Month: March 2021

Hi! We continue to make progress on our upcoming FIPS 140-3 certification. We have now completed code review, and are working with our lab on operational testing. The process will be in NIST’s hands after that. Our goal is to be the first software cryptographic library with a FIPS 140-3 certification, and that looks like it is on track!

If you have any questions or run into any issues, contact us at facts@wolfssl.com, or call us at +1 425 245 8247.

For more information on wolfCrypt’s previous 140-2 certificates, visit our FIPS page here.

In wolfSSL release 4.7, the Linux kernel module implementation has been enhanced to use kvmalloc() and kvfree() for heap-based storage. The typical approach using kmalloc() allocates physically contiguous memory, with meaningful limitations on the maximum size of allocation and the impact of those allocations on other system components. kvmalloc(), by contrast, uses vmalloc() internally to make non-contiguous use of memory for large allocations, which is more efficient and less contentious. The wolfSSL kernel module now leverages this capability when targeted to Linux kernel 4.12 or newer, relaxing potential resource constraints and minimizing the likelihood of interference in the kernel.

If you have any questions or run into any issues, contact us at facts@wolfssl.com, or call us at +1 425 245 8247.

wolfSSL release 4.7 includes --enable-reproducible-build, a new configuration option that suppresses the binary jitter (timestamps and other non-functional metadata) that is otherwise common in various build processes. With --enable-reproducible-build, test and release engineers can carefully align build environments, then generate bitwise-identical binary packages with identical hashes. Using --enable-reproducible-build, FOSS binary distributors can publish their build environment attributes and parameters, then third parties can verify binary distributions by replicating the build process and comparing hashes. Similar processes can be used internal to an organization to confirm the integrity of build environments and source archives.

If you have any questions or run into any issues, contact us at facts@wolfssl.com, or call us at +1 425 245 8247.

Since version 1.7.1, wolfBoot provides support for secure boot on systems with a Trusted Execution Environment (TEE).

wolfBoot provides embedded developers with a code base that complies with the specification for the separation between secure and non-secure world, on those CPUs and microcontrollers that support it. On ARMv8 Cortex-A CPU and Cortex-M microcontrollers it is now possible to create a hardware-enforced separation between the two worlds, using the ARM TrustZone technology.

Our first reference implementation has been made in collaboration with ST using STM32L5 target. This device can be configured to keep the running application or operating system from accessing the Secure world resources, including the partition containing the bootloader itself on the FLASH memory, and other hardware resources that may be configured as secure at boot time.

For more information, check out the wolfBoot product page.

If you have any questions or run into any issues, contact us at facts@wolfssl.com, or call us at +1 425 245 8247.