wolfBoot Support for VA41630/VA41620
We are excited to announce that wolfBoot now supports the radiation-hardened MCUs in Vorago’s VA4 family built on Arm® Cortex® M4 cores, bringing enterprise-grade secure boot and firmware update capabilities to radiation-hardened embedded systems. This integration enables developers to implement robust security measures in mission-critical applications operating in harsh radiation environments, ensuring that only authenticated firmware can execute on the device while providing reliable OTA update mechanisms.
The implementation includes a complete HAL layer (`hal/va416x0.c`) that interfaces with the Vorago SDK, supporting external SPI FRAM flash operations, UART-based debugging, and proper initialization of the Cortex-M4 core with necessary watchdog, clock, and EDAC (Error Detection and Correction) configurations. The support has been tested on both VA41620 and VA41630 variants, with the bootloader code size ranging from 19-38KB depending on algorithm selection. The integration utilizes ECC384/SHA384 for cryptographic signing by default, though other algorithms are supported such as ML-DSA. This port includes example configurations, test applications, and flash scripts to help developers quickly get started with secure boot on these radiation-tolerant platforms.
This includes support for using wolfCrypt on the VA416x0 for all supported algorithms. Most algorithms support hand optimized inline assembly on this Cortex-M4.
For comprehensive technical details on building and using wolfBoot with VA416x0 microcontrollers, see the full guide here.
About Vorago VA416x0
The Vorago VA416x0 series, including the VA41620 and VA41630, represents a new generation of radiation-hardened microcontrollers built on the Arm® Cortex®-M4 architecture. Manufactured using Vorago’s proprietary HARDSIL® technology, these MCUs are engineered to operate reliably in extreme radiation environments, offering exceptional Total Ionizing Dose (TID) tolerance exceeding 300 krad(Si) and Single Event Latch-up (SEL) immunity beyond 110 (MeV·cm²)/mg at elevated temperatures up to 125°C. The VA416x0 executes at up to 100 MHz with Triple-Mode Redundancy (TMR) for maximum fault tolerance, and features 64 KB of on-chip Data SRAM alongside 256 KB of on-chip Instruction SRAM. The VA41630 variant integrates 256 KB of internal SPI FRAM (Infineon FM25V20A), while the VA41620 requires an external FRAM device.
About wolfSSL
wolfSSL/wolfCrypt is an open-source and commercially licensed TLS library delivering enterprise-grade security, dual-licensed under GPL for open use and a commercial license for proprietary products. It supports the latest industry standards such as TLS 1.3 and DTLS 1.3, includes a FIPS 140-3 validated cryptographic module, and is optimized for embedded, IoT, and safety-critical environments with DO-178C certification up to DAL-A. Backed by exceptional commercial support and one of the fastest vulnerability response times in the industry, wolfSSL ensures rapid delivery of fixes and updates while maintaining the highest standards of reliability and security.
wolfBoot is a portable, OS-agnostic secure bootloader solution designed for embedded systems that provides robust firmware authentication and secure update mechanisms. Built on top of the wolfCrypt cryptographic library, wolfBoot ensures the integrity and authenticity of firmware images through digital signature verification using industry-standard algorithms including ECDSA (SECP256R1, SECP384R1, SECP521R), Ed25519, Ed448 and RSA (2048/3072/4096 bit). For future-proof security against quantum computing threats, wolfBoot also supports post-quantum cryptographic algorithms including ML-DSA (Module-Lattice-Based Digital Signature Algorithm, formerly known as Dilithium), XMSS (eXtended Merkle Signature Scheme), and LMS (Leighton-Micali Signature Scheme). Additionally, wolfBoot implements hybrid signing schemes that combine classical and post-quantum signatures, providing cryptographic agility and protection against both current and future threats. Its minimalist design philosophy centers around a tiny Hardware Abstraction Layer (HAL) API that makes it completely independent of any operating system or bare-metal application framework, facilitating seamless integration into existing embedded projects. The bootloader supports sophisticated features such as multi-slot flash partitioning, rollback protection, encrypted firmware updates, delta updates to minimize bandwidth, and compatibility with hardware security modules like TPM 2.0 and wolfHSM. wolfBoot’s open-source nature under the GPL v3 license, combined with its small footprint and comprehensive security features, makes it an ideal choice for developers seeking to implement secure boot and over-the-air (OTA) update capabilities in resource-constrained embedded environments.If you have questions about any of the above, please contact us at facts@wolfssl.com or call us at +1 425 245 8247
Download wolfSSL Now