wolfHSM is designed to work with a broad range of different devices, almost out of the box: after coding in the very low-level hardware details, wolfHSM brings a full-fledged HSM solution. This includes the NVM storage layer, which allows securely storing anything from arbitrary objects to non-exportable encryption keys that never leave the HSM (check out wolfHSM’s latest keystore enhancements).
The abstraction used to model the NVM storage does not allow us to exploit all the features of the underlying flash on some particular devices. Making an optimal yet general abstraction is a hard problem, one that always implies trade-offs.
But we don’t want to sacrifice good hardware capabilities! The solution? Just create another, better-fitting NVM abstraction: the NVM Flash Log implementation (merged in PR#179).
When targeted to HSM hardware that has sufficient RAM, it offers different trade-offs compared to the already present NVM storage layer: simplicity over complexity and compile-time arbitrary write granularity while maintaining power-fail resistance. This comes in handy with flash devices that can work only with a specific write granularity (the minimum amount of data that can be written at the same time).
The layer is very simple for now and will be optimized for both memory consumption and speed.
Of course, it’s already providing power-fail resistance.
Stay tuned.
Are you interested in trying wolfHSM or in porting wolfHSM to a specific hardware device? Please let us know by writing an email to facts@wolfssl.com.
If you have questions about any of the above, please contact us at facts@wolfssl.com or call us at +1 425 245 8247.
Download wolfSSL Now