diff --git a/tests/api.c b/tests/api.c
index 85436a5ff..a60469466 100644
--- a/tests/api.c
+++ b/tests/api.c
@@ -422,7 +422,11 @@ enum {
     TESTING_ECC = 2
 };
 
+#ifdef WOLFSSL_QNX_CAAM
+static int devId = WOLFSSL_CAAM_DEVID;
+#else
 static int devId = INVALID_DEVID;
+#endif
 
 
 /*----------------------------------------------------------------------------*
diff --git a/wolfcrypt/benchmark/benchmark.c b/wolfcrypt/benchmark/benchmark.c
index b480f5d94..ee80c9089 100644
--- a/wolfcrypt/benchmark/benchmark.c
+++ b/wolfcrypt/benchmark/benchmark.c
@@ -752,7 +752,11 @@ static const char* bench_result_words2[][5] = {
 #endif
 
 /* Asynchronous helper macros */
+#ifdef WOLFSSL_QNX_CAAM
+static THREAD_LS_T int devId = WOLFSSL_CAAM_DEVID;
+#else
 static THREAD_LS_T int devId = INVALID_DEVID;
+#endif
 
 #ifdef WOLFSSL_ASYNC_CRYPT
     static WOLF_EVENT_QUEUE eventQueue;
diff --git a/wolfcrypt/src/cmac.c b/wolfcrypt/src/cmac.c
index c049e622c..95a0ee152 100644
--- a/wolfcrypt/src/cmac.c
+++ b/wolfcrypt/src/cmac.c
@@ -89,7 +89,7 @@ int wc_InitCmac(Cmac* cmac, const byte* key, word32 keySz,
     XMEMSET(cmac, 0, sizeof(Cmac));
 
     #ifdef WOLFSSL_QNX_CAAM
-        cmac->devId = 7; //always use caam devid when available
+    cmac->devId = WOLFSSL_CAAM_DEVID;
     #endif
     #ifdef WOLF_CRYPTO_CB
         if (cmac->devId != INVALID_DEVID) {
diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c
index 1618af558..7106ca936 100644
--- a/wolfcrypt/src/ecc.c
+++ b/wolfcrypt/src/ecc.c
@@ -4733,11 +4733,15 @@ static void wc_ecc_dump_oids(void)
 WOLFSSL_ABI
 ecc_key* wc_ecc_key_new(void* heap)
 {
+    int devId = INVALID_DEVID;
     ecc_key* key;
 
+#ifdef WOLFSSL_QNX_CAAM
+    devId = WOLFSSL_CAAM_DEVID;
+#endif
     key = (ecc_key*)XMALLOC(sizeof(ecc_key), heap, DYNAMIC_TYPE_ECC);
     if (key) {
-        if (wc_ecc_init_ex(key, heap, INVALID_DEVID) != 0) {
+        if (wc_ecc_init_ex(key, heap, devId) != 0) {
             XFREE(key, heap, DYNAMIC_TYPE_ECC);
             key = NULL;
         }
@@ -4797,11 +4801,6 @@ int wc_ecc_init_ex(ecc_key* key, void* heap, int devId)
     (void)devId;
 #endif
 
-    //@TODO for now set as CAAM operation for all
-#ifdef WOLFSSL_QNX_CAAM
-    key->devId = 7;//WOLFSSL_CAAM_DEVID
-#endif
-
 #if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A)
     key->slot = ATECC_INVALID_SLOT;
 #else
@@ -4845,7 +4844,11 @@ int wc_ecc_init_ex(ecc_key* key, void* heap, int devId)
 
 int wc_ecc_init(ecc_key* key)
 {
+#ifdef WOLFSSL_QNX_CAAM
+    return wc_ecc_init_ex(key, NULL, WOLFSSL_CAAM_DEVID);
+#else
     return wc_ecc_init_ex(key, NULL, INVALID_DEVID);
+#endif
 }
 
 #ifdef WOLF_CRYPTO_CB
diff --git a/wolfcrypt/src/port/caam/caam_driver.c b/wolfcrypt/src/port/caam/caam_driver.c
index 475038556..1429f1a70 100644
--- a/wolfcrypt/src/port/caam/caam_driver.c
+++ b/wolfcrypt/src/port/caam/caam_driver.c
@@ -678,7 +678,7 @@ int caamBlob(DESCSTRUCT* desc)
     inputSz = desc->buf[i].dataSz;
     if (desc->state && (desc->type == CAAM_BLOB_ENCAP)) {
         /* black keys with CCM have mac at the end */
-        inputSz += 16;
+        inputSz += BLACK_KEY_MAC_SZ;
     }
 
     vaddr = CAAM_ADR_MAP(desc->buf[i].data, inputSz, 1);
@@ -692,7 +692,7 @@ int caamBlob(DESCSTRUCT* desc)
     outputSz = desc->buf[i].dataSz;
     if (desc->state && (desc->type == CAAM_BLOB_DECAP)) {
         /* black keys with CCM have mac at the end */
-        outputSz += 16;
+        outputSz += BLACK_KEY_MAC_SZ;
     }
     vaddrOut = CAAM_ADR_MAP(desc->buf[i].data, outputSz, 0);
 
@@ -747,7 +747,7 @@ int caamAesCmac(DESCSTRUCT* desc, int sz, unsigned int args[4])
     desc->desc[desc->idx] = (CAAM_KEY | CAAM_CLASS1 | CAAM_NWB) + keySz;
     if (isBlackKey) {
         desc->desc[desc->idx] |= CAAM_LOAD_BLACK_KEY;
-        macSz = 16; /* copy over 16 additional bytes to account for mac */
+        macSz = BLACK_KEY_MAC_SZ;
     }
     desc->idx++;
     vaddr[vidx] = CAAM_ADR_MAP(desc->buf[0].data, desc->buf[0].dataSz + macSz, 1);
@@ -889,12 +889,12 @@ int caamECDSAMake(DESCSTRUCT* desc, CAAM_BUFFER* buf, unsigned int args[4])
         /* map secure partition to virtual address */
         phys = (CAAM_PAGE + (part << 12));
         buf[0].TheAddress = CAAM_ADR_TO_VIRTUAL(phys,
-               buf[0].Length + buf[1].Length + 16);/*add 16 for MAC on private*/
+               buf[0].Length + buf[1].Length + BLACK_KEY_MAC_SZ);
         desc->desc[desc->idx++] = phys;
 
         /* public x,y out */
-        buf[1].TheAddress = buf[0].TheAddress + 16 + buf[0].Length;
-        desc->desc[desc->idx++] = phys + 16 + buf[0].Length;
+        buf[1].TheAddress = buf[0].TheAddress + BLACK_KEY_MAC_SZ + buf[0].Length;
+        desc->desc[desc->idx++] = phys + BLACK_KEY_MAC_SZ + buf[0].Length;
     }
     else {
         vaddr[0] = CAAM_ADR_MAP(0, buf[0].Length, 0);
@@ -1309,7 +1309,7 @@ int caamTRNG(unsigned char *out, int outSz)
     }
 
     if (reg > CAAM_RTENT_MAX && sz > 0) {
-        return -1;//SizeIsTooLarge;
+        return -1;
     }
 
     /* handle non unsigned int size amount left over */
@@ -1353,12 +1353,13 @@ int caamKeyCover(DESCSTRUCT* desc, int sz, unsigned int args[4])
     /* add output */
     desc->desc[desc->idx++] = (CAAM_FIFO_S | CAAM_CLASS1 | desc->state) +
         desc->buf[i].dataSz;
-    vaddr[vidx] = CAAM_ADR_MAP(desc->buf[i].data, desc->buf[i].dataSz + 16, 0);
+    vaddr[vidx] = CAAM_ADR_MAP(desc->buf[i].data, desc->buf[i].dataSz +
+            BLACK_KEY_MAC_SZ, 0);
     desc->desc[desc->idx++] = CAAM_ADR_TO_PHYSICAL(vaddr[vidx],
-                desc->buf[i].dataSz + 16);
+            desc->buf[i].dataSz + BLACK_KEY_MAC_SZ);
 
 #if 0
-    /* sanity check can we load it? */
+    /* sanity check can we load it? used for debugging and testing */
     desc->desc[desc->idx++] = (CAAM_KEY | CAAM_CLASS1 | 0x500000) +
         desc->buf[i].dataSz;
     desc->desc[desc->idx++] = CAAM_ADR_TO_PHYSICAL(vaddr[1], desc->buf[1].dataSz);
@@ -1369,7 +1370,8 @@ int caamKeyCover(DESCSTRUCT* desc, int sz, unsigned int args[4])
     } while (err == CAAM_WAITING);
 
     CAAM_ADR_UNMAP(vaddr[0], desc->buf[0].data, desc->buf[0].dataSz, 0);
-    CAAM_ADR_UNMAP(vaddr[1], desc->buf[1].data, desc->buf[1].dataSz + 16, 1);
+    CAAM_ADR_UNMAP(vaddr[1], desc->buf[1].data, desc->buf[1].dataSz +
+            BLACK_KEY_MAC_SZ, 1);
     return err;
 }
 
diff --git a/wolfcrypt/src/port/caam/caam_qnx.c b/wolfcrypt/src/port/caam/caam_qnx.c
index 364e15ddb..334bbbd2a 100644
--- a/wolfcrypt/src/port/caam/caam_qnx.c
+++ b/wolfcrypt/src/port/caam/caam_qnx.c
@@ -275,13 +275,13 @@ static int doCMAC(resmgr_context_t *ctp, io_devctl_t *msg, unsigned int args[4],
 
     int msgSz = 0, ret, numBuf, keySz;
     unsigned char ctx[32];    /* running CMAC context is a constant 32 bytes */
-    unsigned char keybuf[48]; /*max AES key size is 32 + 16 byte black key MAC*/
+    unsigned char keybuf[32 + BLACK_KEY_MAC_SZ];/*max AES key size is 32 + MAC*/
     unsigned char *buf = NULL;
 
     numBuf = 2; /* start with 2 (key + ctx) for case with no msg input */
     keySz  = args[1];
     if (args[2] == 1) { /* is it a black key? */
-        keySz = keySz + 16;
+        keySz = keySz + BLACK_KEY_MAC_SZ;
     }
     SETIOV(&in_iovs[0], keybuf, keySz);
     SETIOV(&in_iovs[1], ctx, sizeof(ctx));
@@ -398,8 +398,8 @@ static int doBLOB(resmgr_context_t *ctp, io_devctl_t *msg, unsigned int args[4],
     iov_t in_iovs[2], out_iov;
 
     unsigned char *inBuf, *outBuf;
-    unsigned char keymod[16]; /* 16 is max size for keymod
-                               * (8 with red blobs and 16 with black) */
+    unsigned char keymod[BLACK_BLOB_KEYMOD_SZ];
+    /* 16 is max size for keymod (8 with red blobs and 16 with black) */
 
     if (msg->i.dcmd == WC_CAAM_BLOB_ENCAP) {
         dir = CAAM_BLOB_ENCAP;
@@ -414,8 +414,7 @@ static int doBLOB(resmgr_context_t *ctp, io_devctl_t *msg, unsigned int args[4],
     }
 
     if (args[0] == 1 && dir == CAAM_BLOB_ENCAP) {
-        /* black blob, add 16 for MAC */
-        inSz = inSz + 16;
+        inSz = inSz + BLACK_KEY_MAC_SZ;
     }
 
     SETIOV(&in_iovs[0], keymod, args[3]);
@@ -454,8 +453,7 @@ static int doBLOB(resmgr_context_t *ctp, io_devctl_t *msg, unsigned int args[4],
     }
 
     if (args[0] == 1 && dir == CAAM_BLOB_DECAP) {
-        /* 16 for MAC tag */
-        outBuf = (unsigned char*)CAAM_ADR_MAP(0, outSz + 16, 0);
+        outBuf = (unsigned char*)CAAM_ADR_MAP(0, outSz + BLACK_KEY_MAC_SZ, 0);
     }
     else {
         outBuf = (unsigned char*)CAAM_ADR_MAP(0, outSz, 0);
@@ -473,7 +471,7 @@ static int doBLOB(resmgr_context_t *ctp, io_devctl_t *msg, unsigned int args[4],
 
     /* adjust outSz for MAC tag at the end of black key */
     if (args[0] == 1 && dir == CAAM_BLOB_DECAP) {
-        outSz = outSz + 16;
+        outSz = outSz + BLACK_KEY_MAC_SZ;
     }
 
     if (ret != Success) {
@@ -879,8 +877,7 @@ static int doFIFO_S(resmgr_context_t *ctp, io_devctl_t *msg,
         return EBADMSG;
     }
 
-    /* plus 16 for MAC */
-    outBuf = (unsigned char*)CAAM_ADR_MAP(0, args[1] + 16, 0);
+    outBuf = (unsigned char*)CAAM_ADR_MAP(0, args[1] + BLACK_KEY_MAC_SZ, 0);
     if (outBuf == NULL) {
         CAAM_ADR_UNMAP(inBuf, 0, args[1], 0);
         return ECANCELED;
@@ -896,19 +893,19 @@ static int doFIFO_S(resmgr_context_t *ctp, io_devctl_t *msg,
     ret = caamKeyCover(&desc, 2, args);
     CAAM_ADR_UNMAP(inBuf, 0, args[1], 0);
     if (ret != Success) {
-        CAAM_ADR_UNMAP(outBuf, 0, args[1] + 16, 0);
+        CAAM_ADR_UNMAP(outBuf, 0, args[1] + BLACK_KEY_MAC_SZ, 0);
         return EBADMSG;
     }
 
-    if (args[1] + 16 > msg->o.nbytes) {
-        CAAM_ADR_UNMAP(outBuf, 0, args[1] + 16, 0);
+    if (args[1] + BLACK_KEY_MAC_SZ > msg->o.nbytes) {
+        CAAM_ADR_UNMAP(outBuf, 0, args[1] + BLACK_KEY_MAC_SZ, 0);
         WOLFSSL_MSG("would cause output buffer overflow");
         return EOVERFLOW;
     }
 
-    SETIOV(&out_iov, outBuf, args[1] + 16);
+    SETIOV(&out_iov, outBuf, args[1] + BLACK_KEY_MAC_SZ);
     resmgr_msgwritev(ctp, &out_iov, 1, sizeof(msg->o));
-    CAAM_ADR_UNMAP(outBuf, 0, args[1] + 16, 0);
+    CAAM_ADR_UNMAP(outBuf, 0, args[1] + BLACK_KEY_MAC_SZ, 0);
     return EOK;
 }
 
diff --git a/wolfcrypt/src/port/caam/wolfcaam_init.c b/wolfcrypt/src/port/caam/wolfcaam_init.c
index 43801ede9..65eb4e4ed 100644
--- a/wolfcrypt/src/port/caam/wolfcaam_init.c
+++ b/wolfcrypt/src/port/caam/wolfcaam_init.c
@@ -31,8 +31,6 @@
 #include <wolfssl/wolfcrypt/error-crypt.h>
 #include <wolfssl/wolfcrypt/port/caam/wolfcaam.h>
 
-#define WC_CAAM_BLOB_SZ 48
-
 /* determine which porting header to include */
 #if defined(__INTEGRITY) || defined(INTEGRITY)
     #ifndef WC_CAAM_PASSWORD
@@ -146,8 +144,6 @@ static int wc_CAAM_router(int devId, wc_CryptoInfo* info, void* ctx)
  */
 int wc_caamInit(void)
 {
-    int    ret;
-
     WOLFSSL_MSG("Starting interface with CAAM driver");
     if (CAAM_INIT_INTERFACE() != 0) {
         WOLFSSL_MSG("Error initializing CAAM");
@@ -198,9 +194,8 @@ int wc_caamInit(void)
     #endif
 #endif
 
-    (void)ret;
-    ret = wc_CryptoDev_RegisterDevice(WOLFSSL_CAAM_DEVID, wc_CAAM_router, NULL);
-    return 0;
+    return wc_CryptoDev_RegisterDevice(WOLFSSL_CAAM_DEVID, wc_CAAM_router,
+            NULL);
 }
 
 
@@ -305,7 +300,7 @@ int wc_caamCreateBlob_ex(byte* data, word32 dataSz, byte* out, word32* outSz,
     CAAM_BUFFER in[3];
     word32 arg[4];
     int ret;
-    byte local[16] = {0};
+    byte local[WC_CAAM_BLACK_KEYMOD_SZ] = {0};
     byte* keyMod;
     int   keyModSz;
 
@@ -319,22 +314,22 @@ int wc_caamCreateBlob_ex(byte* data, word32 dataSz, byte* out, word32* outSz,
     if (type == WC_CAAM_BLOB_RED) {
         arg[0] = 0;  
         if (mod != NULL) {
-            if (modSz != 8) {
+            if (modSz != WC_CAAM_RED_KEYMOD_SZ) {
                 WOLFSSL_MSG("bad key mod red size");
                 return BAD_FUNC_ARG;
             }
         }
-        keyModSz = 8;
+        keyModSz = WC_CAAM_RED_KEYMOD_SZ;
     }
     else if (type == WC_CAAM_BLOB_BLACK) {
         arg[0] = 1;
         if (mod != NULL) {
-            if (modSz != 16) {
+            if (modSz != WC_CAAM_BLACK_KEYMOD_SZ) {
                 WOLFSSL_MSG("bad key mod black size");
                 return BAD_FUNC_ARG;
             }
         }
-        keyModSz = 16;
+        keyModSz = WC_CAAM_BLACK_KEYMOD_SZ;
     }
     else {
         WOLFSSL_MSG("unknown blob type!");
@@ -388,7 +383,7 @@ int wc_caamOpenBlob_ex(byte* data, word32 dataSz, byte* out, word32* outSz,
     CAAM_BUFFER in[3];
     word32      arg[4];
     int   ret;
-    byte  local[16];
+    byte  local[WC_CAAM_BLACK_KEYMOD_SZ];
     byte* keyMod;
     int   keyModSz;
 
@@ -404,22 +399,22 @@ int wc_caamOpenBlob_ex(byte* data, word32 dataSz, byte* out, word32* outSz,
     if (type == WC_CAAM_BLOB_RED) {
         arg[0] = 0;  
         if (mod != NULL) {
-            if (modSz != 8) {
+            if (modSz != WC_CAAM_RED_KEYMOD_SZ) {
                 WOLFSSL_MSG("bad key mod red size");
                 return BAD_FUNC_ARG;
             }
         }
-        keyModSz = 8;
+        keyModSz = WC_CAAM_RED_KEYMOD_SZ;
     }
     else if (type == WC_CAAM_BLOB_BLACK) {
         arg[0] = 1;
         if (mod != NULL) {
-            if (modSz != 16) {
+            if (modSz != WC_CAAM_BLACK_KEYMOD_SZ) {
                 WOLFSSL_MSG("bad key mod black size");
                 return BAD_FUNC_ARG;
             }
         }
-        keyModSz = 16;
+        keyModSz = WC_CAAM_BLACK_KEYMOD_SZ;
     }
     else {
         WOLFSSL_MSG("unknown blob type!");
@@ -473,7 +468,6 @@ int wc_caamCoverKey(byte* in, word32 inSz, byte* out, word32* outSz, int flag)
     CAAM_BUFFER buf[2];
     word32 arg[4];
     int ret;
-    (void)flag;
 
     if (*outSz < inSz + WC_CAAM_MAC_SZ) {
         return BUFFER_E;
@@ -487,7 +481,8 @@ int wc_caamCoverKey(byte* in, word32 inSz, byte* out, word32* outSz, int flag)
     buf[1].TheAddress = (CAAM_ADDRESS)out;
     buf[1].Length = inSz;
 
-    arg[0] = 0x00140000; /* AES-CCM */
+    (void)flag; /* for now defaulting to use highest security AES-CCM here */
+    arg[0] = CAAM_FIFO_CCM_FLAG;
     arg[1] = inSz;
     if ((ret = wc_caamAddAndWait(buf, 2, arg, CAAM_FIFO_S)) != 0) {
         WOLFSSL_MSG("Error with CAAM blob create");
@@ -499,6 +494,9 @@ int wc_caamCoverKey(byte* in, word32 inSz, byte* out, word32* outSz, int flag)
 }
 
 
+/* return 0 or greater on success for the partition number available
+ * returns a negative value on failure
+ */
 int caamFindUnusuedPartition()
 {
     CAAM_BUFFER buf[1];
@@ -507,7 +505,7 @@ int caamFindUnusuedPartition()
 
     buf[0].BufferType = DataBuffer;
     buf[0].TheAddress = (CAAM_ADDRESS)&ret;
-    buf[0].Length = sizeof(int);
+    buf[0].Length     = sizeof(int);
 
     if ((wc_caamAddAndWait(buf, 1, arg, CAAM_FIND_PART)) != 0) {
         WOLFSSL_MSG("Error finding a partition to use");
@@ -518,6 +516,7 @@ int caamFindUnusuedPartition()
 }
 
 
+/* return the address of the given partition number "part" */
 CAAM_ADDRESS caamGetPartition(int part, int sz)
 {
     CAAM_BUFFER buf[1];
@@ -526,7 +525,7 @@ CAAM_ADDRESS caamGetPartition(int part, int sz)
 
     buf[0].BufferType = DataBuffer;
     buf[0].TheAddress = (CAAM_ADDRESS)(&ret);
-    buf[0].Length = sizeof(int);
+    buf[0].Length     = sizeof(int);
 
     arg[0] = part;
     arg[1] = sz;
diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c
index d734c3fd8..8c202f425 100644
--- a/wolfcrypt/test/test.c
+++ b/wolfcrypt/test/test.c
@@ -327,7 +327,11 @@ static void initDefaultName(void);
 #endif
 
 /* for async devices */
+#ifdef WOLFSSL_QNX_CAAM
+static int devId = WOLFSSL_CAAM_DEVID;
+#else
 static int devId = INVALID_DEVID;
+#endif
 
 #ifdef HAVE_WNR
     const char* wnrConfigFile = "wnr-example.conf";
diff --git a/wolfssl/wolfcrypt/port/caam/caam_driver.h b/wolfssl/wolfcrypt/port/caam/caam_driver.h
index f0d49b4ee..fa9ecc22a 100644
--- a/wolfssl/wolfcrypt/port/caam/caam_driver.h
+++ b/wolfssl/wolfcrypt/port/caam/caam_driver.h
@@ -383,4 +383,7 @@ struct DESCSTRUCT {
 
 #define MAX_ECDSA_VERIFY_ADDR 8
 #define MAX_ECDSA_SIGN_ADDR 8
+#define BLACK_KEY_MAC_SZ 16
+#define BLACK_BLOB_KEYMOD_SZ 16
+#define RED_BLOB_KEYMOD_SZ 8
 #endif /* CAAM_DRIVER_H */
diff --git a/wolfssl/wolfcrypt/port/caam/wolfcaam.h b/wolfssl/wolfcrypt/port/caam/wolfcaam.h
index 1bc803252..f2dd88620 100644
--- a/wolfssl/wolfcrypt/port/caam/wolfcaam.h
+++ b/wolfssl/wolfcrypt/port/caam/wolfcaam.h
@@ -72,6 +72,8 @@ WOLFSSL_API int wc_caamCoverKey(byte* in, word32 inSz, byte* out, word32* outSz,
 #define WC_CAAM_MAC_SZ 16
 #define WC_CAAM_BLOB_RED   1
 #define WC_CAAM_BLOB_BLACK 2
+#define WC_CAAM_RED_KEYMOD_SZ 8
+#define WC_CAAM_BLACK_KEYMOD_SZ 8
 
 #ifndef WOLFSSL_QNX_CAAM
     WOLFSSL_API int wc_caamSetResource(IODevice ioDev);
@@ -114,6 +116,7 @@ WOLFSSL_API int wc_caamCoverKey(byte* in, word32 inSz, byte* out, word32* outSz,
 #define CAAM_BLOB_ENCAP 0x07000000
 #define CAAM_BLOB_DECAP 0x06000000
 #define CAAM_FIFO_S   0x60000000
+#define CAAM_FIFO_CCM_FLAG 0x00140000
 
 #define CAAM_ENC    0x00000001
 #define CAAM_DEC    0x00000000