We are pleased to announce the release of wolfBoot 2.8.0, a major update that expands platform support, strengthens PSA and TrustZone integration, and delivers another round of meaningful hardening across the secure boot and firmware update flow.
This release stands out for the breadth of hardware now supported. wolfBoot 2.8.0 adds or extends support for AMD/Xilinx Versal Gen 1 VMK180, Microchip PolarFire SoC MPFS250, NXP MCXN, MCXW71, S32K14x, LPC55S69, NXP T1040 RDB, refreshed T2080 configurations, and Nordic nRF54L15. For product teams working across multiple silicon families, wolfBoot continues to prove itself as a highly portable and consistent secure boot solution.
Version 2.8.0 also brings an important step forward for PSA-based designs. New support for wolfPSA secure storage, TrustZone-backed PSA services, PSA crypto, PSA attestation, and DICE-based attestation flows makes wolfBoot an even stronger foundation for modern embedded security architectures. With new Zephyr integration replacing the TEE layer through PSA-facing interfaces, this release opens up new options for developers building secure RTOS-based systems.
wolfBoot is now also available as complete secure boot + TEE (PSA) replacement for TrustZone systems running Zephyr OS.
On the product integration side, wolfBoot 2.8.0 adds a new generic hook framework for pre-init, post-init, and boot customization, along with custom encryption-key hooks, PKCS11-backed encrypted partitions, improved status and image-inspection tooling, monolithic self-update builds, and reproducible-build support. These improvements make it easier to adapt wolfBoot to real deployment requirements while keeping the codebase compact and focused.
Existing targets also benefit from substantial work in this release. Highlights include improved STM32H5 TrustZone and PKCS11 integration, external flash dual-bank updates on PSoC6, expanded AURIX TC3xx self-update and wolfHSM configurations, refreshed Renesas RA6M4 and RX projects, and better clang/LLVM support with dedicated CI coverage.
As always, security and reliability remain central. wolfBoot 2.8.0 strengthens image parsing, signing, and update flows with tighter checks and safer handling across signatures, TLVs, delta images, partition layouts, and storage I/O. It also expands constant-time operations and zeroization in sensitive paths, adds stricter rollback and flash-protection behavior, and fixes a range of regressions across supported architectures and simulator targets.
Updated modules
- wolfSSL: latest stable
- wolfTPM: latest
- wolfPKCS11: latest stable
- wolfHSM: latest
With 2.8.0, wolfBoot continues to grow as a practical, production-ready secure bootloader for embedded systems that need strong authentication, reliable updates, and portability across a rapidly expanding hardware landscape.
To learn more about wolfBoot, or to discuss secure boot and firmware update strategies for your platform, contact us.
If you have questions about any of the above, please contact us at facts@wolfssl.com or call us at +1 425 245 8247.
Download wolfSSL Now