From Automotive HSM to IoT
When most people hear about Hardware Security Modules, they tend to think of the automotive industry. wolfHSM has spent years proving itself on Infineon AURIX TC3xx, ST SPC58, and similar high-end automotive parts, where a dedicated HSM core stands guard over keys, signing, and secure boot inside vehicles shipping at scale. That heritage is real, and it is not going away.
The interesting question for 2026 is whether the same security guarantees can be delivered to the much larger world of IoT devices, where adding a separate HSM coprocessor is a non-starter on cost and board area.
wolfHSM on STM32H5 TrustZone
We believe the answer is yes, and we are starting work on the integration that proves it. wolfSSL is bringing wolfHSM to the STM32H5 family, hosted inside the secure world by wolfBoot and exposed to non-secure applications through a single Arm TrustZone-M non-secure-callable bridge.
The same wolfHSM server you already trust on automotive silicon will run on the Cortex-M33, with no extra silicon, no second MCU, and no external secure element required. Your application talks to wolfCrypt the way it always has. The keys, the random number generator, and the symmetric and asymmetric crypto engines all live on the secure side, behind a hardware-enforced isolation boundary that the non-secure world cannot bypass.
Architecture
| Layer | World | What It Does |
|---|---|---|
| Application | Non-Secure | Calls wolfCrypt API as usual |
| NSC Bridge | TrustZone boundary | Single non-secure-callable entry point |
| wolfHSM Server | Secure | |
| wolfBoot | Secure | Signed boot, firmware update, NVM journaling |
| STM32H5 Hardware | Silicon | Cortex-M33, TrustZone-M, flash, SAU/IDAU |
Why This Matters
The threat model that drove HSM adoption in automotive is now the threat model for connected medical devices, smart meters, industrial sensors, building automation controllers, and consumer IoT. Each of these devices needs to protect long-lived keys, gate firmware updates with a signed boot path, and isolate cryptographic operations from a much larger and more exposed application.
With wolfHSM on STM32H5 TrustZone, developers get:
- A production-grade keystore with hardware-enforced isolation between the application and key material
- Two-partition NVM journaling on real flash, providing wear-leveled persistent key storage that survives power loss
- The full wolfBoot signed-update path, including dual-bank swap, rollback protection, and measured boot
- All on a single mainstream microcontroller with no external secure element, no second MCU, and no additional BOM cost
What Is Coming
Pull requests against the wolfBoot and wolfHSM repositories are landing in the coming weeks. We will follow up with a deeper write-up on the design, a flash recipe for the NUCLEO-H563ZI, and benchmarks once the work is merged.
If you have questions about any of the above, please contact us at facts@wolfssl.com or call us at +1 425 245 8247.
Download wolfSSL Now