Full Release Overview wolfTPM’s firmware TPM (fTPM) is available with full TCG TPM 2.0 Library Specification v1.85 post-quantum support. This release adds the eight new v1.85 commands, the ML-DSA and ML-KEM algorithm structures, and supporting infrastructure (examples, unit tests, NIST ACVP known-answer-tests, a libFuzzer harness) to wolfSSL’s portable software TPM 2.0 implementation. The work merged […]
Read MoreMore TagCategory: Uncategorized
wolfBoot now support fTPM as Root of Trust in TrustZone
With wolfBoot 2.8.0, TrustZone became an increasingly important part of the platform’s security model. That release expanded wolfBoot’s ability to place cryptographic services inside secure TrustZone enclaves, including PKCS#11 support via wolfPKCS11, and PSA Crypto with DICE attestation through wolfPSA. In both cases, the benefit is clear: sensitive cryptographic operations and security-critical state can live […]
Read MoreMore TagHW Crypto Support for the NXP LPC55S69
wolfSSL announces wolfBoot / wolfCrypt support for hardware crypto acceleration in the NXP LPC55S69, available now in the following PR’s: wolfBoot: #757, #773 wolfSSL (wolfCrypt): #10278 This includes TRNG, SHA1, SHA-256, AES-CBC, AES-ECB, AES-OFB, AES-CFB, and AES-CTR. AES supports key sizes of 128, 192, and 256. About the NXP LPC55S69 The LPC55S69 is a general-purpose […]
Read MoreMore TagwolfSSL has released an update to wolfGuard
wolfSSL has released an update to wolfGuard, our FIPS-validated algorithm port of WireGuard. We recommend updating. Highlights from this release: AES-GCM crash fix: resolves a kernel panic on kernels dated after March 2026. Cookie security fix: sensitive cryptographic material is now reliably wiped on all validation error paths. Configuration sync fix: corrects a logic error […]
Read MoreMore TagFull Linux FIPS 140-3 via wolfCrypt on Yocto Linux
Achieving and maintaining FIPS 140-3 compliance across embedded Linux platforms can be difficult, especially when integrating cryptography into Yocto-based environments. Register now: Full Linux FIPS 140-3 via wolfCrypt on Yocto Linux Date: May 28 | 9 AM PT Join us on May 28 at 9 AM PT for a practical technical session on integrating Full […]
Read MoreMore TagPreparing Connected Devices for the EU Cyber Resilience Act
The EU Cyber Resilience Act (CRA) will introduce new security and maintenance expectations for connected devices sold into the EU market, including requirements around secure development, vulnerability handling, firmware integrity, and long-term support. These requirements will directly impact how devices are designed, updated, documented, and maintained throughout their lifecycle. Register now: Preparing Connected Devices for […]
Read MoreMore TagwolfCrypt FIPS 140-3 coming to pfSense
FIPS 140-3 support is coming to pfSense! pfSense is one of the most widely deployed open-source firewall and router platforms in the world, powering everything from small office networks to large enterprise and government deployments. Built on FreeBSD, pfSense has earned a reputation for stability, flexibility, and a rich feature set spanning VPN, IDS/IPS, captive […]
Read MoreMore TagLMS versus XMSS versus SLH-DSA Performance Data
In a previous post, we spoke about LMS, XMSS and SLH-DSA in relation to wolfBoot and let you know we’d be bringing some benchmarking numbers. Voila! Algorithm / Parameter Set Sig Size/Strength Verification Time (ms) Operations Per Second LMS/HSS L2_H10_W2 9300 0.118 8500.588 LMS/HSS L2_H10_W4 5076 0.219 4557.764 LMS/HSS L3_H5_W4 7160 0.324 3088.329 LMS/HSS L3_H5_W8 […]
Read MoreMore TagwolfProvider FIPS for the Linux TPM2 Software Stack
As part of wolfSSL’s Full Linux FIPS project, wolfProvider provides FIPS 140-3 validated cryptography for the Linux TPM2 software stack, covering both libtss2 (the core TSS2 libraries) and tpm2-tools. Why This Matters TPM 2.0 is the hardware root of trust on nearly every modern Linux system. It underpins LUKS disk encryption sealed to PCR values, […]
Read MoreMore TagwolfGuard: FIPS-Compliant WireGuard VPN, Now Native in wolfIP
wolfIP now includes native wolfGuard support, bringing a FIPS-compliant WireGuard VPN tunnel directly into the stack. wolfGuard replaces the standard WireGuard cipher suite (Curve25519, ChaCha20-Poly1305, BLAKE2s) with FIPS-certified alternatives (P-256 ECDH, AES-256-GCM, SHA-256) using wolfSSL cryptographic primitives, while preserving the Noise IKpsk2 handshake and its security properties including perfect forward secrecy and automatic key rotation. […]
Read MoreMore Tag
