diff --git a/tf-psa-crypto/tests/suites/test_suite_psa_crypto_slot_management.data b/tf-psa-crypto/tests/suites/test_suite_psa_crypto_slot_management.data
index 560350c6ee..742f9b1ace 100644
--- a/tf-psa-crypto/tests/suites/test_suite_psa_crypto_slot_management.data
+++ b/tf-psa-crypto/tests/suites/test_suite_psa_crypto_slot_management.data
@@ -122,7 +122,18 @@ open_fail:PSA_KEY_ID_VENDOR_MAX + 1:PSA_ERROR_DOES_NOT_EXIST
 
 Open failure: invalid identifier (implementation range)
 depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C
-open_fail:PSA_KEY_ID_USER_MAX + 1:PSA_ERROR_DOES_NOT_EXIST
+# We need to avoid existing volatile key IDs. Normally there aren't any
+# existing volatile keys because the test case doesn't create any, but
+# in some configurations, the implementation or a driver creates a
+# volatile key during initialization for its own use. At the time of
+# writing, this happens in builds where AES uses a PSA driver and the
+# PSA RNG uses AES-CTR_DRBG through the PSA AES.
+# Pick a key id that's in the middle of the volatile key ID range.
+# That works out both when MBEDTLS_PSA_KEY_SLOT_DYNAMIC is enabled and
+# volatile key IDs are assigned starting with the lowest value, and when
+# MBEDTLS_PSA_KEY_SLOT_DYNAMIC is disabled and volatile key IDs are assigned
+# starting with the highest values.
+open_fail:(PSA_KEY_ID_VOLATILE_MIN + PSA_KEY_ID_VOLATILE_MAX) / 2:PSA_ERROR_DOES_NOT_EXIST
 
 Open failure: non-existent identifier
 depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C