diff --git a/tests/hwsim/test_ap_eap.py b/tests/hwsim/test_ap_eap.py
index 9eebaf53f..f5f77faa5 100644
--- a/tests/hwsim/test_ap_eap.py
+++ b/tests/hwsim/test_ap_eap.py
@@ -363,6 +363,24 @@ def test_ap_wpa2_eap_sim_imsi_privacy_key(dev, apdev):
                 password="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581")
     eap_reauth(dev[0], "SIM")
 
+def test_ap_wpa2_eap_sim_imsi_privacy_attr(dev, apdev):
+    """WPA2-Enterprise connection using EAP-SIM and imsi_privacy_cert/attr"""
+    tls = dev[0].request("GET tls_library")
+    if not tls.startswith("OpenSSL"):
+        raise HwsimSkip("IMSI privacy not supported with this TLS library: " + tls)
+    check_hlr_auc_gw_support()
+    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
+    hapd = hostapd.add_ap(apdev[0], params)
+    tls = hapd.request("GET tls_library")
+    if not tls.startswith("OpenSSL"):
+        raise HwsimSkip("IMSI privacy not supported with this TLS library: " + tls)
+
+    eap_connect(dev[0], hapd, "SIM",
+                "1232010000000000@wlan.mnc232.mcc02.3gppnetwork.org",
+                imsi_privacy_cert="auth_serv/imsi-privacy-cert.pem",
+                imsi_privacy_attr="name=value",
+                password="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581")
+
 def test_ap_wpa2_eap_sim_sql(dev, apdev, params):
     """WPA2-Enterprise connection using EAP-SIM (SQL)"""
     check_hlr_auc_gw_support()
@@ -1148,6 +1166,24 @@ def test_ap_wpa2_eap_aka_imsi_privacy_key(dev, apdev):
                 password="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581:000000000123")
     eap_reauth(dev[0], "AKA")
 
+def test_ap_wpa2_eap_aka_imsi_privacy_attr(dev, apdev):
+    """WPA2-Enterprise connection using EAP-AKA and imsi_privacy_cert/attr"""
+    tls = dev[0].request("GET tls_library")
+    if not tls.startswith("OpenSSL"):
+        raise HwsimSkip("IMSI privacy not supported with this TLS library: " + tls)
+    check_hlr_auc_gw_support()
+    params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
+    hapd = hostapd.add_ap(apdev[0], params)
+    tls = hapd.request("GET tls_library")
+    if not tls.startswith("OpenSSL"):
+        raise HwsimSkip("IMSI privacy not supported with this TLS library: " + tls)
+
+    eap_connect(dev[0], hapd, "AKA",
+                "0232010000000000@wlan.mnc232.mcc02.3gppnetwork.org",
+                imsi_privacy_cert="auth_serv/imsi-privacy-cert.pem",
+                imsi_privacy_attr="Name=Value",
+                password="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581:000000000123")
+
 def test_ap_wpa2_eap_aka_imsi_privacy_key_expired(dev, apdev):
     """WPA2-Enterprise connection using EAP-AKA and expired imsi_privacy_cert"""
     tls = dev[0].request("GET tls_library")
diff --git a/tests/hwsim/test_ap_hs20.py b/tests/hwsim/test_ap_hs20.py
index 7255b1c45..c981b3547 100644
--- a/tests/hwsim/test_ap_hs20.py
+++ b/tests/hwsim/test_ap_hs20.py
@@ -530,7 +530,8 @@ def test_ap_hs20_select(dev, apdev):
                                  'domain': "example.org"})
     interworking_select(dev[0], bssid2, "home", freq="2412")
 
-def hs20_simulated_sim(dev, ap, method, imsi_privacy=False):
+def hs20_simulated_sim(dev, ap, method, imsi_privacy=False,
+                       imsi_privacy_attr=False):
     bssid = ap['bssid']
     params = hs20_ap_params()
     params['hessid'] = bssid
@@ -546,6 +547,8 @@ def hs20_simulated_sim(dev, ap, method, imsi_privacy=False):
         if not tls.startswith("OpenSSL"):
             raise HwsimSkip("IMSI privacy not supported with this TLS library: " + tls)
         params['imsi_privacy_cert'] = "auth_serv/imsi-privacy-cert.pem"
+        if imsi_privacy_attr:
+            params['imsi_privacy_attr'] = "Identifier=1234567"
     dev.add_cred_values(params)
     interworking_select(dev, bssid, "home", freq="2412")
     interworking_connect(dev, bssid, method)
@@ -615,6 +618,12 @@ def test_ap_hs20_aka_imsi_privacy(dev, apdev):
     hlr_auc_gw_available()
     hs20_simulated_sim(dev[0], apdev[0], "AKA", imsi_privacy=True)
 
+def test_ap_hs20_aka_imsi_privacy_attr(dev, apdev):
+    """Hotspot 2.0 with simulated USIM and EAP-AKA with IMSI privacy/attr"""
+    hlr_auc_gw_available()
+    hs20_simulated_sim(dev[0], apdev[0], "AKA", imsi_privacy=True,
+                       imsi_privacy_attr=True)
+
 def test_ap_hs20_aka_prime(dev, apdev):
     """Hotspot 2.0 with simulated USIM and EAP-AKA'"""
     hlr_auc_gw_available()
diff --git a/tests/hwsim/wpasupplicant.py b/tests/hwsim/wpasupplicant.py
index b864db30a..f95b2a61a 100644
--- a/tests/hwsim/wpasupplicant.py
+++ b/tests/hwsim/wpasupplicant.py
@@ -454,7 +454,8 @@ class WpaSupplicant:
                   "excluded_ssid", "milenage", "ca_cert", "client_cert",
                   "private_key", "domain_suffix_match", "provisioning_sp",
                   "roaming_partner", "phase1", "phase2", "private_key_passwd",
-                  "roaming_consortiums", "imsi_privacy_cert"]
+                  "roaming_consortiums", "imsi_privacy_cert",
+                  "imsi_privacy_attr"]
         for field in quoted:
             if field in params:
                 self.set_cred_quoted(id, field, params[field])
@@ -1083,7 +1084,7 @@ class WpaSupplicant:
                   "sae_password_id", "check_cert_subject",
                   "machine_ca_cert", "machine_client_cert",
                   "machine_private_key", "machine_phase2",
-                  "imsi_identity", "imsi_privacy_cert"]
+                  "imsi_identity", "imsi_privacy_cert", "imsi_privacy_attr"]
         for field in quoted:
             if field in kwargs and kwargs[field]:
                 self.set_network_quoted(id, field, kwargs[field])