wolfBoot support for the Xilinx Zynq UltraScale+ MPSoC

wolfBoot support for the Xilinx UltraScale+ was added in 2020 and is a direct U-Boot replacement for improved security.

wolfBoot provides enhanced features compared to U-Boot such as:

  • Firmware integrity and signature verification on each boot
    • Image integrity checking SHA2-256 or SHA3-384.
    • Validation of the signature using ECC P256/P384, RSA (2048-bit or 3072-bit), ED25519 and LMS or XMSS.
  • Multiple boot partition support
    • Rollback to last known working or fail-safe “golden” image on failure
  • TPM 2.0 Support
    • Measured Boot (PCR’s)
    • Sealing secret to unlock or decrypt a storage device
  • Root of trust options
    • Onboard eFUSES
    • Public key embedded in wolfBoot partition
    • TPM 2.0 NV (supported with wolfTPM)
  • Delta/Differential updates using bentley-mcilroy scheme
  • Encrypted updates using AES CFB or ChaCha20/Poly1305

Additional wolfBoot Features:

  • QSPI, SDMC and eMMC boot support
  • ELF (32 and 64) loader support
  • FDT (Flattened Device Tree) support for fixups
  • AARCH64 EL1/EL3 support

We have included a full example for building with Xilinx SDK and integrating into the FSBL chain of trust. Also creation of the flash boot.bin image with boot.bif and bootgen.

Tested support with bare-metal, QNX, GreenHills Integrity OS and Linux/Fedora.
24×7 support available


If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.

Download wolfSSL Now