SharePoint cannot use HSM based certificates for the Security Token Service. Allowing this type of certificates will increase the Security.

SharePoint has to Export the private Key of the used certificates to allow distributing the certificates to all Servers in the farm. This is not possible with HSM certificates.