diff --git a/crates/board/CHANGELOG.md b/crates/board/CHANGELOG.md
index e35cb1bca..f5ab9c383 100644
--- a/crates/board/CHANGELOG.md
+++ b/crates/board/CHANGELOG.md
@@ -1,6 +1,14 @@
 # Changelog
 
-## 0.3.1-git
+## 0.4.0-git
+
+### Major
+
+- Change crypto API to mention `Keysize`, `BlockSize`, and `OutputSize`
+
+### Minor
+
+- Add `UnsupportedCrypto` for partially implemented crypto
 
 ### Patch
 
diff --git a/crates/board/Cargo.lock b/crates/board/Cargo.lock
index c387d749f..9065ec623 100644
--- a/crates/board/Cargo.lock
+++ b/crates/board/Cargo.lock
@@ -575,7 +575,7 @@ checksum = "6a02e4885ed3bc0f2de90ea6dd45ebcbb66dacffe03547fadbb0eeae2770887d"
 
 [[package]]
 name = "wasefire-board-api"
-version = "0.3.1-git"
+version = "0.4.0-git"
 dependencies = [
  "aead",
  "aes",
diff --git a/crates/board/Cargo.toml b/crates/board/Cargo.toml
index b628e8a6a..f1e3f2f2d 100644
--- a/crates/board/Cargo.toml
+++ b/crates/board/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "wasefire-board-api"
-version = "0.3.1-git"
+version = "0.4.0-git"
 authors = ["Julien Cretin <cretin@google.com>"]
 license = "Apache-2.0"
 publish = true
diff --git a/crates/board/src/crypto.rs b/crates/board/src/crypto.rs
index 46b19dadd..4210cab13 100644
--- a/crates/board/src/crypto.rs
+++ b/crates/board/src/crypto.rs
@@ -14,9 +14,10 @@
 
 //! Cryptography interface.
 
-use crypto_common::{BlockSizeUser, Key, KeyInit, KeySizeUser, Output, OutputSizeUser};
-use digest::{FixedOutput, HashMarker, MacMarker, Update};
-use typenum::{U0, U12, U13, U16, U32, U4, U48};
+use crypto_common::{BlockSizeUser, Key, KeyInit, KeySizeUser, Output, OutputSizeUser, Reset};
+use digest::{FixedOutput, FixedOutputReset, HashMarker, MacMarker, Update};
+use generic_array::ArrayLength;
+use typenum::{U12, U128, U13, U16, U32, U4, U48, U64};
 
 use crate::{Support, Unsupported};
 
@@ -28,14 +29,31 @@ pub trait Api {
     type Aes128Ccm: aead::Api<U16, U13, U4>;
     type Aes256Gcm: aead::Api<U32, U12, U16>;
 
-    type HmacSha256: Support<bool> + KeyInit + Update + FixedOutput + MacMarker;
-    type HmacSha384: Support<bool> + KeyInit + Update + FixedOutput + MacMarker;
+    type HmacSha256: Support<bool> + Hmac<KeySize = U64, OutputSize = U32>;
+    type HmacSha384: Support<bool> + Hmac<KeySize = U128, OutputSize = U48>;
 
     type P256: Support<bool> + ecc::Api<U32>;
     type P384: Support<bool> + ecc::Api<U48>;
 
-    type Sha256: Support<bool> + Default + BlockSizeUser + Update + FixedOutput + HashMarker;
-    type Sha384: Support<bool> + Default + BlockSizeUser + Update + FixedOutput + HashMarker;
+    type Sha256: Support<bool> + Hash<BlockSize = U64, OutputSize = U32>;
+    type Sha384: Support<bool> + Hash<BlockSize = U128, OutputSize = U48>;
+}
+
+pub trait Hash: Default + BlockSizeUser + Update + FixedOutputReset + HashMarker {}
+pub trait Hmac: KeyInit + Update + FixedOutput + MacMarker {}
+
+impl<T: Default + BlockSizeUser + Update + FixedOutputReset + HashMarker> Hash for T {}
+impl<T: KeyInit + Update + FixedOutput + MacMarker> Hmac for T {}
+
+pub struct UnsupportedHash<Block: ArrayLength<u8> + 'static, Output: ArrayLength<u8> + 'static> {
+    _never: !,
+    _block: Block,
+    _output: Output,
+}
+pub struct UnsupportedHmac<Key: ArrayLength<u8> + 'static, Output: ArrayLength<u8> + 'static> {
+    _never: !,
+    _key: Key,
+    _output: Output,
 }
 
 pub type Aes128Ccm<B> = <super::Crypto<B> as Api>::Aes128Ccm;
@@ -47,92 +65,208 @@ pub type P384<B> = <super::Crypto<B> as Api>::P384;
 pub type Sha256<B> = <super::Crypto<B> as Api>::Sha256;
 pub type Sha384<B> = <super::Crypto<B> as Api>::Sha384;
 
+pub struct UnsupportedCrypto<T: Api>(T);
+
 macro_rules! software {
-    (#[cfg(feature = $feature:literal)] type $Name:ident = $impl:ty;) => {
+    (#[cfg(feature = $feature:literal)] type $Name:ident = $impl:ty | $Unsupported:ty;) => {
         #[cfg(feature = $feature)]
         type $Name = $impl;
         #[cfg(not(feature = $feature))]
-        type $Name = Unsupported;
+        type $Name = $Unsupported;
     };
 }
 
-impl Api for Unsupported {
+impl<T: Api> Api for UnsupportedCrypto<T> {
     software! {
         #[cfg(feature = "software-crypto-aes128-ccm")]
-        type Aes128Ccm = ccm::Ccm<aes::Aes128, U4, U13>;
+        type Aes128Ccm = ccm::Ccm<aes::Aes128, U4, U13> | Unsupported;
     }
     software! {
         #[cfg(feature = "software-crypto-aes256-gcm")]
-        type Aes256Gcm = aes_gcm::Aes256Gcm;
+        type Aes256Gcm = aes_gcm::Aes256Gcm | Unsupported;
     }
 
     software! {
         #[cfg(feature = "software-crypto-hmac-sha256")]
-        type HmacSha256 = hmac::SimpleHmac<Self::Sha256>;
+        type HmacSha256 = hmac::SimpleHmac<T::Sha256> | UnsupportedHmac<U64, U32>;
     }
     software! {
         #[cfg(feature = "software-crypto-hmac-sha384")]
-        type HmacSha384 = hmac::SimpleHmac<Self::Sha384>;
+        type HmacSha384 = hmac::SimpleHmac<T::Sha384> | UnsupportedHmac<U128, U48>;
     }
 
     software! {
         #[cfg(feature = "software-crypto-p256")]
-        type P256 = ecc::Software<p256::NistP256, Self::Sha256>;
+        type P256 = ecc::Software<p256::NistP256, T::Sha256> | Unsupported;
     }
     software! {
         #[cfg(feature = "software-crypto-p384")]
-        type P384 = ecc::Software<p384::NistP384, Self::Sha384>;
+        type P384 = ecc::Software<p384::NistP384, T::Sha384> | Unsupported;
     }
 
     software! {
         #[cfg(feature = "software-crypto-sha256")]
-        type Sha256 = sha2::Sha256;
+        type Sha256 = sha2::Sha256 | UnsupportedHash<U64, U32>;
     }
     software! {
         #[cfg(feature = "software-crypto-sha384")]
-        type Sha384 = sha2::Sha384;
+        type Sha384 = sha2::Sha384 | UnsupportedHash<U128, U48>;
     }
 }
 
-impl BlockSizeUser for Unsupported {
-    type BlockSize = U0;
+impl Api for Unsupported {
+    type Aes128Ccm = <UnsupportedCrypto<Self> as Api>::Aes128Ccm;
+    type Aes256Gcm = <UnsupportedCrypto<Self> as Api>::Aes256Gcm;
+    type HmacSha256 = <UnsupportedCrypto<Self> as Api>::HmacSha256;
+    type HmacSha384 = <UnsupportedCrypto<Self> as Api>::HmacSha384;
+    type P256 = <UnsupportedCrypto<Self> as Api>::P256;
+    type P384 = <UnsupportedCrypto<Self> as Api>::P384;
+    type Sha256 = <UnsupportedCrypto<Self> as Api>::Sha256;
+    type Sha384 = <UnsupportedCrypto<Self> as Api>::Sha384;
 }
 
-impl KeySizeUser for Unsupported {
-    type KeySize = U0;
+impl<B, O> BlockSizeUser for UnsupportedHash<B, O>
+where
+    B: ArrayLength<u8> + 'static,
+    O: ArrayLength<u8> + 'static,
+{
+    type BlockSize = B;
 }
 
-impl OutputSizeUser for Unsupported {
-    type OutputSize = U0;
+impl<B, O> OutputSizeUser for UnsupportedHash<B, O>
+where
+    B: ArrayLength<u8> + 'static,
+    O: ArrayLength<u8> + 'static,
+{
+    type OutputSize = O;
 }
 
-impl HashMarker for Unsupported {}
-impl MacMarker for Unsupported {}
+impl<B, O> HashMarker for UnsupportedHash<B, O>
+where
+    B: ArrayLength<u8> + 'static,
+    O: ArrayLength<u8> + 'static,
+{
+}
 
-impl Default for Unsupported {
+impl<B, O> Default for UnsupportedHash<B, O>
+where
+    B: ArrayLength<u8> + 'static,
+    O: ArrayLength<u8> + 'static,
+{
     fn default() -> Self {
         unreachable!()
     }
 }
 
-impl KeyInit for Unsupported {
+impl<B, O> Update for UnsupportedHash<B, O>
+where
+    B: ArrayLength<u8> + 'static,
+    O: ArrayLength<u8> + 'static,
+{
+    fn update(&mut self, _: &[u8]) {
+        unreachable!()
+    }
+}
+
+impl<B, O> FixedOutput for UnsupportedHash<B, O>
+where
+    B: ArrayLength<u8> + 'static,
+    O: ArrayLength<u8> + 'static,
+{
+    fn finalize_into(self, _: &mut Output<Self>) {
+        unreachable!()
+    }
+}
+
+impl<B, O> FixedOutputReset for UnsupportedHash<B, O>
+where
+    B: ArrayLength<u8> + 'static,
+    O: ArrayLength<u8> + 'static,
+{
+    fn finalize_into_reset(&mut self, _: &mut Output<Self>) {
+        unreachable!()
+    }
+}
+
+impl<B, O> Reset for UnsupportedHash<B, O>
+where
+    B: ArrayLength<u8> + 'static,
+    O: ArrayLength<u8> + 'static,
+{
+    fn reset(&mut self) {
+        unreachable!()
+    }
+}
+
+impl<B, O> Support<bool> for UnsupportedHash<B, O>
+where
+    B: ArrayLength<u8> + 'static,
+    O: ArrayLength<u8> + 'static,
+{
+    const SUPPORT: bool = false;
+}
+
+impl<K, O> KeySizeUser for UnsupportedHmac<K, O>
+where
+    K: ArrayLength<u8> + 'static,
+    O: ArrayLength<u8> + 'static,
+{
+    type KeySize = K;
+}
+
+impl<K, O> OutputSizeUser for UnsupportedHmac<K, O>
+where
+    K: ArrayLength<u8> + 'static,
+    O: ArrayLength<u8> + 'static,
+{
+    type OutputSize = O;
+}
+
+impl<K, O> MacMarker for UnsupportedHmac<K, O>
+where
+    K: ArrayLength<u8> + 'static,
+    O: ArrayLength<u8> + 'static,
+{
+}
+
+impl<K, O> KeyInit for UnsupportedHmac<K, O>
+where
+    K: ArrayLength<u8> + 'static,
+    O: ArrayLength<u8> + 'static,
+{
     fn new(_: &Key<Self>) -> Self {
         unreachable!()
     }
 }
 
-impl Update for Unsupported {
+impl<K, O> Update for UnsupportedHmac<K, O>
+where
+    K: ArrayLength<u8> + 'static,
+    O: ArrayLength<u8> + 'static,
+{
     fn update(&mut self, _: &[u8]) {
         unreachable!()
     }
 }
 
-impl FixedOutput for Unsupported {
+impl<K, O> FixedOutput for UnsupportedHmac<K, O>
+where
+    K: ArrayLength<u8> + 'static,
+    O: ArrayLength<u8> + 'static,
+{
     fn finalize_into(self, _: &mut Output<Self>) {
         unreachable!()
     }
 }
 
+impl<K, O> Support<bool> for UnsupportedHmac<K, O>
+where
+    K: ArrayLength<u8> + 'static,
+    O: ArrayLength<u8> + 'static,
+{
+    const SUPPORT: bool = false;
+}
+
 #[cfg(feature = "software-crypto-sha256")]
 impl crate::Supported for sha2::Sha256 {}
 
diff --git a/crates/runner-host/Cargo.lock b/crates/runner-host/Cargo.lock
index 5a90cc87c..bc3a17d0d 100644
--- a/crates/runner-host/Cargo.lock
+++ b/crates/runner-host/Cargo.lock
@@ -1019,7 +1019,7 @@ dependencies = [
 
 [[package]]
 name = "wasefire-board-api"
-version = "0.3.1-git"
+version = "0.4.0-git"
 dependencies = [
  "aead",
  "aes",
diff --git a/crates/runner-nordic/Cargo.lock b/crates/runner-nordic/Cargo.lock
index 1495edfc9..1abb2e534 100644
--- a/crates/runner-nordic/Cargo.lock
+++ b/crates/runner-nordic/Cargo.lock
@@ -1006,7 +1006,7 @@ dependencies = [
 
 [[package]]
 name = "wasefire-board-api"
-version = "0.3.1-git"
+version = "0.4.0-git"
 dependencies = [
  "aead",
  "aes",
diff --git a/crates/runner-nordic/src/tasks/crypto.rs b/crates/runner-nordic/src/tasks/crypto.rs
index 408b4f7fb..daa92b5cd 100644
--- a/crates/runner-nordic/src/tasks/crypto.rs
+++ b/crates/runner-nordic/src/tasks/crypto.rs
@@ -12,8 +12,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-use wasefire_board_api::crypto::Api;
-use wasefire_board_api::Unsupported;
+use wasefire_board_api::crypto::{Api, UnsupportedCrypto};
 
 mod ccm;
 
@@ -21,11 +20,11 @@ pub enum Impl {}
 
 impl Api for Impl {
     type Aes128Ccm = ccm::Impl;
-    type Aes256Gcm = Unsupported;
-    type HmacSha256 = Unsupported;
-    type HmacSha384 = Unsupported;
-    type P256 = Unsupported;
-    type P384 = Unsupported;
-    type Sha256 = Unsupported;
-    type Sha384 = Unsupported;
+    type Aes256Gcm = <UnsupportedCrypto<Self> as Api>::Aes256Gcm;
+    type HmacSha256 = <UnsupportedCrypto<Self> as Api>::HmacSha256;
+    type HmacSha384 = <UnsupportedCrypto<Self> as Api>::HmacSha384;
+    type P256 = <UnsupportedCrypto<Self> as Api>::P256;
+    type P384 = <UnsupportedCrypto<Self> as Api>::P384;
+    type Sha256 = <UnsupportedCrypto<Self> as Api>::Sha256;
+    type Sha384 = <UnsupportedCrypto<Self> as Api>::Sha384;
 }
diff --git a/crates/scheduler/CHANGELOG.md b/crates/scheduler/CHANGELOG.md
index 8dea831d9..1c0c812a9 100644
--- a/crates/scheduler/CHANGELOG.md
+++ b/crates/scheduler/CHANGELOG.md
@@ -43,4 +43,4 @@
 
 ## 0.1.0
 
-<!-- Increment to skip CHANGELOG.md test: 10 -->
+<!-- Increment to skip CHANGELOG.md test: 11 -->
diff --git a/crates/scheduler/Cargo.lock b/crates/scheduler/Cargo.lock
index e4945e138..557c727cd 100644
--- a/crates/scheduler/Cargo.lock
+++ b/crates/scheduler/Cargo.lock
@@ -413,7 +413,7 @@ dependencies = [
 
 [[package]]
 name = "wasefire-board-api"
-version = "0.3.1-git"
+version = "0.4.0-git"
 dependencies = [
  "crypto-common",
  "defmt",
diff --git a/crates/scheduler/Cargo.toml b/crates/scheduler/Cargo.toml
index f331bb220..efd675a9d 100644
--- a/crates/scheduler/Cargo.toml
+++ b/crates/scheduler/Cargo.toml
@@ -18,7 +18,7 @@ digest = { version = "0.10.7", default-features = false, features = ["mac"] }
 generic-array = { version = "0.14.7", default-features = false }
 typenum = { version = "1.16.0", default-features = false }
 wasefire-applet-api = { version = "0.3.0", path = "../api", features = ["host"] }
-wasefire-board-api = { version = "0.3.1-git", path = "../board" }
+wasefire-board-api = { version = "0.4.0-git", path = "../board" }
 wasefire-interpreter = { version = "0.1.2", path = "../interpreter", features = ["toctou"] }
 wasefire-logger = { version = "0.1.3-git", path = "../logger" }
 wasefire-store = { version = "0.2.0", path = "../store" }