Category: wolfBoot

We regularly receive inquiries regarding µITRON support in wolfSSL products—and understandably so.

As a specification for real-time operating systems (RTOS), ITRON has led to a wide variety of implementations. These include open-source projects such as TOPPERS/ASP, as well as commercial RTOS offerings like eT-Kernel (by eSOL), µC3 (by eForce), and NORTi (by MISPO), among many others. In addition, many companies have developed and deployed their own in-house RTOS implementations based on the µITRON specification.

As a result, although these systems are often described as “µITRON-compliant,” in practice they tend to include proprietary extensions or slight modifications. This has given rise to a diverse ecosystem of µITRON derivatives, each with its own unique features.

wolfSSL products are designed to support µITRON, including these many derivative implementations. This includes products such as wolfBoot, which typically require a higher degree of platform-specific integration. The high portability of wolfSSL—including wolfBoot—is the result of extensive experience supporting a broad range of RTOS and general-purpose operating systems, along with carefully localized platform-dependent code.

With commercial-grade technical support backed by wolfSSL’s proven portability technology, customers can confidently integrate wolfSSL products into their µITRON-based systems—regardless of the variant—ensuring robust, secure, and reliable operation.

If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.

Download wolfSSL Now

We’re thrilled to announce that wolfBoot now supports the powerful Nordic nRF5340 dual-core SoC, bringing enterprise-grade security to your IoT applications. This cutting-edge microcontroller combines robust security features with high performance, making it an ideal choice for modern IoT deployments.

Key Features

• Dual-Core Architecture
  • Application Core:
    • Cortex-M33 at 128MHz with TrustZone
    • 1MB Flash and 512KB RAM
  • Network Core:
    • Cortex-M33 at 64MHz
    • 256KB Flash and 64KB RAM
• wolfBoot Signature Options
  • RSA (2048/3072/4096)
  • ECC (256/384/521)
  • ED25519/ED448
  • PQC: ML-DSA/LMS/XMSS
  • Hybrid PQC schemes
• Hardware based root of trust

Implementation Details

Our reference implementation uses the Nordic nRF5340-DK development kit with external QSPI flash for secure update storage. We’ve also enabled delta (differential) updates to optimize bandwidth usage on constrained networks. Simply enable this feature with DELTA_UPDATES=1.

Communication Setup

The DK board features two virtual COM ports for debugging:

• Application Core: UART0=P0.20
• Network Core: UART0=P1.01

The application core manages network core updates through IPC and shared memory, ensuring seamless coordination between both cores.

Getting Started

For detailed build instructions and example output from an update, visit our documentation.

Important Notes

• Network core updates must be signed with –id 2 and placed in the application core update partition
• Coming soon: Hardware-based root of trust using the UICR key storage region

Testing Tools

We’ve provided helpful testing scripts in our GitHub repository. The build_flash.sh script automates the process of:

• Creating internal and external flash images
• Signing each with version 2
• Placing updates in external flash
• Triggering updates (equivalent to calling wolfBoot_update_trigger())

Support

For questions or assistance, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.

Download wolfSSL Now

With the release of WolfBoot version v2.4.0, we have made significant improvements to our secure boot support for Xilinx UltraScale+ MPSoC systems. This major update brings several key enhancements that make it easier and more efficient to deploy wolfBoot on this target.

UltraScale+ enhancements in wolfBoot v2.4.0

To see the complete list of improvements see wolfBoot PR #499.

1. Standalone build

   The latest release adds support for building without any dependencies from the Vitis/Xilinx SDK. This shift allows developers to bypass traditional SDK-based workflows, making it easier to integrate secure boot into their projects.

2. Expanded Exception Level (EL) Support

   We now support all ARMv8-A exception levels, enhancing security, virtualization, and OS management:

   • Exception Level 3 (EL3) – Trusted Firmware
   • Exception Level 2 (EL2) – Hypervisor
   • Exception Level 1 (EL1) – Operating System
3. Flattened Image Tree (FIT) Format

   We have also introduced support for the FIT format, which combines a Flattened Device Tree (FDT) with embedded binaries. FIT images are widely used in embedded Linux systems, providing a flexible and efficient way to package and deploy software.

4. Enhanced QSPI Bare-Metal Driver

   The latest release includes significant improvements to the QSPI bare-metal driver, enhancing its capabilities for DMA and clock speed configuration. For example using DMA vs IO mode reduced the read of 154MB from 18,228ms to 2,607ms.

5. ARMv8 Crypto Extensions

   wolfBoot now supports the wolfCrypt ARM crypto assembly speedups for SHA2 and SHA3, which greatly improves hashing performance on the integrity checking during boot.

AMD/Xilinx UltraScale+ MPSoC (ZCU102) Features

The AMD/Xilinx Zynq UltraScale+ MPSoC ZCU102 is a powerful evaluation board that provides a platform for system designers to develop and prototype applications:

• Processing System (PS):
  • Quad-core ARM Cortex-A53 (Application Processing Unit – APU)
  • Dual-core ARM Cortex-R5 (Real-time Processing Unit – RPU)
  • ARM Mali-400 MP2 GPU for graphics acceleration
• Programmable Logic (PL):
  • Integrated UltraScale+ FPGA fabric for custom hardware acceleration
  • Supports Partial Reconfiguration (PR)
  • High-performance DSP slices for signal processing applications
• Configuration Security Unit (CSU):
  • The CSU is responsible for secure boot and system configuration.
  • It ensures secure key storage, authentication, and decryption for secure boot processes.
  • Supports Root of Trust (RoT) for secure application execution.
  • Manages bit-stream authentication and encryption for FPGA security.
• Platform Management Unit (PMU):
  • The PMU is a triple-redundant MicroBlaze processor system, ensuring high reliability and fault tolerance.
  • Handles power sequencing, system monitoring, and fault detection.
  • Manages dynamic power and thermal control, optimizing energy efficiency.
  • Provides error handling and recovery mechanisms for mission-critical applications.

Note: The wolfBoot support for using the CSU and hardware based Root of Trust is in development now. You can follow the progress here.

Getting Started

To get started with wolfBoot on your Xilinx UltraScale+ MPSoC system, please refer to the official documentation docs/Targets.md.

The Xilinx hardware uses a First Stage BootLoader (FSBL) and requires assembly of a BOOT.BIN image using bootgen and .bif file. Detailed instructions can be found in IDE/XilinxSDK.

If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.

Download wolfSSL Now

wolfBoot supports a wide range of NXP QorlQ platforms. In this post, we will highlight supported platforms, key features, and how wolfBoot ensures security and reliability for PowerPC-based embedded systems.

Why wolfBoot for NXP QorIQ?

wolfBoot is a highly suitable secure boot solution for modern embedded systems. wolfBoot is a U-Boot replacement to improve security. wolfBoot supports features like TPM, encrypted updates, external flash partitions, differential updates, and side channel hardening (armored mode). Production support, commercial grade product, safety critical certified DO178 and FIPS 140-3. Its lightweight design, independence from specific platforms, and ease of integration make it a one-stop solution for developers aiming to improve firmware security.

Key advantages:

• Efficient and Lightweight: Perfect for resource-constrained environments.
• Broad Compatibility: Supports PowerPC and Arm-based platforms.
• Flexible Integration: Simplifies secure firmware updates and key management.

Supported NXP QorIQ PPC Platforms

LS1028A

• Overview: ARMv8-A architecture with dual Cortex-A72 cores for industrial and networking applications.
• Features: Integrated TSN (Time-Sensitive Networking), high-speed I/O, and robust peripheral support.
• Tested Environment: LS1028ARDB Reference Board.

T1024

• Overview: Dual-core 64-bit PowerPC processor based on the e5500 core, designed for embedded control and communication.
• Features: Virtualization, encryption acceleration, and advanced networking capabilities.
• Applications: Secure gateways, industrial automation, and telecom systems.
• Tested Environment: T1024RDB with NOR flash using IFC.

T2080

• Overview: High-performance quad-core 64-bit processor using the e6500 core with AltiVec technology for vector processing.
• Features: Exceptional performance for data-intensive workloads and advanced signal processing.
• Tested Environment: NAII 68PPC2 hardware.

P1021

• Overview: A dual-core PPC e500v2 processor.
• Features: Optimized for secure boot from NAND flash via eLBC (Enhanced Local Bus Controller).
• Boot Details: Supports first-stage boot loader and execution of wolfBoot for secure firmware validation and application loading.
• Applications: Ideal for industrial controllers and embedded systems requiring high reliability.
• Tested Environment: P1021RDB with NAND boot source using eLBC

How wolfBoot Secures NXP QorIQ Systems

wolfBoot ensures safe and trusted execution of firmware with:

• Secure Boot: Prevents unauthorized firmware from running.
• Signed Updates: Employs ECC/RSA cryptography for firmware authenticity.
• Customizable Configurations: Provides example setups for easier implementation across platforms.

Conclusion

Whether you’re working on NXP QorIQ PowerPC platforms or other architectures, wolfBoot is designed to deliver the best security and support. Its compatibility with wide ranges of different processors makes it essential for secure embedded systems development.

If you have questions about any of the above, please contact us at facts@wolfSSL.com or +1 425 245 8247.

Download wolfSSL Now

wolfBoot 2.3.0 has finally been released! The universal secure bootloader extends its support to new platforms, improves existing ports, and introduces new groundbreaking features that set the pace to defining secure-boot for the next generation of embedded systems.

A New Era of Secure Boot with ML-DSA and Hybrid Authentication

The introduction of quantum resistant algorithms in the latest releases of wolfSSL has accelerated the integration of asymmetric cryptography in our secure boot solution. In 2023, wolfBoot v2.0.0 expanded its signature verification algorithms to include the hash-based stateful signatures LMS (+HSS) and XMSS (^MT). wolfBoot v2.3.0 further extends these options by introducing ML-DSA, as specified in FIPS-204, for verifying the authenticity of firmware and other critical components. Support for ML-DSA in wolfBoot is currently available in three variants: ML-DSA-44, ML-DSA-65 and ML-DSA-87, corresponding to NIST security category 2, 3 and 5, respectively.

Hybrid Authentication: Post-Quantum Meets Classic Cryptography

One of the most anticipated features in WolfBoot 2.3.0 is its support for hybrid authentication, a method that combines Post-Quantum Cryptography (PQC) algorithms with traditional cryptographic techniques like ECC and RSA. This hybrid approach strengthens security by combining the resilience of PQC, which resists quantum attacks, with the well-established reliability of classic algorithms. Pairing PQC algorithms with ECC521 offers a path toward CNSA 2.0 compliance, a set of guidelines for systems demanding the highest levels of security.

Hybrid authentication in WolfBoot secures the boot process by signing and validating boot images with a combination of PQC and traditional cryptography. This dual-layer protection approach ensures that even if one algorithm becomes vulnerable, the other remains resilient, offering a future-proof strategy for embedded systems as quantum computing capabilities grow.

Boot time optimization and performance monitoring

Thanks to the newly introduced assembly optimization for ARM in wolfCrypt, image verification times have been dramatically reduced. These ARM optimizations are now enabled by default on all Cortex-M devices.
New benchmark tools have been added to our continuous integration environment, to ensure that we can constantly monitor boot time, footprint size, runtime memory usage and other performance indicators.

Improved keystore and keyvault management

Starting with wolfBoot 2.3.0, it is now possible to store public keys of different sizes in the same trust anchor. This is a crucial feature to allow double signature verification in hybrid mode, or when integrating heterogeneous components in the boot chain, involving more than one cipher at a time.

PKCS11 key vault storage drivers have also been improved, and can now reliably store keys in non-volatile memories, ensuring compatibility with wolfPKCS11.

Hardware support

In this version, the following new targets have been added to the list of hardware platforms we support:

• Infineon AURIX TriCore TC3xx
• Microchip AT-SAMA5D3
• Nordic nRF5340

Moreover, the support for some of the existing ports has been improved and stabilized. During the development of wolfBoot v. 2.3.0 we mostly worked on the following targets:

• NXP i.MX-RT family: the capabilities have been extended, including the support for built-in High-Assurance Boot (HAB) mechanism, provided by the manufacturer. Flash interaction has improved, and DCACHE invalidation has been fine-tuned to increase performance
• Renesas RX: improvements introduced for this family of microcontrollers include the introduction of a full-flash erase operation, a more efficient flash management and support for boot-time IRQ.
• Raspberry Pi: added UART driver

Find out more about wolfBoot

Join our webinar “What’s new in wolfBoot” on November 21, 2024 to discover more details about wolfBoot 2.3.0 and our real-life scenarios for post-quantum cryptography adoption.

If you want to share your secure-boot experience with us or ask us anything on this topic, reach out via email at facts@wolfSSL.com or call us at +1 425 245 8247.

Download wolfSSL Now

NIST recently announced three new standards for post-quantum cryptography (FIPS 203-205), and among them was ML-DSA (FIPS 204, Module-Lattice Digital Signature Algorithm), a lattice-based algorithm derived from the round 3 finalist CRYSTALS-DILITHIUM. As a general purpose digital signature algorithm ML-DSA has attractive features, such as fast key generation, signing, and verifying, as well as a tunable security strength. ML-DSA also supports organizations migrating to CNSA 2.0.

Naturally the wolfSSL team found this quite interesting, and we eagerly set to work on ML-DSA support. We are pleased to announce we have added ML-DSA to wolfBoot, which is achieved by utilizing wolfCrypt’s implementation of dilithium (ML-DSA). This implementation supports all three parameter sets standardized in FIPS 204: ML-DSA-44, ML-DSA-65, and ML-DSA-87. If you’re curious, you can read more about it in our wolfBoot PQ docs, and test out the new ML-DSA config example.

In total, wolfBoot now has support for three NIST approved post-quantum algorithms:

• ML-DSA: NIST FIPS 204
• LMS/HSS: NIST SP 800-208
• XMSS/XMSS^MT: NIST SP 800-208

Conspicuously absent from this list is FIPS 205, Stateless Hash-Based Digital Signature Standard (SLH-DSA, the NIST standard successor of SPHINCS+). Should we amend this absence? Let us know.

If you have questions about any of the above, please contact us at facts@wolfSSL.com or +1 425 245 8247.

Download wolfSSL Now

We’re thrilled to announce that wolfBoot now supports Infineon’s AURIX TriCore TC3xx family of microcontrollers, bringing enhanced security and flexibility to your automotive and industrial applications.

Why AURIX TC3xx?

Infineon’s AURIX TriCore TC3xx microcontrollers are renowned for their high performance, safety, and security features, making them ideal for automotive and industrial applications. Adding wolfBoot to your TriCore application means you get a small and performant secure bootloader designed to protect your firmware right from the start.

Why wolfBoot on AURIX TC3xx?

1. Security: Ensure only authenticated firmware runs on your TriCore device, safeguarding against malicious code and aftermarket tuning modifications. Encrypted application images prevent attackers from reverse engineering your code and data, and rollback protection ensures bugs in your firmware can’t be exploited once fixed. Secure key storage means your cryptographic material remains inaccessible from the outside world, providing your application with a strong root of trust.
2. Reliability: Combine the TC3xx’s functional safety with wolfBoot’s robust image update procedure, providing your application with resilience to power failures and support for delta/incremental updates.
3. Flexibility: wolfBoot is OS agnostic, and can interoperate with any RTOS, Linux or bare-metal application, including AUTOSAR stacks. wolfBoot’s tight integration with wolfCrypt, the world’s best-tested cryptography library, provides built-in support for all major cryptographic algorithms, including post-quantum algorithms and Chinese government-mandated SM ciphers. This means your application benefits from exceptional crypto agility, easily adapting to new cryptographic standards and staying secure against evolving threats.

Getting Started

To get started with wolfBoot on the AURIX TC3xx, clone the wolfBoot repository and follow the AURIX build instructions. The example project contains everything you need to load and update images on the AURIX LiteKit-V2 development board, but the steps should be adaptable to any device in the TC3xx family.

wolfBoot TriCore HSM Integration

wolfHSM is a software framework that provides a portable and open-source abstraction to hardware cryptography, non-volatile memory, and isolated secure processing that maximizes security and performance for ECUs. It consists of a client-server library architecture, where the wolfHSM server runs on the secure HSM core, and client applications communicate with the server through the wolfHSM client library. wolfHSM dramatically simplifies client applications by allowing direct use of wolfCrypt APIs, with the library automatically offloading all sensitive cryptographic operations to the HSM core as remote procedure calls with no additional logic required by the client app. The AURIX TC3xx family of devices is fully supported by wolfHSM, and includes HSM hardware crypto acceleration.

With the wolfHSM server running on the AURIX HSM core, wolfBoot can use the wolfHSM client to offload all cryptography and key storage to within the HSM secure environment, providing application images with an HSM-backed root of trust. wolfHSM can also leverage wolfBoot on the HSM core, authenticating both the wolfHSM server application and the TriCore application images before releasing wolfBoot on the application cores.

Using wolfBoot on the Infineon AURIX TC3xx is a big step towards securing your automotive or industrial application with minimal effort, especially when combined with wolfHSM.

If you have questions about any of the above, please contact us at facts@wolfSSL.com or +1 425 245 8247.

Download wolfSSL Now

wolfBoot is our secure bootloader designed to provide safety-oriented secure boot for any embedded device. Its success lies in its ability to offer security, efficiency and adaptability to many different use cases, while keeping a simple and safe design. wolfBoot is a solid choice made by many developers securing the boot mechanism on a wide range of embedded devices from every industry.

A new version of wolfBoot (v2.1.0) has been released, which introduces new features, support for more cryptography, ports to new embedded targets and improvements to existing code.

Download wofBoot 2.1.0 from our download page or clone it from github.

Support for custom fields in the manifest header

One of the most requested features by our users consisted in allowing extra parameters in the manifest header of the firmware/software images to be verified.

wolfBoot manifest header consists in a sequence of “TLV” (table-length-value) fields. By default, a signed image’s manifest header contains a SHA digest, the public-key signature itself, and a few extra fields containing metadata relative to the image and the sign process. These fields include a 32-bit version number (used to prevent rollback attacks), a 64-bit timestamp, a digest of the public key needed to verify the signature, a ‘type’ field, used by the bootloader to identify and confirm the algorithms used and the destination partition for the update.

All these fields in the manifest headers, except for the digest and the signature itself, are included in the calculation of the signed digest, which means that their values cannot be altered without compromising the validity of the signature.

The new feature introduced in wolfBoot 2.1.0 consists in three new mechanism that can be used to add new TLVs to the header:

• –custom-tlv tag len val
  Adds a TLV entry to the manifest header, corresponding to the type identified by “tag”, with length “len“ bytes, and assigns the value “val”.Values can be decimal or hex numbers (prefixed by ‘0x’). This is useful to add numeric values (e.g. with length 1, 2, 4, or 8).
• –custom-tlv-buffer tag len buffer
  Adds a TLV entry with a buffer in hex format,
  e.g. –custom-tlv-buffer 0x31 6 CCBBAA998877
• –custom-tlv tag string
  Adds a TLV containing a string of bytes read as ASCII characters from the “string” argument. In this case the length is implicit as the argument is null-terminated.

As usual, these fields can be accessed from wolfBoot custom modules, using the wolfBoot_find_header() parser. This function is included in libwolfboot, which means that the same parser can be invoked on any stored signed image by applications integrating the library.

New signature verification algorithm

ECC521 support has been added, further expanding the range of cryptographic algorithms available for signature verification, bolstering security for a broader spectrum of applications (and did you know that since v2.0 wolfBoot also supports post-quantum signature verification algorithms too?).

Support for new embedded platforms

We facilitate the process to integrate new ports of wolfBoot, which includes the integration of an example application to demonstrate secure boot and update out-of-the-box, with a single build command. This version introduces support for new embedded targets:

• Renesas RZ2NL
• Microchip SAM E51
• NXP MCXA-153
• NXP i.MX-RT1040

Improvements and enhancements

Version 2.1.0 addresses various bugs and introduces enhancements for existing platforms and target-specific mechanisms.

For targets supporting the DUALBANK option, i.e. the ability to swap the mapping of two “banks” inside the same flash memory support, we added some additional checks to ensure that wolfBoot copies (or “forks”) itself to the second bank only once in the lifetime of the bootloader.

For those use-cases with backup disabled, we have simplified the update mechanism, which also improved the reliability of the update across power-failures.

We have fixed an issue in the wolfTPM integration code, which was preventing the policy from being properly sealed. This issue is only affecting those configurations including the `WOLFBOOT_TPM_SEAL` option introduced in version 2.0.0.

Contacts Us

Let us know what features you value the most, what platforms you would like to see our code running on, or just tell us your story about secure-boot in your embedded systems.
If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.

Download wolfSSL Now