- Support for encryption of external partitions
- Support for MPU on ARM Cortex-M platforms
- Support for using an RSA signature that includes ASN.1 encoded header
- Support for bootloader updates from external flash: SPI functions can now run from RAM
- Support for RSA verify via TPM
- Added option to use software SHA in combination with TPM
wolfBoot can now store the update image encrypted on external flash devices. The key tools distributed with wolfBoot can produce encrypted update images, using a pre-shared Chacha20 encryption key.
Memory protection ensures extra safety in the bootloader when running on Cortex-M targets, thanks to the support for MPU on this platform, when available.
The support for wolfTPM has been improved. It is now possible to use either ECC or RSA signature verification through a TPM device, if the module supports it. A new hybrid mechanism has been implemented to implement SHA calculation in software, using wolfCrypt, even when the TPM option is selected. This improves the boot time when using TPM devices that do not overperform the software implementation when calculating SHA digests.
Integration with third party key provisioning systems has been improved as well, now supporting RSA signatures that include ASN.1 encoded headers.
The safety of the manifest header parser has improved thanks to professional assessment of the robustness of wolfBoot against attacks targeting memory boundaries and address overflows.
Support for a new hardware platform has been added: Cypress PSoc6 MCU family, including the possibility to enable the hardware CRYPTO accelerator available on these targets.
Check out our release notes for more details, and feel free to contact us at firstname.lastname@example.org with any questions.