wolfSSL Inc. Announces wolfHSM for Automotive Hardware Security Modules

By Tiera Oliver

Associate Editor

Embedded Computing Design

June 07, 2024


wolfSSL Inc. Announces wolfHSM for Automotive Hardware Security Modules

EDMONDS, Wash., -- wolfSSL INC. announced its new product, wolfHSM, which are automotive HSMs (Hardware Security Modules) designed to improve the security of cryptographic keys and cryptographic processing by isolating signature verification and cryptographic execution into physically independent processors. 

wolfHSM provides a portable and open-source abstraction to hardware cryptography, non-volatile memory, and isolated secure processing to maximize security and performance for ECUs. By integrating the wolfCrypt software crypto engine on hardware HSMs like Infineon Aurix Tricore TC3XX, Chinese-mandated government algorithms like SM2, SM3, and SM4 are available. Additionally, Post Quantum Cryptography algos like Kyber, LMS, XMSS, and others are made available to automotive users to meet customer requirements. At the same time, when hardware cryptographic processing is available on the HSM, wolfSSL leverages it to enhance performance.

One of the consumers for wolfHSM is wolfBoot, a mature and portable secure bootloader solution designed for bare-metal bootloaders and equipped with failsafe NVM controls. It offers comprehensive firmware authentication and update mechanisms, leveraging a minimalistic design and a tiny HAL API, which makes it fully independent from any operating system or bare-metal application. wolfBoot manages the flash interface and pre-boot environment, accurately measures and authenticates applications, and utilizes low-level hardware cryptography as needed.

wolfBoot can use the wolfHSM client to support HSM-assisted application core secure boot, Additionally, wolfBoot can run on the HSM core to ensure the HSM server is intact, offering a secondary layer protection. This setup supports a secure boot sequence, aligning well with the booting processes of HSM cores that rely on NVM support.

Other wolfSSL products that consume cryptography can now consume HSMs via wolfHSM, including the company's flagship TLS 1.3 implementation, wolfSSH, and curl.

Extensibility of cryptographic algorithms:

With wolfHSM, you are not limited to fixed functions provided by hardware but can enhance and expand cryptographic algorithms and functions using software while maintaining high security at the hardware level.

For example, as post quantum cryptography becomes necessary in more requirements, wolfHSM allows you to seamlessly add it within the HSM without changing the hardware.

Migration from conventional technology:

wolfHSM provides an interface (API) that unifies traditional software-based cryptographic processing and HSM processing, allowing the implementation of HSM without major changes to the existing system structure.

Consistency with security functions:

In addition to being used as a standalone HSM, wolfHSM offers integration with security protocols such as wolfSSL, wolfSSH, and wolfBoot for secure firmware updates.

Integration with Autosar:

wolfHSM exposes the wolfCrypt API, which comes complete with an Autosar shim layer for compatibility.

The currently supported HSMs are as follows:

  • Infineon Aurix TC3xx
  • ST SPC58NN
  • Infineon Aurix TC4x (Coming soon)
  • Infineon Traveo T2G (Coming soon)
  • Renesas RH850 (Coming soon)
  • Renesas RL78 (Coming soon)

For more information, visit: www.wolfssl.com

Tiera Oliver, Associate Editor for Embedded Computing Design, is responsible for web content edits, product news, and constructing stories. She also assists with newsletter updates as well as contributing and editing content for ECD podcasts and the ECD YouTube channel. Before working at ECD, Tiera graduated from Northern Arizona University where she received her B.S. in journalism and political science and worked as a news reporter for the university’s student led newspaper, The Lumberjack.

More from Tiera