diff --git a/.github/workflows/test-x86-fsp-qemu.yml b/.github/workflows/test-x86-fsp-qemu.yml
index afd2edc00..6465c02eb 100644
--- a/.github/workflows/test-x86-fsp-qemu.yml
+++ b/.github/workflows/test-x86-fsp-qemu.yml
@@ -13,7 +13,7 @@ jobs:
       - name: install req
         run: |
           sudo apt-get update
-          sudo apt-get install --no-install-recommends -y -q nasm gcc-multilib qemu-system-x86 swtpm
+          sudo apt-get install --no-install-recommends -y -q nasm gcc-multilib qemu-system-x86 swtpm uuid-dev
       - name: setup git
         run: |
           git config --global user.email "you@example.com"
diff --git a/config/examples/sim-tpm-keystore.config b/config/examples/sim-tpm-keystore.config
index efd28516a..5bb7193b6 100644
--- a/config/examples/sim-tpm-keystore.config
+++ b/config/examples/sim-tpm-keystore.config
@@ -3,7 +3,7 @@ TARGET=sim
 SIGN?=ECC256
 HASH?=SHA256
 SPI_FLASH=0
-DEBUG=0
+DEBUG=1
 WOLFTPM=1
 
 # sizes should be multiple of system page size
diff --git a/config/examples/sim-tpm-measured.config b/config/examples/sim-tpm-measured.config
index af9319171..cfa124081 100644
--- a/config/examples/sim-tpm-measured.config
+++ b/config/examples/sim-tpm-measured.config
@@ -3,7 +3,7 @@ TARGET=sim
 SIGN?=ECC256
 HASH?=SHA256
 SPI_FLASH=0
-DEBUG=0
+DEBUG=1
 WOLFTPM=1
 
 # sizes should be multiple of system page size
diff --git a/config/examples/sim-tpm-seal.config b/config/examples/sim-tpm-seal.config
index ff1b94961..096ca1d0b 100644
--- a/config/examples/sim-tpm-seal.config
+++ b/config/examples/sim-tpm-seal.config
@@ -3,7 +3,7 @@ TARGET=sim
 SIGN?=ECC256
 HASH?=SHA256
 SPI_FLASH=0
-DEBUG=0
+DEBUG=1
 WOLFTPM=1
 
 # sizes should be multiple of system page size
diff --git a/config/examples/sim-tpm.config b/config/examples/sim-tpm.config
index 95639bf91..42b7405f2 100644
--- a/config/examples/sim-tpm.config
+++ b/config/examples/sim-tpm.config
@@ -4,7 +4,7 @@ TARGET=sim
 SIGN?=ECC256
 HASH?=SHA256
 SPI_FLASH=0
-DEBUG=0
+DEBUG=1
 WOLFTPM=1
 # enable offloading of asymmetric verify to TPM
 WOLFBOOT_TPM_VERIFY?=1
diff --git a/include/user_settings.h b/include/user_settings.h
index 2a1ada3d9..5e9e02209 100644
--- a/include/user_settings.h
+++ b/include/user_settings.h
@@ -421,6 +421,7 @@ extern int tolower(int c);
 #       define WOLFSSL_SP_NO_DYN_STACK
 #   endif
 #   if !defined(SECURE_PKCS11)
+#       define NO_WOLFSSL_MEMORY
 #       define WOLFSSL_NO_MALLOC
 #   endif
 #else
diff --git a/lib/wolfssl b/lib/wolfssl
index 00e42151c..65742c4a7 160000
--- a/lib/wolfssl
+++ b/lib/wolfssl
@@ -1 +1 @@
-Subproject commit 00e42151ca061463ba6a95adb2290f678cbca472
+Subproject commit 65742c4a7a21d58c5a065ae80a1b02541b839e43
diff --git a/src/xmalloc.c b/src/xmalloc.c
index f4aac6b24..5abb9095f 100644
--- a/src/xmalloc.c
+++ b/src/xmalloc.c
@@ -70,7 +70,7 @@ struct xmalloc_slot {
     /* SP MATH */
     #ifdef WOLFBOOT_SIGN_ECC256
         #define MP_SCHEME "SP ECC256"
-        #define MP_CURVE_SPECS_SIZE (76)
+        #define MP_CURVE_SPECS_SIZE (72)
         #ifdef WOLFSSL_SP_ARM_CORTEX_M_ASM
             #define MP_POINT_SIZE (196)
             #define MP_DIGITS_BUFFER_SIZE_0 (MP_DIGIT_SIZE * 18 * 8)
@@ -85,7 +85,7 @@ struct xmalloc_slot {
     #endif /* WOLFBOOT_SIGN_ECC256 */
     #ifdef WOLFBOOT_SIGN_ECC384
         #define MP_SCHEME "SP ECC384"
-        #define MP_CURVE_SPECS_SIZE (108)
+        #define MP_CURVE_SPECS_SIZE (104)
         #ifdef WOLFSSL_SP_ARM_CORTEX_M_ASM
             #define MP_POINT_SIZE (292)
             #define MP_DIGITS_BUFFER_SIZE_0 (MP_DIGIT_SIZE * 18 * 12)
@@ -101,7 +101,7 @@ struct xmalloc_slot {
     #endif /* WOLFBOOT_SIGN_ECC384 */
     #ifdef WOLFBOOT_SIGN_ECC521
         #define MP_SCHEME "SP ECC521"
-        #define MP_CURVE_SPECS_SIZE (148)
+        #define MP_CURVE_SPECS_SIZE (144)
         #ifdef WOLFSSL_SP_ARM_CORTEX_M_ASM
             #define MP_POINT_SIZE (412)
             #define MP_DIGITS_BUFFER_SIZE_0 (MP_DIGIT_SIZE * 18 * 17)
diff --git a/tools/test.mk b/tools/test.mk
index ffb1f2ecd..1cd9e20ee 100644
--- a/tools/test.mk
+++ b/tools/test.mk
@@ -991,13 +991,13 @@ test-size-all:
 	make clean
 	make test-size SIGN=ECC256 NO_ASM=1 LIMIT=13480
 	make keysclean
-	make test-size SIGN=RSA2048 LIMIT=11124
+	make test-size SIGN=RSA2048 LIMIT=11212
 	make clean
-	make test-size SIGN=RSA2048 NO_ASM=1 LIMIT=11696
+	make test-size SIGN=RSA2048 NO_ASM=1 LIMIT=11788
 	make keysclean
-	make test-size SIGN=RSA4096 LIMIT=11408
+	make test-size SIGN=RSA4096 LIMIT=11500
 	make clean
-	make test-size SIGN=RSA4096 NO_ASM=1 LIMIT=11984
+	make test-size SIGN=RSA4096 NO_ASM=1 LIMIT=12076
 	make keysclean
 	make test-size SIGN=ECC384 LIMIT=17504
 	make clean
@@ -1005,9 +1005,9 @@ test-size-all:
 	make keysclean
 	make test-size SIGN=ED448 LIMIT=13408
 	make keysclean
-	make test-size SIGN=RSA3072 LIMIT=11264
+	make test-size SIGN=RSA3072 LIMIT=11352
 	make clean
-	make test-size SIGN=RSA3072 NO_ASM=1 LIMIT=11804
+	make test-size SIGN=RSA3072 NO_ASM=1 LIMIT=11892
 	make keysclean
 	make test-size SIGN=LMS LMS_LEVELS=2 LMS_HEIGHT=5 LMS_WINTERNITZ=8 \
 		WOLFBOOT_SMALL_STACK=0 IMAGE_SIGNATURE_SIZE=2644 \