We are using Trussed, which serves as a provider for e.g., cryptographic primitives (and file operations). Various different clients/apps are then attached to Trussed, e.g., Fido2 or OpenPGP Card. The latter realize the actual user-faced functionalities and use the backend via a request/response mechanism. Trussed receives a request (e.g., hash("abc")) and responds with whatever the request asked for. Quite recently we have extended Trussed to support multiple backends, which essentially means that the request can be dispatched to "somewhere" else instead of the pure software implementation. The SE050 is such a backend, which can be configured - so instead of e.g., hash("123") being executed by the software implementation, Trussed will dispatch the request towards the SE050. The SE050 will execute the operation and Trussed will pass the response on to the client. This especially means that for the client this will be mostly transparent, which is very beneficial for us, as this ensures that the client does not require any changes. On the backend side, the communication between the MCU and the SE050 is realized via I2C using APDUs.