wolfBoot Secure Boot Aarch64 support with Xilinx ZynqMP and Raspberry Pi

wolfSSL is excited to announce wolfBoot support for Aarch64 platforms with out-of-the box examples for Xilinx ZynqMP and Raspberry Pi 3+.

On the Xilinx Zynq UltraScale+ MPSoC wolfBoot can replace U-Boot to provide enhanced support for feature such as:

  • Boot failure detection and use of alternate secondary image.
  • Update swapping of partitions.
  • Image integrity checking SHA256 or SHA3-384.
  • Validation of the signature using ECC P256, ED25519 or RSA (2048-bit or 3072-bit).
  • Root of trust options:
    • Key embedded in wolfBoot image partition
    • Key from TPM 2.0 module using wolfTPM (ST33 / SLB95670 / ATTPM20)
    • Key from secure elements such as ST-SAFEA100 and ATECC608A

New Features:

  • Added Aarch64 boot/startup support
  • Added configuration templates for Raspberry Pi 3 and Xilinx ZynqMP UltraScale+
  • Added Xilinx Zynq QSPI bare-metal Driver
  • Added NO_XIP option for full ext_flash_* API on all partitions
  • Added Xilinx SDK Project Template
  • Added support for DTS image partitions
  • Added Aarch64 GICv2 initialization code
  • Added wolfBoot signing tool in Native C (tools/keytools/sign.c) (and Visual Studio project)
  • Added libwolfboot functions:
  • int wolfBoot_fallback_is_possible(void);
  • int wolfBoot_dualboot_candidate(void);
  • Performance improvement to only hash application firmware image once

wolfBoot: https://github.com/wolfSSL/wolfboot/

  • Secure element and hardware encryption agnostic
  • Support for all operating systems and bare metal configurations
  • 24×7 support available

Pull Requests: