Month: March 2021

wolfSSL software expansion package for STM32Cube is among the first to be MadeForSTM32 certified with V2 label! Having gone through the evaluation process, we’re pleased to announce that I-CUBE-WOLFSSL V4.6.0 is granted MadeForSTM32 V2, a new quality label introduced by STMicroelectronics for the STM32 microcontrollers ecosystem. 

 

wolfSSL offers support for STM32Cube Expansion Package enhanced for STM32 toolset, adding on to previous support for the STM32 Standard Peripheral Library as well as the STM32Cube HAL (Hardware Abstraction Layer). We’re making it easy for users to pull wolfSSL directly into STM32CubeMX and STM32CubeIDE projects.

 

Check out our product page for more information on the package. If you missed the webinar, watch the recording and demo here to learn how to use wolfSSL software expansion for STM32Cube.

 

 

 

wolfSSL focuses on providing lightweight and embedded security solutions with an emphasis on speed, size, portability, features, and standards compliance. With its SSL/TLS products and crypto library, wolfSSL is supporting high security designs in automotive, avionics and other industries. In avionics, wolfSSL supports complete RTCA DO-178C level A certification. In automotive, we support MISRA-C capabilities. For government consumers, wolfSSL has a strong history in FIPS 140-2, with upcoming FIPS 140-3. wolfSSL supports industry standards up to the current TLS 1.3 and DTLS 1.2, is up to 20 times smaller than OpenSSL, offers a simple API, an OpenSSL compatibility layer, is backed by the robust wolfCrypt cryptography library, 24×7 support and much more. Our products are open source, giving customers the freedom to look under the hood. 

 

Get the latest version of wolfSSL 4.7.0 from our download page!

Tell us about your projects! Write to facts@wolfSSL.com.  

 

Follow wolfSSL on Twitter: @wolfSSL

Follow ST: @ST_World

Benchmark values of the wolfSSL embedded SSL/TLS library running on Xilinx boards, including the ZCU102, have been collected and are up for viewing. Our friends over at Xilinx have a white paper posted that goes into detail about the benchmark values here: https://www.xilinx.com/support/documentation/white_papers/wp512-accel-crypto.pdf. This shows how much faster applications can perform secure operations when incorporating the hardware acceleration available on Xilinx devices. It also gives a demonstration of the performance trade-offs when choosing FreeRTOS versus an embedded Linux OS.

For questions about building wolfSSL to use hardware acceleration or other general inquiries about wolfSSL, please contact us at facts@wolfssl.com.

Most bootloaders do not use hardware acceleration and cryptography.

wolfSSL’s wolfBoot is an exception.

 

wolfBoot can use Secure Elements, such as ATECC508A. Thanks to integration with wolfTPM, wolfBoot can also leverage TPM 2.0, such as STMicroelectronics ST33, Infineon SLB9670, Nuvoton NPC750 and other TPM modules.

 

Thanks to wolfSSL’s cryptographic engine, wolfBoot can take advantage of the hardware acceleration for cryptography operations of many embedded and server platforms. Here are highlights of our platforms support list:

 

Manufacture Vendor	Platform
STMicroelectronics	STM32F1 / F2 / F4 / L1 / WB / F7 / H7 STM32L5 (with Trustzone support)
NXP	Kinetis K50 / K60 / K70 / K80
NXP	RT 1060 with DCP support, and LPC54xxx
NXP	iMX6 iMX7 iMX8 with CCAM support
Microchip	PIC32, MX and MZ series
Microchip (Atmel)	SAM R21
Cypress	PSoC6
Texas Instruments	TM4C1294 (ARM Cortex-M4F)
SiFive (RISC-V)	FE310 / HiFive1
Marvell (CAVIUM)	NITROX V, NITROX III
XILINX	Zynq UltraScale+
Intel and AMD x86	AES-NI, AVX1 / AVX2, RDRAND / RDSEED

 

wolfBoot is a solution for firmware update and authentication that can take advantage of your platform’s hardware acceleration and cryptography. This way we achieve a small memory footprint and high performance during secure updates over the air(OTA).

If you do not see your platform supported or have any questions, please contact us at support@wolfssl.com.

Hi! We continue to make progress on our upcoming FIPS 140-3 certification. We have now completed code review, and are working with our lab on operational testing. The process will be in NIST’s hands after that. Our goal is to be the first software cryptographic library with a FIPS 140-3 certification, and that looks like it is on track!

If you have questions on wolfCrypt’s FIPS 140-3 certificate, contact us at facts@wolfssl.com! For more information on wolfCrypt’s previous 140-2 certificates, visit our FIPS page here.

In wolfSSL release 4.7, the Linux kernel module implementation has been enhanced to use kvmalloc() and kvfree() for heap-based storage. The typical approach using kmalloc() allocates physically contiguous memory, with meaningful limitations on the maximum size of allocation and the impact of those allocations on other system components. kvmalloc(), by contrast, uses vmalloc() internally to make non-contiguous use of memory for large allocations, which is more efficient and less contentious. The wolfSSL kernel module now leverages this capability when targeted to Linux kernel 4.12 or newer, relaxing potential resource constraints and minimizing the likelihood of interference in the kernel.

For questions or help getting started using wolfSSL in your project, contact us at facts@wolfssl.com!  wolfSSL supports TLS 1.3, FIPS 140-2/140-3, DO-178C, and more!

wolfSSL release 4.7 includes --enable-reproducible-build, a new configuration option that suppresses the binary jitter (timestamps and other non-functional metadata) that is otherwise common in various build processes. With --enable-reproducible-build, test and release engineers can carefully align build environments, then generate bitwise-identical binary packages with identical hashes. Using --enable-reproducible-build, FOSS binary distributors can publish their build environment attributes and parameters, then third parties can verify binary distributions by replicating the build process and comparing hashes. Similar processes can be used internal to an organization to confirm the integrity of build environments and source archives.

For questions or help getting started using wolfSSL in your project, contact us at facts@wolfssl.com!  wolfSSL supports TLS 1.3, FIPS 140-2/140-3, DO-178C, and more!

Since version 1.7.1, wolfBoot provides support for secure boot on systems with a Trusted Execution Environment (TEE).

wolfBoot provides embedded developers with a code base that complies with the specification for the separation between secure and non-secure world, on those CPUs and microcontrollers that support it. On ARMv8 Cortex-A CPU and Cortex-M microcontrollers it is now possible to create a hardware-enforced separation between the two worlds, using the ARM TrustZone technology.

Our first reference implementation has been made in collaboration with ST using STM32L5 target. This device can be configured to keep the running application or operating system from accessing the Secure world resources, including the partition containing the bootloader itself on the FLASH memory, and other hardware resources that may be configured as secure at boot time.

For more information, check out the wolfBoot product page. Contact us at facts@wolfssl.com for more information on using wolfBoot as a secure bootloader in your Trusted Execution Environment.