wolfSSL is pleased to announce that wolfBoot, our secure bootloader, now ships with support for the NXP Kinetis KL26 family (MKL26Z128), a Cortex-M0+ part running at 48 MHz with 128 KB of flash and 16 KB of SRAM. The port has been validated on the FRDM-KL26Z development board.
Post-Quantum Secure Boot on a Cost-Constrained Part
Embedded devices manufactured today will be in the field when large-scale quantum computers arrive. The signature algorithm chosen for the boot chain at manufacturing time effectively decides whether firmware updates can still be trusted a decade later. The KL26 is a deliberately constrained target for that conversation: a Cortex-M0+ at 48 MHz with 128 KB of flash, 16 KB of SRAM, no DSP instructions, no TrustZone, and no crypto accelerator. If post-quantum secure boot can run there, it can run on most of the embedded fleet that already ships.
The KL26 port includes a working configuration based on LMS (Leighton-Micali Signatures, RFC 8554, NIST SP 800-208), one of the two NIST-approved stateful hash-based post-quantum signature schemes.
What’s in the Port
Three example configurations ship with the port:
- kinetis-kl26.config – ECC256 over SHA256 (classical signatures)
- kinetis-kl26-lms.config – LMS over SHA256 with the production parameters L=1, H=20, W=8 (1,048,576 lifetime signatures, 1776-byte signature, multi-minute initial keygen)
- kinetis-kl26-lms-small.config – LMS with L=1, H=10, W=8 (1,024 signatures, 1,456-byte signature, sub-second keygen) for development and other situations where the H=20 cost is not warranted.
All three have been exercised end-to-end on hardware, including the firmware update protocol with a v2 signed image, partition swap, and rollback verification.
Resource Footprint on the Chip
Measurements taken on the FRDM-KL26Z:
| Resource | ECC256 + SHA256 | LMS (1, 20, 8) + SHA256 |
|---|---|---|
| Bootloader code | 24.3 KB | 14.9 KB |
| Static RAM (bss+data) | 1.3 KB | 4.3 KB |
| Peak stack during verify | 6.4 KB | 1.4 KB |
| Peak total RAM | 7.7 KB | 5.7 KB |
| Signature size in image | 64 B | 1776 B |
Notably, LMS comes in lighter than ECC256 on both code size and peak stack: its iterative SHA256 hashing has a smaller per-frame working set than ECC’s big-number Montgomery routines, and the verifier itself is more compact. The ~3KB ECC advantage in static RAM is a layout consequence: LMS forces 4KB logical sectors to fit its larger image header, which sizes wolfBoot’s NVM_CACHE buffer accordingly.
Try It
Documentation for the KL26 port is in docs/Targets.md under the “NXP Kinetis KL26Z” section, including SDK setup, OpenSDA-to-J-Link reflash instructions, and a full firmware-update walkthrough.
For questions, custom integration work, or other targets, please contact us at facts@wolfssl.com or call us at +1 425 245 8247.
Download wolfSSL Now