diff --git a/CMakeLists.txt b/CMakeLists.txt
index ee5157b..23f5cd9 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -17,6 +17,14 @@
 
 cmake_minimum_required(VERSION 3.13)
 
+if(ESP_PLATFORM)
+set(EXTRA_COMPONENT_DIRS src pico-keys-sdk/src)
+include($ENV{IDF_PATH}/tools/cmake/project.cmake)
+set(USB_VID 0x20a0)
+set(USB_PID 0x4230)
+set(DEBUG_APDU 1)
+set(USB_ITF_CCID 1)
+else()
 if(ENABLE_EMULATION)
 else()
 include(pico_sdk_import.cmake)
@@ -27,8 +35,7 @@ project(pico_hsm C CXX ASM)
 set(CMAKE_C_STANDARD 11)
 set(CMAKE_CXX_STANDARD 17)
 
-if(ENABLE_EMULATION)
-else()
+if(NOT ENABLE_EMULATION)
 pico_sdk_init()
 endif()
 
@@ -40,7 +47,7 @@ if (__FOR_CI)
 endif()
 
 add_executable(pico_hsm)
-
+endif()
 set(SOURCES ${SOURCES}
         ${CMAKE_CURRENT_LIST_DIR}/src/hsm/sc_hsm.c
         ${CMAKE_CURRENT_LIST_DIR}/src/hsm/cmd_select.c
@@ -77,11 +84,14 @@ set(SOURCES ${SOURCES}
         )
 set(USB_ITF_CCID 1)
 include(pico-keys-sdk/pico_keys_sdk_import.cmake)
+if(ESP_PLATFORM)
+    project(pico_hsm)
+endif()
 
 set(INCLUDES ${INCLUDES}
         ${CMAKE_CURRENT_LIST_DIR}/src/hsm
         )
-
+if(NOT ESP_PLATFORM)
 target_sources(pico_hsm PUBLIC ${SOURCES})
 target_include_directories(pico_hsm PUBLIC ${INCLUDES})
 
@@ -120,3 +130,4 @@ else()
 pico_add_extra_outputs(pico_hsm)
 target_link_libraries(pico_hsm PRIVATE pico_keys_sdk pico_stdlib pico_multicore hardware_flash hardware_sync hardware_adc pico_unique_id hardware_rtc tinyusb_device tinyusb_board)
 endif()
+endif()
diff --git a/pico-keys-sdk b/pico-keys-sdk
index 151ae5f..1ba109b 160000
--- a/pico-keys-sdk
+++ b/pico-keys-sdk
@@ -1 +1 @@
-Subproject commit 151ae5fae4c5815042fce5d5cbcc06d76561dc9c
+Subproject commit 1ba109bd0a46bed18c097d750f5ebee568d734d4
diff --git a/sdkconfig.defaults b/sdkconfig.defaults
new file mode 100755
index 0000000..39b5b87
--- /dev/null
+++ b/sdkconfig.defaults
@@ -0,0 +1,18 @@
+# This file was generated using idf.py save-defconfig. It can be edited manually.
+# Espressif IoT Development Framework (ESP-IDF) Project Minimal Configuration
+#
+IGNORE_UNKNOWN_FILES_FOR_MANAGED_COMPONENTS=1
+
+CONFIG_TINYUSB=y
+
+CONFIG_PARTITION_TABLE_CUSTOM=y
+CONFIG_PARTITION_TABLE_CUSTOM_FILENAME="pico-keys-sdk/partitions.csv"
+CONFIG_PARTITION_TABLE_FILENAME="pico-keys-sdk/partitions.csv"
+CONFIG_ESPTOOLPY_FLASHSIZE_4MB=y
+CONFIG_WL_SECTOR_SIZE_512=y
+CONFIG_WL_SECTOR_MODE_PERF=y
+
+CONFIG_MBEDTLS_CHACHA20_C=y
+CONFIG_MBEDTLS_POLY1305_C=y
+CONFIG_MBEDTLS_CHACHAPOLY_C=y
+CONFIG_MBEDTLS_HKDF_C=y
diff --git a/src/hsm/CMakeLists.txt b/src/hsm/CMakeLists.txt
new file mode 100644
index 0000000..5a60962
--- /dev/null
+++ b/src/hsm/CMakeLists.txt
@@ -0,0 +1,6 @@
+idf_component_register(
+    SRCS ${SOURCES}
+    INCLUDE_DIRS . ../../pico-keys-sdk/src ../../pico-keys-sdk/src/fs ../../pico-keys-sdk/src/rng ../../pico-keys-sdk/src/usb
+    REQUIRES bootloader_support esp_partition esp_tinyusb zorxx__neopixel mbedtls
+)
+idf_component_set_property(${COMPONENT_NAME} WHOLE_ARCHIVE ON)
diff --git a/src/hsm/cmd_cipher_sym.c b/src/hsm/cmd_cipher_sym.c
index 6de1409..0014d14 100644
--- a/src/hsm/cmd_cipher_sym.c
+++ b/src/hsm/cmd_cipher_sym.c
@@ -15,16 +15,15 @@
  * along with this program. If not, see <http://www.gnu.org/licenses/>.
  */
 
-#include "common.h"
+#include "sc_hsm.h"
 #include "mbedtls/aes.h"
 #include "mbedtls/cmac.h"
 #include "mbedtls/hkdf.h"
 #include "mbedtls/chachapoly.h"
 #include "mbedtls/gcm.h"
-#include "md_wrap.h"
+//#include "mbedtls/md_wrap.h"
 #include "mbedtls/md.h"
 #include "crypto_utils.h"
-#include "sc_hsm.h"
 #include "kek.h"
 #include "asn1.h"
 #include "oid.h"
@@ -134,7 +133,7 @@ int mbedtls_ansi_x963_kdf(mbedtls_md_type_t md_type,
     }
 
     // keydatalen equals output_len
-    hashlen = md_info->size;
+    hashlen = mbedtls_md_get_size(md_info);
     if (output_len >= hashlen * ((1ULL << 32) - 1)) {
         return exit_code;
     }
@@ -349,7 +348,7 @@ int cmd_cipher_sym() {
             if (r != 0) {
                 return SW_EXEC_ERROR();
             }
-            res_APDU_size = md_info->size;
+            res_APDU_size = mbedtls_md_get_size(md_info);
         }
         else if (memcmp(oid.data, OID_HKDF_SHA256,
                         oid.len) == 0 ||
diff --git a/src/hsm/cmd_decrypt_asym.c b/src/hsm/cmd_decrypt_asym.c
index e68853e..fc9c904 100644
--- a/src/hsm/cmd_decrypt_asym.c
+++ b/src/hsm/cmd_decrypt_asym.c
@@ -15,10 +15,9 @@
  * along with this program. If not, see <http://www.gnu.org/licenses/>.
  */
 
-#include "common.h"
+#include "sc_hsm.h"
 #include "mbedtls/ecdh.h"
 #include "crypto_utils.h"
-#include "sc_hsm.h"
 #include "kek.h"
 #include "files.h"
 #include "asn1.h"
diff --git a/src/hsm/cmd_derive_asym.c b/src/hsm/cmd_derive_asym.c
index ff59009..03ded64 100644
--- a/src/hsm/cmd_derive_asym.c
+++ b/src/hsm/cmd_derive_asym.c
@@ -15,10 +15,9 @@
  * along with this program. If not, see <http://www.gnu.org/licenses/>.
  */
 
-#include "common.h"
+#include "sc_hsm.h"
 #include "mbedtls/ecdsa.h"
 #include "crypto_utils.h"
-#include "sc_hsm.h"
 #include "cvc.h"
 
 #define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E
diff --git a/src/hsm/cmd_extras.c b/src/hsm/cmd_extras.c
index a5c4499..a0818bc 100644
--- a/src/hsm/cmd_extras.c
+++ b/src/hsm/cmd_extras.c
@@ -15,11 +15,12 @@
  * along with this program. If not, see <http://www.gnu.org/licenses/>.
  */
 
-#include "common.h"
-#include "mbedtls/ecdh.h"
 #include "sc_hsm.h"
-#ifndef ENABLE_EMULATION
+#include "mbedtls/ecdh.h"
+#if !defined(ENABLE_EMULATION) && !defined(ESP_PLATFORM)
 #include "hardware/rtc.h"
+#else
+#include <sys/time.h>
 #endif
 #include "files.h"
 #include "random.h"
@@ -33,7 +34,7 @@ int cmd_extras() {
             return SW_INCORRECT_P1P2();
         }
         if (apdu.nc == 0) {
-#ifndef ENABLE_EMULATION
+#if !defined(ENABLE_EMULATION) && !defined(ESP_PLATFORM)
             datetime_t dt;
             if (!rtc_get_datetime(&dt)) {
                 return SW_EXEC_ERROR();
@@ -46,13 +47,26 @@ int cmd_extras() {
             res_APDU[res_APDU_size++] = dt.hour;
             res_APDU[res_APDU_size++] = dt.min;
             res_APDU[res_APDU_size++] = dt.sec;
+#else
+            struct timeval tv;
+            struct tm *tm;
+            gettimeofday(&tv, NULL);
+            tm = localtime(&tv.tv_sec);
+            res_APDU[res_APDU_size++] = (tm->tm_year + 1900) >> 8;
+            res_APDU[res_APDU_size++] = (tm->tm_year + 1900) & 0xff;
+            res_APDU[res_APDU_size++] = tm->tm_mon;
+            res_APDU[res_APDU_size++] = tm->tm_mday;
+            res_APDU[res_APDU_size++] = tm->tm_wday;
+            res_APDU[res_APDU_size++] = tm->tm_hour;
+            res_APDU[res_APDU_size++] = tm->tm_min;
+            res_APDU[res_APDU_size++] = tm->tm_sec;
 #endif
         }
         else {
             if (apdu.nc != 8) {
                 return SW_WRONG_LENGTH();
             }
-#ifndef ENABLE_EMULATION
+#if !defined(ENABLE_EMULATION) && !defined(ESP_PLATFORM)
             datetime_t dt;
             dt.year = (apdu.data[0] << 8) | (apdu.data[1]);
             dt.month = apdu.data[2];
@@ -64,6 +78,18 @@ int cmd_extras() {
             if (!rtc_set_datetime(&dt)) {
                 return SW_WRONG_DATA();
             }
+#else
+            struct tm tm;
+            struct timeval tv;
+            tm.tm_year = ((apdu.data[0] << 8) | (apdu.data[1])) - 1900;
+            tm.tm_mon = apdu.data[2];
+            tm.tm_mday = apdu.data[3];
+            tm.tm_wday = apdu.data[4];
+            tm.tm_hour = apdu.data[5];
+            tm.tm_min = apdu.data[6];
+            tm.tm_sec = apdu.data[7];
+            tv.tv_sec = mktime(&tm);
+            settimeofday(&tv, NULL);
 #endif
         }
     }
diff --git a/src/hsm/cmd_general_authenticate.c b/src/hsm/cmd_general_authenticate.c
index 64c5860..47aabc3 100644
--- a/src/hsm/cmd_general_authenticate.c
+++ b/src/hsm/cmd_general_authenticate.c
@@ -15,10 +15,9 @@
  * along with this program. If not, see <http://www.gnu.org/licenses/>.
  */
 
-#include "common.h"
+#include "sc_hsm.h"
 #include "mbedtls/ecdh.h"
 #include "asn1.h"
-#include "sc_hsm.h"
 #include "random.h"
 #include "oid.h"
 #include "eac.h"
diff --git a/src/hsm/cmd_initialize.c b/src/hsm/cmd_initialize.c
index cf19cb3..8a5ebb4 100644
--- a/src/hsm/cmd_initialize.c
+++ b/src/hsm/cmd_initialize.c
@@ -28,7 +28,7 @@ extern void scan_all();
 
 extern char __StackLimit;
 int heapLeft() {
-#ifndef ENABLE_EMULATION
+#if !defined(ENABLE_EMULATION) && !defined(ESP_PLATFORM)
     char *p = malloc(256);   // try to avoid undue fragmentation
     int left = &__StackLimit - p;
     free(p);
diff --git a/src/hsm/cmd_key_unwrap.c b/src/hsm/cmd_key_unwrap.c
index 1eb0ecb..85b8288 100644
--- a/src/hsm/cmd_key_unwrap.c
+++ b/src/hsm/cmd_key_unwrap.c
@@ -15,9 +15,8 @@
  * along with this program. If not, see <http://www.gnu.org/licenses/>.
  */
 
-#include "common.h"
-#include "crypto_utils.h"
 #include "sc_hsm.h"
+#include "crypto_utils.h"
 #include "kek.h"
 #include "cvc.h"
 
diff --git a/src/hsm/cvc.c b/src/hsm/cvc.c
index fcc722c..c2df5dc 100644
--- a/src/hsm/cvc.c
+++ b/src/hsm/cvc.c
@@ -15,9 +15,8 @@
  * along with this program. If not, see <http://www.gnu.org/licenses/>.
  */
 
-#include "common.h"
-#include "cvc.h"
 #include "sc_hsm.h"
+#include "cvc.h"
 #include "mbedtls/rsa.h"
 #include "mbedtls/ecdsa.h"
 #include <string.h>
diff --git a/src/hsm/cvc.h b/src/hsm/cvc.h
index 1eb217a..a0b878a 100644
--- a/src/hsm/cvc.h
+++ b/src/hsm/cvc.h
@@ -19,7 +19,7 @@
 #define _CVC_H_
 
 #include <stdlib.h>
-#ifndef ENABLE_EMULATION
+#if !defined(ENABLE_EMULATION) && !defined(ESP_PLATFORM)
 #include "pico/stdlib.h"
 #else
 #include <stdbool.h>
diff --git a/src/hsm/kek.c b/src/hsm/kek.c
index 4d317b8..66c0710 100644
--- a/src/hsm/kek.c
+++ b/src/hsm/kek.c
@@ -15,16 +15,14 @@
  * along with this program. If not, see <http://www.gnu.org/licenses/>.
  */
 
-#include <string.h>
-#include "common.h"
+#include "sc_hsm.h"
 #include "stdlib.h"
-#ifndef ENABLE_EMULATION
+#if !defined(ENABLE_EMULATION) && !defined(ESP_PLATFORM)
 #include "pico/stdlib.h"
 #endif
 #include "kek.h"
 #include "crypto_utils.h"
 #include "random.h"
-#include "sc_hsm.h"
 #include "mbedtls/md.h"
 #include "mbedtls/cmac.h"
 #include "mbedtls/rsa.h"
diff --git a/src/hsm/kek.h b/src/hsm/kek.h
index aa095cc..f0aca86 100644
--- a/src/hsm/kek.h
+++ b/src/hsm/kek.h
@@ -19,10 +19,11 @@
 #define _DKEK_H_
 
 #include "crypto_utils.h"
-#ifdef ENABLE_EMULATION
+#if defined(ENABLE_EMULATION) || defined(ESP_PLATFORM)
 #include <stdbool.h>
 #endif
 
+
 extern int load_mkek(uint8_t *);
 extern int store_mkek(const uint8_t *);
 extern int save_dkek_key(uint8_t, const uint8_t *key);
diff --git a/src/hsm/sc_hsm.c b/src/hsm/sc_hsm.c
index 70f7534..bd43567 100644
--- a/src/hsm/sc_hsm.c
+++ b/src/hsm/sc_hsm.c
@@ -17,7 +17,6 @@
 
 #include "sc_hsm.h"
 #include "files.h"
-#include "common.h"
 #include "version.h"
 #include "crypto_utils.h"
 #include "kek.h"
@@ -89,6 +88,7 @@ int sc_hsm_select_aid(app_t *a) {
 }
 
 INITIALIZER( sc_hsm_ctor ) {
+    printf("INITIALIZER\n");
     ccid_atr = atr_sc_hsm;
     register_app(sc_hsm_select_aid, sc_hsm_aid);
 }
diff --git a/src/hsm/sc_hsm.h b/src/hsm/sc_hsm.h
index fa8d3ff..e187d26 100644
--- a/src/hsm/sc_hsm.h
+++ b/src/hsm/sc_hsm.h
@@ -19,10 +19,14 @@
 #define _SC_HSM_H_
 
 #include <stdlib.h>
+#ifndef ESP_PLATFORM
 #include "common.h"
+#else
+#define MBEDTLS_ALLOW_PRIVATE_ACCESS
+#endif
 #include "mbedtls/rsa.h"
 #include "mbedtls/ecdsa.h"
-#ifndef ENABLE_EMULATION
+#if !defined(ENABLE_EMULATION) && !defined(ESP_PLATFORM)
 #include "pico/stdlib.h"
 #endif
 #include "file.h"