We’re building a kernel-native DTLS 1.3 stack — the full wolfSSL handshake and record layer running entirely in Linux kernel context, with no userspace daemon. Before we commit to productizing it, we want to know who needs it. If you encrypt UDP traffic from inside the kernel today, you bounce every packet out to userspace […]
Read MoreMore TagCategory: Uncategorized
wolfCrypt Is Quantum-Safe and has a FIPS 140-3 CAVP cert!
We’re proud to announce that wolfCrypt Post Quantum has officially received CAVP validation from NIST, listed under certificate #A8437. This validation covers the CNSA 2.0 compatible algorithm library contained within the wolfSSL TLS bundle (v7.0.0), and is a critical milestone on the path to a full FIPS 140-3 module validation for our post-quantum module. Certificate […]
Read MoreMore TagwolfTPM fTPM 2.0 for AMD/Xilinx UltraScale+ MPSoC — Space and Safety-Critical Ready
wolfTPM’s firmware TPM (fTPM) is a pure-software, TPM 2.0-compliant module that runs on any 32-bit or larger MCU or co-processor. No discrete TPM chip required. No I2C/SPI bus to manage. Same TPM2_* API on the application side as a hardware TPM, but the TPM logic is yours to place, isolate, and certify alongside the rest […]
Read MoreMore TagwolfSSH Continues on the Post-Quantum Hybrid Key Exchange Journey
Go checkout the master branch of wolfSSH. Two new hybrid KEX methods have been added. Both are defined in draft-ietf-sshm-mlkem-hybrid-kex: mlkem768x25519-sha256 — ML-KEM-768 paired with X25519 mlkem1024nistp384-sha384 — ML-KEM-1024 paired with NIST P-384 This joins mlkem768nistp256-sha256 which has been there for a long time. Why hybrid The “harvest now, decrypt later” threat model means ciphertext […]
Read MoreMore TagwolfCrypt FIPS 140-3 for WireGuard and Kernel Mode Applications
FIPS 140-3 Kernel Crypto: libwolfssl.ko delivers a FIPS 140-3 compliant cryptographic stack for the Linux kernel, using the same validated wolfCrypt implementations as the user-space library. wolfGuard: WolfGuard is a FIPS 140-3 implementation of WireGuard which replaces WireGuard’s non-FIPS algorithms with wolfCrypt’s FIPS based AES-GCM, ECDH, SHA-256 HMAC, and HASH-DRBG. WolfGuard-Go is the Go implementation […]
Read MoreMore TagwolfBoot Now Supports the STM32G4
wolfBoot, the secure bootloader from wolfSSL, has a new target: ST’s STM32G4 family of mixed-signal Cortex-M4F microcontrollers. The port has been validated on the NUCLEO-G491RE board (STM32G491RET6: 512 KB flash, 96 KB SRAM, 170 MHz). Why the STM32G4 The G4 family lands in a sweet spot for industrial and motor-control designs: enough FPU and DSP […]
Read MoreMore TagwolfGuard: FIPS-Compliant WireGuard VPN
WireGuard has become the gold standard for modern VPN deployments due to its simplicity and speed. However, regulated environments have historically faced a frustrating trade-off between compliance and simplicity, leaving teams stuck with heavy, complex legacy solutions. You shouldn’t have to choose between regulatory approval and a lightweight architecture. Join us on June 4 at […]
Read MoreMore TagEmbedded Wi-Fi Mesh with wolfIP and Clarinox
Integrating Wi-Fi mesh networking into embedded systems can introduce challenges around portability, memory usage, debugging, and network stack integration—especially across RTOS and MCU platforms. Join wolfSSL and Clarinox on June 3 at 8 AM PT for a technical webinar on integrating wolfIP with the ClarinoxWiFi Mesh platform. Register now: Embedded Wi-Fi Mesh with wolfIP and […]
Read MoreMore TagwolfBoot adds support for the Xilinx Zynq-7000 (ZC702)
We are pleased to announce that wolfBoot now ships an upstream port for the AMD/Xilinx Zynq-7000 SoC, verified end-to-end on the ZC702 Evaluation Kit (XC7Z020). The port covers QSPI cold-boot, SD-card cold-boot, JTAG-loaded development, and signed Linux/U-Boot payload chain-loading. All of this comes from a single TARGET=zynq7000 build target. This rounds out wolfBoot’s Xilinx coverage. […]
Read MoreMore TagwolfHSM TrustZone Now Available on STM32H5: Automotive-Grade HSM Security on a Mainstream Cortex-M33
wolfHSM on STM32H5 wolfHSM now supports the STM32H5 family. The same wolfHSM server that runs on Infineon AURIX TC3xx and ST SPC58 automotive parts now runs on a Cortex-M33, isolated by Arm TrustZone-M instead of a discrete HSM coprocessor. No extra silicon, no second MCU, no external secure element. The work is a two-part PR: […]
Read MoreMore Tag