wolfSSL has made it possible to have a streamlined Full FIPS Linux build for Yocto and PetaLinux. The updates to meta-wolfssl provide a quick, known-good path to FIPS 140-3 cryptography for both userland and kernel applications, ensuring your entire embedded Linux ecosystem is compliant.
Unified Kernel and Userland Cryptography
A primary focus of this release is the integration of wolfSSL into the Linux kernel. By porting wolfSSL to the kernel, all kernel-level cryptographic operations can leverage wolfSSL’s FIPS-approved algorithms.
Beyond the kernel, we have updated recipes for common libraries that provide cryptographic services, including:
- OpenSSL (Using wolfProvider)
- GnuTLS (Via custom port)
- Libgcrypt (Via custom port)
This allows applications, SDKs, and system libraries dependent on these crypto providers to utilize wolfSSL’s approved FIPS 140-3 cryptography as the underlying engine. The meta-wolfssl layer provides the necessary recipes and reference examples to boot into a fully FIPS-ready image along with a recommended kernel crypto configuration.
Broad Platform Support
While our current porting efforts primarily target the Yocto Scarthgap release, meta-wolfssl is built for flexibility. The layer can be readily adapted for:
- Xilinx PetaLinux
- Older Yocto releases (e.g., Kirkstone, Dunfell, Thud)
- Future Yocto releases
Streamlined Development with Virtual Packages
To simplify the integration process, meta-wolfssl
These virtual interfaces allow you to develop and test using our GPL or FIPS-Ready code. When you are ready for validation, you can simply switch the virtual provider to the FIPS-validated version in your Yocto configuration. This reduces the effort required to transition from a standard build to a FIPS-compliant implementation. If you have questions about any of the above, please contact us at facts@wolfssl.com or call us at +1 425 245 8247. Download wolfSSL Now