diff --git a/src/wh_client_she.c b/src/wh_client_she.c
index f6850158..53315dd5 100644
--- a/src/wh_client_she.c
+++ b/src/wh_client_she.c
@@ -1,3 +1,26 @@
+/*
+ * Copyright (C) 2024 wolfSSL Inc.
+ *
+ * This file is part of wolfHSM.
+ *
+ * wolfHSM is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfHSM is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with wolfHSM.  If not, see <http://www.gnu.org/licenses/>.
+ */
+/*
+ * src/wh_client_she.c
+ *
+ */
+
 #include <stdint.h>
 #include <stdlib.h>  /* For NULL */
 #include <string.h>  /* For memset, memcpy */
diff --git a/src/wh_server_she.c b/src/wh_server_she.c
index 44d4a381..7e8cb84b 100644
--- a/src/wh_server_she.c
+++ b/src/wh_server_she.c
@@ -404,7 +404,8 @@ static int hsmSheLoadKey(whServerContext* server, whPacket* packet,
             &keySz);
         /* if the keyslot is empty or write protection is not on continue */
         if (ret == WH_ERROR_NOTFOUND ||
-            (meta->flags & WOLFHSM_SHE_FLAG_WRITE_PROTECT) == 0) {
+            (((whSheMetadata*)meta->label)->flags &
+            WOLFHSM_SHE_FLAG_WRITE_PROTECT) == 0) {
             keyRet = ret;
             ret = 0;
         }
@@ -415,8 +416,10 @@ static int hsmSheLoadKey(whServerContext* server, whPacket* packet,
     if (ret == 0 && XMEMEQZERO(packet->sheLoadKeyReq.messageOne,
         WOLFHSM_SHE_UID_SZ) == 1) {
         /* check wildcard */
-        if ((meta->flags & WOLFHSM_SHE_FLAG_WILDCARD) == 0)
+        if ((((whSheMetadata*)meta->label)->flags & WOLFHSM_SHE_FLAG_WILDCARD)
+            == 0) {
             ret = WH_SHE_ERC_KEY_UPDATE_ERROR;
+        }
     }
     /* compare to UID */
     else if (ret == 0 && XMEMCMP(packet->sheLoadKeyReq.messageOne,
@@ -427,7 +430,7 @@ static int hsmSheLoadKey(whServerContext* server, whPacket* packet,
     if (ret == 0 &&
         keyRet != WH_ERROR_NOTFOUND &&
         ntohl(*((uint32_t*)packet->sheLoadKeyReq.messageTwo) >> 4) <=
-        ntohl(meta->count)) {
+        ntohl(((whSheMetadata*)meta->label)->count)) {
         ret = WH_SHE_ERC_KEY_UPDATE_ERROR;
     }
     /* write key with counter */
@@ -435,8 +438,10 @@ static int hsmSheLoadKey(whServerContext* server, whPacket* packet,
         meta->id = MAKE_WOLFHSM_KEYID(WOLFHSM_KEYTYPE_SHE,
             server->comm->client_id,
             hsmShePopId(packet->sheLoadKeyReq.messageOne));
-        meta->flags = hsmShePopFlags(packet->sheLoadKeyReq.messageTwo);
-        meta->count = (*(uint32_t*)packet->sheLoadKeyReq.messageTwo >> 4);
+        ((whSheMetadata*)meta->label)->flags =
+            hsmShePopFlags(packet->sheLoadKeyReq.messageTwo);
+        ((whSheMetadata*)meta->label)->count =
+            (*(uint32_t*)packet->sheLoadKeyReq.messageTwo >> 4);
         meta->len = WOLFHSM_SHE_KEY_SZ;
         /* cache if ram key, overwrite otherwise */
         if ((meta->id & WOLFHSM_KEYID_MASK) == WOLFHSM_SHE_RAM_KEY_ID) {
@@ -480,7 +485,8 @@ static int hsmSheLoadKey(whServerContext* server, whPacket* packet,
     }
     if (ret == 0) {
         /* reset messageTwo with the nvm read counter, pad with a 1 bit */
-        *(uint32_t*)packet->sheLoadKeyReq.messageTwo = (meta->count << 4);
+        *(uint32_t*)packet->sheLoadKeyReq.messageTwo =
+            (((whSheMetadata*)meta->label)->count << 4);
         packet->sheLoadKeyReq.messageTwo[3] |= 0x08;
         /* encrypt the new counter */
         ret = wc_AesEncryptDirect(sheAes,
diff --git a/wolfhsm/wh_common.h b/wolfhsm/wh_common.h
index 7a6d11ba..6aaad411 100644
--- a/wolfhsm/wh_common.h
+++ b/wolfhsm/wh_common.h
@@ -96,7 +96,7 @@ typedef uint16_t whNvmFlags;
 /* HSM NVM metadata structure */
 enum {
     WOLFHSM_NVM_LABEL_LEN = 24,
-    WOLFHSM_NVM_METADATA_LEN = 40,
+    WOLFHSM_NVM_METADATA_LEN = 32,
     WOLFHSM_NVM_MAX_OBJECT_SIZE = 65535,
 };
 
@@ -112,8 +112,6 @@ typedef struct {
     whNvmFlags flags;       /* Growth */
     whNvmSize len;          /* Length of data in bytes */
     uint8_t label[WOLFHSM_NVM_LABEL_LEN];
-    uint32_t count;
-    uint8_t pad[4];
 } whNvmMetadata;
 /* static_assert(sizeof(whNvmMetadata) == WOLFHSM_NVM_METADATA_LEN) */
 
diff --git a/wolfhsm/wh_server_she.h b/wolfhsm/wh_server_she.h
index 824b057b..96568c32 100644
--- a/wolfhsm/wh_server_she.h
+++ b/wolfhsm/wh_server_she.h
@@ -32,6 +32,11 @@ enum WOLFHSM_SHE_SUBTYPE {
     WOLFHSM_SHE_EXTEND_SEED,
 };
 
+typedef struct {
+    uint32_t count;
+    uint32_t flags;
+} whSheMetadata;
+
 int wh_Server_HandleSheRequest(whServerContext* server,
     uint16_t action, uint8_t* data, uint16_t* size);
 #endif