Skip to content

Releases: wolfSSL/wolfBoot

wolfBoot v2.0.0

07 Nov 17:13
Choose a tag to compare

Release Notes

  • New feature: post-quantum stateful hash-based signature schemes.
    • Support for LMS/HSS
    • Support for XMSS/XMSS^MT
  • New feature: PKCS11 engine in TrustZone-M secure mode
    • wolfBoot as secure-mode supervisor on ARMv8-M
  • New TPM features
    • TPM NV as root of trust
    • Password-based access to NV slots
    • Measured boot via PCR extensions
    • Sealing/unsealing NV based on externally signed PCR policy and/or password
  • New architecture: x86-64bit using FSP
    • Intel FSP support
    • Integration with TPM
    • Two-stages model with support for PCI enumeration, AHCI drivers, SATA lock mechanism
    • Multiboot2/ELF payload support
  • New hardware targets
    • Intel TigerLake in FSP mode
    • STM32C0
  • Bug fixing: core
    • Fixed several bugs in NVM_FLASH_WRITEONCE mode
    • Fixed bugs in delta updates
  • Improved support to existing targets
    • Fixed issues in TSIP project
    • Improved support for NXP QoriQ/p1021
    • Improved support for NXP T1084
    • Reworked SPI support for NXP RT1050
    • STM32L4: Fixed clock speed
    • ARMv7-m: improved assembly support for Cortex-M4
    • ARMv8-m: enabled assembly optimizations by default
  • Reworked keytools and build environment
    • Improved build experience for MacOS users
    • Fix for building in windows/minGW
    • Deprecated python keytools
    • Keytools: support multiple key formats, don't assume raw keys
    • Fixed bug in delta image generation
    • Keystore improvements: support multiple key format in the same keystore
  • Testing
    • Added new sets of power-failure automated tests on simulator target
    • Simulator: tests can now run on MacOS
    • Unit tests: improved coverage. Added gcov reports
    • Static analysis: added cppcheck tests, fixed all relevant warnings

wolfBoot v1.16

06 Jul 20:15
Choose a tag to compare


  • New formats supported
    • Added ELF/ELF64 loader
  • Extended support for NXP P1021
    • eSPI support to access TPM
    • TPM root of trust
    • fixes to eLBC NAND driver
  • Improvements on PowerPC architecture
    • fixed PIC execution
    • support booting from RAM
    • refactor of update_ram.c logic
    • moved wolfBoot stack to DDR after DDR initialization
  • Rework of Renesas examples, adding HSM support
    • RA6M4 example project using SCE
    • RA72N example project using TSIP
    • Extended documentation
  • Bug fix: fix wrong partition selection with NVM_FLASH_WRITEONCE introduced in v.1.15
  • Testing: added test cases (delta + encrypt)
  • Documentation: fixed several spelling errors

wolfBoot v1.15

14 Apr 05:38
Choose a tag to compare


  • Refactor powerfail-safe update for NVMs without consecutive write operations
  • Support for SP math on AARCH64 targets
  • Fixed keygen.c exported public key size
  • Added more test cases and github actions
  • Updated wolfSSL to v.5.6.0
  • Hardware support:
    • OCTOSPI support (STM32)
    • Fixed STM32H7 UART, added UART debug
    • New HAL: Renesas RA6M4 (with IDE example projects)
    • New HAL: NXP i.MX-RT1064
    • Unified common code for NXP i.MX-RT10XX targets

wolfBoot v1.14

30 Dec 16:31
Choose a tag to compare


  • Added support for CMake build
  • STM32U5: Support for external flash
  • STM32H7: Support for QSPI flash
  • Support for NXP QoriQ P1021
  • Cleanups and improvements for DEOS support on t2080
  • Docker tests: refactoring
  • Github Actions: added build checks for most available configurations
  • Updated wolfTPM to v.2.7.0
  • Updated wolfCrypt to wolfSSL v.5.5.4

wolfBoot v1.13

08 Nov 14:06
Choose a tag to compare


  • Fixed IAR sign script
  • Added support for encrypted self-update
  • Support for NAII 68PPC2 with NXP T2080 on DEOS
  • Fixed Xilinx QSPI support
  • Fixed API usage in external flash support for SPI/UART
  • Fixed bug in encrypted delta updates
  • Updated wolfCrypt to wolfSSL submodule v5.5.3

wolfBoot v1.12

26 Jul 18:27
Choose a tag to compare


  • Encrypted delta updates
  • Support RSA3072 signature verification
  • Partition ID support to include custom additional images
  • New format to store multiple public keys, using keystore
  • Several fixes to keytools and IDE support
  • Added new test cases
  • Hardware support
    • New HAL: Simulated target for rapid tests

wolfBoot v1.11

05 May 19:03
Choose a tag to compare


  • Mitigation against fault-injections and glitching attacks
  • Support AES128 and AES256 for update encryption
  • Support ECC384 signature verification
  • Support SHA2-384 for image hash
  • Fixed alignment of delta update fields in manifest
  • Image size propagated to sign tools
  • Added test automation based on and github actions
  • Hardware support
    • New HAL: STM32U5
    • New HAL: NXP i.MX-RT1050
    • Fix risc-V 32bit port (missing include)
    • Fix STM32L4 (VTOR alignments; clock setting clash in libwolfboot)
    • STM32H7: improve HAL and documentation

wolfBoot v1.10

11 Jan 13:07
Choose a tag to compare


  • Delta updates: expanded documentation + bug fixes
  • Support Ed448 for signature verification
  • Hardware support:
    • Secure memory mode for STM32G0
    • Fix for STM32L5 in dual-bank mode
    • UEFI support: wolfBoot as EFI application on x86_64
    • Fixed self-update in Cortex-R5
    • Fixed HW support regressions in PSOC-6 build

wolfBoot v1.9

10 Nov 12:39
Choose a tag to compare


  • Delta/incremental updates
  • Fixes for key tools
  • Updates IAR IDE project
  • Documentation updates and fixes
    • API function names to match code
    • STM32L5 updates
  • Hardware support
    • New HAL: STM32L4
    • TMS570LC43xx: Use NVM_FLASH_WRITEONCE for update progress and
      fix stack pointer initialization

wolfBoot v1.8

19 Jul 15:18
Choose a tag to compare


  • Use SP math for RSA4096
  • Updated RSA to use inline operation and disable OAEP padding
  • Memory model: removed dependency on XMALLOC/XFREE for ECC and RSA operations
  • Added option WOLFBOOT_SMALL_STACK with hardcoded compile-time buffers
  • Added option SIGN=NONE to disable secure boot at compile time
  • Fix self-update documentation
  • Added test cases for configuration option combinations
  • Hardware support
    • New ARCH: PowerPC
    • New ARCH: ARM Cortex-R
    • New HAL: NXP T2080
    • New HAL: TI TMS570LC435
    • STM32H7: Correct BANK2 offset