wolfBoot Port for NXP T2080 QorIQ for Avionics

    • wolfSSL is pleased to announce wolfBoot support for the NXP QorIQ T2080, a quad-core Power Architecture e6500 processor used in aerospace, defense, and industrial control. wolfBoot is a compact, portable secure bootloader that replaces U-Boot with cryptographic firmware verification and optional Post-Quantum Cryptography (PQC) – pure PQC or hybrid classical/PQC. It compiles to under 32 KB of NOR flash, has zero dynamic memory allocation, and is written in portable C99. wolfBoot is available with a DO-178C DAL-A certification package for airborne software and a FIPS 140-3 validated cryptographic module via wolfCrypt. Its portability across ARM Cortex-A/M/R, RISC-V, x86, MIPS, and PPC e6500 lets teams standardize on a single boot-security solution across an entire product family.

    wolfBoot Features

    • Authenticated boot – ECC-384/SHA-384 (default), RSA-2048/4096, ED25519/448
    • Post-Quantum Cryptography – ML-DSA (CRYSTALS-Dilithium), LMS/XMSS (hash-based, stateful)
    • Hybrid PQC/classical – dual-signature (ECC-384 + ML-DSA-65), both must verify
    • A/B partition update – fail-safe rollback if new image fails verification
    • Compact footprint – under 32 KB flash, zero heap allocation
    • Portable – single HAL layer; 50+ targets across 6 architectures
    • DO-178C DAL-A certification package available
    • FIPS 140-3 validated cryptographic module (wolfCrypt) available
    • Multi-core support – primary core verifies image; secondary cores spin on table

    Supported Board Platforms

    This port supports three T2080-based boards using a single wolfBoot binary. Board selection is one compile-time define (BOARD_NAII_68PPC2 or BOARD_CW_VPX3152).

    • NXP T2080 RDB – NXP reference design board, 66.66 MHz oscillator, DDR3L SODIMM (default)
    • NAII 68PPC2 – North Atlantic Industries SBC, 100 MHz oscillator, 8 GB DDR3, dual S29GL01GS NOR (16-bit bus, 1 GB total)
    • Curtiss-Wright VPX3-152 – 3U VPX module, 66.667 MHz oscillator, DDR3L

    Boot Architecture

    The T2080 boots from NOR flash at 0xE8000000 (Reset Configuration Word). The boot core starts at 0xEFFFFFFC with a single 4 KB MMU page. wolfBoot’s boot_ppc_start.S initializes hardware before DDR is available:

    • Cold-boot stack – CPC SRAM is unreliable at cold power-on; wolfBoot uses L1 locked D-cache (dcbz + dcbtls at 0xF8E00000) as a 16 KB stack until DDR init completes
    • RAMFUNCTION – all NOR flash erase/write routines are copied to DDR at startup; the IFC enters command mode bank-wide during writes so XIP is not possible
    • TLB/XIP – flash TLB uses MAS2_W|MAS2_G (Write-Through + Guarded) during XIP; switches to MAS2_I|MAS2_G during flash erase/program via TLB9
    • e6500 64-bit GPR hazard – lis sign-extends in 64-bit mode; all address loads use the LOAD_ADDR32 macro (li + oris + ori) to avoid corruption for addresses >= 0x80000000
    • Multi-core – secondary cores skip L2 flash invalidate (done by core 0) and configure only L1 stash IDs before spinning

    NOR Flash Memory Map

    NOR region: 0xE8000000 – 0xEFFFFFFF (128 MB)

    Description File Flash Address
    Reset Configuration Word (RCW) Reset Configuration Word (RCW)
    68PPC2_RCW_v0p7.bin    		 0xE8000000
    Frame Manager Microcode fsl_fman_ucode_t2080_r1.0.bin 0xE8020000
    Update Partition image_v2_signed.bin 0xEFDE0000
    Swap Sector 0xEFDD0000
    Boot Partition image_v1_signed.bin 0xEFEE0000
    wolfBoot wolfboot.bin 0xEFF40000
    Boot Entry Point 0xEFFFFFFC

    Cryptographic Configuration

    The default configuration uses ECC-384 + SHA-384 for firmware signing, providing 192-bit security against classical attacks. Set in .config:

    SIGN=ECC384
HASH=SHA384
IMAGE_HEADER_SIZE=512

    PQC options (add to .config):

    • Pure PQC: SIGN=ML_DSA (CRYSTALS-Dilithium) or SIGN=LMS / SIGN=XMSS
    • Hybrid: SIGN=ML_DSA SIGN2=ECC384 – both signatures must verify before boot

    Build Instructions

    1. Install cross-compiler 
      sudo apt install gcc-powerpc-linux-gnu

      Or use the NXP QorIQ Linux SDK v2.0 PPCE6500 toolchain (fsl-toolchain, installs to /opt/fsl-qoriq/2.0/).

    2. Configure for your board 
      # T2080 RDB (default)
cp config/examples/nxp-t2080.config .config


# NAII 68PPC2 - uncomment in .config:
CFLAGS_EXTRA+=-DBOARD_NAII_68PPC2
# Curtiss-Wright VPX3-152 - uncomment in .config:
CFLAGS_EXTRA+=-DBOARD_CW_VPX3152
    3. Build 
      make distclean
make keytools
make

      Build outputs: wolfboot.bin, wolfboot.elf, test-app/image_v1_signed.bin, factory.bin

    4. Sign an application image 
      ./tools/keytools/sign --ecc384 --sha384 app.bin wolfboot_signing_private_key.der 1

      The version number (1) is embedded in the image header. wolfBoot boots the partition with the highest valid version.

    Flashing

    Option 1 – Lauterbach TRACE32 (recommended)
    Lauterbach TRACE32 CMM scripts for flashing and debugging the T2080 are available in the wolfBoot repository. Use t2080_flash.cmm to program wolfBoot and application images, and t2080_debug.cmm to attach the debugger and load symbols.

    https://github.com/wolfSSL/wolfBoot/blob/master/tools/scripts/nxp_t2080/t2080_flash.cmm
    https://github.com/wolfSSL/wolfBoot/blob/master/tools/scripts/nxp_t2080/t2080_debug.cmm

    Option 2 – CodeWarrior TAP

    • Open Flash Programmer (Commander View – Miscellaneous)
    • Connection: CodeWarrior TAP Connection
    • Flash config: T2080QDS_NOR_FLASH.xml
    • Check “Unprotect flash memory before erase”

    Option 3 – U-Boot (if present)

    tftp 1000000 wolfboot.bin
protect off eff40000 +C0000
erase eff40000 +C0000
cp.b 1000000 eff40000 C0000
protect on eff40000 +C0000
cmp.b 1000000 eff40000 C0000

    Boot Verification

    UART0 output (115200 baud, 8N1) with DEBUG_UART=1:

    wolfBoot Init
IFC CSPR0: 0x141 (WP set)
Ramcode: copied 5584 bytes to DDR, TLB9 remapped
CPC: Released SRAM, full 2MB L3 CPC cache enabled
MP: Starting cores (boot page 0x7FFFF000, spin table 0x7FFFE100)
Checking integrity...done
Verifying signature...done
Firmware Valid
Booting at 0x19000

    If verification fails, wolfBoot attempts the Update partition (A/B fallback). If both partitions fail, the system halts – no untrusted code executes.

    Getting Started

    The T2080 port is available on GitHub: https://github.com/wolfSSL/wolfBoot/pull/680 (branch nxp_t2080_refresh). wolfSSL provides commercial support, source licensing, DO-178C DAL-A, and FIPS 140-3 packages. Contact us for evaluation licenses and support options.

    If you have questions about any of the above, please contact us at facts@wolfssl.com or call us at +1 425 245 8247.

    Download wolfSSL Now