How to Use wolfBoot with the Vorago VA41630 and VA41620

    • Secure your aerospace and commercial satellite systems with Vorago VA4 rad-tolerant MCUs and wolfBoot secure boot. Together, we provide high-assurance security, including FIPS-validated cryptography, secure boot, and quantum readiness, ensuring reliable defenses for constrained environments.

    Step-by-Step Guide

    The following provides comprehensive technical details for using wolfBoot with Vorago VA416x0 microcontrollers, assuming the pull request has been merged into the wolfBoot master branch.

    Prerequisites

    Before you begin, ensure you have the following:

    • Vorago VA416xx SDK: The VA416xx Software Development Kit must be obtained from Vorago Technologies.
    • ARM Toolchain: GNU ARM Embedded Toolchain (arm-none-eabi-gcc) for Cortex-M4 compilation.
    • Segger J-Link: J-Link software and hardware for flashing and debugging.
    • wolfBoot Repository: The port was added in GitHub pull request.

    Hardware Configuration

    The implementation supports both VA41620 (external FRAM) and VA41630 (internal FRAM) variants. Key hardware characteristics:

    • Processor: Arm® Cortex®-M4 with TMR (Triple-Mode Redundancy) RAD hardening at up to 100 MHz
    • Memory Configuration:
      • 64 KB on-chip Data SRAM (RAM0: 0x1FFF8000, RAM1: 0x20000000)
      • 256 KB on-chip Program Memory (IRAM: 0x00000000)
      • External/Internal SPI FRAM: 256 KB (Infineon FM25V20A)
    • Boot Process: Boot ROM loads at 20 MHz from SPI bus to internal data SRAM
    • Flash Storage: Uses SPI FRAM for external flash storage of firmware images

    Building wolfBoot for VA416x0

    Step 1: Configure the Build

    Copy the example configuration file for VA416x0:

    cd wolfboot
cp config/examples/vorago_va416x0.config .config

    Step 2: Set SDK Directory

    Set the Vorago SDK directory path. You can either:
    Option A: Pass as make variable:

    make VORAGO_SDK_DIR=/path/to/VA416xx_SDK

    Option B: Modify the .config file directly:

    VORAGO_SDK_DIR=/path/to/VA416xx_SDK/

    Step 3: Build wolfBoot

    Use “make” to build the following:

    • wolfBoot core components (wolfboot.bin)
    • VA416x0 HAL implementation (hal/va416x0.c)
    • Vorago SDK drivers (SPI, UART, Clock Generation, IO Config, IRQ Router, Timer)
    • Test application (test-app/image.bin)
    • Sign the test application
    • Assemble a factory image for flashing (factory.bin)

    For ECC384 and SHA384 wolfBoot is about 34KB and by default uses our Cortex-M4 optimized assembly speedups.

    Configuration Options

    For base example configuration see: config/examples/vorago_va416x0.config:

    ARCH?=ARM
CORTEX_M4?=1
TARGET?=va416x0
SIGN?=ECC384              # ECDSA P-384 signing
HASH?=SHA384              # SHA-384 hash algorithm
IMAGE_HEADER_SIZE=512
EXT_FLASH?=1              # Use external SPI FRAM
SPI_FLASH?=0
NO_XIP?=1                 # No Execute-In-Place
USE_HAL_SPI_FRAM=1        # Use Vorago SDK FRAM driver

    Memory Partition Layout

    Default

    • Boot partition: 0x0 (38 KB)
    • Application partition: 0x9800 (108 KB)
    • Update partition: 0x24800 (108 KB)
    • Swap sector: 0x3F800 (2 KB)
    • Swap sector: 0x3FC00 (1 KB)

    Adjusting Memory Layout

    Edit partition addresses in .config:

    WOLFBOOT_SECTOR_SIZE?=0x800
WOLFBOOT_PARTITION_SIZE?=0x1B000
WOLFBOOT_PARTITION_BOOT_ADDRESS?=0x9800
WOLFBOOT_PARTITION_UPDATE_ADDRESS?=0x24800
WOLFBOOT_PARTITION_SWAP_ADDRESS?=0x3F800

    Signing Firmware Images

    Sign your firmware image using the wolfBoot signing tool:

    IMAGE_HEADER_SIZE=512 ./tools/keytools/sign \
    --ecc384 \
    --sha384 \
    test-app/image.bin \
    wolfboot_signing_private_key.der \
    1

    This generates test-app/image_v1_signed.bin with version 1.

    Example UART Debug Output

    By default, UART debugging is enabled on UART0 at 115200 baud. The bootloader will output diagnostic information during initialization and firmware verification.

    Example boot output:

    wolfBoot HAL Init
Boot partition: 0x9800 (sz 5060, ver 0x1, type 0x601)
Partition 1 header magic 0x00000000 invalid at 0x24800
Boot partition: 0x9800 (sz 5060, ver 0x1, type 0x601)
Booting version: 0x1
========================
VA416x0 wolfBoot demo Application
Copyright 2025 wolfSSL Inc
GPL v3
Version : 0x1
========================

    Flashing the Device

    Method 1: Using the Build Scripts

    Initial Factory Flash:

    ./tools/scripts/va416x0/build_test.sh clean

    This script:

    1. Cleans previous builds
    2. Builds wolfBoot and test application
    3. Signs the test app with version 1
    4. Creates a blank update partition
    5. Assembles the factory binary
    6. Flashes using J-Link

    Testing Updates:

    ./tools/scripts/va416x0/build_test.sh update

    This script creates a version 2 signed image and triggers an update.

    Method 2: Manual J-Link Flashing

    Create a J-Link script (flash_va416xx.jlink):

    device VA416XX
si 1
speed 2000
r
h
write4 0x40010010 0x1
exec SetCompareMode = 0
loadbin factory.bin 0x0
write4 0x40010010 0x0
loadfile ../VA416xx_SDK/loader.elf
exit

    Execute:

    JLinkExe -CommanderScript flash_va416xx.jlink

    Important: The loader.elf is a Vorago SDK utility that programs the external SPI FRAM with the IRAM image. Build it separately from the SDK using make loader.

    Update Process Flow

    When an update is triggered:

    1. Verification Phase: wolfBoot verifies the integrity and authenticity of the update partition image using SHA-384 and ECC-384 signature verification.
    2. Version Check: The bootloader compares versions (current vs. update). Updates must have a higher version number unless ALLOW_DOWNGRADE=1 is configured.
    3. Swap Process: The firmware images are swapped using a three-partition approach (boot, update, swap) to ensure atomic updates and rollback capability.
    4. State Management:
      • After update: Boot partition state = TESTING
      • After successful boot confirmation: Boot partition state = CONFIRMED
      • On failure: Automatic rollback to previous version
    5. Post-Update: The test application should call wolfBoot_success() to confirm the update was successful, preventing automatic rollback.

    Resources

    • wolfBoot Documentation: See docs/Targets.md for VA416x0-specific documentation
    • Vorago Technologies
    • wolfBoot GitHub
    • Example Configuration: config/examples/vorago_va416x0.config
    • Test Scripts: tools/scripts/va416x0/

    About Vorago VA416x0

    The Vorago VA416x0 series, including the VA41620 and VA41630, represents a new generation of radiation-hardened microcontrollers built on the Arm® Cortex®-M4 architecture. Manufactured using Vorago’s proprietary HARDSIL® technology, these MCUs are engineered to operate reliably in extreme radiation environments, offering exceptional Total Ionizing Dose (TID) tolerance exceeding 300 krad(Si) and Single Event Latch-up (SEL) immunity beyond 110 (MeV·cm²)/mg at elevated temperatures up to 125°C. The VA416x0 executes at up to 100 MHz with Triple-Mode Redundancy (TMR) for maximum fault tolerance, and features 64 KB of on-chip Data SRAM alongside 256 KB of on-chip Instruction SRAM. The VA41630 variant integrates 256 KB of internal SPI FRAM (Infineon FM25V20A), while the VA41620 requires an external FRAM device.

    About wolfSSL

    wolfSSL/wolfCrypt is an open-source and commercially licensed TLS library delivering enterprise-grade security, dual-licensed under GPL for open use and a commercial license for proprietary products. It supports the latest industry standards such as TLS 1.3 and DTLS 1.3, includes a FIPS 140-3 validated cryptographic module, and is optimized for embedded, IoT, and safety-critical environments with DO-178C certification up to DAL-A. Backed by exceptional commercial support and one of the fastest vulnerability response times in the industry, wolfSSL ensures rapid delivery of fixes and updates while maintaining the highest standards of reliability and security.

    wolfBoot is a portable, OS-agnostic secure bootloader solution designed for embedded systems that provides robust firmware authentication and secure update mechanisms. Built on top of the wolfCrypt cryptographic library, wolfBoot ensures the integrity and authenticity of firmware images through digital signature verification using industry-standard algorithms including ECDSA (SECP256R1, SECP384R1, SECP521R), Ed25519, Ed448 and RSA (2048/3072/4096 bit). For future-proof security against quantum computing threats, wolfBoot also supports post-quantum cryptographic algorithms including ML-DSA (Module-Lattice-Based Digital Signature Algorithm, formerly known as Dilithium), XMSS (eXtended Merkle Signature Scheme), and LMS (Leighton-Micali Signature Scheme). Additionally, wolfBoot implements hybrid signing schemes that combine classical and post-quantum signatures, providing cryptographic agility and protection against both current and future threats. Its minimalist design philosophy centers around a tiny Hardware Abstraction Layer (HAL) API that makes it completely independent of any operating system or bare-metal application framework, facilitating seamless integration into existing embedded projects. The bootloader supports sophisticated features such as multi-slot flash partitioning, rollback protection, encrypted firmware updates, delta updates to minimize bandwidth, and compatibility with hardware security modules like TPM 2.0 and wolfHSM. wolfBoot’s open-source nature under the GPL v3 license, combined with its small footprint and comprehensive security features, makes it an ideal choice for developers seeking to implement secure boot and over-the-air (OTA) update capabilities in resource-constrained embedded environments.

    If you have questions about any of the above, please contact us at facts@wolfssl.com or call us at +1 425 245 8247.

    Download wolfSSL Now