We are pleased to announce a key upgrade to our support for the NXP MCXW716.
wolfBoot has supported the MCXW716 for some time, running both the bootloader and the application together in the Secure World. We have now extended this support to leverage the Arm Cortex-M33 TrustZone architecture fully. This adds the MCXW716 to the list of targets that allow you to deploy wolfBoot as a true “Secure Supervisor.”
Download wolfSSL →
Hardware-Enforced Isolation
With this update, wolfBoot uses the hardware Security Attribution Unit (SAU) to enforce a strict boundary between the bootloader and your firmware:
- Secure World: wolfBoot resides here, exclusively managing firmware verification and secure updates.
- Non-Secure World: Your main application (including complex Bluetooth or Thread stacks) runs here with restricted privileges.
This means that even if a vulnerability is exploited in your application’s wireless stack, the attacker cannot breach the secure partition to modify the bootloader or replace signing keys.
Optimized for Connected IoT
For a device designed for Thread, Matter and Zigbee applications, this separation is critical. It ensures that the mechanism for OTA updates remains isolated and protected, preventing devices from being bricked or hijacked in the field, even if the application layer is compromised.
This enhanced TrustZone configuration is available immediately in the wolfBoot repository as config/examples/mcxw-tz.config, maintaining the same configuration experience you expect from our other TrustZone targets.
If you have questions about any of the above, please contact us at facts@wolfssl.com or call us at +1 425 245 8247.
Download wolfSSL Now