[bogomipz]

The OP states:

"Smartcards and HSMs are essentially two “brands” for the same thing: a chip which guards access to the data stored within it, and will only allow that data to be accessed in certain ways or under certain conditions. HSMs are the “enterprise” label for such devices, whereas smartcards are essentially the same thing, only cheaper."

Yubikey(mentioned in the title) is a TOTP card that works with the HSM on the far end though. They serve different purposes. You load the tokens into the HSM device.

They aren't the same thing. What am I missing?

[brassic]

An HSM consists of some secure memory to store a secret and a program, and a processor to run the program to perform computations using the secret.

A Yubikey consists of some secure memory to store a secret and a program, and a processor to run the program to perform computations using the secret.

The programs are different but they are basically the same thing. The author wonders why there isn't a simple general purpose gadget you can load your own program on to. As long as the action of loading a program clears existing secrets, the device could be secure.

Or to put it another way, consider a Raspberry Pi acting as a router and as a Raspberry Pi acting as a media streamer. They have completely different purposes, but they are the same thing.

[bogomipz]

I see, thanks for the clarification. That makes sense.

[tjohns]

A Yubikey can be run either in TOTP mode, in U2F mode, or as a generic smartcard. (Or a combination of the above.) It's configurable.

I use a Yubikey that's configured both as a U2F token for Google, as well as a smartcard for PGP/SSH use.

And their core, the construction of a Yubikey, smartcard, and HSM are very similar. The core idea is that you have physically secure memory guarded by a dedicated cryptoprocessor, so that your secrets never have to be exposed to the host OS when performing a signing operation.