Last year, we wrote about the support we added for the Raspberry Pi Pico in wolfSSL. Since then, we haven’t been sitting idle. The wolf pack has been busy adding even more security goodness to the Pico ecosystem. If you thought TLS on a $1 microcontroller was impressive, wait until you see what we’ve been cooking up.
For those just joining us, the Raspberry Pi Pico is Raspberry Pi’s entry into the embedded microcontroller world. The original board features the RP2040, a dual-core ARM Cortex-M0+ running at 125MHz. The newer Pico 2 packs the RP2350, which ups the ante with dual-core ARM Cortex-M33 (or RISC-V Hazard3 cores if you prefer), running at 150MHz, along with built-in security features like secure boot, OTP storage, and a true random number generator.
What’s new since last year?
wolfBoot is here
When we wrote our original article, we teased that wolfBoot support for the RP2350 was in development. Well, the wait is over! wolfBoot 2.5.0 shipped with full support for the Raspberry Pi RP2350 microcontroller. This means you can now implement secure boot on your Pi Pico 2 projects, complete with authenticated firmware updates and rollback protection.
But we didn’t stop there. wolfBoot 2.7.0 brought even more improvements for the RP2350, including unified TrustZone-M support across ARMv8-M targets and a RAM cache for flash writes. That last feature is particularly important for embedded systems – it increases robustness against partial writes and power faults during firmware updates. Nobody wants a bricked device because the power hiccupped mid-update.
wolfBoot on the RP2350 also includes support for post-quantum cryptography algorithms like ML-DSA. If you’re building devices today that need to remain secure for the next decade or two, quantum-resistant signatures are worth considering.
Introducing wolfIP
Here’s something completely new: wolfIP, our lightweight TCP/IP stack designed specifically for embedded systems. If you’ve ever tried to shoehorn a full networking stack into a constrained device, you know the pain – memory budgets get tight, timing becomes unpredictable, and dynamic allocation makes safety certification a nightmare.
wolfIP takes a different approach. There’s no malloc. No hidden threads. Just pre-allocated buffers, a fixed number of sockets, and a BSD-like non-blocking socket API. All memory is sized at compile time, so your runtime footprint never drifts.
What does wolfIP include?
- IPv4 host stack (endpoint mode)
- ARP, ICMP (echo replies work out of the box – ping away!), DHCP client, DNS client
- UDP and TCP with timestamps and MSS options
- BSD-like, non-blocking socket API
- Built-in HTTP/HTTPS server support with wolfSSL TLS integration
For Pico developers, we have a USB server port that lets you run wolfIP over USB networking. This is perfect for development and testing, or for building connected Pico devices that communicate over USB CDC/ECM.
The static memory model makes wolfIP particularly attractive for safety-critical projects targeting standards like DO-178C. When your networking stack uses fixed-size, pre-allocated pools and has clear execution paths, worst-case memory and timing analysis becomes much simpler.
The full wolf stack
This is where it gets really interesting. You can now build a complete, secure embedded system on the Pi Pico 2 using entirely wolfSSL components:
- wolfBoot for secure boot and authenticated firmware updates
- wolfSSL for TLS 1.3 encrypted communications
- wolfIP for deterministic TCP/IP networking
- wolfCrypt powering all the cryptography underneath
That’s secure boot to secure networking, all from a single vendor with a consistent API style. And wolfCrypt already has FIPS 140-3 certification and DO-178C artifacts available, so if your project has compliance requirements, you’re building on a solid foundation.
Continued wolfSSL improvements
Our core wolfSSL support for the Pico family continues to mature. The RP2040 uses the Pico SDK’s PRNG for improved RNG performance, while the RP2350 leverages the hardware TRNG for even better random number generation. Both ARM and RISC-V modes are supported on the RP2350, so you can choose whichever architecture suits your project.
All of our assembly-optimized math routines work on these platforms, giving you the best possible cryptographic performance on these little microcontrollers.
How do I try this?
Ready to get your paws on some Pico security? Here’s where to start:
- Our wolfSSL Examples repository has working examples for getting wolfSSL running on your Pico
- The wolfBoot repository includes RP2350 configuration examples
- wolfIP is available on GitHub with documentation and examples, including the Pico USB server port
For more information, you can reach out to us for help at facts@wolfSSL.com or +1 425 245 8247.
Download wolfSSL Now