wolfBoot Cipher and Hash Algorithm Benchmarks on STM32H5

About wolfBoot

wolfBoot is a portable, OS-agnostic secure bootloader designed for embedded systems. It provides secure boot capabilities with support for a wide range of cryptographic signature algorithms, from traditional RSA and ECDSA to post-quantum algorithms like ML-DSA, LMS, and XMSS. wolfBoot is built on top of the wolfCrypt cryptography library and is designed to run on resource-constrained microcontrollers while maintaining a minimal footprint.

Benchmark Methodology

These benchmarks were collected on an STM32H563 running at 320MHz with approximately 100KB application image. The automated benchmark script builds wolfBoot for each configuration using the stm32h5-no-tz.config base, extracting the bootloader binary size from the compiled wolfboot.bin, stack usage via the make stack-usage target, and image header size from the build artifacts. Boot time is measured on physical hardware using GPIO pins—the script flashes the factory.bin image, releases the reset line, and measures the elapsed time until the application signals boot completion via a GPIO pin. This provides accurate, real-world measurements of each cryptographic configuration’s impact on secure boot performance.

Benchmark Results

Name	Configuration	Bootloader size	Stack size	Image header size	Application size	Boot time
SHA2 only	SIGN=NONE	10600	1216	1024	103096	55.662ms
SHA384 only	SIGN=NONE HASH=SHA3	20120	3760	1024	103096	98.213 ms
SHA3 only	SIGN=NONE HASH=SHA3	10264	1216	1024	103096	159.116 ms
SHA2 only,small	SIGN=NONE NO_ASM=1	7144	1216	1024	103096	64.379 ms
rsa2048	SIGN=RSA2048	17316	17568	1024	103984	69.844 ms
rsa3072	SIGN=RSA3072	17452	12288	1024	104112	85.834 ms
rsa4096	SIGN=RSA4096	17612	18064	1024	104240	108.302 ms
rsa4096 with sha384	SIGN=RSA4096 HASH=SHA384	27304	18064	1024	104240	154.711 ms
ecdsa256	SIGN=ECC256	24784	7632	1024	103720	75.611 ms
ecdsa384	SIGN=ECC384	25656	11216	1024	103752	297.082 ms
ecdsa521	SIGN=ECC521	29292	8480	1024	103788	404.038 ms
ecdsa256 with small stack	SIGN=ECC384 WOLFBOOT_SMALL_STACK=1	25208	5880	1024	103752	295.158 ms
ecdsa256 with fast math	SIGN=ECC384 SP_MATH=0	25656	11216	1024	103752	297.073 ms
ecdsa256, no asm	SIGN=ECC256 NO_ASM=1	16084	7632	1024	103720	352.741 ms
ecdsa384, no asm	SIGN=ECC384 NO_ASM=1	17436	11216	1024	103752	954.500 ms
ecdsa521, no asm	SIGN=ECC521 NO_ASM=1	16376	8480	1024	103788	1960.132 ms
ecdsa384 with sha384	SIGN=ECC384 HASH=SHA384	35176	11216	1024	103752	338.830 ms
ed25519 with sha384, small	SIGN=ED25519 HASH=SHA384 NO_ASM=1	12860	5000	1024	103688	1580.776 ms
ed25519 fast	SIGN=ED25519 NO_ASM=0	29664	5000	1024	103688	1589.512 ms
ed448	SIGN=ED448	19576	4578	1024	103716	5793.993 ms
ML_DSA-44	SIGN=ML_DSA ML_DSA_LEVEL=2 IMAGE_SIGNATURE_SIZE=2420 IMAGE_HEADER_SIZE=8192	21524	25000	8192	104984	82.791 ms
ML_DSA-65	SIGN=ML_DSA ML_DSA_LEVEL=3 IMAGE_SIGNATURE_SIZE=3309 IMAGE_HEADER_SIZE=8192	22164	25000	8192	105624	99.279 ms
ML_DSA-87	SIGN=ML_DSA ML_DSA_LEVEL=5 IMAGE_SIGNATURE_SIZE=4627 IMAGE_HEADER_SIZE=12288	22804	25000	12288	106264	127.807 ms
LMS 1-10-8	SIGN=LMS LMS_LEVELS=1 LMS_HEIGHT=10 LMS_WINTERNITZ=8 IMAGE_HEADER_SIZE=4096 IMAGE_SIGNATURE_SIZE=1456	13416	1320	4096	103716	207.703 ms
XMSS-SHA2_10_256′	XMSS_PARAMS=XMSS-SHA2_10_256 SIGN=XMSS IMAGE_SIGNATURE_SIZE=2500 IMAGE_HEADER_SIZE=8192	14236	9352	8192	103724	189.553 ms
ML_DSA-65 hybrid with ECDSA384	SIGN=ML_DSA ML_DSA_LEVEL=3 IMAGE_SIGNATURE_SIZE=3309 IMAGE_HEADER_SIZE=8192 SIGN_SECONDARY=ECC384 WOLFBOOT_UNIVERSAL_KEYSTORE=1	38820	25000	8192	107592	341.706 ms
ML_DSA-87 hybrid with ECDSA521	ML_DSA_LEVEL=5 IMAGE_SIGNATURE_SIZE=4627 IMAGE_HEADER_SIZE=12288 SIGN_SECONDARY=ECC521 WOLFBOOT_UNIVERSAL_KEYSTORE=1	43700	25000	12288	108872	477.560 ms

Collected using wolfBoot “./tools/scripts/benchmark.sh” with a Raspberry Pi having RST (GPIO2-output) and BOOT PIN (GPIO4-input, PA13 on the STM32H5 side)

If you have questions about any of the above, please contact us at facts@wolfssl.com or call us at +1 425 245 8247.

Download wolfSSL Now