wolfHSM Automotive Hardware Security Modules

Automotive HSMs (Hardware Security Modules) dramatically improve the security of cryptographic keys and cryptographic processing by isolating signature verification and cryptographic execution, which are the core of security, into physically independent processors. Automotive HSMs are mandatory or strongly recommended for ECU’s that require robust security. With this in mind, wolfSSL has ported our popular, well tested, and industry leading cryptographic library to run in popular Automotive HSMs like Aurix Tricore TC3XX.

wolfHSM provides a portable and open-source abstraction to hardware cryptography, non-volatile memory, and isolated secure processing that maximizes security and performance for ECUs. By integrating the wolfCrypt software crypto engine on hardware HSM’s like Infineon Aurix Tricore TC3XX, Chinese mandated government algorithms like SM2, SM3, SM4 are available. Additionally, Post Quantum Cryptography algos like Kyber, LMS, XMSS and others are easily made available to automotive users to meet customer requirements. At the same time, when hardware cryptographic processing is available on the HSM, we consume it to enhance performance.

Does Your ECU Need SSL/TLS?

The wolfSSL embedded TLS library is a lightweight, portable, C-language-based SSL/TLS library targeted at embedded and RTOS environments primarily because of its size, speed, and feature set. wolfSSL supports industry standards up to the current TLS 1.3 and DTLS 1.3, is up to 20 times smaller than OpenSSL, offers a simple API, an OpenSSL compatibility layer, TLS over CAN, static memory build, is backed by the robust wolfCrypt cryptography library, and much more.

Does Your ECU Need Secure Boot?

wolfBoot is a portable secure bootloader solution designed for bare-metal bootloaders and equipped with failsafe NVM controls. It offers comprehensive firmware authentication and update mechanisms, leveraging a minimalistic design and a tiny HAL API, which makes it fully independent from any operating system or bare-metal application. wolfBoot manages the flash interface and pre-boot environment, accurately measures and authenticates applications, and utilizes low-level hardware cryptography as needed. wolfBoot can use the wolfHSM client to support HSM-assisted application core secure boot. Additionally, wolfBoot can run on the HSM core to ensure the HSM server is intact, offering a secondary layer protection. This setup ensures a secure boot sequence, aligning well with the booting processes of HSM cores that rely on NVM support.

Hardware encryption support, TPM support, HSM support, and comprehensive professional support available worldwide, up to 24/7 level.

Supported HSM’s

  • Infineon Aurix TC3xx
  • Infineon Aurix TC4x (Coming soon)
  • Infineon Traveo T2G (Coming soon)
  • ST SPC58NN
  • Renesas RH850 (Coming soon)
  • Renesas RL78 (Coming soon)

Supported Chipmakers and Operating Environments

wolfHSM operates wherever wolfSSL is supported.

wolfHSM Features

  • Extensibility of cryptographic algorithms
  • Consistency with security functions
  • Integration with AUTOSAR
  • Integration with SHE+
  • Direct usage of HSM from wolfCrypt’s externalized API’s
  • PKCS11 interface available
  • TPM 2.0 interface available
  • Secure OnBoard Communication (SecOC) module integration available
  • Certificate handling available
  • Symmetric and Asymmetric keys and cryptography
  • Customization available
  • FIPS 140-3 available

wolfHSM Design for Automotive HSMs

Automotive Security Webinar

Talk to us at these upcoming events:

Live Webinar: Medical Device Security: Key Strategies for cyber security and data protection

July 31st | 10am PT
Cybersecurity and Technology Innovation Conference
Booth: #1010

Dallas, TX, USA
July 29th to Aug 1st
Black Hat USA
Booth #2619

Las Vegas, NV
Aug 3rd to the 8th

Microchip Masters Conference

Scottsdale, AZ, USA
Aug 12th to the 14th

Booth #237

Novi, MI, USA
Aug 13th to the 15th
TechNet Augusta
Booth #T827

Augusta, GA, USA
Aug 20th to the 22nd
NXP Tech Days

Irvine, CA, USA
Aug 20th
Billington Cybersecurity Summit

Washington DC, USA
Sep 3rd to the 6th


wolfSSL focuses on creating high-quality, portable, embedded security software. Our current products include the wolfSSL embedded TLS library, wolfCrypt embedded crypto engine, wolfMQTT, wolfSSH, and the wolfSSL JNI wrapper. As strong believers in open source, the majority of wolfSSL’s products are dual-licensed under both the GPLv2 and standard commercial licensing.

wolfSSL now supports TLS 1.3 Try it out today by downloading wolfSSL!

To learn more about wolfSSL and the wolfSSL embedded SSL/TLS library, we invite you to read our About Us page or visit the respective Product Page.


Are you curious about where wolfSSL products are used? wolfSSL is actively being used in a wide range of markets and products including the smart grid, IoT, industrial automation, connected home, M2M, auto industry, games, applications, databases, sensors, VoIP, routers, appliances, cloud services, and more.

Over 2 Billion applications and devices are secured with wolfSSL products.

To learn more about specific markets which are currently using wolfSSL products, please visit our Case Studies page.

Securing the connected world with wolfSSL seamless TPM 2.0 integration


Download White Paper