.soc_caps.in b/components/soc/esp32h4/include/soc/Kconfig.soc_caps.in
index a52b7385dd..0f9f9348d0 100644
--- a/components/soc/esp32h4/include/soc/Kconfig.soc_caps.in
+++ b/components/soc/esp32h4/include/soc/Kconfig.soc_caps.in
@@ -139,22 +139,6 @@ config SOC_XTAL_CLOCK_PATH_DEPENDS_ON_TOP_DOMAIN
     bool
     default y
 
-config SOC_AES_SUPPORT_DMA
-    bool
-    default y
-
-config SOC_AES_GDMA
-    bool
-    default y
-
-config SOC_AES_SUPPORT_AES_128
-    bool
-    default y
-
-config SOC_AES_SUPPORT_AES_256
-    bool
-    default y
-
 config SOC_ADC_PERIPH_NUM
     int
     default 1
diff --git a/components/soc/esp32h4/include/soc/soc_caps.h b/components/soc/esp32h4/include/soc/soc_caps.h
index 9e6fba8899..741fda7758 100644
--- a/components/soc/esp32h4/include/soc/soc_caps.h
+++ b/components/soc/esp32h4/include/soc/soc_caps.h
@@ -93,13 +93,13 @@
 #define SOC_XTAL_CLOCK_PATH_DEPENDS_ON_TOP_DOMAIN   1
 
 /*-------------------------- AES CAPS -----------------------------------------*/
-#define SOC_AES_SUPPORT_DMA     (1)
+// #define SOC_AES_SUPPORT_DMA     (1)
 
 /* Has a centralized DMA, which is shared with all peripherals */
-#define SOC_AES_GDMA            (1)
+// #define SOC_AES_GDMA            (1)
 
-#define SOC_AES_SUPPORT_AES_128 (1)
-#define SOC_AES_SUPPORT_AES_256 (1)
+// #define SOC_AES_SUPPORT_AES_128 (1)
+// #define SOC_AES_SUPPORT_AES_256 (1)
 
 /*-------------------------- ADC CAPS -------------------------------*/
 /*!< SAR ADC Module*/