Professional Documents
Culture Documents
Wolfboot Secure Bootloader
Wolfboot Secure Bootloader
Description Features
wolfBoot is a secure bootloader that leverages wolfSSL's ● Multi-slot partitioning of the flash device
underlying wolf Crypt module to provide signature authentication ● Integrity verification of the firmware image (s)
for the running firmware. wolfBoot is easily ported and integrated in ● Authenticity verification of the firmware image (s) using
existing embedded software projects. wolfBoot is designed to be a wolfCrypt ’s Digital Signature Algorithms(DSA)
portable, OS -agnostic, secure bootloader solution for all ● Highly reliable, transport-agnostic firmware update
embedded systems, relying on wolfCrypt for firmware mechanism
authentication. ● Minimalist Hardware Abstraction Layer ( HAL ) interface
to facilitate portability cross different vendors/ MCUs
wolfBoot comes with an included RSA/ECC /Ed25519 key ● Copy/swap images from secondary slots into the primary
generation tool. This tool generates a key -pair up on building the slots to consent firmware update operations
wolfBoot library. The generated key-pair can then be used to sign ● In -place chain-loading of the firmware image in the
the firmware that is being loaded on to the device, and to primary slot
transform a bootable firmware image to comply with the firmware ● Support for ARM TrustZone
image format required by the bootloader. ● Support for bootloader updates (self-update)
● Support for incremental (delta) updates
Due to its minimalist design and the tiny Hardware Abstraction ● Support for external SPI flash memory
Layer (HAL) API, wolfBoot is completely independent of any OS or ● Contains a key generator
bare-metal application and can be easily ported and integrated ● Contains image signing tools
into existing embedded software solutions. ● Includes wolfBoot test applications Minimalist design
OS-independent
Upon receiving and installing a verified update, wolfBoot keeps a ● HAL Support for 40+ different targets
backup copy of the newest firmware image that had been ● Architectures supported:
confirmed to work correctly. If the new version is not confirmed by ○ ARM Cortex-M
the application itself, or whenever the image installed is damaged ○ ARM Cortex-A
○ 32-bit Risc-V
or corrupt, the bootloader will restore the state of the system
○ Intel x86_64
before the most recent update. ○ PowerPC (32 and 64 bits)
○ Renesas RXv3
wolfBoot is entirely written in C and ARM assembly language and ● FIPS 1 40 -2 validated cryptography library with
does not use any dynamic memory allocation, making it wolfCrypt!
usable in safety-critical environments. For more information, ● DO-178C validation up to DAL-A
please contact wolfSSL Inc. at facts@wolfssl.com
wolfssl.com
github.com/wolfssl
Copyright © 2024 wolfSSL Inc. All Rights Reserved