diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 3c328c4d50..d84d101dc5 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -6025,7 +6025,7 @@ exit:
 
 static const psa_key_generation_method_t default_method = PSA_KEY_GENERATION_METHOD_INIT;
 
-static int psa_key_generation_method_is_default(
+int psa_key_generation_method_is_default(
     const psa_key_generation_method_t *method,
     size_t method_data_length)
 {
diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h
index 3a9b02d0d4..965db94df3 100644
--- a/library/psa_crypto_core.h
+++ b/library/psa_crypto_core.h
@@ -396,6 +396,18 @@ psa_status_t psa_export_public_key_internal(
     const uint8_t *key_buffer, size_t key_buffer_size,
     uint8_t *data, size_t data_size, size_t *data_length);
 
+/** Whether a key generation method is the default.
+ *
+ * Calls to a key generation driver with a non-default method
+ * require a driver supporting custom methods.
+ *
+ * \param[in] method            The key generation method to check.
+ * \param method_data_length    Size of `method.data` in bytes.
+ */
+int psa_key_generation_method_is_default(
+    const psa_key_generation_method_t *method,
+    size_t method_data_length);
+
 /**
  * \brief Generate a key.
  *
diff --git a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.h.jinja b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.h.jinja
index b1a952b82d..10843c3f40 100644
--- a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.h.jinja
+++ b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.h.jinja
@@ -738,8 +738,18 @@ static inline psa_status_t psa_driver_wrapper_generate_key(
     psa_key_location_t location =
         PSA_KEY_LIFETIME_GET_LOCATION(attributes->core.lifetime);
 
-    /* TODO: if method is non-default, we need a driver that supports
-     * passing a method. */
+#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE)
+    int is_default_method =
+        psa_key_generation_method_is_default(method, method_data_length);
+    if( location != PSA_KEY_LOCATION_LOCAL_STORAGE && !is_default_method )
+    {
+        /* We don't support passing a custom method to drivers yet. */
+        return PSA_ERROR_NOT_SUPPORTED;
+    }
+#else
+    int is_default_method = 1;
+    (void) is_default_method;
+#endif
 
     /* Try dynamically-registered SE interface first */
 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
@@ -766,8 +776,10 @@ static inline psa_status_t psa_driver_wrapper_generate_key(
     {
         case PSA_KEY_LOCATION_LOCAL_STORAGE:
 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
-            /* Transparent drivers are limited to generating asymmetric keys */
-            if( PSA_KEY_TYPE_IS_ASYMMETRIC( attributes->core.type ) )
+            /* Transparent drivers are limited to generating asymmetric keys. */
+            /* We don't support passing a custom method to drivers yet. */
+            if( PSA_KEY_TYPE_IS_ASYMMETRIC( attributes->core.type ) &&
+                is_default_method )
             {
             /* Cycle through all known transparent accelerators */
 #if defined(PSA_CRYPTO_DRIVER_TEST)