diff --git a/CHANGELOG.md b/CHANGELOG.md
index 7b2126069..6f33a69a0 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -18,6 +18,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 - AVRCP/AVCTP: report AVRCP 1.6 and AVCTP 1.4 in SDP record
 - AVDTP Source: buffer for SBC media codec information got discarded, leading to invalid Set Configuration command in second connection
 - SM: only trigger Cross-Transport Key Derivation (CTKD) when bonding is enabled
+- SM: set LinkKey flag to request CTKD if enabled
 - SM: store CTKD key with Public Identity Address
 - SM: only allow CTKD to overwrite existing link key if derived key has same or higher authentication
 - HFP HF: fix response to AG Codec Selection while waiting for OK of parallel command
diff --git a/src/ble/sm.c b/src/ble/sm.c
index 3f8b2244d..e9dbe2a5c 100644
--- a/src/ble/sm.c
+++ b/src/ble/sm.c
@@ -60,8 +60,8 @@
 #error "LE Security Manager used, but neither ENABLE_LE_PERIPHERAL nor ENABLE_LE_CENTRAL defined. Please add at least one to btstack_config.h."
 #endif
 
-#if defined(ENABLE_CROSS_TRANSPORT_KEY_DERIVATION) && !defined(ENABLE_CLASSIC)
-#error "Cross Transport Key Derivation requires BR/EDR (Classic) support"
+#if defined(ENABLE_CROSS_TRANSPORT_KEY_DERIVATION) && (!defined(ENABLE_CLASSIC) || !defined(ENABLE_LE_SECURE_CONNECTIONS))
+#error "Cross Transport Key Derivation requires support for LE Secure Connections and BR/EDR (Classic)"
 #endif
 
 // assert SM Public Key can be sent/received
@@ -1051,6 +1051,12 @@ static int sm_key_distribution_flags_for_auth_req(void){
         flags |= SM_KEYDIST_ENC_KEY;
 #ifdef ENABLE_LE_SIGNED_WRITE
         flags |= SM_KEYDIST_SIGN;
+#endif
+#ifdef ENABLE_CROSS_TRANSPORT_KEY_DERIVATION
+        // LinkKey for CTKD requires SC
+        if (sm_auth_req & SM_AUTHREQ_SECURE_CONNECTION){
+        	flags |= SM_KEYDIST_LINK_KEY;
+        }
 #endif
     }
     return flags;