Releases: wolfSSL/wolfBoot
Releases · wolfSSL/wolfBoot
Release list
wolfBoot v2.9.0
V 2.9.0 - (2026-07-02)
- New hardware targets
- New STM32 ports: STM32N6 (NUCLEO-N657X0-Q), STM32U3 (NUCLEO-U385RG-Q), STM32C5 (NUCLEO-C5A3ZG), STM32G4, and STM32WBA
- NXP LPC54S018M-EVK and Kinetis KL26
- Xilinx Zynq-7000 (ZC702) boot support
- NXP T2080 / CW VPX3-152: VxWorks 7 64-bit boot support
- Improvements to supported targets
- Integrated the wolfHAL hardware abstraction layer into wolfBoot, with an STM32WB example
- STM32H5: added fwTPM support in TrustZone (with test app) and a WOLFCRYPT_TZ_WOLFHSM TrustZone engine
- STM32 TrustZone improvements (validated with wolfIP), plus external-flash access in non-secure-callable (NSC) flash veneers
- LPC55S69: hardware crypto acceleration and multiple fixes
- PolarFire SoC M-Mode: L2 scratchpad init, QSPI programmer, and watchdog support
- ZynqMP ZCU102 SD-card Linux boot: EL2 handoff, SDHCI init, and QSPI hardening
- NXP MCXN: hardware-based DICE attestation and TZ/PSA build fixes
- Vorago VA416x0: IRAM shadow-update fixes and a simplified flash write path
- New features and improvements
- Added RSA-PSS image signature support
- Added generic cryptocb support for hardware-accelerated crypto callbacks
- Added FIT image support for gzip-compressed kernel + ramdisk (initramfs) and for loading FPGA bitstreams
- Added a oneshot-hash build option and monolithic self-update optimizations
- Added boot-benchmarking support
- Added an
sbomMakefile target for EU CRA compliance - wolfHSM: multi-root-CA verification, keystore-less operation, and related fixes
- IDevID: allow using pre-computed authentication values
- Added an option to persist boot/update failure diagnostics to a dedicated flash partition, with an API to retrieve logged events
- Renamed ML-DSA (Dilithium) references throughout for consistency
- Bug fixes and hardening
- Continued Fenrir fuzzing-driven hardening across image parsing and update flows
- Bounded unauthenticated image size before RAM load, and enforced bounds over memcpy in the disk update path
- Added an integrity check in
wolfBoot_verify_authenticity()and hardened the armored image integrity check against fault injection - Fixed LMS/XMSS header includes, otp_keystore string initialization, and FDT compatible-string loop termination
- Fixed multiple unit-test and self-update regressions; migrated Renode tests to a new container
- Zeroized the DICE claim-collection buffer
- Updated modules
- wolfSSL v5.9.2-stable
- wolfTPM v4.0.0-363-g8e796c0
- wolfPKCS11 v2.1.0-stable
- wolfHSM v1.4.0-245-g7c6359e
- wolfHAL (4744f20)
- wolfPSA v5.9.1-58-ga4d1187
wolfBoot v2.8.0
Changelog
- New hardware targets
- AMD/Xilinx Versal Gen 1 VMK180 support, including SD/QSPI boot flows and PetaLinux boot support
- Microchip PolarFire SoC MPFS250 support extended to M-mode/QSPI/LIM boot flows, plus eMMC/SD support
- New target support for NXP MCXN and MCXW71, NXP S32K14x, NXP LPC55S69, and Nordic nRF54L15
- Added NXP T1040 RDB support and refreshed NXP T2080 vendor-board configurations
- Improvements to supported targets
- STM32H5 TrustZone/PKCS11 integration reworked with NSC veneers, plus additional OTP and flash handling fixes
- PSoC6 now supports external flash dual-bank updates and read-modify-erase-write flash programming
- AURIX TC3xx self-update and wolfHSM configurations expanded, including RSA4096 and cert-chain examples
- Renesas RA6M4 and RX projects refreshed, with improved RAM-function handling for CCRX builds
- Improved clang/LLVM support for embedded builds and test-app image generation, with dedicated CI coverage
- New features and improvements
- Added wolfPSA integration for secure storage and TrustZone-backed PSA services
- Added TrustZone PSA-crypto support and PSA attestation compliance, including DICE-based attestation flows
- Added Zephyr integration to replace the TEE layer, with PSA-facing interfaces and sample patches
- Added a generic hook framework for pre-init, post-init, and boot hooks
- Added custom encryption-key hooks, PKCS11-backed encrypted partitions, and improved image inspection/status tooling
- Added monolithic self-update builds, reproducible-build support, self-header support, and expanded simulator self-update / TrustZone test coverage
- Bug fixes and hardening
- Strengthened image parsing, signing, and update flows with stricter bounds/overflow checks for signatures, TLVs, delta images, GPT/FDT parsing, disk I/O, and partition overlap
- Added fail-closed flash protection, stricter rollback handling in non-flash paths, and final sanity checks in boot and library boot paths
- Expanded constant-time comparisons and zeroization for TPM, DICE, SATA, update, and key-generation code paths
- Fixed self-update regressions, encrypted-partition handling, SDHCI/MMC corner cases, and assorted build/test regressions across ARM, PPC, RISC-V, and simulator targets
- Updated modules
- wolfSSL v5.9.1-stable
- wolfTPM v3.10.0-88-gefaab4a
- wolfPKCS11 v2.0.0-stable-126-g8fec695
- wolfHSM v1.4.0-57-g977bf18
wolfBoot v2.7.0
Changelog
- New hardware targets
- Vorago VA416x0 (new HAL, linker scripts, test application, and programming helpers)
- Nordic nRF5340 TrustZone build and configuration
- Improvements to supported targets
- TrustZone-M support unified across ARMv8-M targets
- TrustZone-M aware dual-bank configuration, increased update/erase reliability and isolation
- nRF5340: Added support for TrustZone-M
- STM32H5: SPI driver and TPM support with new TrustZone NSC APIs,
- Simulator: dual-bank flow and bank-swap test script to validate redundant-slot updates
- RP2350: RAM cache for flash writes to improve robustness
- Infineon AURIX TC3xx: replaced IDE project with HAL module integration and UART/boot flag handling fixes
- New features and improvements
- Filesystem-backed partition state access with
library_fstarget and CLI tool for querying or managing boot partitions - libwolfboot: added MTD (Memory Technology Device) backed tracking of update status
- CMake: Added presets. Improve support for more reliable out-of-tree builds and list handling. Improve documentation.
- Key tools:
keygen --no-overwriteoption, stricter image header/sector size checks, and expanded ML-DSA test configurations - Added
WOLFBOOT_RESTORE_CLOCKconfiguration and additional logging/debugging for library filesystem status and keystore handling
- Filesystem-backed partition state access with
- Bug fixes
- Hardened encrypted and delta update flows (IV reuse prevention, fallback/regression fixes, improved unit coverage)
- Fixed SPI flash protocol errors and write verification issues
- Corrected STM32 internal flash page erase masks and multiple STM32H5 update path fixes (including dual-bank and TPM builds)
- Resolved P1021 stage1 and MMU build issues
- cleanup of compiler warnings across targets (STM32WB55 PKA, nRF5340 non-TZ, others)
- Updated modules
- wolfSSL v5.8.4-stable (59f4fa568)
- wolfTPM v2.4.0-594-g6d5df60
- wolfPKCS11 v2.0.0-stable-33-g81af264
- wolfHSM v1.3.0 (8ac56d7)
wolfBoot v2.6.0
Changelog
- New hardware targets: PIC32CX and PIC32CZ
- New features:
- Added support for external flash in ELF scattering mode
- Added support for certificate chain verification (ECC/RSA) with wolfHSM client
- Added support for x509 auth with wolfHSM in server mode
- Added support for encrypted updates on Renesas RX (also via TSIP)
- Added support for assembly optimizations for PowerPC 32bit (SHA, AES)
- STM32F4: new clock configuration to support all models, added support for STM32F411
- Bugfixes:
- Fixed unaligned access in Cortex-A5
- Fixed compile flags to properly run code from RAM on ARM
- Use the correct
VTOR_NSregister when staging a non-secure image with TrustZone-M - Removed double-write-after-erase in
wolfBoot_update_trigger - Multiple fixes for STM32H5 running in TrustZone mode
- Updated modules
- wolfSSL v5.8.2+ (a06268f70)
- wolfTPM v3.9.1+ (6cfe800)
- wolfPKCS11: latest (ddeb887)
- wolfHSM: latest (e0b2019)
wolfBoot v2.5.0
ChangeLog
- New hardware targets
- RP2350 (Raspberry Pi Pico 2, ARM Cortex-M33 with TrustZone)
- NXP MCXA153
- NXP MCXW716
- STM32F1 series (STM32F103 “Blue Pill” board)
- Improvements to supported targets
- Xilinx UltraScale+ (ZynqMP)
- Added hardware-accelerated SHA3 hashing via the CSU engine
- Added support for enabling JTAG at runtime when
CSU_DEBUGis set - Introduced support for the device’s PUF (Physically Unclonable Function) for unique key generation and secure key storage (requires eFuses)
- Renesas RX
- Added option for TSIP hardware crypto engine
- Infineon TriCore (AURIX TC3xx)
- Updated IDE project files for ARM Developer Studio 1.10.6, fixing build issues and ensuring support for latest toolchain
- Fix to support write operations spanning over multiple sectors
- Xilinx UltraScale+ (ZynqMP)
- New features and improvements
- Added support for non-contiguous elf sections, scattered elf firmware loading and verification.
- PQC: Simplified LMS/XMSS integration, deprecated support for third-party libraries
- Support to build wolfBoot as a static library (
libwolfboot.a) for easier integration and testing of the bootloader logic in custom workflows - Extended support for ARMORED glitch mitigations to the IAR toolchain
- CMake build refactoring, extended support to more targets
- Various documentation and configuration improvements
- Bug fixes
- Fix alignment enforcement on IAR compiler
- Fix build error on Windows in key generation tool (
_chsize_sdeclaration issue insign.c)
- Updated modules
- wolfSSL v5.8.0
- wolfTPM v3.9.0
- wolfPKCS11 latest
- wolfHSM latest
wolfBoot v2.4.0
ChangeLog
- New hardware targets
- Add support for NXP Layerscape LS1028A
- Improvements to supported targets
- ARMv7-M, ARMv8-M: Using Thumb2 version of ARMASM
- x86-FSP: improvements to stage1 code, added support for GDT tables
- Xilinx UltraScale+
- Support running from all Exception Levels
- Added QSPI DMA support and improved clock configuration
- Added FIT image support
- New features and improvements
- Added integration with wolfHSM
- Improve delta update detection of base image via SHA
- Remove compile-time dependencies for key tools
- Key tools: improve detection of delta base image version
- Bug fixes
- Fix potential failure in
NVM_FLASH_WRITEONCEmode
- Fix potential failure in
- Updated modules
- wolfSSL v5.7.6
- wolfTPM 3.8.0
- wolfPKCS11 latest
- wolfHSM latest
wolfBoot v2.3.0
ChangeLog
- New hardware targets
- New architecture: ARM Cortex-A 32 bit
- Add support for Microchip ATSAMA5D3
- Add support for Nordic nRF5340
- Add support for Infineon AURIX TriCore TCxxx
- Add support for 32-bit simulator target
- Improvements to supported targets
- Support for building HAB for i.MX-RT targets, fixed flash interaction, dcache invalidation
- Fixes for Renesas RX: full flash erase, IRQ on boot, flash write
- Raspberry Pi: add UART support
- STM32: refactoring of the PKCS11 storage driver
- Fixes for Xilinx Zynq+ build options
- New features
- Support for multiple key types in the same keystore
- New algorithm: ML-DSA
- Hybrid authentication (using one PQC in combination with ECC/RSA)
- Full assembly optimizations for ARM targets, including SHA, AES, Chacha (ARMASM)
- Benchmark scripts for performance testing
- Unit test coverage drastically increased
- Bug fixes
- Fix multiple type-punned pointer dereferences
- Fix for TPM to properly support more than one PCR
- Fixed order of digests in the header: public key digest is now signed
- Updated modules
- wolfSSL v5.7.4
- wolfTPM latest
- wolfPKCS11 latest
wolfBoot v2.2.0
ChangeLog
- New hardware targets
- Add STM32H5 port with support for Dual-bank, OTP, TrustZone-M
- Add native support for Renesas RX family, using gcc toolchain
- Improvements to supported targets
- NXP i.MX-RT:
- New flash geometry configurations
- Support for LPUART4
- Add port for RT1061
- Disable DCACHE upon flash access
- Support for building with HAB
- STM32:
- Refactoring of TrustZone-M support
- OTP driver for STM32H5/H7
- Full firmware update demo on STM32H5
- Add support for QSPI in STM32U5
- Renesas RZ:
- Add support for RSIP
- x86-64 (FSP):
- Improve x86-64 specific code, add features
- Clean-up and re-arrange scripts for qemu demo
- NXP i.MX-RT:
- Post-quantum crypto
- LMS and XMSS support now using native wolfCrypt implementation
- Tools improvements
- Keystore: now supports .der ECC key via
--der - Add
otp_primerfirmware, to provision keystores in OTP - Add
otp_gentool to provide a pre-assembled keystore to flash into OTP
- Keystore: now supports .der ECC key via
- Bug fixes
- Fix regression in x86-EFI builds
- Fix setting
VTOR_NSwhen staging a non-secure app/os from TrustZone - Fix delta updates: patches with invalid base versions were not discarded
- Fix potential array bound overflow in
NVM_FLASH_WRITEONCEmode - Fix dereferencing type-punned pointer in flash update
wolfBoot v2.1.0
Changelog
- New features
- Custom TLVs in manifest header for custom authenticated options
- Bug fixes and improvements:
- DUALBANK: fork bootloader only once
- Improved
NO_BACKUPmode, DISABLE BACKUP mode is now powerfail-safe - Fault-injection mitigation: added clobbers to assembly code
- Post-quantum algorithms: fixed build issue with conflicting wolfCrypt version
- New signature verification algorithm:
- Added support for ECC521
- New hardware targets:
- Microchip ATSAM-E51, including DUALBANK support
- Renesas RZN2L
- NXP i.MX-RT1040
- NXP MCXA-153
- Improved support to existing targets:
- Build fixes for TI-Hercules
- Improved support for Integrity OS on NXP T1024
- wolfTPM integration
- Fixes in sealing/unsealing mechanism
- Updated modules
- wolfSSL v5.7.0
- wolfPKCS11 v1.3.0
- wolfTPM v3.2.0
wolfBoot v2.0.2
Changelog
- Fixed bug in sign tool when using ECC keys
- Improved documentation
- Added customizable DCD for NXP targets