Releases: wolfSSL/wolfBoot
Releases · wolfSSL/wolfBoot
wolfBoot v2.0.0
Release Notes
- New feature: post-quantum stateful hash-based signature schemes.
- Support for LMS/HSS
- Support for XMSS/XMSS^MT
- New feature: PKCS11 engine in TrustZone-M secure mode
- wolfBoot as secure-mode supervisor on ARMv8-M
- New TPM features
- TPM NV as root of trust
- Password-based access to NV slots
- Measured boot via PCR extensions
- Sealing/unsealing NV based on externally signed PCR policy and/or password
- New architecture: x86-64bit using FSP
- Intel FSP support
- Integration with TPM
- Two-stages model with support for PCI enumeration, AHCI drivers, SATA lock mechanism
- Multiboot2/ELF payload support
- New hardware targets
- Intel TigerLake in FSP mode
- STM32C0
- Bug fixing: core
- Fixed several bugs in
NVM_FLASH_WRITEONCEmode - Fixed bugs in delta updates
- Fixed several bugs in
- Improved support to existing targets
- Fixed issues in TSIP project
- Improved support for NXP QoriQ/p1021
- Improved support for NXP T1084
- Reworked SPI support for NXP RT1050
- STM32L4: Fixed clock speed
- ARMv7-m: improved assembly support for Cortex-M4
- ARMv8-m: enabled assembly optimizations by default
- Reworked keytools and build environment
- Improved build experience for MacOS users
- Fix for building in windows/minGW
- Deprecated python keytools
- Keytools: support multiple key formats, don't assume raw keys
- Fixed bug in delta image generation
- Keystore improvements: support multiple key format in the same keystore
- Testing
- Added new sets of power-failure automated tests on simulator target
- Simulator: tests can now run on MacOS
- Unit tests: improved coverage. Added gcov reports
- Static analysis: added cppcheck tests, fixed all relevant warnings
wolfBoot v1.16
ChangeLog
- New formats supported
- Added ELF/ELF64 loader
- Extended support for NXP P1021
- eSPI support to access TPM
- TPM root of trust
- fixes to eLBC NAND driver
- Improvements on PowerPC architecture
- fixed PIC execution
- support booting from RAM
- refactor of
update_ram.clogic - moved wolfBoot stack to DDR after DDR initialization
- Rework of Renesas examples, adding HSM support
- RA6M4 example project using SCE
- RA72N example project using TSIP
- Extended documentation
- Bug fix: fix wrong partition selection with
NVM_FLASH_WRITEONCEintroduced in v.1.15 - Testing: added test cases (delta + encrypt)
- Documentation: fixed several spelling errors
wolfBoot v1.15
ChangeLog
- Refactor powerfail-safe update for NVMs without consecutive write operations
- Support for SP math on AARCH64 targets
- Fixed keygen.c exported public key size
- Added more test cases and github actions
- Updated wolfSSL to v.5.6.0
- Hardware support:
- OCTOSPI support (STM32)
- Fixed STM32H7 UART, added UART debug
- New HAL: Renesas RA6M4 (with IDE example projects)
- New HAL: NXP i.MX-RT1064
- Unified common code for NXP i.MX-RT10XX targets
wolfBoot v1.14
Changelog
- Added support for CMake build
- STM32U5: Support for external flash
- STM32H7: Support for QSPI flash
- Support for NXP QoriQ P1021
- Cleanups and improvements for DEOS support on t2080
- Docker tests: refactoring
- Github Actions: added build checks for most available configurations
- Updated wolfTPM to v.2.7.0
- Updated wolfCrypt to wolfSSL v.5.5.4
wolfBoot v1.13
Changelog
- Fixed IAR sign script
- Added support for encrypted self-update
- Support for NAII 68PPC2 with NXP T2080 on DEOS
- Fixed Xilinx QSPI support
- Fixed API usage in external flash support for SPI/UART
- Fixed bug in encrypted delta updates
- Updated wolfCrypt to wolfSSL submodule v5.5.3
wolfBoot v1.12
Changelog
- Encrypted delta updates
- Support RSA3072 signature verification
- Partition ID support to include custom additional images
- New format to store multiple public keys, using keystore
- Several fixes to keytools and IDE support
- Added new test cases
- Hardware support
- New HAL: Simulated target for rapid tests
wolfBoot v1.11
Changelog
- Mitigation against fault-injections and glitching attacks
(https://www.wolfssl.com/secure-boot-glitching-attacks/) - Support AES128 and AES256 for update encryption
- Support ECC384 signature verification
- Support SHA2-384 for image hash
- Fixed alignment of delta update fields in manifest
- Image size propagated to sign tools
- Added test automation based on renode.io and github actions
- Hardware support
- New HAL: STM32U5
- New HAL: NXP i.MX-RT1050
- Fix risc-V 32bit port (missing include)
- Fix STM32L4 (VTOR alignments; clock setting clash in libwolfboot)
- STM32H7: improve HAL and documentation
wolfBoot v1.10
Changelog
- Delta updates: expanded documentation + bug fixes
- Support Ed448 for signature verification
- Hardware support:
- Secure memory mode for STM32G0
- Fix for STM32L5 in dual-bank mode
- UEFI support: wolfBoot as EFI application on x86_64
- Fixed self-update in Cortex-R5
- Fixed HW support regressions in PSOC-6 build
wolfBoot v1.9
Changelog
- Delta/incremental updates
- Fixes for key tools
- Updates IAR IDE project
- Documentation updates and fixes
- API function names to match code
- STM32L5 updates
- Hardware support
- New HAL: STM32L4
- TMS570LC43xx: Use
NVM_FLASH_WRITEONCEfor update progress and
fix stack pointer initialization
wolfBoot v1.8
Changelog
- Use SP math for RSA4096
- Updated RSA to use inline operation and disable OAEP padding
- Memory model: removed dependency on XMALLOC/XFREE for ECC and RSA operations
- Added option WOLFBOOT_SMALL_STACK with hardcoded compile-time buffers
- Added option SIGN=NONE to disable secure boot at compile time
- Fix self-update documentation
- Added test cases for configuration option combinations
- Hardware support
- New ARCH: PowerPC
- New ARCH: ARM Cortex-R
- New HAL: NXP T2080
- New HAL: TI TMS570LC435
- STM32H7: Correct BANK2 offset