diff --git a/src/crypto/axtls_aes.c b/src/crypto/axtls_aes.c
index 7f93c0ed..9d6b6459 100644
--- a/src/crypto/axtls_aes.c
+++ b/src/crypto/axtls_aes.c
@@ -24,6 +24,7 @@ FILE_LICENCE ( GPL2_OR_LATER );
 #include <assert.h>
 #include <byteswap.h>
 #include <ipxe/crypto.h>
+#include <ipxe/ecb.h>
 #include <ipxe/cbc.h>
 #include <ipxe/aes.h>
 #include "crypto/axtls/crypto.h"
@@ -155,6 +156,10 @@ struct cipher_algorithm aes_algorithm = {
 	.decrypt = aes_decrypt,
 };
 
-/* AES with cipher-block chaining */
+/* AES in Electronic Codebook mode */
+ECB_CIPHER ( aes_ecb, aes_ecb_algorithm,
+	     aes_algorithm, struct aes_context, AES_BLOCKSIZE );
+
+/* AES in Cipher Block Chaining mode */
 CBC_CIPHER ( aes_cbc, aes_cbc_algorithm,
 	     aes_algorithm, struct aes_context, AES_BLOCKSIZE );
diff --git a/src/crypto/ecb.c b/src/crypto/ecb.c
new file mode 100644
index 00000000..3c9cf340
--- /dev/null
+++ b/src/crypto/ecb.c
@@ -0,0 +1,80 @@
+/*
+ * Copyright (C) 2009 Michael Brown <mbrown@fensystems.co.uk>.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 of the
+ * License, or any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA.
+ *
+ * You can also choose to distribute this program under the terms of
+ * the Unmodified Binary Distribution Licence (as given in the file
+ * COPYING.UBDL), provided that you have satisfied its requirements.
+ */
+
+FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+
+#include <assert.h>
+#include <ipxe/crypto.h>
+#include <ipxe/ecb.h>
+
+/** @file
+ *
+ * Electronic codebook (ECB)
+ *
+ */
+
+/**
+ * Encrypt data
+ *
+ * @v ctx		Context
+ * @v src		Data to encrypt
+ * @v dst		Buffer for encrypted data
+ * @v len		Length of data
+ * @v raw_cipher	Underlying cipher algorithm
+ */
+void ecb_encrypt ( void *ctx, const void *src, void *dst, size_t len,
+		   struct cipher_algorithm *raw_cipher ) {
+	size_t blocksize = raw_cipher->blocksize;
+
+	assert ( ( len % blocksize ) == 0 );
+
+	while ( len ) {
+		cipher_encrypt ( raw_cipher, ctx, src, dst, blocksize );
+		dst += blocksize;
+		src += blocksize;
+		len -= blocksize;
+	}
+}
+
+/**
+ * Decrypt data
+ *
+ * @v ctx		Context
+ * @v src		Data to decrypt
+ * @v dst		Buffer for decrypted data
+ * @v len		Length of data
+ * @v raw_cipher	Underlying cipher algorithm
+ */
+void ecb_decrypt ( void *ctx, const void *src, void *dst, size_t len,
+		   struct cipher_algorithm *raw_cipher ) {
+	size_t blocksize = raw_cipher->blocksize;
+
+	assert ( ( len % blocksize ) == 0 );
+
+	while ( len ) {
+		cipher_decrypt ( raw_cipher, ctx, src, dst, blocksize );
+		dst += blocksize;
+		src += blocksize;
+		len -= blocksize;
+	}
+}
diff --git a/src/include/ipxe/aes.h b/src/include/ipxe/aes.h
index 4e44f985..91e7483a 100644
--- a/src/include/ipxe/aes.h
+++ b/src/include/ipxe/aes.h
@@ -26,6 +26,7 @@ extern void axtls_aes_encrypt ( const AES_CTX *ctx, uint32_t *data );
 extern void axtls_aes_decrypt ( const AES_CTX *ctx, uint32_t *data );
 
 extern struct cipher_algorithm aes_algorithm;
+extern struct cipher_algorithm aes_ecb_algorithm;
 extern struct cipher_algorithm aes_cbc_algorithm;
 
 int aes_wrap ( const void *kek, const void *src, void *dest, int nblk );
diff --git a/src/include/ipxe/ecb.h b/src/include/ipxe/ecb.h
new file mode 100644
index 00000000..4e6aa3c8
--- /dev/null
+++ b/src/include/ipxe/ecb.h
@@ -0,0 +1,55 @@
+#ifndef _IPXE_ECB_H
+#define _IPXE_ECB_H
+
+/** @file
+ *
+ * Electronic codebook (ECB)
+ *
+ */
+
+FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+
+#include <ipxe/crypto.h>
+
+extern void ecb_encrypt ( void *ctx, const void *src, void *dst,
+			  size_t len, struct cipher_algorithm *raw_cipher );
+extern void ecb_decrypt ( void *ctx, const void *src, void *dst,
+			  size_t len, struct cipher_algorithm *raw_cipher );
+
+/**
+ * Create a cipher-block chaining mode of behaviour of an existing cipher
+ *
+ * @v _ecb_name		Name for the new ECB cipher
+ * @v _ecb_cipher	New cipher algorithm
+ * @v _raw_cipher	Underlying cipher algorithm
+ * @v _raw_context	Context structure for the underlying cipher
+ * @v _blocksize	Cipher block size
+ */
+#define ECB_CIPHER( _ecb_name, _ecb_cipher, _raw_cipher, _raw_context,	\
+		    _blocksize )					\
+static int _ecb_name ## _setkey ( void *ctx, const void *key,		\
+				  size_t keylen ) {			\
+	return cipher_setkey ( &_raw_cipher, ctx, key, keylen );	\
+}									\
+static void _ecb_name ## _setiv ( void *ctx, const void *iv ) {		\
+	cipher_setiv ( &_raw_cipher, ctx, iv );				\
+}									\
+static void _ecb_name ## _encrypt ( void *ctx, const void *src,		\
+				    void *dst, size_t len ) {		\
+	ecb_encrypt ( ctx, src, dst, len, &_raw_cipher );		\
+}									\
+static void _ecb_name ## _decrypt ( void *ctx, const void *src,		\
+				    void *dst, size_t len ) {		\
+	ecb_decrypt ( ctx, src, dst, len, &_raw_cipher );		\
+}									\
+struct cipher_algorithm _ecb_cipher = {					\
+	.name		= #_ecb_name,					\
+	.ctxsize	= sizeof ( _raw_context ),			\
+	.blocksize	= _blocksize,					\
+	.setkey		= _ecb_name ## _setkey,				\
+	.setiv		= _ecb_name ## _setiv,				\
+	.encrypt	= _ecb_name ## _encrypt,			\
+	.decrypt	= _ecb_name ## _decrypt,			\
+};
+
+#endif /* _IPXE_ECB_H */