wolfBoot: support for post-quantum secure-boot with XMSS/XMSS^MT signatures

Designed by Freepik: www.freepik.com

wolfBoot v2.0 is here, and with it a number of new features and enhancements. Rounding out our post-quantum support, in addition to LMS/HSS, wolfBoot now supports the XMSS/XMSS^MT post-quantum stateful hash-based signature (HBS) scheme. XMSS is the eXtended Merkle Signature Scheme, while XMSS^MT is its multi-tree generalization that allows it to scale efficiently into a large number of signatures by constructing a hypertree from layers of XMSS subtrees.

Like our previous LMS support, XMSS wolfBoot support includes keygen, signing, verifying, and importing externally generated public keys. Furthermore, XMSS wolfBoot support builds on our previous XMSS wolfCrypt integration, and thus supports all SHA256 parameter sets from tables 10 and 11 of NIST SP 800-208, while also allowing for hardware acceleration of hash operations when computing the hash-chains needed for XMSS signatures.

Thus wolfBoot now supports both post-quantum stateful HBS schemes recommended by NIST SP 800-208 and the NSA’s CNSA 2.0 suite. Do you have a post-quantum secure-boot requirement from the CNSA 2.0 timeline? Are you curious about integrating post-quantum support into your secure-boot process? If so, please contact us at facts@wolfSSL.com.

If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.

Download wolfSSL Now

wolfBoot support for Renesas RX72N

Designed by @Noxifer81

We are excited to announce wolfBoot’s support for the Renesas RX72N. The RX72N MCU is the flagship model of RX series, using a 32-bit RX72N 240 MHz microcontroller.

wolfBoot is a portable secure bootloader solution that offers firmware authentication and firmware update mechanisms. Due to its minimalistic design and tiny HAL API, wolfBoot is completely independent from any OS or bare-metal application.

By adding wolfBoot support for the board, it demonstrates simple secure firmware update by wolfBoot. A sample application v1 is securely updated to v2. Both versions behave the same except displaying its version of v1 or v2. They are compiled by e2Studio and run on the target board. Detailed steps to run the application can be found at GitHub README.

Additionally, you are able to run wolfBoot with Renesas TSIP (Trusted Secure IP) driver, which supports high-speed hardware encryption. You can find the Readme at wolfBoot GitHub.

Current support for Renesas TSIP driver acceleration includes:

  • SHA256/RSA

If interested in trying wolfBoot on the RX72N or have questions about any of the above, please contact facts@wolfSSL.com or call us at +1 425 245 8247.

Download wolfSSL Now

Live Webinar: Mastering libcurl with Daniel Stenberg

We are excited to invite you to our upcoming two-part webinar series on Mastering libcurl, presented by the founder and lead developer of cURL and libcurl, Daniel Stenberg. The first part will take place on November 16th at 9 AM PT, and the second part is scheduled for November 20th at 9 AM PT.

Watch the webinars here:

Part 1: Mastering libcurl part 1

Part 2: Mastering libcurl part 2

Sneak peek of the webinar

  • Getting started with cURL
  • API and Architecture
  • Functional Features
  • Advanced Functionality
  • HTTP, URLs and more

libcurl is a powerful tool that has revolutionized the way developers interact with the internet. Whether you’re a seasoned programmer or a curious novice, this webinar is the perfect opportunity to unlock your potential and discover the endless possibilities of libcurl.

Don’t miss out on this exclusive webinar to learn from the founder of cURL and take your development skills to the next level. Click the links above to watch now!

Check out Daniel’s blog for more details.

As always, our webinars will include Q&A sessions throughout. If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.

Download wolfSSL Now

wolfSSL Release 5.6.4

wolfSSL version 5.6.4 is now available! This update introduces a number of exciting new features. We’ve added post-quantum support to DTLS 1.3, expanded sniffer support with keylog use, integrated post-quantum stateful hash-based signature schemes like LMS/HSS and XMSS/XMSS^MT, introduced Ada bindings, expanded our range with additional SM2 cipher suites, and incorporated AES EAX mode, and much more! Alongside these enhancements, the release brings quality improvements and addresses one identified vulnerability. You can review the full rundown of updates in the included ChangeLog.md. Here’s a breakdown of the latest features and enhancements:

New Feature Additions

  • DTLS 1.3 PQC: support fragmenting the second ClientHello message. This allows arbitrarily long keys to be used, opening up support for all PQC ciphersuites in DTLS 1.3.
  • SM2/SM3/SM4: Chinese cipher support including TLS 1.3 and 1.2 cipher suites. SM2 SP math implementation available for improved performance and minimum size. Bare metal support available.
  • Ability to parse ASN1 only with SMIME_read_PKCS7
  • Added support for MemUse Entropy on Windows
  • Added Ada Bindings for wolfSSL, benefiting Ada language users who need to add security and FIPS to their designs.
  • Added a PEM example that converts to and from DER/PEM.
  • Added LMS/HSS and XMSS/XMSS^MT stateful hash-based signature scheme wolfcrypt hooks, both normal and verify-only options. wolfBoot, wolfSSH, and wolfSSL will inherit this functionality from wolfCrypt for users moving to CNSA 2.0
  • Added support for the AES EAX mode of operation
  • Port for use with Hitch (https://github.com/varnish/hitch) added
  • Add XTS API’s to handle multiple sectors in the new port to VeraCrypt. VeraCrypt users now have access to FIPS based encryption of wolfCrypt.
  • Sniffer tool now supports decrypting TLS sessions using secrets obtained from a SSLKEYLOGFILE

Enhancements and Optimizations

  • Turned on SNI by default on hosts with resources
  • Improved support for Silicon Labs Simplicity Studio and the ERF32 Gecko SDK
  • Thumb-2 and ARM32 Curve25519 and Ed25519 assembly have significantly improved performance.
  • Thumb-2 AES assembly code added.
  • Thumb-2 and ARM32 SP implementations of RSA, DH and ECC have significantly improved performance.
  • Minor performance improvements to SP ECC for Intel x64.
  • AES-XTS assembly code added for Intel x64, Aarch64 and ARM32 to dramatically improve performance
  • Added support for X963 KDFs to ECIES.
  • Added 32-bit type only implementation of AES GMULT using tables.
  • Add support for nginx version 1.25.0 for those using nginx with wolfSSL
  • Add support for Kerberos version 5 1.21.1
  • Check all CRL entries in case a single issuer has multiple CRL’s loaded
  • CRL verify of the entire chain including loaded CA’s
  • Added example for building wolfSSL as an Apple universal binary framework using configure

If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.

Download wolfSSL Now

wolfBoot v2.0.0

Designed by @Noxifer81

The long awaited version 2.0.0 of our bootloader is finally out!

Here is a summary of some of the new key features, selected from the full changelog, available at github.

Post-Quantum secure boot

As previously announced in a recent blog post, wolfBoot 2.0.0 supports post-quantum secure boot.
wolfBoot 2.0.0 is, to our knowledge, the first secure bootloader supporting post-quantum stateful hash-based signature (HBS) schemes for firmware verification.Thanks to the support for LMS/HSS and XMSS/XMSS^MT recently added in wolfCrypt and the integration with third-party signing entities, such as HSM providers, we successfully added HBS schemes to the list of supported algorithms.

wolfBoot as TrustZone-M secure supervisor

The latest generation of ARM Cortex-M microcontroller has introduced a hardware-assisted Trusted Execution Environment (TEE), called TrustZone-M. By installing wolfBoot to secure the boot process on those devices, it is now possible to extend the cryptography library linked with the bootloader to cover multiple algorithms and key lengths beyond those required to implement the secure boot mechanism. An application or operating system running in non-secure mode has access to all those cryptographic operations provided by wolfBoot, through a non-secure-callable API, that is accessible through standard PKCS#11 function calls.
An extended description of this feature has been previewed in a blog post we have recently published.

Advanced TPM features

Since the early days of wolfBoot development, we have been researching the integration with wolfTPM and the unique opportunities it offers to communicate with TPM devices in the very early stages of the target’s boot up process. With wolfBoot 2.0, we expanded this integration to include some new powerful features. Among other things, TPM 2.0 devices can now be used as Root of Trust for the boot process. The extension of the PCRs can be customized according to the specific characteristic of the boot mechanism, to easily implement measured boot at different stages. Moreover, wolfBoot can now seal and unseal non-volatile memory slots in the TPM based both on the verification of externally signed PCR policy and/or password based sealing.

Full support for secure boot on Intel x86-64 bit targets

Adding support for x86-64 targets using Intel’s Firmware Support Packages (FSP) in wolfBoot 2.0.0 has paved the way to controlling the entire secure boot mechanism from the machine power-on. This gives a key advantage in keeping the entire boot process secure on x86-based Single-board Computer systems (SBC). wolfBoot 2.0 boot flow is divided into two stages. The first stage includes basic memory, silicon initialization, PCI enumeration and the interaction with hardware-assisted security mechanisms. The first stage will then verify the second stage and pass control to it. The second stage is responsible for AHCI initialization, SATA disk locking/unlocking, TPM interaction to unseal secrets, verification of entire disk partitions or images and finally staging the image. It supports different payloads: raw images, Linux kernel, or Multiboot2/ELF images.

Find out more about wolfBoot! Download the source code and documentation from download page, or clone the repository from github. If you have any questions about any of the above, comments or suggestions, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.

Download wolfSSL Now

wolfMQTT Releases v1.17.0

The latest release of wolfMQTT, v1.17.0, is now available! This release has several bug fixes and optimizations including:

Release 1.17.0 has been developed according to wolfSSL’s development and QA process and successfully passed the quality criteria.

Check out the changelog from the download for a full list of features and fixes, or contact us at facts@wolfSSL.com with any questions.

While you’re there, show us some love and give the wolfMQTT project a Star!

You can download the latest release of wolfMQTT today Or clone directly from our GitHub repository.

If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.

Download wolfSSL Now

Live Webinar: Everything you need to know about DTLS 1.3

Announcing the Highly-Anticipated Return of the DTLS 1.3 Webinar!

We’re thrilled to invite you to the upcoming webinar, Everything you need to know about DTLS 1.3, on November 9th presented by wolfSSL Senior Software Engineer, Juliusz. If you’re eager to delve deep into the world of DTLS 1.3 and expand your knowledge, this is an unmissable opportunity.

Watch the webinar here: DTLS 1.3 Webinar

As a pioneer in DTLS 1.3 implementation, wolfSSL has brought numerous enhancements and innovations to bolster the security and efficiency of the DTLS protocol. Notably, ExpressVPN recently integrated DTLS 1.3 support into their lightweight core library via wolfSSL. Juliusz will be providing invaluable insights into the DTLS 1.3 protocol improvements and sharing the latest updates on security.

Sneak peek of the webinar:

  • Introduction to basic DTLS
  • DTLS v1.3 vs v1.2 comparison
  • wolfSSL DTLS 1.3 examples and experiments
  • Hands-On: utilizing DTLS in UDP applications
  • Unveiling new features and updates

This is your perfect opportunity to gain in-depth understanding and enhance your DTLS 1.3 technical skills. Don’t miss out on the chance to learn and have your DTLS 1.3 related questions answered live. Watch it now!

If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.

Download wolfSSL Now

Enhanced PKCS7 support in wolfSSL

Previously with calls to wolfSSL_SMIME_read_PKCS7 in wolfSSL we were automatically performing a verification of the bundle’s signature after parsing it. To support more use cases the behavior was updated to allow for only parsing the ASN.1 syntax when calling wolfSSL_SMIME_read_PKCS7. Now more complex bundle setup’s are supported and more flexible means of verifying the bundle after it has been parsed. One of the more straightforward ways that still exist to verify the bundle is by using wolfSSL_PKCS7_verify.

If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.

Download wolfSSL Now

wolfTPM v3.0 Released

This is a major version for wolfTPM. We are excited for this release because it includes some really excellent new features and fixes!

Secure Boot Examples:

This release adds new examples for secure boot. See examples/boot/README.md for details.

We added a new secret sealing/unsealing example based on an externally signed policy. This is a complex use-case showing how to seal a secret based on a policy that is externally signed. The seal operation uses a public key. The private key associated with it is used to sign a policy to allow unsealing that secret. These examples use PCR registers, however there are other policy methods supported by the TPM. See secret_seal and secret_unseal.

We also added an example for anchoring a root of trust in the TPM using an NV in the platform hierarchy and optional NV lock feature. See secure_rot.

Support for ECC Parameter Encryption / Secrets:

We added support for encrypting secrets using ECC key. Allows using ECC for parameter encryption and importing ECC keys with custom seed. (See PR 276)

Authentication Refactor:

This release adds command information including the specific authentication requirements. If a command expects authentication and it is not provided the wolfTPM library will warn (if using –enable-debug). Likewise if a command does not use authentication it will automatically exclude it. If additional authenticated session(s) are available like HMAC or policy it will be included. The user is still required to set the correct session index.

HAL Improvements:

We have refactored the HAL to make it available with the library, not just in the examples. HAL support for Microchip Harmony SPI has been added. The STM32 I2C support has been fixed and performance improved. We added support for memory mapped (MMIO) found on Intel hardware.

PEM support:

We have added new API’s for making it easy to import and load PEM or DER/ASN.1 encoded ECC or RSA keys (private or public).
See “wolfTPM2_ImportPrivateKeyBuffer” and “wolfTPM2_ImportPublicKeyBuffer”

Security Best Practices:

We have added a new API “wolfTPM2_ChangePlatformAuth” to help set the platform authentication. This is useful during the boot phase to prevent access to the platform. Typically a random value is used, since this auth is cleared on reset or power cycle.

Testing has been greatly expanded in this release for our examples including greater use/support of -aes/-xor options for parameter encryption. See examples/run_examples.sh.

Full wolfTPM v3.0.0 Change Log:


Refactor of command authentication. Support for ECC sessions and secrets. Support for policy sealing/unsealing. Examples for secure boot.


  • Refactor of the command authentication. If command does not require auth do not supply it (PR #305)
  • Refactor HAL and added Microchip Harmony SPI HAL support (PR #251)
  • Relocate crypto callback code to its own code file (PR #304)
  • Fixed using a custom wolfTPM CSR sigType (PR #307)
  • Fixed support for ECC 384-bit only support (PR #307)
  • Fixed issue with using struct assignment (switched to memcpy) (PR #303)
  • Fixed various issues building with C++ compiler (PR #303)
  • Fixed issues with STM32 I2C build and improved performance (PR #302)
  • Fixed seal with RSA and PCR extend auth. (PR #296)
  • Fixed issue including user_settings.h when –disable-wolfcrypt set (PR #285)
  • Fixed TPM private key import with custom seed (PR #281)
  • Fixed autogen.sh (autoconf) to generate without warnings (PR #279)
  • Fixed TPM2 create with decrypt or restricted flag set (PR #275)
  • Fixed and improved low resource build options (PR #269)
  • Fixed the TPM_E_COMMAND_BLOCKED macro to have the correct value (PR #257)
  • Fixed casting and unused variable problems on windows (PR #255)
  • Fixed Linux usage of cs_change and added config overrides (PR #268)
  • Fixed and improved the NV auth and session auth set/unset (PR #299)
  • Fixed capability to handle unknown TPM2_GetCapability type and fix bad printf (PR #293)
  • Fixed macros for file IO XFEOF and XREWIND to make sure they are available (PR #277)
  • Fixed seal/unseal example (PR #306)
  • Fixed TLS examples with param enc enabled (PR #306)
  • Fixed signed_timestamp with ECC (PR #306)
  • Added CI tests for CSharp wrappers (PR #307)
  • Added support for sealing/unsealing based on a PCR that is signed externally (PR #294)
  • Added examples for Secure Boot solution to store root of trust in NV (PR’s #276, #289, #291 and #292)
  • Added support for importing and loading public ECC/RSA keys formatted as PEM or DER (PR #290)
  • Added new policy_nv example (PR #298)
  • Added -nvhandle argument to nvram examples (PR #296)
  • Added code to test external import between two TPM’s (PR #288)
  • Added support for STM32 Cube Expansion Pack (PR #287)
  • Added support memory mapped (MMIO) TPM’s (PR #271)
  • Added wc_SetSeed_Cb call for FIPS ecc (PR #270)
  • Added wrapper support for setting key usage (not just extended key usage) (PR #307)
  • Added RSA key import methods to handle PEM and DER encoding directly (PR #252)
  • Added thread local storage macro and make gActiveTPM local to the thread (PR #253)
  • Added Microchip macro names and Support for bench with MPLABX Harmony (PR #256)
  • Added support for encrypting secret using ECC key (PR #276)
  • Added wolfTPM2_ChangePlatformAuth wrapper to help set the platform auth (PR #276)
  • Improvements to CMake build (PR’s #280, #283 and #284)

If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.

Download wolfSSL Now

wolfSSL Extends Support for System CA Certificates to Apple Devices

We are excited to announce an important update for our Apple device users: wolfSSL’s support for installed system CA certificates now extends to Apple devices! This means that applications can now use the convenient wolfSSL_CTX_load_system_CA_certs() API to authenticate TLS connections against certificates installed to the system trust store.

Due to recently introduced OS changes around application sandboxing, applications running on non-macOS Apple platforms can no longer directly access trusted certificates installed on the system. This prevents these certificates from being enumerated and loaded into wolfSSL to use for authentication.

To accommodate this API restriction, we have introduced a new certificate verification routine that relies on Apple’s Security framework APIs to authenticate peer certificates. TLS peer certificates are first checked against the trusted CAs loaded into wolfSSL’s certificate manager, as they always have been. However, if this check is unsuccessful, wolfSSL will now attempt to validate the peer certificate chain using the system trust APIs. This new routine is only used when support for system CA certificates is enabled and when compiling for an Apple target.

If you are building wolfSSL for iOS using configure, this new feature will be on by default and no additional configuration is required by the user. If you are building with a user_settings.h file, you must define the WOLFSSL_SYS_CA_CERTS and WOLFSSL_APPLE_NATIVE_CERT_VALIDATION preprocessor macros, as well as ensure you are linking wolfSSL against the Apple CoreFoundation and Security frameworks. Calling wolfSSL_CTX_load_system_CA_certs() before creating a new TLS connection will now enable system CA certificates to be used for authenticating a peer connection.

To use this feature on MacOS, the steps are the same except that you must define the WOLFSSL_APPLE_NATIVE_CERT_VALIDATION preprocessor macro even when building with configure, as the feature is not on by default.

If you are using cURL + wolfSSL, ensure that the feature is enabled in your wolfSSL build as described above, then set the CURLSSLOPT_NATIVE_CA curlopt in your curl application to indicate the native certificate verification routines should be used.

if you have questions, comments or suggestions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.

Download wolfSSL Now

Posts navigation

1 2