diff --git a/tests/conftest.py b/tests/conftest.py
index b295431..538de9f 100644
--- a/tests/conftest.py
+++ b/tests/conftest.py
@@ -310,8 +310,8 @@ class Device:
         resp = self.send(command=0x62, p1=keyid, p2=p2, data=list(data))
         return bytes(resp)
 
-    def import_dkek(self, dkek):
-        resp = self.send(cla=0x80, command=0x52, p1=0x0, p2=0x0, data=dkek)
+    def import_dkek(self, dkek, key_domain=0):
+        resp = self.send(cla=0x80, command=0x52, p1=0x0, p2=key_domain, data=dkek)
         return resp
 
     def import_key(self, pkey, dkek=None, purposes=None):
@@ -612,6 +612,8 @@ class Device:
     def derive_xkek(self, keyid, cert):
         self.send(cla=0x80, command=0x62, p1=keyid, p2=Algorithm.ALGO_EC_ECDH_XKEK.value, data=cert)
 
+    def delete_xkek(self, key_domain=0):
+        self.send(cla=0x80, command=0x52, p1=0x04, p2=key_domain)
 
 @pytest.fixture(scope="session")
 def device():
diff --git a/tests/pico-hsm/test_090_xkek.py b/tests/pico-hsm/test_090_xkek.py
index 2e0fe24..d9c1f21 100644
--- a/tests/pico-hsm/test_090_xkek.py
+++ b/tests/pico-hsm/test_090_xkek.py
@@ -48,7 +48,9 @@ def test_create_xkek(device):
     pub = ec.EllipticCurvePublicKey.from_encoded_point(ec.BrainpoolP256R1(), bytes(gskQ))
     assert(bytes(did) == int_to_bytes(pub.public_numbers().x)+int_to_bytes(pub.public_numbers().y))
 
+keyid = -1
 def test_derive_xkek(device):
+    global keyid
     keyid = device.generate_xkek_key()
 
     resp = device.list_keys()
@@ -71,5 +73,27 @@ def test_derive_xkek(device):
     resp = device.get_key_domain()
     assert(bytes(resp['kcv']) != b'\x00'*8)
 
+
+def test_delete_xkek(device):
+    device.delete_xkek()
+
+    resp = device.get_key_domain()
+    assert(bytes(resp['kcv']) == b'\x00'*8)
+
+def test_delete_domain_with_key(device):
+    with pytest.raises(APDUResponse) as e:
+        device.delete_key_domain()
+    assert(e.value.sw == SWCodes.SW_FILE_EXISTS.value)
+
     device.delete_file(DOPrefixes.KEY_PREFIX.value << 8 | keyid)
     device.delete_file(DOPrefixes.EE_CERTIFICATE_PREFIX.value << 8 | keyid)
+
+def test_delete_domain(device):
+    device.delete_key_domain()
+
+    resp = device.get_key_domain()
+    assert('kcv' not in resp)
+    assert('xkek' not in resp)
+    assert('error' in resp)
+    assert(resp['error'] == SWCodes.SW_REFERENCE_NOT_FOUND.value)
+