diff --git a/Kconfig b/Kconfig
index f00933c0a5..64a8bd2131 100644
--- a/Kconfig
+++ b/Kconfig
@@ -231,7 +231,7 @@ config SIDEWALK_MFG_STORAGE_SUPPORT_HEX_v7
 
 config SIDEWALK_CRYPTO_PSA_KEY_STORAGE
 	bool "Enable psa crypto storage for persistent Sidewalk keys [EXPERIMENTAL]"
-	default SIDEWALK
+	default (SIDEWALK && !BUILD_WITH_TFM)
 	select EXPERIMENTAL
 	help
 	  Use secure key storage for persistent Sidewalk keys.
diff --git a/Kconfig.dependencies b/Kconfig.dependencies
index 91429bc4b8..bff4d16aaf 100644
--- a/Kconfig.dependencies
+++ b/Kconfig.dependencies
@@ -26,6 +26,11 @@ config SIDEWALK_NRF54L15_SUPPORT
 	select EXPERIMENTAL
 	default SOC_NRF54L15 && SIDEWALK
 
+config SIDEWALK_TFM_SUPPORT
+	bool "Sidewalk support for TF-M [EXPERIMENTAL]"
+	select EXPERIMENTAL
+	default SIDEWALK && BUILD_WITH_TFM
+
 config SIDEWALK_BLE
 	bool
 	default SIDEWALK
diff --git a/samples/sid_end_device/boards/nrf54l15dk_nrf54l15_cpuapp_ns.conf b/samples/sid_end_device/boards/nrf54l15dk_nrf54l15_cpuapp_ns.conf
new file mode 100644
index 0000000000..913d997294
--- /dev/null
+++ b/samples/sid_end_device/boards/nrf54l15dk_nrf54l15_cpuapp_ns.conf
@@ -0,0 +1,14 @@
+#
+# Copyright (c) 2024 Nordic Semiconductor ASA
+#
+# SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
+#
+
+# Multirole is the only currently supported role by SoftDevice.
+CONFIG_BT_LL_SOFTDEVICE_MULTIROLE=y
+
+# Not supported for 54L15 _NS
+CONFIG_FPROTECT=n
+
+# Set the ZMS sector count to match the settings partition size that is 40 kB for this application.
+CONFIG_SETTINGS_ZMS_SECTOR_COUNT=10
diff --git a/samples/sid_end_device/boards/nrf54l15dk_nrf54l15_cpuapp_ns.overlay b/samples/sid_end_device/boards/nrf54l15dk_nrf54l15_cpuapp_ns.overlay
new file mode 100644
index 0000000000..550ed7eb67
--- /dev/null
+++ b/samples/sid_end_device/boards/nrf54l15dk_nrf54l15_cpuapp_ns.overlay
@@ -0,0 +1,87 @@
+/*
+ * Copyright (c) 2024 Nordic Semiconductor ASA
+ *
+ * SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
+ */
+
+&pinctrl {
+	spi21_default: spi21_default {
+		group1 {
+			psels = <NRF_PSEL(SPIM_SCK, 2, 6)>,
+				<NRF_PSEL(SPIM_MISO, 1, 11)>,
+				<NRF_PSEL(SPIM_MOSI, 2, 8)>;
+		};
+	};
+
+	spi21_sleep: spi21_sleep {
+		group1 {
+			psels = <NRF_PSEL(SPIM_SCK, 2, 6)>,
+				<NRF_PSEL(SPIM_MISO, 1, 11)>,
+				<NRF_PSEL(SPIM_MOSI, 2, 8)>;
+			low-power-enable;
+		};
+	};
+};
+
+ sid_semtech: &spi21 {
+	compatible = "nordic,nrf-spim";
+	status = "okay";
+	cs-gpios = <&gpio2 0xa GPIO_PULL_UP>;
+	pinctrl-0 = <&spi21_default>;
+	pinctrl-1 = <&spi21_sleep>;
+	pinctrl-names = "default", "sleep";
+	clock-frequency = <DT_FREQ_M(8)>;
+};
+
+/{
+	aliases {
+		state-notifier-connected = &led0;
+		state-notifier-time-sync = &led1;
+		state-notifier-registered = &led2;
+		state-notifier-working = &led3;
+	};
+
+	semtech_sx1262_gpios{
+		compatible = "gpio-keys";
+		semtech_sx1262_reset_gpios: reset {
+			gpios = <&gpio0 0x2 (GPIO_ACTIVE_LOW|GPIO_PULL_UP)>;
+			label = "semtech_sx1262 Reset";
+		};
+		semtech_sx1262_busy_gpios: busy {
+			gpios = <&gpio0 0x0 0x0>;
+			label = "semtech_sx1262 Busy";
+		};
+		semtech_sx1262_antenna_enable_gpios: antena_enable {
+			gpios = <&gpio0 0x1 0x0>;
+			label = "semtech_sx1262 Antena Enable";
+		};
+		semtech_sx1262_dio1_gpios: dio1 {
+			gpios = <&gpio0 0x3  0x0>;
+			label = "semtech_sx1262 DIO1";
+		};
+	};	
+};
+
+// restore full RRAM and SRAM space - by default some parts are dedicated to FLRP
+&cpuapp_rram {
+	reg = <0x0 DT_SIZE_K(1524)>;
+};
+
+&cpuapp_sram {
+	reg = <0x20000000 DT_SIZE_K(256)>;
+	ranges = <0x0 0x20000000  0x40000>;
+};
+
+
+// Change IRQ ids to handle button interrupts.
+
+// The default values for nRF54L15 are 219 and 269,
+// but with TF-M they are reserved for the secure domain
+// (218 and 268 are reserved for the non-secure domain).
+&gpiote20 {
+	interrupts = <218 NRF_DEFAULT_IRQ_PRIORITY>;
+};
+
+&gpiote30 {
+	interrupts = <268 NRF_DEFAULT_IRQ_PRIORITY>;
+};
diff --git a/samples/sid_end_device/pm_static_nrf54l15dk_nrf54l15_cpuapp_ns.yml b/samples/sid_end_device/pm_static_nrf54l15dk_nrf54l15_cpuapp_ns.yml
new file mode 100644
index 0000000000..44a52be75c
--- /dev/null
+++ b/samples/sid_end_device/pm_static_nrf54l15dk_nrf54l15_cpuapp_ns.yml
@@ -0,0 +1,189 @@
+mfg_storage:
+  address: 0x17a000
+  end_address: 0x17b000
+  placement:
+    after:
+    - mcuboot_secondary
+  region: flash_primary
+  size: 0x1000
+app:
+  address: 0x54000
+  end_address: 0xc7000
+  region: flash_primary
+  size: 0x73000
+mcuboot:
+  address: 0x0
+  end_address: 0xc000
+  placement:
+    before:
+    - tfm_its
+  region: flash_primary
+  size: 0xc000
+mcuboot_pad:
+  address: 0x14000
+  end_address: 0x14800
+  placement:
+    before:
+    - mcuboot_primary_app
+  region: flash_primary
+  size: 0x800
+mcuboot_primary:
+  address: 0x14000
+  end_address: 0xc7000
+  orig_span: &id001
+  - mcuboot_pad
+  - tfm
+  - app
+  region: flash_primary
+  sharers: 0x1
+  size: 0xb3000
+  span: *id001
+mcuboot_primary_app:
+  address: 0x14800
+  end_address: 0xc7000
+  orig_span: &id002
+  - app
+  - tfm
+  region: flash_primary
+  size: 0xb2800
+  span: *id002
+mcuboot_secondary:
+  address: 0xc7000
+  end_address: 0x17a000
+  placement:
+    after:
+    - mcuboot_primary
+    align:
+      start: 0x1000
+  region: flash_primary
+  share_size:
+  - mcuboot_primary
+  size: 0xb3000
+mcuboot_sram:
+  address: 0x20000000
+  end_address: 0x20013000
+  orig_span: &id003
+  - tfm_sram
+  region: sram_primary
+  size: 0x13000
+  span: *id003
+nonsecure_storage:
+  address: 0x17b000
+  end_address: 0x17d000
+  orig_span: &id004
+  - settings_storage
+  region: flash_primary
+  size: 0x2000
+  span: *id004
+settings_storage:
+  address: 0x17b000
+  end_address: 0x17d000
+  inside:
+  - nonsecure_storage
+  placement:
+    after:
+    - app
+    align:
+      start: 0x1000
+    before:
+    - end
+  region: flash_primary
+  size: 0x2000
+sram_nonsecure:
+  address: 0x20013000
+  end_address: 0x20040000
+  orig_span: &id005
+  - sram_primary
+  region: sram_primary
+  size: 0x2d000
+  span: *id005
+sram_primary:
+  address: 0x20013000
+  end_address: 0x20040000
+  region: sram_primary
+  size: 0x2d000
+sram_secure:
+  address: 0x20000000
+  end_address: 0x20013000
+  orig_span: &id006
+  - tfm_sram
+  region: sram_primary
+  size: 0x13000
+  span: *id006
+tfm:
+  address: 0x14800
+  end_address: 0x54000
+  inside:
+  - mcuboot_primary_app
+  placement:
+    before:
+    - app
+  region: flash_primary
+  size: 0x3f800
+tfm_its:
+  address: 0xc000
+  end_address: 0xe000
+  inside:
+  - tfm_storage
+  placement:
+    before:
+    - tfm_otp_nv_counters
+  region: flash_primary
+  size: 0x2000
+tfm_nonsecure:
+  address: 0x54000
+  end_address: 0xc7000
+  orig_span: &id007
+  - app
+  region: flash_primary
+  size: 0x73000
+  span: *id007
+tfm_otp_nv_counters:
+  address: 0xe000
+  end_address: 0x10000
+  inside:
+  - tfm_storage
+  placement:
+    before:
+    - tfm_ps
+  region: flash_primary
+  size: 0x2000
+tfm_ps:
+  address: 0x10000
+  end_address: 0x14000
+  inside:
+  - tfm_storage
+  placement:
+    before:
+    - mcuboot_primary
+  region: flash_primary
+  size: 0x4000
+tfm_secure:
+  address: 0x14000
+  end_address: 0x54000
+  orig_span: &id008
+  - mcuboot_pad
+  - tfm
+  region: flash_primary
+  size: 0x40000
+  span: *id008
+tfm_sram:
+  address: 0x20000000
+  end_address: 0x20013000
+  inside:
+  - sram_secure
+  placement:
+    after:
+    - start
+  region: sram_primary
+  size: 0x13000
+tfm_storage:
+  address: 0xc000
+  end_address: 0x14000
+  orig_span: &id009
+  - tfm_ps
+  - tfm_its
+  - tfm_otp_nv_counters
+  region: flash_primary
+  size: 0x8000
+  span: *id009
diff --git a/samples/sid_end_device/sample.yaml b/samples/sid_end_device/sample.yaml
index 9a68865c65..8a2af4a8a8 100644
--- a/samples/sid_end_device/sample.yaml
+++ b/samples/sid_end_device/sample.yaml
@@ -14,6 +14,8 @@ common:
     - nrf54l15dk/nrf54l15/cpuapp
 tests:
   sample.sidewalk.hello:
+    platform_allow:
+      - nrf54l15dk/nrf54l15/cpuapp/ns
     extra_configs:
       - CONFIG_SID_END_DEVICE_PERSISTENT_LINK_MASK=y
       - CONFIG_SIDEWALK_FILE_TRANSFER=y
diff --git a/samples/sid_end_device/sysbuild/mcuboot/boards/nrf54l15dk_nrf54l15_cpuapp_ns.conf b/samples/sid_end_device/sysbuild/mcuboot/boards/nrf54l15dk_nrf54l15_cpuapp_ns.conf
new file mode 100644
index 0000000000..f5689b641c
--- /dev/null
+++ b/samples/sid_end_device/sysbuild/mcuboot/boards/nrf54l15dk_nrf54l15_cpuapp_ns.conf
@@ -0,0 +1,41 @@
+#
+# Copyright (c) 2021 Nordic Semiconductor ASA
+#
+# SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
+#
+
+# TODO: NCSDK-28931: Cannot use fprotect twice, so disable it in MCUboot to
+# test protecting provisoing data. It can be enabled while there is a support
+# for protection more than one region.
+CONFIG_FPROTECT=n
+# TODO: Workaround, disable memory guard to avoid false faults in application after boot
+CONFIG_HW_STACK_PROTECTION=n
+
+CONFIG_BOOT_WATCHDOG_FEED=n
+
+CONFIG_PM_OVERRIDE_EXTERNAL_DRIVER_CHECK=y
+
+# Ensure that the qspi driver is disabled by default
+CONFIG_GPIO=n
+CONFIG_SPI=n
+CONFIG_SPI_NOR=n
+CONFIG_NORDIC_QSPI_NOR=n
+CONFIG_MULTITHREADING=n
+
+CONFIG_PM_OVERRIDE_EXTERNAL_DRIVER_CHECK=y
+
+
+# Workaroud: fprotect and watchdog feed
+# are not supported in NCS v2.6.0
+CONFIG_FPROTECT=n
+CONFIG_BOOT_WATCHDOG_FEED=n
+
+# Currently, without tickless kernel, the SYSCOUNTER value after the software
+# reset is not set properly and due to that the first system interrupt is not called
+# in the proper time - the SYSCOUNTER value is set to the value from before
+# reset + 1. Hence, the reboot time increases more and more.
+# To avoid it enable tickles kernel for mcuboot.
+CONFIG_TICKLESS_KERNEL=y
+
+# Set the ZMS sector count to match the settings partition size that is 40 kB for this application.
+CONFIG_SETTINGS_ZMS_SECTOR_COUNT=10
diff --git a/samples/sid_end_device/sysbuild/mcuboot/boards/nrf54l15dk_nrf54l15_cpuapp_ns.overlay b/samples/sid_end_device/sysbuild/mcuboot/boards/nrf54l15dk_nrf54l15_cpuapp_ns.overlay
new file mode 100644
index 0000000000..ddc7970558
--- /dev/null
+++ b/samples/sid_end_device/sysbuild/mcuboot/boards/nrf54l15dk_nrf54l15_cpuapp_ns.overlay
@@ -0,0 +1,28 @@
+/*
+ * Copyright (c) 2024 Nordic Semiconductor ASA
+ *
+ * SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
+ */
+
+
+/* Application does not use cpuflpr core. Assign whole RRAM and RAM to cpuapp. */
+&cpuapp_rram {
+	reg = < 0x0 DT_SIZE_K(1524) >;
+};
+
+&cpuapp_sram {
+	reg = <0x20000000 DT_SIZE_K(256)>;
+	ranges = <0x0 0x20000000  0x40000>;
+};
+
+ /* Disable the external flash, as it's not needed
+    for the configuration with secondary slot residing
+    in the internal MRAM. */
+&mx25r64 {
+	status = "disabled";
+};
+
+// TODO: re-enable HWFC once it's fixed
+&uart20 {
+	/delete-property/ hw-flow-control;
+};
diff --git a/subsys/sal/sid_pal/src/sid_mfg_storage.c b/subsys/sal/sid_pal/src/sid_mfg_storage.c
index a1ebfb4345..68aeabb888 100644
--- a/subsys/sal/sid_pal/src/sid_mfg_storage.c
+++ b/subsys/sal/sid_pal/src/sid_mfg_storage.c
@@ -155,12 +155,12 @@ void sid_pal_mfg_store_init(sid_pal_mfg_store_region_t mfg_store_region)
 		sid_mfg_version = SID_PAL_MFG_STORE_TLV_VERSION;
 	}
 
-#if !CONFIG_SIDEWALK_MFG_STORAGE_DIAGNOSTIC
+#if defined(CONFIG_FPROTECT) && !defined(CONFIG_SIDEWALK_MFG_STORAGE_DIAGNOSTIC)
 	err = fprotect_area(PM_MFG_STORAGE_ADDRESS, PM_MFG_STORAGE_SIZE);
 	if (err) {
 		LOG_ERR("Flash protect failed %d", err);
 	}
-#endif
+#endif // CONFIG_FPROTECT AND NOT CONFIG_SIDEWALK_MFG_STORAGE_DIAGNOSTIC
 }
 
 void sid_pal_mfg_store_deinit(void)