Trust starts here: NXP's Secure Enclave powering the S32 Automotive Platform.
Unlike traditional security add-ons (SHE, HSMs), the HSE is more than just a cryptographic engine: it is a hardware-isolated Secure Enclave that autonomously enforces trust and platform security – protecting cryptographic keys, managing secure boot and updates, and enabling trusted operation throughout the product lifecycle.
It provides scalability and portability across different systems and applications built on NXP products – while maintaining a consistent API and user experience.
HSE provides tightly integrated, hardware-backed security services.
Seamless integration of security into applications and services.
Protects keys, credentials, and policies—even if software is compromised.
Including secure boot, secure debug, secure update, security monitoring, remote attestation, and configurable sanctions.
The HSE2 extends the Secure Enclave concept to support increasingly consolidated and virtualized vehicle architectures, and future-proof security. With full backward compatibility to the HSE API, HSE2 allows existing applications to be ported effortlessly, eliminating the need for redevelopment.
Using software-defined, hardware-enforced policies to safely integrate multiple virtual ECUs on a single SoC.
Enabling secure protocol offloading and line-speed cryptographic acceleration close to high-bandwidth interfaces.
Enabling quantum-resistant secure boot, firmware and software updates, and secure communications designed for long-term security.
The HSE goes beyond baseline security with features tailored to the needs of modern automotive systems, such as:
With Ultra-fast secure startup and runtime verification, scaling from small microcontrollers to high-performance multicore SoCs.
Using the HSE Trust Center, simplifying cryptographic key injection on the customer's factory floor and in the field.
With no practical limits to the number of keys or on size or quantity of certificates.
Enabling fine-grained control over how and when the security services are used.
Allowing key usage restrictions to be defined per application and adapted dynamically based on system state.
By integrating security at the silicon level, HSE helps automotive developers reduce complexity while strengthening protection:
Designed in alignment with ISO/SAE 21434; and supporting evolving cryptographic standards such as PQC.
See ISO/SAE 21434 certificate
SESIP certificates provide independent assurance of security and compliance for products in the S32 Automotive Platform.
Look for SESIP certificates for NXP and S32
The HSE is adopted across a broad range of automotive applications and validated against real-world customer requirements. By embedding a dedicated Secure Enclave directly into the S32 platform and selected complementary solutions, NXP enables vehicle architects to design systems that are secure by default and ready for the software defined future.