wolfBoot v2.6.0

Changelog

• New hardware targets: PIC32CX and PIC32CZ
• New features:
  • Added support for external flash in ELF scattering mode
  • Added support for certificate chain verification (ECC/RSA) with wolfHSM client
  • Added support for x509 auth with wolfHSM in server mode
  • Added support for encrypted updates on Renesas RX (also via TSIP)
  • Added support for assembly optimizations for PowerPC 32bit (SHA, AES)
  • STM32F4: new clock configuration to support all models, added support for STM32F411
• Bugfixes:
  • Fixed unaligned access in Cortex-A5
  • Fixed compile flags to properly run code from RAM on ARM
  • Use the correct VTOR_NS register when staging a non-secure image with TrustZone-M
  • Removed double-write-after-erase in wolfBoot_update_trigger
  • Multiple fixes for STM32H5 running in TrustZone mode
• Updated modules
  • wolfSSL v5.8.2+ (a06268f70)
  • wolfTPM v3.9.1+ (6cfe800)
  • wolfPKCS11: latest (ddeb887)
  • wolfHSM: latest (e0b2019)

wolfBoot v2.5.0

ChangeLog

• New hardware targets
  • RP2350 (Raspberry Pi Pico 2, ARM Cortex-M33 with TrustZone)
  • NXP MCXA153
  • NXP MCXW716
  • STM32F1 series (STM32F103 “Blue Pill” board)
• Improvements to supported targets
  • Xilinx UltraScale+ (ZynqMP)
    • Added hardware-accelerated SHA3 hashing via the CSU engine
    • Added support for enabling JTAG at runtime when CSU_DEBUG is set
    • Introduced support for the device’s PUF (Physically Unclonable Function) for unique key generation and secure key storage (requires eFuses)
  • Renesas RX
    • Added option for TSIP hardware crypto engine
  • Infineon TriCore (AURIX TC3xx)
    • Updated IDE project files for ARM Developer Studio 1.10.6, fixing build issues and ensuring support for latest toolchain
    • Fix to support write operations spanning over multiple sectors
• New features and improvements
  • Added support for non-contiguous elf sections, scattered elf firmware loading and verification.
  • PQC: Simplified LMS/XMSS integration, deprecated support for third-party libraries
  • Support to build wolfBoot as a static library (libwolfboot.a) for easier integration and testing of the bootloader logic in custom workflows
  • Extended support for ARMORED glitch mitigations to the IAR toolchain
  • CMake build refactoring, extended support to more targets
  • Various documentation and configuration improvements
• Bug fixes
  • Fix alignment enforcement on IAR compiler
  • Fix build error on Windows in key generation tool (_chsize_s declaration issue in sign.c)
• Updated modules
  • wolfSSL v5.8.0
  • wolfTPM v3.9.0
  • wolfPKCS11 latest
  • wolfHSM latest

wolfBoot v2.4.0

ChangeLog

• New hardware targets
  • Add support for NXP Layerscape LS1028A
• Improvements to supported targets
  • ARMv7-M, ARMv8-M: Using Thumb2 version of ARMASM
  • x86-FSP: improvements to stage1 code, added support for GDT tables
  • Xilinx UltraScale+
    • Support running from all Exception Levels
    • Added QSPI DMA support and improved clock configuration
    • Added FIT image support
• New features and improvements
  • Added integration with wolfHSM
  • Improve delta update detection of base image via SHA
  • Remove compile-time dependencies for key tools
  • Key tools: improve detection of delta base image version
• Bug fixes
  • Fix potential failure in NVM_FLASH_WRITEONCE mode
• Updated modules
  • wolfSSL v5.7.6
  • wolfTPM 3.8.0
  • wolfPKCS11 latest
  • wolfHSM latest

wolfBoot v2.3.0

ChangeLog

• New hardware targets
  • New architecture: ARM Cortex-A 32 bit
  • Add support for Microchip ATSAMA5D3
  • Add support for Nordic nRF5340
  • Add support for Infineon AURIX TriCore TCxxx
  • Add support for 32-bit simulator target
• Improvements to supported targets
  • Support for building HAB for i.MX-RT targets, fixed flash interaction, dcache invalidation
  • Fixes for Renesas RX: full flash erase, IRQ on boot, flash write
  • Raspberry Pi: add UART support
  • STM32: refactoring of the PKCS11 storage driver
  • Fixes for Xilinx Zynq+ build options
• New features
  • Support for multiple key types in the same keystore
  • New algorithm: ML-DSA
  • Hybrid authentication (using one PQC in combination with ECC/RSA)
  • Full assembly optimizations for ARM targets, including SHA, AES, Chacha (ARMASM)
  • Benchmark scripts for performance testing
  • Unit test coverage drastically increased
• Bug fixes
  • Fix multiple type-punned pointer dereferences
  • Fix for TPM to properly support more than one PCR
  • Fixed order of digests in the header: public key digest is now signed
• Updated modules
  • wolfSSL v5.7.4
  • wolfTPM latest
  • wolfPKCS11 latest

wolfBoot v2.2.0

ChangeLog

• New hardware targets
  • Add STM32H5 port with support for Dual-bank, OTP, TrustZone-M
  • Add native support for Renesas RX family, using gcc toolchain
• Improvements to supported targets
  • NXP i.MX-RT:
    • New flash geometry configurations
    • Support for LPUART4
    • Add port for RT1061
    • Disable DCACHE upon flash access
    • Support for building with HAB
  • STM32:
    • Refactoring of TrustZone-M support
    • OTP driver for STM32H5/H7
    • Full firmware update demo on STM32H5
    • Add support for QSPI in STM32U5
  • Renesas RZ:
    • Add support for RSIP
  • x86-64 (FSP):
    • Improve x86-64 specific code, add features
    • Clean-up and re-arrange scripts for qemu demo
• Post-quantum crypto
  • LMS and XMSS support now using native wolfCrypt implementation
• Tools improvements
  • Keystore: now supports .der ECC key via --der
  • Add otp_primer firmware, to provision keystores in OTP
  • Add otp_gen tool to provide a pre-assembled keystore to flash into OTP
• Bug fixes
  • Fix regression in x86-EFI builds
  • Fix setting VTOR_NS when staging a non-secure app/os from TrustZone
  • Fix delta updates: patches with invalid base versions were not discarded
  • Fix potential array bound overflow in NVM_FLASH_WRITEONCE mode
  • Fix dereferencing type-punned pointer in flash update

wolfBoot v2.1.0

Changelog

• New features
  • Custom TLVs in manifest header for custom authenticated options
• Bug fixes and improvements:
  • DUALBANK: fork bootloader only once
  • Improved NO_BACKUP mode, DISABLE BACKUP mode is now powerfail-safe
  • Fault-injection mitigation: added clobbers to assembly code
  • Post-quantum algorithms: fixed build issue with conflicting wolfCrypt version
• New signature verification algorithm:
  • Added support for ECC521
• New hardware targets:
  • Microchip ATSAM-E51, including DUALBANK support
  • Renesas RZN2L
  • NXP i.MX-RT1040
  • NXP MCXA-153
• Improved support to existing targets:
  • Build fixes for TI-Hercules
  • Improved support for Integrity OS on NXP T1024
• wolfTPM integration
  • Fixes in sealing/unsealing mechanism
• Updated modules
  • wolfSSL v5.7.0
  • wolfPKCS11 v1.3.0
  • wolfTPM v3.2.0

wolfBoot v2.0.2

Changelog

• Fixed bug in sign tool when using ECC keys
• Improved documentation
• Added customizable DCD for NXP targets

wolfBoot v2.0.0

Release Notes

• New feature: post-quantum stateful hash-based signature schemes.
  • Support for LMS/HSS
  • Support for XMSS/XMSS^MT
• New feature: PKCS11 engine in TrustZone-M secure mode
  • wolfBoot as secure-mode supervisor on ARMv8-M
• New TPM features
  • TPM NV as root of trust
  • Password-based access to NV slots
  • Measured boot via PCR extensions
  • Sealing/unsealing NV based on externally signed PCR policy and/or password
• New architecture: x86-64bit using FSP
  • Intel FSP support
  • Integration with TPM
  • Two-stages model with support for PCI enumeration, AHCI drivers, SATA lock mechanism
  • Multiboot2/ELF payload support
• New hardware targets
  • Intel TigerLake in FSP mode
  • STM32C0
• Bug fixing: core
  • Fixed several bugs in NVM_FLASH_WRITEONCE mode
  • Fixed bugs in delta updates
• Improved support to existing targets
  • Fixed issues in TSIP project
  • Improved support for NXP QoriQ/p1021
  • Improved support for NXP T1084
  • Reworked SPI support for NXP RT1050
  • STM32L4: Fixed clock speed
  • ARMv7-m: improved assembly support for Cortex-M4
  • ARMv8-m: enabled assembly optimizations by default
• Reworked keytools and build environment
  • Improved build experience for MacOS users
  • Fix for building in windows/minGW
  • Deprecated python keytools
  • Keytools: support multiple key formats, don't assume raw keys
  • Fixed bug in delta image generation
  • Keystore improvements: support multiple key format in the same keystore
• Testing
  • Added new sets of power-failure automated tests on simulator target
  • Simulator: tests can now run on MacOS
  • Unit tests: improved coverage. Added gcov reports
  • Static analysis: added cppcheck tests, fixed all relevant warnings

wolfBoot v1.16

ChangeLog

• New formats supported
  • Added ELF/ELF64 loader
• Extended support for NXP P1021
  • eSPI support to access TPM
  • TPM root of trust
  • fixes to eLBC NAND driver
• Improvements on PowerPC architecture
  • fixed PIC execution
  • support booting from RAM
  • refactor of update_ram.c logic
  • moved wolfBoot stack to DDR after DDR initialization
• Rework of Renesas examples, adding HSM support
  • RA6M4 example project using SCE
  • RA72N example project using TSIP
  • Extended documentation
• Bug fix: fix wrong partition selection with NVM_FLASH_WRITEONCE introduced in v.1.15
• Testing: added test cases (delta + encrypt)
• Documentation: fixed several spelling errors

wolfBoot v1.15

ChangeLog

• Refactor powerfail-safe update for NVMs without consecutive write operations
• Support for SP math on AARCH64 targets
• Fixed keygen.c exported public key size
• Added more test cases and github actions
• Updated wolfSSL to v.5.6.0
• Hardware support:
  • OCTOSPI support (STM32)
  • Fixed STM32H7 UART, added UART debug
  • New HAL: Renesas RA6M4 (with IDE example projects)
  • New HAL: NXP i.MX-RT1064
  • Unified common code for NXP i.MX-RT10XX targets