We are excited to announce wolfBoot support for the Microchip PolarFire SoC (MPFS250). This integration provides a secure, lightweight U-Boot replacement for the PolarFire SoC platform, offering significant advantages including much smaller code size, memory safety (no malloc/free), encrypted / patching firmware updates, power fail-safe updates, post-quantum cryptography support (ML-DSA, LMS and XMSS with hybrid schemes), TPM 2.0 integration via wolfTPM, hardware root of trust integration, and compliance with either FIPS 140-3 OR DO-178C safety-critical certification.
The MPFS250T combines a 64-bit RISC-V processor subsystem (five-core CPU cluster: 1× E51 monitor + 4× U54 application cores) with FPGA fabric, delivering up to 50% lower power consumption than competing devices. This unique architecture makes it ideal for applications requiring deterministic performance, hardware flexibility, and power efficiency.
Advantages of wolfBoot over U-Boot
As a U-Boot replacement on PolarFire SoC, wolfBoot offers significant advantages:
Smaller Code Size and Memory Safety: wolfBoot has a much smaller footprint than U-Boot, with no dynamic memory allocation (no malloc/free), ensuring memory safety and deterministic behavior critical for embedded systems.
Security-First Design: Built from the ground up with security as a primary consideration, wolfBoot ensures only authenticated firmware executes through cryptographic verification. This port includes integration with the PolarFire SoC’s hardware root of trust, establishing a secure chain of trust from the earliest boot stages.
Standards Compliance: wolfBoot can leverage our FIPS 140-3 certified cryptographic library OR can be DO-178C safety-critical certified, providing validated security functions for government, financial, regulated industries, and airborne systems.
Advanced Firmware Update Capabilities: wolfBoot provides encrypted firmware updates to protect intellectual property, patching updates (delta/incremental updates) to minimize bandwidth and storage, and power fail-safe updates that prevent corruption during unexpected power loss.
Post-Quantum Cryptography: wolfBoot supports post-quantum algorithms including ML-DSA, LMS, and XMSS, with hybrid schemes combining post-quantum algorithms with traditional RSA/ECDSA/ED25519/ED448 signatures for enhanced security.
TPM 2.0 Integration: wolfBoot integrates with TPM 2.0 modules using wolfTPM to support measured boot, sealing secrets, root of trust, and cryptographic offloading, providing enhanced security for sensitive applications.
wolfHSM Integration (Roadmap): We have roadmap plans to add wolfHSM support, enabling secure key storage and cryptographic operations through hardware security modules for even greater security isolation.
Lightweight and Portable: Unlike U-Boot’s Linux-centric design, wolfBoot is OS-agnostic and works with any operating system or bare-metal application. The minimalist design results in faster boot times and easier integration through a simpler HAL interface.
wolfBoot on PolarFire SoC – Technical Summary
The port was added in PR 647 and documentation is here.
Building wolfBoot
The PolarFire SoC platform uses a 64-bit RISC-V architecture (rv64imac) with a five-core CPU cluster. To build wolfBoot, copy the example configuration (cp config/examples/polarfire_mpfs250.config .config) and run make wolfboot.elf. The resulting ELF must be converted to a bootable payload using the HSS payload generator tool, which adds the required 0x100-byte HART header. To generate the final image with hhss-payload-generator -vvv -c ./hal/mpfs.yaml wolfboot.bin. The HAL files are hal/mpfs250.c (UART/uSD support), hal/mpfs250.ld (linker script), and hal/mpfs.yaml (payload generator config).
Deployment and Image Signing
The SD card requires a GPT layout with four partitions: an 8MB BIOS boot partition (GUID 21686148-6449-6E6F-744E-656564454649) for wolfboot.bin, two 64MB partitions (OFP_A and OFP_B) for primary/secondary firmware images, and a root filesystem partition. Sign application images or FIT images using ./tools/keytools/sign –ecc384 –sha384
Industry Verticals and Use Cases
The PolarFire SoC’s FPGA flexibility, RISC-V processing power, and low power consumption make it ideal for diverse industry verticals:
Aerospace and Defense: Mission-critical systems requiring reliability, security, and deterministic performance. Example use cases include flight control systems, avionics, and secure communication equipment where DO-178C compliance and hardware root of trust are essential.
Industrial Automation: Real-time control and monitoring systems in manufacturing environments. The FPGA fabric enables custom hardware acceleration of control algorithms, while low power consumption reduces cooling requirements in industrial settings.
Medical Devices: Secure medical imaging and diagnostic equipment requiring patient data protection and device integrity. The combination of complex computation support and security features ensures compliance with medical device regulations.
Communications: Networking equipment, base stations, and communication infrastructure where performance and power efficiency are critical. Example applications include 5G base stations, network switches, and edge computing nodes.
Automotive: Advanced driver-assistance systems (ADAS) and in-vehicle infotainment where safety and reliability are paramount. The deterministic performance and security features support automotive safety standards.
Stay tuned for the official release of wolfBoot support for the PolarFire SoC. For more information, visit our wolfBoot product page.
If you have questions about any of the above, please contact us at facts@wolfssl.com or call us at +1 425 245 8247.
Download wolfSSL Now