RECENT BLOG NEWS

So, what’s new at wolfSSL? Take a look below to check out the most recent news, or sign up to receive weekly email notifications containing the latest news from wolfSSL. wolfSSL also has a support-specific blog page dedicated to answering some of the more commonly received support questions.

Live Webinar: Everything you need to know about DTLS 1.3

Announcing the Highly-Anticipated Return of the DTLS 1.3 Webinar!

We’re thrilled to invite you to the upcoming webinar, Everything you need to know about DTLS 1.3, on November 9th presented by wolfSSL Senior Software Engineer, Juliusz. If you’re eager to delve deep into the world of DTLS 1.3 and expand your knowledge, this is an unmissable opportunity.

Save the date: 11/9/2023 at 10 AM PT

As a pioneer in DTLS 1.3 implementation, wolfSSL has brought numerous enhancements and innovations to bolster the security and efficiency of the DTLS protocol. Notably, ExpressVPN recently integrated DTLS 1.3 support into their lightweight core library via wolfSSL. Juliusz will be providing invaluable insights into the DTLS 1.3 protocol improvements and sharing the latest updates on security.

Sneak peek of the webinar:

  • Introduction to basic DTLS
  • DTLS v1.3 vs v1.2 comparison
  • wolfSSL DTLS 1.3 examples and experiments
  • Hands-On: utilizing DTLS in UDP applications
  • Unveiling new features and updates

This is your perfect opportunity to gain in-depth understanding and enhance your DTLS 1.3 technical skills. Don’t miss out on the chance to learn and have your DTLS 1.3 related questions answered live. Register now and stay up-to-date on the DTLS 1.3 protocol improvements!

If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.

Download wolfSSL Now

Enhanced PKCS7 support in wolfSSL

Previously with calls to wolfSSL_SMIME_read_PKCS7 in wolfSSL we were automatically performing a verification of the bundle’s signature after parsing it. To support more use cases the behavior was updated to allow for only parsing the ASN.1 syntax when calling wolfSSL_SMIME_read_PKCS7. Now more complex bundle setup’s are supported and more flexible means of verifying the bundle after it has been parsed. One of the more straightforward ways that still exist to verify the bundle is by using wolfSSL_PKCS7_verify.

If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.

Download wolfSSL Now

wolfTPM v3.0 Released

This is a major version for wolfTPM. We are excited for this release because it includes some really excellent new features and fixes!

Secure Boot Examples:

This release adds new examples for secure boot. See examples/boot/README.md for details.

We added a new secret sealing/unsealing example based on an externally signed policy. This is a complex use-case showing how to seal a secret based on a policy that is externally signed. The seal operation uses a public key. The private key associated with it is used to sign a policy to allow unsealing that secret. These examples use PCR registers, however there are other policy methods supported by the TPM. See secret_seal and secret_unseal.

We also added an example for anchoring a root of trust in the TPM using an NV in the platform hierarchy and optional NV lock feature. See secure_rot.

Support for ECC Parameter Encryption / Secrets:

We added support for encrypting secrets using ECC key. Allows using ECC for parameter encryption and importing ECC keys with custom seed. (See PR 276)

Authentication Refactor:

This release adds command information including the specific authentication requirements. If a command expects authentication and it is not provided the wolfTPM library will warn (if using –enable-debug). Likewise if a command does not use authentication it will automatically exclude it. If additional authenticated session(s) are available like HMAC or policy it will be included. The user is still required to set the correct session index.

HAL Improvements:

We have refactored the HAL to make it available with the library, not just in the examples. HAL support for Microchip Harmony SPI has been added. The STM32 I2C support has been fixed and performance improved. We added support for memory mapped (MMIO) found on Intel hardware.

PEM support:

We have added new API’s for making it easy to import and load PEM or DER/ASN.1 encoded ECC or RSA keys (private or public).
See “wolfTPM2_ImportPrivateKeyBuffer” and “wolfTPM2_ImportPublicKeyBuffer”

Security Best Practices:

We have added a new API “wolfTPM2_ChangePlatformAuth” to help set the platform authentication. This is useful during the boot phase to prevent access to the platform. Typically a random value is used, since this auth is cleared on reset or power cycle.

Testing has been greatly expanded in this release for our examples including greater use/support of -aes/-xor options for parameter encryption. See examples/run_examples.sh.

Full wolfTPM v3.0.0 Change Log:

Summary

Refactor of command authentication. Support for ECC sessions and secrets. Support for policy sealing/unsealing. Examples for secure boot.

Detail

  • Refactor of the command authentication. If command does not require auth do not supply it (PR #305)
  • Refactor HAL and added Microchip Harmony SPI HAL support (PR #251)
  • Relocate crypto callback code to its own code file (PR #304)
  • Fixed using a custom wolfTPM CSR sigType (PR #307)
  • Fixed support for ECC 384-bit only support (PR #307)
  • Fixed issue with using struct assignment (switched to memcpy) (PR #303)
  • Fixed various issues building with C++ compiler (PR #303)
  • Fixed issues with STM32 I2C build and improved performance (PR #302)
  • Fixed seal with RSA and PCR extend auth. (PR #296)
  • Fixed issue including user_settings.h when –disable-wolfcrypt set (PR #285)
  • Fixed TPM private key import with custom seed (PR #281)
  • Fixed autogen.sh (autoconf) to generate without warnings (PR #279)
  • Fixed TPM2 create with decrypt or restricted flag set (PR #275)
  • Fixed and improved low resource build options (PR #269)
  • Fixed the TPM_E_COMMAND_BLOCKED macro to have the correct value (PR #257)
  • Fixed casting and unused variable problems on windows (PR #255)
  • Fixed Linux usage of cs_change and added config overrides (PR #268)
  • Fixed and improved the NV auth and session auth set/unset (PR #299)
  • Fixed capability to handle unknown TPM2_GetCapability type and fix bad printf (PR #293)
  • Fixed macros for file IO XFEOF and XREWIND to make sure they are available (PR #277)
  • Fixed seal/unseal example (PR #306)
  • Fixed TLS examples with param enc enabled (PR #306)
  • Fixed signed_timestamp with ECC (PR #306)
  • Added CI tests for CSharp wrappers (PR #307)
  • Added support for sealing/unsealing based on a PCR that is signed externally (PR #294)
  • Added examples for Secure Boot solution to store root of trust in NV (PR’s #276, #289, #291 and #292)
  • Added support for importing and loading public ECC/RSA keys formatted as PEM or DER (PR #290)
  • Added new policy_nv example (PR #298)
  • Added -nvhandle argument to nvram examples (PR #296)
  • Added code to test external import between two TPM’s (PR #288)
  • Added support for STM32 Cube Expansion Pack (PR #287)
  • Added support memory mapped (MMIO) TPM’s (PR #271)
  • Added wc_SetSeed_Cb call for FIPS ecc (PR #270)
  • Added wrapper support for setting key usage (not just extended key usage) (PR #307)
  • Added RSA key import methods to handle PEM and DER encoding directly (PR #252)
  • Added thread local storage macro and make gActiveTPM local to the thread (PR #253)
  • Added Microchip macro names and Support for bench with MPLABX Harmony (PR #256)
  • Added support for encrypting secret using ECC key (PR #276)
  • Added wolfTPM2_ChangePlatformAuth wrapper to help set the platform auth (PR #276)
  • Improvements to CMake build (PR’s #280, #283 and #284)

If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.

Download wolfSSL Now

wolfSSL Extends Support for System CA Certificates to Apple Devices

We are excited to announce an important update for our Apple device users: wolfSSL’s support for installed system CA certificates now extends to Apple devices! This means that applications can now use the convenient wolfSSL_CTX_load_system_CA_certs() API to authenticate TLS connections against certificates installed to the system trust store.

Due to recently introduced OS changes around application sandboxing, applications running on non-macOS Apple platforms can no longer directly access trusted certificates installed on the system. This prevents these certificates from being enumerated and loaded into wolfSSL to use for authentication.

To accommodate this API restriction, we have introduced a new certificate verification routine that relies on Apple’s Security framework APIs to authenticate peer certificates. TLS peer certificates are first checked against the trusted CAs loaded into wolfSSL’s certificate manager, as they always have been. However, if this check is unsuccessful, wolfSSL will now attempt to validate the peer certificate chain using the system trust APIs. This new routine is only used when support for system CA certificates is enabled and when compiling for an Apple target.

If you are building wolfSSL for iOS using configure, this new feature will be on by default and no additional configuration is required by the user. If you are building with a user_settings.h file, you must define the WOLFSSL_SYS_CA_CERTS and WOLFSSL_APPLE_NATIVE_CERT_VALIDATION preprocessor macros, as well as ensure you are linking wolfSSL against the Apple CoreFoundation and Security frameworks. Calling wolfSSL_CTX_load_system_CA_certs() before creating a new TLS connection will now enable system CA certificates to be used for authenticating a peer connection.

To use this feature on MacOS, the steps are the same except that you must define the WOLFSSL_APPLE_NATIVE_CERT_VALIDATION preprocessor macro even when building with configure, as the feature is not on by default.

If you are using cURL + wolfSSL, ensure that the feature is enabled in your wolfSSL build as described above, then set the CURLSSLOPT_NATIVE_CA curlopt in your curl application to indicate the native certificate verification routines should be used.

if you have questions, comments or suggestions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.

Download wolfSSL Now

Repost: wolfBoot support for the STM32C0

Designed by Freepik: www.freepik.com

We are adding wolfBoot support for the new STM32C0. This is a low cost MCU similar to the STM32G0 based on a Cortex-M0 (48MHz). It is a very low cost general purpose 32-bit MCU with up to 32KB flash and 12KB RAM.

Our wolfBoot secure bootloader is the only solution available for this platform thanks to our small code size. Most STM32 parts are supported with wolfBoot out of the box. See our video series with ST for a tutorial on using wolfBoot.

See the STM32C0 announcement from ST.

Features:

  • Written in C for bare-metal use
  • Small footprint to run on small embedded devices
  • Memory safety (no malloc/free)
  • Support for on-board or external SPI flash
  • Simple partitioning and header scheme
  • Abstracted HAL design for CPU speed and flash
  • Bootloader handles swapping and loading of partitions
  • Key tools for key generation/import and signing
  • Encrypted updates
  • Delta updates (only differences)

Signature algorithms supported:

  • ECC (SECP256R1,SECP384R1)
  • RSA (2048/3072/4096)
  • ED25519
  • ED448

Firmware image integrity using hash digest:

  • SHA2-256
  • SHA2-384
  • SHA3-384

Flexible partition scheme determined at build-time:

  • Bootloader (10-30KB)
  • Application
  • Update
  • Swap (1 sector)
  • And custom partition ID’s

Reliable Firmware update mechanism:

  • Independent from the update transport mechanism
  • Fallback to a previous version when the update fails
  • Resume interrupted swap operations during update, in case of power failure

Support for STM hardware crypto acceleration:

  • STM32 HASH/AES/PKA
  • ST33TP* TPM 2.0 using wolfTPM

If you are interested in trying our wolfBoot on the STM32C0, curious about post-quantum signature support in wolfBoot or have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.

Download wolfSSL Now

Live Webinar hosted on Australian time for our Asia Pacific audience: SM Ciphers are now implemented in wolfSSL

How to access them, use them, and what sets them apart.

Join us for an informative webinar on the release of wolfSSL’s SM cipher implementations, presented by wolfSSL Senior Software Engineer Sean on November 3rd at 12pm AEST. This webinar is scheduled for Australian time to cater to our audience in the Asia Pacific region.

Save the date: 11/3/2023 at 12pm AEST

As many are aware, Chinese government regulators are now mandating use of SM2, SM3 and SM4 in critical systems, including automobiles, avionics, power systems, and communication systems. Since many of our customers are multinationals that conduct business in China, they have expressed the need for the inclusion of these algorithms in wolfSSL products.

We recently released our supported versions of SM2, SM3, and SM4, with the intention to release the ZUC stream cipher at some point this year to completely satisfy SM9. We are also in contact with labs regarding support of OSCCA certification at some point in the future.

This is truly exciting news for our customers in the Chinese markets!

For those considering using wolfSSL products, here are 6 key benefits you will gain:

  1. The SM Ciphers are fully supported in wolfSSL’s TLS 1.3 and DTLS 1.3 implementations.
  2. wolfSSH, wolfBoot and our other products will support ShangMi ciphers.
  3. ARM, Intel, and RiscV assembly is in the works for our SM implementations for maximum performance
  4. We support bare metal for SM2, SM3, and SM4.
  5. We have maximized performance and minimized size, so the ShangMi algorithms will work well for embedded systems use cases on a wide variety of microcontrollers (MCU’s). They will be available for all of the MCU silicon that we currently support, including STM32, NXP i.MX, RISC-V, Renesas RA, RX, and Synergy, Nordic NRF32, Microchip PIC32, Infineon Aurix, TI MSP, and many others.
  6. Our GPLv2 versions of the SM ciphers are available for download on GitHub

Commercially licensed versions are available.

Sean will delve into the insights of SM Ciphers and explain how you can effectively employ SM Ciphers with wolfSSL. Bring all your questions related to ShangMi Ciphers and algorithms; Sean is ready to answer them all.

Sneak peek of the SM Ciphers webinar:

  • Background of the ShangMi Ciphers: SM2, SM3, SM4
  • TLS and SM Ciphers
  • When to Utilize SM Ciphers
  • wolfSSL and SM Ciphers
  • Building wolfSSL with SM Ciphers
  • Using SM Ciphers in wolfSSL
  • Future Developments

Seats are limited! Register Now

If you have questions about the ShangMi ciphers and algorithms, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.

Download wolfSSL Now

Native CAN bus and A Full API Manual for the wolfSentry Embedded Firewall/IDPS

With our recent release of version 1.6, wolfSentry now natively supports CAN bus, with idiomatic bitmask-based address matching. Addresses and bitmasks can be supplied as hexadecimal, octal, or decimal numbers, supporting both 11 bit part A and 29 bit part B addresses.

Indeed, all address families now support bitmask matching, including user-defined address families, with computational overhead confined to bitmask-matched families. When using JSON configuration, bitmask matching is a simple matter of supplying a “bitmask” rather than a “prefix-bits” value for an endpoint. Bitmask-matched addresses can also be supplied directly through the API, using WOLFSENTRY_ROUTE_FLAG_REMOTE_ADDR_BITMASK and WOLFSENTRY_ROUTE_FLAG_LOCAL_ADDR_BITMASK. Consult the documentation for details.

Speaking of documentation, wolfSentry now includes a comprehensive developer’s manual, fully detailing the API, JSON configuration, build flags, and basic application integration in FreeRTOS-lwIP. The new API manual is available both as a bundled pregenerated PDF file at doc/wolfSentry_refman.pdf, and as Doxygen-generated HTML by running “make doc-html”.

Release 1.6 also includes additional portability improvements, allowing for full functionality in a newlib-nano runtime with a C89 toolchain. Callbacks are provided for all system facilities, assuring easy porting.

The latest wolfSentry release is available on GitHub, with native in-tree support for 32 and 64 bit targets and POSIX, DeOS, FreeRTOS, and MacOS X runtimes. Let us know if you would like it on another platform. Our current porting plans include Green Hills IntegrityOS, VxWorks, LynxOS, PetaLinux,TRON/ITRON/µITRON, QNX, PikeOS and NuttX. Clone it now, and make test!

Please contact us at facts@wolfSSL.com or call us at +1 425 245 8247 with any questions or for help getting started with wolfSentry in your project!

Download wolfSSL Now

Secure Your Apple HomeKit Espressif ESP32 Devices with wolfSSL

wolfSSL is proud to announce that wolfCrypt is being used to secure Espressif ESP32 devices on the Apple ® HomeKit ecosystem. Use wolfSSL on your own ESP32 (or any other embedded device!) along with the many other commercially available Apple Home Accessories to control and monitor nearly anything. Use wolfSSL encryption to keep communication between devices secure.

We recently became aware of the popular open source Homekit project that [AchimPieters] is working on with the esp32-homekit-demo. See also the Espressif Homekit SDK and the Apple HomeKit ADK.

Any good demo starts with a Hello World application. In the world of embedded devices, that’s of course typically the blinking LED. Check out the Homekit LED Example. Special thanks to [Julien C] that helped test and fine-tune wolfSSL to work with the demo and his iPhone!

Which Espressif device do you have? The classic ESP32? The updated ESP32-S3? Perhaps the RISC-V ESP32-C3? We support them all.

Just getting started with wolfSSL? Check out our blog on wolfSSL as a Managed Component and the Preview Blog for wolfSSH and wolfMQTT Managed components. You can add wolfSSL support to your Espressif project with just one line:

idf.py add-dependency "wolfssl/wolfssl^5.6.0-stable"

If you have an ESP32 product idea for the Apple Homekit or some other platform, or questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247 to learn more. We work with any size organization from the smallest garage maker to the largest Fortune 500 companies.

Download wolfSSL Now

Repost: Secure Boot and Glitching Attacks

Designed by @Noxifer81

In general, a “glitch” is a momentary fault that may happen on a system, preventing it from working properly, for a brief amount of time. The effects of a single glitch on proper software execution may be multiple, including catastrophic consequences that may prevent the system from continuing the execution.

Glitching attacks are complex and expensive to execute, but can be a real issue for secure boot mechanisms, and often very hard to prevent or mitigate. They aim at exploiting predictable consequences of single glitches in order to take control of the execution or the data contained in the system. The glitch can be injected using different techniques, which often rely on well known weaknesses of the specific microcontroller or CPU. The most common glitch injection consists in varying the voltage supplied to the chip at a specific time, or modifying the profile of the clock signal to mangle the timing of the execution of the instructions. More advanced attacks can rely on irradiating the device with strong electromagnetic interference.

In the specific context of secure boot, the goal for an attacker is to circumvent the security checks in those critical sections of the code, e.g. the code that performs verifications on the firmware authenticity, integrity or versioning. These attacks could eventually defeat the security checks, and take control of the system by uploading an unauthorized firmware image. While they require an accurate synchronization and several attempts, these attacks will eventually succeed in injecting a fault in the hardware at the required time in order to skip the verification.

Our secure bootloader, wolfBoot, follows the indication of RFC9019 to provide a secure, public key based verification of the integrity and authenticity of the firmware and its updates. It runs on several different architectures, from small microcontrollers up to x86_64 systems. wolfBoot is OS-agnostic and provides best-in-class security thanks to the FIPS 140-2 certified algorithms implemented in the wolfCrypt security engine.

wolfBoot already comes with plenty of unique features. Now it is also the first open source secure bootloader to implement mitigations against glitching attacks. Our development team has added an optional feature that can be activated at compile time, to reinforce the security of the critical variables and decision points in the code. This has required an evaluation of the code flow of wolfBoot from a point of view that includes the possibility for an attacker to skip single specific instructions. Introducing these mitigations has been tricky, because redundant code written in C is usually discarded by the compiler. For this reason the countermeasures must be programmed in assembly, which makes this code architecture specific.

Our latest release of wolfBoot v1.11 contains these countermeasures. Glitching support mitigation can be freely compiled and used in GPL projects for evaluation and auditing purposes.

To compile wolfBoot with glitching and side-channel attack mitigations turned on, it is sufficient to add ARMORED=1 to the configuration options (i.e. via command line when invoking make, or through the .config file). The ARMORED option is currently supported on ARM Cortex-M architecture. Support for other architectures will be added in the future.

You can download wolfBoot today from our download page or from our github repository

If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.

Download wolfSSL Now

Customized ad-hoc secure boot with wolfBoot

Designed by @Noxifer81

wolfBoot is known for being the universal secure bootloader for all types of embedded systems.

While initially targeting 32-bit microcontrollers, wolfBoot has grown into a full framework to implement secure boot solutions on a wide range of different systems and architectures.

This is mostly due to wolfBoot modularity and flexibility, which makes our solution easy to reshape and adapt to the most peculiar use cases. Here are a few examples of customizations we have facilitated in the past, taken from real-life use cases.

Update images stored on external devices

This type of customization is perhaps the most popular. wolfBoot offers an interface to interact with external storage devices or anything that can be abstracted as such: the “ext_flash” interface.

Ext_flash is an interface that connects wolfBoot to a driver that implements the following function calls, to access the content of specific storage devices

ext_flash_lock()

ext_flash_write()

ext_flash_read()

ext_flash_erase()

ext_flash_unlock()

On microprocessor-based embedded systems, ‘external’ devices are often the only solution, requiring specific drivers to access the kernel images on different supports (USB, SD, eMMC, SSD, etc.). Microcontroller architectures often integrate external NOR SPI/QSPI flash memories that can be used as persistent storage, where generally it’s not possible to execute code in place.

wolfBoot has an additional layer directly supporting several types of SPI flash memory chips. The SPI support is also implemented on top of the ext_flash API interface, and provides another level of abstraction. In this case porting to a new target with an SPI controller only requires to implement the following single SPI transfer functions, and the SPI layer will link the required functions to access the flash through this interface:

spi_init()

spi_cs_on()

spi_cs_off()

spi_read()

spi_write()

spi_release()

SPI access is just one of the possibilities available in wolfBoot to extend the support to any non-volatile memory, and beyond.

Update images downloaded on-demand from neighbor systems

By design choice, wolfBoot does not include any network stack or communication capabilities besides the access to storage devices and internal flash memory. This is an advantage both in terms of security because it makes the attack surface very small, and from the safety point of view keeping all the structures and code flow simple to follow and predictable.

In some cases it’s required to communicate with other systems during the boot stage, because the firmware image or the updates received may be stored elsewhere, avoiding to split the flash memory to make room for a second partition. In these cases, wolfBoot may be required to open a communication channel (usually through a serial bus such as UART or SPI) to retrieve the firmware images from a neighbor system. This is in fact a rather common requirement when wolfBoot is securing the boot procedure on asymmetric multiprocessor systems or in general systems with multiple heterogeneous cores.

The recommended way to access remote content from wolfBoot consists in defining a custom ext_flash driver that abstracts a virtual addressable memory space. wolfBoot codebase contains an example of ext_uart driver running the client endpoint connecting to the uart_flash_server POSIX application provided, that can export signed and encrypted files for wolfBoot to handle and stage. EXT_UART is yet again one of the possible modes to extend the external flash support to both physical storage supports and virtualized abstractions.

Third-party key provisioning

Provisioning keys is a process that may involve third party tools and entities that generate, store and use the main private key to sign the firmware images. Thanks to the flexibility of the key tools distributed with wolfBoot, keypairs can be both generated or imported (in their public format) within the signing process. While the public keys must all be available and accessible by wolfBoot at run time, the private keys are used to sign the header of each authentic firmware.

The actual signature operation can be detached from the manifest header composition, by splitting the two phases. This way the signing is performed by an external tool, and the private key does not need to be accessed during the operation.

For more information on the possibilities of customizing the signing procedure, please see wolfBoot signing tools documentation.

Storing keys in a secure vault

Storing the public keys used to authenticate the firmware in a secure, write-protected area of persistent memory is the most important security requirement for proper secure-boot mechanism. In many cases it is sufficient to execute wolfBoot from a write-protected area, and keep the keys stored along with the bootloader code, in a C array. This is the default mechanism implemented in wolfBoot.

When the keygen tool generates or imports public keys, it creates two copies of the local archive of the public keys needed at runtime for signature verification, in two different formats. The C array (keystore.c), to be built in the bootloader image, and a binary file (keystore.der) containing the same structure in binary format.

By excluding keystore.c, it is possible to upload the content of keystore.der into a dedicated secure or write-protected storage. A driver to access the secure vault at runtime must be provided, through an API exporting three functions for wolfBoot to retrieve the public keys, their sizes and their permissions mask. Using a separate abstraction layer for the keystore provides an interface that can be customized beyond classic secure element or TPM interactions, to design a more complex structure to handle keys at runtime. More information available in the wolfBoot documentation page about keystore structure.

Unique partition/images and keys combination

Multiple-stage boot layouts can get very complex. Our development team has learned a lot when designing the boot process involving a set of partitions and firmware images with different levels of access permissions for the first time. Since then, we have dealt with several scenarios where multiple actors had to be capable of updating only one subset of partitions with firmware authenticated with specific subsets of public keys.

Consider the following scenario: an embedded device with a secure bootloader and two partitions: a “system” partition (perhaps running in secure mode from a TEE) and an “application” partition, containing configurable software that can be uploaded by a registered user that owns or has access to the device. Two separate keys are needed in this case: the user should only be able to send signed updates for the application partition, while the manufacturer must be able to update the system software (and the bootloader itself, if needed). The two levels of privilege in this case require two separate keypairs, the first one can be associated with the user, and the second with more powers should be kept by the manufacturer.

The latest wolfBoot, thanks to the keystore structure, supports up to 15 target partitions, and each one of these can be authenticated using one or more public keys from the keystore.

A firmware package in wolfBoot is always associated with an identification number (id) from 0 to 15, indicating the partition where the firmware must be installed. In the scenario described above, the ‘system’ would have id=1 and the ‘application’ software is associated with id=2. wolfBoot reserves id=0 for self-update procedure, i.e. update packages containing a new (signed) version of wolfBoot itself.

This mechanism allows the update mechanism to use the same update partition as temporary storage for all the updates, because wolfBoot will parse the incoming package and parse the manifest header to process the package using the right keys. The public key object elements in the keystore described earlier contain a bit mask that associates each key to the single target partition ids.

“Non-secure” boot

wolfBoot supports many different combinations of public key algorithms and key sizes. However, In some cases, authenticating the firmware is not a requirement. wolfBoot works properly when compiled with SIGN=NONE, excluding only the signature verification part, and keeping all the other features to facilitate the update, roll back in case of failure and verify the integrity of the firmware image after the transfer using SHA. That is, wolfBoot can be used as a non-secure bootloader, with a footprint of a few KB and very little impact on boot time. Especially useful in very small low-power systems with a tight amount of resources and CPU cycles.

wolfBoot as library: adding secure boot to legacy bootloaders

Among our customers, many have been upgrading older products and devices, reusing legacy software from previous versions, while stepping ahead with the security requirements which usually means adding a secure boot solution.

While starting a new bootloader from scratch is often an underestimated task from the development and testing point of view, many development teams rely on existing solutions that have been maintained and deployed on the field for years. Some custom bootloader solutions include network communication, sometimes with proprietary protocols and data links which would require a major effort to integrate into a vanilla wolfBoot. On the other hand, most of these legacy solutions lack the needed security features to implement cryptographic secure boot.

For this reason we have introduced the possibility to build wolfBoot as a library. Instead of providing the entire bootloader implementation, including build-up, staging, specific hardware access and customized flows, ‘wolfBoot as library’ is completely portable anywhere and provides easy interfaces to parse the manifest header, check versioning, verify an image loaded or mapped in memory for integrity and authenticity against the provided keystore. The key tools on the hosts can be used exactly in the same way as with the full wolfBoot installation, as the format remains the same and it is completely independent from the hardware or the architecture. To learn more about using wolfBoot as a library, check the documentation page about the library API.

Find out more about wolfBoot! Download the source code and documentation from our download page, or clone the repository from github.

If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.

Download wolfSSL Now

Posts navigation

1 2 3 5 6 7 8 9 10 11 183 184 185

Weekly updates

Archives