diff --git a/ta/pkcs11/src/pkcs11_attributes.c b/ta/pkcs11/src/pkcs11_attributes.c
index aef712ee55b..ef35acbfa8a 100644
--- a/ta/pkcs11/src/pkcs11_attributes.c
+++ b/ta/pkcs11/src/pkcs11_attributes.c
@@ -400,6 +400,7 @@ static const uint32_t symm_key_boolprops[] = {
 static const uint32_t symm_key_opt_or_null[] = {
 	PKCS11_CKA_WRAP_TEMPLATE, PKCS11_CKA_UNWRAP_TEMPLATE,
 	PKCS11_CKA_DERIVE_TEMPLATE, PKCS11_CKA_VALUE,
+	PKCS11_CKA_CHECK_VALUE,
 };
 
 static const uint32_t symm_key_optional[] = {
@@ -2187,6 +2188,9 @@ static bool attr_is_modifiable_secret_key(struct pkcs11_attribute_head *attr,
 	case PKCS11_CKA_NEVER_EXTRACTABLE:
 	case PKCS11_CKA_ALWAYS_SENSITIVE:
 		return false;
+	/* CKA_CHECK_VALUE cannot be changed once it has been set. */
+	case PKCS11_CKA_CHECK_VALUE:
+		return false;
 	default:
 		return false;
 	}