wolfSSL is proud to announce a major milestone: wolfHSM v2.0.0 for the Infineon AURIX TC3xx platform now features full integration with the wolfBoot secure bootloader, delivering a comprehensive hardware-backed security solution for automotive and industrial applications.
Complete Root of Trust for AURIX
This release represents the first complete integration of wolfSSL’s security ecosystem on Infineon’s AURIX TriCore architecture. The combined solution provides:
- Authenticated Firmware: Only cryptographically verified firmware executes on TriCore devices
- HSM-Backed Cryptography: All boot-time cryptographic operations offloaded to the HSM core
- Secure key storage: Sensitive keys for secure boot are confined to HSM-exclusive memory
With wolfBoot and the wolfHSM server running on the AURIX HSM core and wolfBoot leveraging the wolfHSM client on the TriCore application cores, the entire boot chain benefits from hardware-isolated security across both domains.
wolfBoot now runs as a secure bootloader on both the TriCore application cores and the HSM core itself, establishing a unified chain of trust from power-on through application startup:
- Boot Phase: wolfBoot on the TriCore cores and HSM core both perform secure boot operations, with the TriCore instance using the wolfHSM client to offload signature verification and decryption to the HSM core.
- Runtime Phase: Applications continue using wolfHSM for all cryptographic operations, with keys stored securely within the HSM.
The wolfBoot integration is OS-agnostic and can interoperate with any RTOS or bare-metal environment, including AUTOSAR stacks running on TC3xx platforms.
Availability
Due to NDA restrictions, access to the wolfHSM Infineon AURIX port is limited. For technical details, integration support, or to evaluate wolfHSM v2.0.0 with wolfBoot on AURIX TC3xx platforms, contact us at facts@wolfssl.com or call us at +1 425 245 8247.
Download wolfSSL Now