diff --git a/.github/workflows/atecc608-sim.yml b/.github/workflows/atecc608-sim.yml
new file mode 100644
index 00000000000..daa4a7d7944
--- /dev/null
+++ b/.github/workflows/atecc608-sim.yml
@@ -0,0 +1,82 @@
+name: ATECC608 simulator test
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+# Build the ATECC608 software simulator (https://github.com/wolfSSL/simulators,
+# ATECC608Sim/ subdirectory), build wolfSSL against cryptoauthlib + the
+# simulator's TCP HAL, and run the wolfCrypt ATECC608 test binary against the
+# simulator.
+#
+# The simulator's own Dockerfile.wolfcrypt clones a pinned wolfSSL release.
+# We patch it to COPY the PR checkout instead so CI reflects the PR's source.
+# We also strip the inline test.c patch RUN block: those guard fixes now live
+# upstream in this tree, so re-applying them would fail with "patch target not
+# found". The remaining sed-based patches in the Dockerfile (atmel.c XMEMSET
+# swap and atmel_set_slot_allocator visibility) are no-ops on pre-patched
+# source and their grep validations still pass, so we leave them alone.
+
+env:
+  SIMULATORS_REF: 773fe70
+
+jobs:
+  atecc608_sim:
+    name: wolfCrypt against ATECC608 simulator
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-24.04
+    timeout-minutes: 30
+    steps:
+      - name: Checkout wolfSSL (PR source)
+        uses: actions/checkout@v4
+        with:
+          path: wolfssl-src
+
+      - name: Clone ATECC608 simulator
+        run: |
+          git clone https://github.com/wolfSSL/simulators simulators
+          cd simulators && git checkout "$SIMULATORS_REF"
+
+      - name: Stage PR wolfSSL into simulator build context
+        run: mv wolfssl-src simulators/ATECC608Sim/wolfssl
+
+      - name: Patch Dockerfile to use PR wolfSSL and drop redundant test.c patches
+        working-directory: simulators/ATECC608Sim
+        run: |
+          # Replace the (multi-line) `RUN git clone ... wolfssl.git /app/wolfssl`
+          # with a COPY of the PR checkout so CI tests the PR's source.
+          sed -i '/^RUN git clone --branch v5\.9\.1-stable/,/wolfssl\.git \/app\/wolfssl$/c\
+          COPY wolfssl /app/wolfssl' Dockerfile.wolfcrypt
+          # Fail fast if the pattern drifted upstream -- better a clear error
+          # than a CI run that silently tests a stale release.
+          grep -q '^ *COPY wolfssl /app/wolfssl$' Dockerfile.wolfcrypt
+          ! grep -q 'git clone .*wolfssl\.git' Dockerfile.wolfcrypt
+
+          # Strip the inline test.c patch RUN block -- those guard fixes now
+          # live upstream in this tree.
+          sed -i "/^RUN python3 - <<'PY'$/,/^PY$/d" Dockerfile.wolfcrypt
+          ! grep -q "RUN python3 - <<'PY'" Dockerfile.wolfcrypt
+
+      - uses: docker/setup-buildx-action@v3
+
+      - name: Build wolfCrypt-ATECC608 test image
+        uses: docker/build-push-action@v5
+        with:
+          context: simulators/ATECC608Sim
+          file: simulators/ATECC608Sim/Dockerfile.wolfcrypt
+          push: false
+          load: true
+          tags: wolfssl-atecc608-sim:ci
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      - name: Run wolfCrypt tests against simulator
+        run: docker run --rm wolfssl-atecc608-sim:ci
diff --git a/wolfcrypt/src/port/atmel/atmel.c b/wolfcrypt/src/port/atmel/atmel.c
index 08bbc2f664a..717802e5292 100644
--- a/wolfcrypt/src/port/atmel/atmel.c
+++ b/wolfcrypt/src/port/atmel/atmel.c
@@ -193,8 +193,10 @@ int wolfCrypt_ATECC_SetConfig(ATCAIfaceCfg* cfg)
         return -1;
     }
 
-    /* copy configuration into our local struct */
-    XMEMSET(&cfg_ateccx08a_i2c_pi, 0, sizeof(cfg_ateccx08a_i2c_pi));
+    /* Copy whole struct so non-I2C interface unions (e.g. atcacustom function
+     * pointers when iface_type == ATCA_CUSTOM_IFACE) survive. The field-by-
+     * field assignments below then refresh the I2C-specific fields. */
+    XMEMCPY(&cfg_ateccx08a_i2c_pi, cfg, sizeof(cfg_ateccx08a_i2c_pi));
     cfg_ateccx08a_i2c_pi.iface_type            = cfg->iface_type;
     cfg_ateccx08a_i2c_pi.devtype               = cfg->devtype;
 #ifdef ATCA_ENABLE_DEPRECATED
@@ -232,7 +234,7 @@ int atmel_ecc_translate_err(int status)
 }
 
 /* Function to set the slotId allocator and deallocator */
-int atmel_set_slot_allocator(atmel_slot_alloc_cb alloc,
+WOLFSSL_API int atmel_set_slot_allocator(atmel_slot_alloc_cb alloc,
                              atmel_slot_dealloc_cb dealloc)
 {
 #ifndef SINGLE_THREADED
diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c
index afcf8b4f3cd..c57fabd0497 100644
--- a/wolfcrypt/test/test.c
+++ b/wolfcrypt/test/test.c
@@ -36936,7 +36936,8 @@ static wc_test_ret_t ecc_test_curve(WC_RNG* rng, int keySize, int curve_id)
 #endif
 
 #if defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT) && \
-    !defined(NO_ASN_CRYPT) && !defined(WC_NO_RNG)
+    !defined(NO_ASN_CRYPT) && !defined(WC_NO_RNG) && \
+    !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A)
     ret = ecc_test_key_decode(rng, keySize);
     if (ret < 0) {
         if (ret == WC_NO_ERR_TRACE(ECC_CURVE_OID_E)) {
@@ -36949,7 +36950,8 @@ static wc_test_ret_t ecc_test_curve(WC_RNG* rng, int keySize, int curve_id)
     }
 #endif
 
-#if defined(HAVE_ECC_KEY_EXPORT) && !defined(NO_ASN_CRYPT) && !defined(WC_NO_RNG)
+#if defined(HAVE_ECC_KEY_EXPORT) && !defined(NO_ASN_CRYPT) && !defined(WC_NO_RNG) && \
+    !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A)
     ret = ecc_test_key_gen(rng, keySize);
     if (ret < 0) {
         if (ret == WC_NO_ERR_TRACE(ECC_CURVE_OID_E)) {
@@ -37399,7 +37401,8 @@ static wc_test_ret_t ecc_exp_imp_test(ecc_key* key)
 #endif /* HAVE_ECC_KEY_IMPORT && HAVE_ECC_KEY_EXPORT */
 
 #if defined(HAVE_ECC_KEY_IMPORT) && !defined(WOLFSSL_VALIDATE_ECC_IMPORT) && \
-    !defined(WOLFSSL_CRYPTOCELL) && !defined(WOLF_CRYPTO_CB_ONLY_ECC)
+    !defined(WOLFSSL_CRYPTOCELL) && !defined(WOLF_CRYPTO_CB_ONLY_ECC) && \
+    !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A)
 static wc_test_ret_t ecc_mulmod_test(ecc_key* key1)
 {
     wc_test_ret_t ret;
@@ -37581,8 +37584,10 @@ static wc_test_ret_t ecc_def_curve_test(WC_RNG *rng)
     #endif
     TEST_SLEEP();
 
-    #if defined(HAVE_ECC_DHE) && !defined(WOLFSSL_CRYPTOCELL) && \
-       !defined(WOLF_CRYPTO_CB_ONLY_ECC)
+    #if defined(HAVE_ECC_DHE) && !defined(WC_NO_RNG) && \
+       !defined(WOLF_CRYPTO_CB_ONLY_ECC) && !defined(WOLFSSL_ATECC508A) && \
+       !defined(WOLFSSL_ATECC608A) && !defined(PLUTON_CRYPTO_ECC) && \
+       !defined(WOLFSSL_CRYPTOCELL)
     ret = ecc_ssh_test(key, rng);
     if (ret < 0)
         goto done;
@@ -37627,13 +37632,15 @@ static wc_test_ret_t ecc_def_curve_test(WC_RNG *rng)
         goto done;
     }
 
-#if defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT)
+#if defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT) && \
+    !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A)
     ret = ecc_exp_imp_test(key);
     if (ret < 0)
         goto done;
 #endif
 #if defined(HAVE_ECC_KEY_IMPORT) && !defined(WOLFSSL_VALIDATE_ECC_IMPORT) && \
-    !defined(WOLFSSL_CRYPTOCELL)
+    !defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_ATECC508A) && \
+    !defined(WOLFSSL_ATECC608A)
     ret = ecc_mulmod_test(key);
     if (ret < 0)
         goto done;
diff --git a/wolfssl/wolfcrypt/port/atmel/atmel.h b/wolfssl/wolfcrypt/port/atmel/atmel.h
index 0a3e7c9949e..4b31b1be930 100644
--- a/wolfssl/wolfcrypt/port/atmel/atmel.h
+++ b/wolfssl/wolfcrypt/port/atmel/atmel.h
@@ -100,7 +100,7 @@ void atmel_ecc_free(int slotId);
 
 typedef int  (*atmel_slot_alloc_cb)(int);
 typedef void (*atmel_slot_dealloc_cb)(int);
-int atmel_set_slot_allocator(atmel_slot_alloc_cb alloc,
+WOLFSSL_API int atmel_set_slot_allocator(atmel_slot_alloc_cb alloc,
     atmel_slot_dealloc_cb dealloc);
 
 int  atmel_ecc_translate_err(int status);