diff --git a/src/ble/sm.c b/src/ble/sm.c
index 09e61b09e..9c32ce188 100644
--- a/src/ble/sm.c
+++ b/src/ble/sm.c
@@ -178,6 +178,7 @@ static uint8_t sm_min_encryption_key_size;
 static uint8_t sm_auth_req = 0;
 static uint8_t sm_io_capabilities = IO_CAPABILITY_NO_INPUT_NO_OUTPUT;
 static uint8_t sm_slave_request_security;
+static uint32_t sm_fixed_legacy_pairing_passkey_in_display_role;
 #ifdef ENABLE_LE_SECURE_CONNECTIONS
 static uint8_t sm_have_ec_keypair;
 #endif
@@ -2930,13 +2931,19 @@ static void sm_handle_random_result(uint8_t * data){
 
         case SM_PH2_W4_RANDOM_TK:
         {
-            // map random to 0-999999 without speding much cycles on a modulus operation
-            uint32_t tk = little_endian_read_32(data,0);
-            tk = tk & 0xfffff;  // 1048575
-            if (tk >= 999999){
-                tk = tk - 999999;
-            } 
             sm_reset_tk();
+            uint32_t tk;
+            if (sm_fixed_legacy_pairing_passkey_in_display_role == 0xffffffff){
+                // map random to 0-999999 without speding much cycles on a modulus operation
+                tk = little_endian_read_32(data,0);
+                tk = tk & 0xfffff;  // 1048575
+                if (tk >= 999999){
+                    tk = tk - 999999;
+                } 
+            } else {
+                // override with pre-defined passkey
+                tk = sm_fixed_legacy_pairing_passkey_in_display_role;
+            }
             big_endian_store_32(setup->sm_tk, 12, tk);
             if (IS_RESPONDER(connection->sm_role)){
                 connection->sm_engine_state = SM_RESPONDER_PH1_SEND_PAIRING_RESPONSE;
@@ -3783,7 +3790,9 @@ void sm_init(void){
 
     sm_max_encryption_key_size = 16;
     sm_min_encryption_key_size = 7;
-    
+
+    sm_fixed_legacy_pairing_passkey_in_display_role = 0xffffffff;
+
 #ifdef ENABLE_CMAC_ENGINE
     sm_cmac_state  = CMAC_IDLE;
 #endif
@@ -3849,6 +3858,10 @@ void sm_test_use_fixed_ec_keypair(void){
 #endif
 }
 
+void sm_use_fixed_legacy_pairing_passkey_in_display_role(uint32_t passkey){
+    sm_fixed_legacy_pairing_passkey_in_display_role = passkey;
+}
+
 static sm_connection_t * sm_get_connection_for_handle(hci_con_handle_t con_handle){
     hci_connection_t * hci_con = hci_connection_for_handle(con_handle);
     if (!hci_con) return NULL;
diff --git a/src/ble/sm.h b/src/ble/sm.h
index 11ebd2f3c..24e040f72 100644
--- a/src/ble/sm.h
+++ b/src/ble/sm.h
@@ -290,6 +290,14 @@ int sm_le_device_index(hci_con_handle_t con_handle );
  */
 void sm_use_fixed_ec_keypair(uint8_t * qx, uint8_t * qy, uint8_t * d);
 
+/**
+ * @brief Set passkey used with LE Legacy Pairing when we generate and show it instead of random number
+ * @note Can be used to improve security over Just Works if no keyboard or displary are present and 
+ *       individual random passkey can be printed on the device during production
+ * @param passkey
+ */
+void sm_use_fixed_legacy_pairing_passkey_in_display_role(uint32_t passkey);
+
 /* API_END */
 
 // PTS testing