We’re excited to announce that wolfHSM now supports Infineon’s AURIX™ TC4xx. We have wolfHSM running on the TC4xx, and an initial release is coming soon.
This brings wolfSSL’s portable, open-source HSM framework to Infineon’s next-generation AURIX platform, the successor to the widely deployed TC3xx family.
Why AURIX TC4xx?
Infineon’s AURIX™ TC4xx is the next generation of the TriCore family, purpose-built for the most demanding automotive and industrial workloads — from electrification and ADAS to next-generation ECUs and gateways. It pairs high-performance multicore TriCore processing with functional safety and a dedicated, hardware-isolated HSM core for security. That combination of performance, safety, and built-in secure processing makes the TC4xx an ideal foundation for a modern, hardware-backed HSM application — and a natural next home for wolfHSM.
Built on a Proven Foundation
The TC4xx port is aligned with our field-proven TC3xx port. That means the same client-server architecture, the same wolfCrypt-backed cryptography, and the same developer experience teams already know from TC3xx — now carried forward to the new silicon.
If you’re familiar with wolfHSM on the AURIX TC3xx, you’ll feel right at home. The wolfHSM server runs on the secure HSM core, and your TriCore application links against the wolfHSM client library to offload all sensitive cryptographic operations to the HSM core as remote procedure calls — with no additional logic required in your application. Sensitive data never leaves the HSM’s isolated memory.
Why wolfHSM on TC4xx?
- Automotive HSM use cases: secure boot, key storage, secure diagnostics, and OTA updates.
- Industrial HSM environments: factory provisioning, secure communications, and machine authentication.
- Crypto agility and post-quantum readiness: leverage any algorithm wolfCrypt supports, including post-quantum options like ML-DSA, ML-KEM, LMS, and XMSS — all under the protection of the HSM core.
- No vendor lock-in: an open-source foundation you can tailor to your exact use case, with a roadmap toward FIPS 140-3 and CNSA 2.0 compliance.
What’s Next: wolfBoot
The wolfHSM port is just the first step. Next up, we’re bringing wolfBoot to the TC4xx, mirroring the complete solution we already deliver on the TC3xx. With wolfBoot and the wolfHSM server running together on the AURIX HSM core, the entire boot chain gains a hardware-backed root of trust — only cryptographically authenticated firmware runs, across both the HSM and TriCore domains.
Want In?
With wolfHSM support for the AURIX TC4xx and wolfBoot on the way, we’d love to hear from teams building their next platform on it. Interested in early access or collaboration?
If you have questions about any of the above, please reach out to us at facts@wolfSSL.com or call us at +1 425 245 8247.
Download wolfSSL Now