wolfHSM Automotive Hardware Security Modules

Automotive HSMs (Hardware Security Modules) dramatically improve the security of cryptographic keys and cryptographic processing by isolating signature verification and cryptographic execution, which are the core of security, into physically independent processors. Automotive HSMs are mandatory or strongly recommended for ECU’s that require robust security. With this in mind, wolfSSL has ported our popular, well tested, and industry leading cryptographic library to run in popular Automotive HSMs like Aurix Tricore TC3XX.

wolfHSM provides a portable and open-source abstraction to hardware cryptography, non-volatile memory, and isolated secure processing that maximizes security and performance for ECUs. By integrating the wolfCrypt software crypto engine on hardware HSM’s like Infineon Aurix Tricore TC3XX, Chinese mandated government algorithms like SM2, SM3, SM4 are available. Additionally, Post Quantum Cryptography algos like Kyber, LMS, XMSS and others are easily made available to automotive users to meet customer requirements. At the same time, when hardware cryptographic processing is available on the HSM, we consume it to enhance performance.

Does Your ECU Need SSL/TLS?

The wolfSSL embedded TLS library is a lightweight, portable, C-language-based SSL/TLS library targeted at embedded and RTOS environments primarily because of its size, speed, and feature set. wolfSSL supports industry standards up to the current TLS 1.3 and DTLS 1.3, is up to 20 times smaller than OpenSSL, offers a simple API, an OpenSSL compatibility layer, TLS over CAN, static memory build, is backed by the robust wolfCrypt cryptography library, and much more.

Does Your ECU Need Secure Boot?

wolfBoot is a portable secure bootloader solution designed for bare-metal bootloaders and equipped with failsafe NVM controls. It offers comprehensive firmware authentication and update mechanisms, leveraging a minimalistic design and a tiny HAL API, which makes it fully independent from any operating system or bare-metal application. wolfBoot manages the flash interface and pre-boot environment, accurately measures and authenticates applications, and utilizes low-level hardware cryptography as needed. wolfBoot can use the wolfHSM client to support HSM-assisted application core secure boot. Additionally, wolfBoot can run on the HSM core to ensure the HSM server is intact, offering a secondary layer protection. This setup ensures a secure boot sequence, aligning well with the booting processes of HSM cores that rely on NVM support.

Hardware encryption support, TPM support, HSM support, and comprehensive professional support available worldwide, up to 24/7 level.

Supported HSM’s

  • Infineon Aurix TC3xx
  • Infineon Aurix TC4x (Coming soon)
  • Infineon Traveo T2G (Coming soon)
  • ST SPC58NN
  • Renesas RH850 (Coming soon)
  • Renesas RL78 (Coming soon)

Supported Chipmakers and Operating Environments

wolfHSM operates wherever wolfSSL is supported.

wolfHSM Features

  • Extensibility of cryptographic algorithms
  • Consistency with security functions
  • Integration with AUTOSAR
  • Integration with SHE+
  • Direct usage of HSM from wolfCrypt’s externalized API’s
  • PKCS11 interface available
  • TPM 2.0 interface available
  • Secure OnBoard Communication (SecOC) module integration available
  • Certificate handling available
  • Symmetric and Asymmetric keys and cryptography
  • Customization available
  • FIPS 140-3 available

wolfHSM Design for Automotive HSMs

Automotive Security Webinar

Talk to us at these upcoming events:

MOSA-Industry & Government Summit & Expo (Tech Connect World 2024)
Booth #419

National Harbor, MD, USA
June 17th to the 18th

Automotive Technologies Virtual Conference

June 20th
Live Webinar: Linux Kernel Module with FIPS 140-3

June 20th | 10am PT
RISC V Summit EU
Tabletop #3

Munich, Germany
June 25th to the 27th
Cybersecurity and Technology Innovation Conference
Booth: #1010

Dallas, TX, USA
July 29th to Aug 1st
Black Hat USA
Booth #2619

Las Vegas, NV
Aug 3rd to the 8th

Microchip Masters Conference

Scottsdale, AZ, USA
Aug 12th to the 14th

Booth #237

Novi, MI, USA
Aug 13th to the 15th


wolfSSL focuses on creating high-quality, portable, embedded security software. Our current products include the wolfSSL embedded TLS library, wolfCrypt embedded crypto engine, wolfMQTT, wolfSSH, and the wolfSSL JNI wrapper. As strong believers in open source, the majority of wolfSSL’s products are dual-licensed under both the GPLv2 and standard commercial licensing.

wolfSSL now supports TLS 1.3 Try it out today by downloading wolfSSL!

To learn more about wolfSSL and the wolfSSL embedded SSL/TLS library, we invite you to read our About Us page or visit the respective Product Page.


Are you curious about where wolfSSL products are used? wolfSSL is actively being used in a wide range of markets and products including the smart grid, IoT, industrial automation, connected home, M2M, auto industry, games, applications, databases, sensors, VoIP, routers, appliances, cloud services, and more.

Over 2 Billion applications and devices are secured with wolfSSL products.

To learn more about specific markets which are currently using wolfSSL products, please visit our Case Studies page.

Securing the connected world with wolfSSL seamless TPM 2.0 integration


Download White Paper