Hi jlewis,
Thanks for reaching out.
The core wolfHSM code does not rely on dynamic memory allocation, so the only thing that would need dynamic allocation would be wolfSSL/wolfCrypt (if configured as such). Some wolfHSM tests, simulated transports, or port-specific code for POSIX targets may use dynamic allocation, but this can be excluded by the end user.
It says:
"You can configure wolfSSL with --enable-staticmemory or by defining the WOLFSSL_STATIC_MEMORY macro. However, this feature is limited to basic TLS connections and currently is not supported in wolfCrypt."
And I've seen elsewhere that wolfCrypt is needed for wolfHSM.
Apologies, that FAQ is slightly outdated - there are wolfCrypt APIs that support static memory, specifically those that take a HEAP_HINT pointer. If you are using those APIs then you can guarantee everything is allocated statically. If APIs are used that don't support it when building with WOLFSSL_STATIC_MEMORY, then those calls will fail.
Also, do I need wolfHSM in order to run wolfSSL on an HSM? Or is it just helpful?
You can absolutely run just wolfSSL or wolfCrypt in your custom HSM application, but wolfHSM provides built-in functionality that will save you lots of time. We saw many customers spending considerable effort building custom HSM solutions with wolfSSL/wolfCrypt, which is why we developed a complete solution in wolfHSM that will work out-of-the-box.
Best,
Brett