arduino-libraries · andreagilardoni · May 4, 2026 · May 4, 2026 · May 4, 2026 · May 4, 2026
diff --git a/examples/CertificateSigningRequest/CertificateSigningRequest.ino b/examples/CertificateSigningRequest/CertificateSigningRequest.ino
@@ -34,20 +34,18 @@ void setup() {
   Serial.begin(9600);
   while (!Serial);
 
-  SecureElement secureElement;
-
-  if (!secureElement.begin()) {
+  if (!SecureElement.begin()) {
     Serial.println("No SecureElement present!");
     while (1);
   }
 
-  String serialNumber = secureElement.serialNumber();
+  String serialNumber = SecureElement.serialNumber();
 
   Serial.print("SecureElement Serial Number = ");
   Serial.println(serialNumber);
   Serial.println();
 
-  if (!secureElement.locked()) {
+  if (!SecureElement.locked()) {
     String lock = promptAndReadLine("The SecureElement on your board is not locked, would you like to PERMANENTLY configure and lock it now? (y/N)", "N");
     lock.toLowerCase();
 
@@ -56,12 +54,12 @@ void setup() {
       while (1);
     }
 
-    if (!secureElement.writeConfiguration()) {
+    if (!SecureElement.writeConfiguration()) {
       Serial.println("Writing SecureElement configuration failed!");
       while (1);
     }
 
-    if (!secureElement.lock()) {
+    if (!SecureElement.lock()) {
       Serial.println("Locking SecureElement configuration failed!");
       while (1);
     }
@@ -96,7 +94,7 @@ void setup() {
   CSR.setSubjectOrganizationalUnitName(organizationalUnit);
   CSR.setSubjectCommonName(common);
 
-  if (!SElementCSR::build(secureElement, CSR, slot.toInt(), generateNewKey.startsWith("y"))) {
+  if (!SElementCSR::build(SecureElement, CSR, slot.toInt(), generateNewKey.startsWith("y"))) {
     Serial.println("Error starting CSR generation!");
     while (1);
   }

diff --git a/examples/ConfigurationLocking/ConfigurationLocking.ino b/examples/ConfigurationLocking/ConfigurationLocking.ino
@@ -7,7 +7,7 @@
   https://github.com/arduino-libraries/ArduinoECCX08/blob/master/src/utility/ECCX08DefaultTLSConfig.h
 
   SE050 do not have EEPROM configuration and do not need to be locked
-  to work correctly. secureElement.locked() always returns true for SE050
+  to work correctly. SecureElement.locked() always returns true for SE050
   and the sketch does nothing.
 
   The circuit:
@@ -22,20 +22,18 @@ void setup() {
   Serial.begin(9600);
   while (!Serial);
 
-  SecureElement secureElement;
-
-  if (!secureElement.begin()) {
+  if (!SecureElement.begin()) {
     Serial.println("No SecureElement present!");
     while (1);
   }
 
-  String serialNumber = secureElement.serialNumber();
+  String serialNumber = SecureElement.serialNumber();
 
   Serial.print("SecureElement Serial Number = ");
   Serial.println(serialNumber);
   Serial.println();
 
-  if (!secureElement.locked()) {
+  if (!SecureElement.locked()) {
     String lock = promptAndReadLine("The SecureElement on your board is not locked, would you like to PERMANENTLY configure and lock it now? (y/N)", "N");
     lock.toLowerCase();
 
@@ -44,12 +42,12 @@ void setup() {
       while (1);
     }
 
-    if (!secureElement.writeConfiguration()) {
+    if (!SecureElement.writeConfiguration()) {
       Serial.println("Writing SecureElement configuration failed!");
       while (1);
     }
 
-    if (!secureElement.lock()) {
+    if (!SecureElement.lock()) {
       Serial.println("Locking SecureElement configuration failed!");
       while (1);
     }

diff --git a/examples/RandomNumber/RandomNumber.ino b/examples/RandomNumber/RandomNumber.ino
@@ -16,26 +16,24 @@
 
 #include <Arduino_SecureElement.h>
 
-SecureElement secureElement;
-
 void setup() {
   Serial.begin(9600);
   while (!Serial);
 
-  if (!secureElement.begin()) {
+  if (!SecureElement.begin()) {
     Serial.println("Failed to communicate with SecureElement!");
     while (1);
   }
 
-  if (!secureElement.locked()) {
+  if (!SecureElement.locked()) {
     Serial.println("The SecureElement is not locked!");
     while (1);
   }
 }
 
 void loop() {
   Serial.print("Random number = ");
-  Serial.println(secureElement.random(65535));
+  Serial.println(SecureElement.random(65535));
 
   delay(1000);
 }
diff --git a/examples/SelfSignedCertificate/SelfSignedCertificate.ino b/examples/SelfSignedCertificate/SelfSignedCertificate.ino
@@ -24,20 +24,18 @@ void setup() {
   Serial.begin(9600);
   while (!Serial);
 
-  SecureElement secureElement;
-
-  if (!secureElement.begin()) {
+  if (!SecureElement.begin()) {
     Serial.println("No SecureElement present!");
     while (1);
   }
 
-  String serialNumber = secureElement.serialNumber();
+  String serialNumber = SecureElement.serialNumber();
 
   Serial.print("SecureElement Serial Number = ");
   Serial.println(serialNumber);
   Serial.println();
 
-  if (!secureElement.locked()) {
+  if (!SecureElement.locked()) {
     String lock = promptAndReadLine("The SecureElement on your board is not locked, would you like to PERMANENTLY configure and lock it now? (y/N)", "N");
     lock.toLowerCase();
 
@@ -46,12 +44,12 @@ void setup() {
       while (1);
     }
 
-    if (!secureElement.writeConfiguration()) {
+    if (!SecureElement.writeConfiguration()) {
       Serial.println("Writing SecureElement configuration failed!");
       while (1);
     }
 
-    if (!secureElement.lock()) {
+    if (!SecureElement.lock()) {
       Serial.println("Locking SecureElement configuration failed!");
       while (1);
     }
@@ -78,15 +76,15 @@ void setup() {
   ECP256Certificate Certificate;
 
   Certificate.begin();
-  Certificate.setIssuerCommonName(secureElement.serialNumber());
-  Certificate.setSubjectCommonName(secureElement.serialNumber());
+  Certificate.setIssuerCommonName(SecureElement.serialNumber());
+  Certificate.setSubjectCommonName(SecureElement.serialNumber());
   Certificate.setIssueYear(issueYear.toInt());
   Certificate.setIssueMonth(issueMonth.toInt());
   Certificate.setIssueDay(issueDay.toInt());
   Certificate.setIssueHour(issueHour.toInt());
   Certificate.setExpireYears(expireYears.toInt());
 
-  if (!SElementCertificate::build(secureElement, Certificate, privateKeySlot.toInt(), generateNewKey.startsWith("y"), true /* self signed certificate */)) {
+  if (!SElementCertificate::build(SecureElement, Certificate, privateKeySlot.toInt(), generateNewKey.startsWith("y"), true /* self signed certificate */)) {
     Serial.println("Error starting certificate generation!");
     while (1);
   }

diff --git a/src/SecureElement.cpp b/src/SecureElement.cpp
@@ -8,72 +8,14 @@
   file, You can obtain one at http://mozilla.org/MPL/2.0/.
 */
 
-/******************************************************************************
- * INCLUDE
- ******************************************************************************/
-
-#include <SecureElementConfig.h>
 #include <SecureElement.h>
 
-/**************************************************************************************
- * CTOR/DTOR
- **************************************************************************************/
-SecureElement::SecureElement()
 #if defined(SECURE_ELEMENT_IS_SE050)
-: _secureElement {SE05X}
+SecureElementClass &SecureElement(SE05X);
 #elif defined(SECURE_ELEMENT_IS_ECCX08)
-: _secureElement {ECCX08}
+SecureElementClass &SecureElement(ECCX08);
 #elif defined(SECURE_ELEMENT_IS_SOFTSE)
-: _secureElement {SATSE}
+SecureElementClass &SecureElement(SATSE);
 #else
-
+#error "Undefined secure element implementation for the current platform"
 #endif
-{
-
-}
-
-/******************************************************************************
- * PUBLIC MEMBER FUNCTIONS
- ******************************************************************************/
-
-int SecureElement::SHA256(const uint8_t *buffer, size_t size, uint8_t *digest)
-{
-#if defined(SECURE_ELEMENT_IS_SOFTSE)
-  return _secureElement.SHA256(buffer, size, digest);
-#else
-  _secureElement.beginSHA256();
-  uint8_t * cursor = (uint8_t*)buffer;
-  uint32_t bytes_read = 0;
-#if defined(SECURE_ELEMENT_IS_SE050)
-  size_t outLen = 32;
-  for(; bytes_read + 64 < size; bytes_read += 64, cursor += 64) {
-    _secureElement.updateSHA256(cursor, 64);
-  }
-  _secureElement.updateSHA256(cursor, size - bytes_read);
-  return _secureElement.endSHA256(digest, &outLen);
-#else
-  for(; bytes_read + 64 < size; bytes_read += 64, cursor += 64) {
-    _secureElement.updateSHA256(cursor);
-  }
-  return _secureElement.endSHA256(cursor, size - bytes_read, digest);
-#endif
-#endif
-}
-
-int SecureElement::serialNumber(byte sn[], size_t length)
-{
-#if defined(SECURE_ELEMENT_IS_SE050)
-  return _secureElement.serialNumber(sn, length);
-#else
-  if (sn == nullptr || length < SE_SN_LENGTH) {
-    return 0;
-  }
-  uint8_t tmp[12];
-  if (!_secureElement.serialNumber(tmp)) {
-    return 0;
-  }
-  memcpy(sn, tmp, SE_SN_LENGTH);
-  return 1;
-#endif
-}
-
diff --git a/src/SecureElement.h b/src/SecureElement.h
@@ -46,55 +46,20 @@
 #endif
 
 /******************************************************************************
- * CLASS DECLARATION
+ * GLOBAL OBJECT DECLARATION
  ******************************************************************************/
 
-class SecureElement
-{
-public:
-
-  SecureElement();
-
-  inline int begin() { return _secureElement.begin(); }
-  inline void end() { return _secureElement.end(); }
-
-  inline int serialNumber(byte sn[]) { return _secureElement.serialNumber(sn); }
-  inline String serialNumber() { return _secureElement.serialNumber(); }
-  int serialNumber(byte sn[], size_t length);
-
-  inline long random(long min, long max) { return this->_secureElement.random(min, max); };
-  inline long random(long max) { return this->_secureElement.random(max); };
-
-  inline int generatePrivateKey(int slot, byte publicKey[]) { return _secureElement.generatePrivateKey(slot, publicKey); };
-  inline int generatePublicKey(int slot, byte publicKey[]) { return _secureElement.generatePublicKey(slot, publicKey); };
-
-  inline int ecdsaVerify(const byte message[], const byte signature[], const byte pubkey[]) { return _secureElement.ecdsaVerify(message, signature, pubkey); };
-  inline int ecSign(int slot, const byte message[], byte signature[]) { return _secureElement.ecSign(slot, message, signature); };
-
-  int SHA256(const uint8_t *buffer, size_t size, uint8_t *digest);
-
-  inline int readSlot(int slot, byte data[], int length) { return _secureElement.readSlot(slot, data, length); };
-  inline int writeSlot(int slot, const byte data[], int length) { return _secureElement.writeSlot(slot, data, length); };
-
-  inline int locked() { return _secureElement.locked(); }
-  inline int lock() { return _secureElement.lock(); }
-#if defined(SECURE_ELEMENT_IS_ECCX08)
-  inline int writeConfiguration(const byte config[] = ECCX08_DEFAULT_TLS_CONFIG) { return _secureElement.writeConfiguration(config); }
-#else
-  inline int writeConfiguration(const byte config[] = nullptr) { return _secureElement.writeConfiguration(config); }
-#endif
-
-private:
 #if defined(SECURE_ELEMENT_IS_SE050)
-  SE05XClass & _secureElement;
+using SecureElementClass = SE05XClass;
+extern SecureElementClass &SecureElement;
 #elif defined(SECURE_ELEMENT_IS_ECCX08)
-  ECCX08Class & _secureElement;
+using SecureElementClass = ECCX08Class;
+extern SecureElementClass &SecureElement;
 #elif defined(SECURE_ELEMENT_IS_SOFTSE)
-  SoftwareATSEClass & _secureElement;
+using SecureElementClass = SoftwareATSEClass;
+extern SecureElementClass &SecureElement;
 #else
-
+#error "Undefined secure element implementation for the current platform"
 #endif
 
-};
-
 #endif /* SECURE_ELEMENT_H_ */
diff --git a/src/utility/SElementArduinoCloudCertificate.cpp b/src/utility/SElementArduinoCloudCertificate.cpp
@@ -47,7 +47,7 @@ const char constexpr SElementArduinoCloudCertificate::SEACC_ISSUER_COMMON_NAME[]
  * PUBLIC MEMBER FUNCTIONS
  ******************************************************************************/
 
-int SElementArduinoCloudCertificate::write(SecureElement & se, ECP256Certificate & cert, const SElementArduinoCloudSlot certSlot)
+int SElementArduinoCloudCertificate::write(SecureElementClass & se, ECP256Certificate & cert, const SElementArduinoCloudSlot certSlot)
 {
 #if defined(SECURE_ELEMENT_IS_SE050) || defined(SECURE_ELEMENT_IS_SOFTSE)
   if (!se.writeSlot(static_cast<int>(certSlot), cert.bytes(), cert.length())) {
@@ -69,7 +69,7 @@ int SElementArduinoCloudCertificate::write(SecureElement & se, ECP256Certificate
   return 1;
 }
 
-int SElementArduinoCloudCertificate::read(SecureElement & se, ECP256Certificate & cert, const SElementArduinoCloudSlot certSlot, const SElementArduinoCloudSlot keySlot)
+int SElementArduinoCloudCertificate::read(SecureElementClass & se, ECP256Certificate & cert, const SElementArduinoCloudSlot certSlot, const SElementArduinoCloudSlot keySlot)
 {
 #if defined(SECURE_ELEMENT_IS_SE050) || defined(SECURE_ELEMENT_IS_SOFTSE)
   (void)keySlot;
@@ -146,7 +146,7 @@ int SElementArduinoCloudCertificate::signatureCompare(const byte * signatureA, c
 }
 
 int SElementArduinoCloudCertificate::rebuild(
-    SecureElement & se, ECP256Certificate & cert, const String & deviceId,
+    SecureElementClass & se, ECP256Certificate & cert, const String & deviceId,
     const String & notBefore, const String & notAfter, const String & serialNumber,
     const String & authorityKeyIdentifier, const String & signature,
     const SElementArduinoCloudSlot keySlot)

diff --git a/src/utility/SElementArduinoCloudCertificate.h b/src/utility/SElementArduinoCloudCertificate.h
@@ -26,10 +26,10 @@ class SElementArduinoCloudCertificate : public SElementCertificate
 {
 public:
 
-  static int write(SecureElement & se, ECP256Certificate & cert, const SElementArduinoCloudSlot certSlot);
-  static int read(SecureElement & se, ECP256Certificate & cert, const SElementArduinoCloudSlot certSlot, const SElementArduinoCloudSlot keySlot = SElementArduinoCloudSlot::Key);
+  static int write(SecureElementClass & se, ECP256Certificate & cert, const SElementArduinoCloudSlot certSlot);
+  static int read(SecureElementClass & se, ECP256Certificate & cert, const SElementArduinoCloudSlot certSlot, const SElementArduinoCloudSlot keySlot = SElementArduinoCloudSlot::Key);
   static int signatureCompare(const byte * signatureA, const String & signatureB);
-  static int rebuild(SecureElement & se, ECP256Certificate & cert, const String & deviceId,
+  static int rebuild(SecureElementClass & se, ECP256Certificate & cert, const String & deviceId,
                     const String & notBefore, const String & notAfter, const String & serialNumber,
                     const String & authorityKeyIdentifier, const String & signature,
                     const SElementArduinoCloudSlot keySlot = SElementArduinoCloudSlot::Key);
@@ -43,4 +43,4 @@ class SElementArduinoCloudCertificate : public SElementCertificate
 
 };
 
-#endif /* SECURE_ELEMENT_ARDUINO_CLOUD_CERTIFICATE_H_ */
+#endif /* SECURE_ELEMENT_ARDUINO_CLOUD_CERTIFICATE_H_ */
diff --git a/src/utility/SElementArduinoCloudDeviceId.cpp b/src/utility/SElementArduinoCloudDeviceId.cpp
@@ -14,7 +14,7 @@
 
 #include <utility/SElementArduinoCloudDeviceId.h>
 
-int SElementArduinoCloudDeviceId::write(SecureElement & se, String & deviceId, const SElementArduinoCloudSlot idSlot)
+int SElementArduinoCloudDeviceId::write(SecureElementClass & se, String & deviceId, const SElementArduinoCloudSlot idSlot)
 {
   byte device_id_bytes[ECP256_CERT_COMPRESSED_CERT_SLOT_LENGTH] = {0};
 
@@ -26,7 +26,7 @@ int SElementArduinoCloudDeviceId::write(SecureElement & se, String & deviceId, c
   return 1;
 }
 
-int SElementArduinoCloudDeviceId::read(SecureElement & se, String & deviceId, const SElementArduinoCloudSlot idSlot)
+int SElementArduinoCloudDeviceId::read(SecureElementClass & se, String & deviceId, const SElementArduinoCloudSlot idSlot)
 {
   byte device_id_bytes[ECP256_CERT_COMPRESSED_CERT_SLOT_LENGTH] = {0};