RECENT BLOG NEWS

Join us on an informative webinar about wolfSSL and Automotive Hardware Security Modules (HSMs) presented by wolfSSL Software Engineer, Bill, on November 30th at 10 am PT. In today’s automotive landscape, vehicles have transformed into sophisticated digital systems, making automotive cybersecurity a paramount concern.

During this webinar, Bill will delve into the world of HSMs and explore how wolfSSL is dedicated to safeguarding data in connected vehicles.

Watch the webinar here: wolfSSL and Automotive Hardware Security Modules (HSMs)

Sneak peek of the webinar

• Automotive HSM Features and benefits
• Exploring wolfHSM Functional Design
• wolfHSM Applicability to Standards
• wolfHSM Hardware Ports and Plans
• wolfHSM Demo on Infineon Aurix Tricore TC3xx
• Future Targets of wolfHSM technology
• And much more

Don’t miss this opportunity to expand your knowledge and technical skills in Automotive HSMs. Discover the full potential that wolfSSL products can offer and how wolfSSL products enhance automotive security. Bring all your questions related to Automotive HSMs and get ready to learn insights on automotive HSMS from Bill.

Watch it now!

If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.

Download wolfSSL Now

As many people know, Chinese government regulators are now mandating use of SM2, SM3 and SM4 in critical systems, including automobiles, avionics, power systems, and communication systems. Since many of our customers are multi-nationals that do business in China, they have been requesting the addition of these algorithms in wolfSSL products.

Today we are about to release our supported versions of SM2, SM3, and SM4, with the intention to release the ZUC stream cipher at some point this year to completely satisfy SM9. We are also in contact with labs regarding support of OSCCA certification at some point in the future.

This is really great news for our customers selling into Chinese markets!

For those readers considering using wolfSSL products, here’s some additional notes:

• The SM Ciphers will be fully supported in wolfSSL’s TLS 1.3 implementation.
• wolfSSH, wolfBoot and our other products will support ShangMi ciphers.
• ARM, Intel, and RiscV assembly is in the works for our SM implementations for maximum performance.
• We will continue to support bare metal for ZUC, SM2, SM3, and SM4.
• True to form, we have maximized performance and minimized size, so the ShangMi algorithms will work well for embedded systems use cases on a wide variety of microcontrollers (MCU’s). They will be available for all of the MCU silicon that we currently support, including STM32, NXP i.MX, RISC-V, Renesas RA, RX, and Synergy, Nordic NRF32, Microchip PIC32, Infineon Aurix, TI MSP, and many others.
• Our GPLv2 licensed versions of the SM ciphers will be made available on GitHub and for download.

Commercially licensed versions are available.

If you have questions about our support for the ShangMi ciphers and algorithms, please contact us at facts@wolfSSL.com, or call us at +1 425 245 8247.

Download wolfSSL Now

In WolfSSL release v5.6.4 we have added support for Silicon Labs’ Simplicity Studio. In addition we have tested with the ERF32xG21 series of chips and have created an example setup. More information can be found in the WolfSSL repo.

Using our benchmarking tool, we have the following results from a Cortex M33 at 80MHz:

If you have questions about any of the above, please contact us at facts@wolfSSL.com, call us at +1 425 245 8247 or visit out FAQ page.

Download wolfSSL Now

Designed by Freepik: www.freepik.com

Here at wolfSSL, we pride ourselves on the portability of our products. An essential part of the real-world applicability of our projects is that they can run in various environments in support of various use cases. We recently published an incomplete list of parts that our SSL/TLS library wolfSSL has been run on. Since our secure bootloader wolfBoot shares the same flexibility, we wanted to share a similar list of supported targets and architectures.

Here’s a list of supported CPU architectures:

Here’s a list of supported hardware parts and their manufacturers:

For info on the wolfBoot configuration details of the targets listed above, visit https://github.com/wolfSSL/wolfBoot/blob/master/docs/Targets.md. For wolfBoot usage examples, visit https://github.com/wolfSSL/wolfBoot-examples.

Don’t see your part/architecture on this list? Not to worry! The minimalistic design and tiny HAL API of wolfBoot make it portable to the highest degree. Reach out to us letting us know the details of your system and we can get you in touch with our porting experts.

If you have questions, comments, and suggestions about any of the above, contact us at facts@wolfssl.com or call us at +1 425 245 8247.

Download wolfSSL Now

Designed by Freepik: www.freepik.com

Have you seen the recently released wolfBoot v2.0.0? It is full of a lot of interesting new features and optimizations. You can see full detail in the changelog.

What about the CNSA 2.0 Guidance? We’ve mentioned it many times in our blog posts. You can find it here.

You might be wondering, what do these have to do with each other? The NSA’s CNSA 2.0 guidance specifically states that LMS/HSS and XMSS/XMSS^MT are appropriate for firmware signing. These algorithms are now supported in the 2.0.0 release of wolfBoot. They depend on our LMS and XMSS integrations in wolfCrypt which are part of the recently released 5.6.4 version of wolfSSL! So, you can start working with these algorithms and signing and verifying your firmware images TODAY.

Being able to do that today is really important because the CNSA 2.0 says that LMS/HSS and XMSS/XMSS^MT are to be added as an option and tested in your systems and products today. By 2025, only a year from now, these algorithms are to be the default and preferred algorithms. By 2030, all other algorithms are to be phased out.

Are you ready to meet these expectations? You are if you use wolfBoot!

If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.

Download wolfSSL Now

When looking to store your cryptographic secrets, it is important to have a good platform to store them on. Even more important is the ease of accessing and using those secrets. With wolfTPM, we have already added support for the following platforms:

• Raspberry Pi (Linux)
• MMIO (Memory mapped IO)
• STM32 with CubeMX
• Atmel ASF
• Xilinx (Ultrascale+ / Microblaze)
• QNX
• Infineon TriCore (TC2xx/TC3xx)
• Barebox

These TPM (Trusted Platform Module) 2.0 modules are tested and running in the field:

• STM ST33TP* SPI/I2C
• Infineon OPTIGA SLB9670/SLB9672
• Microchip ATTPM20
• Nations Tech Z32H330TC
• Nuvoton NPCT650/NPCT750

For direct Secure Element access, we have ports in wolfSSL for:

• ST-SAFE
• Microchip ATECC508/608
• Microchip TA100
• NXP SE050

Wolfcrypt has support for the following:

• NXP CAAM (Cryptographic Acceleration and Assurance Module) on i.MX6 (QNX), i.MX8 (QNX/Linux), RT1170 FreeRTOS
• Intel SGX
• ARM TrustZone CryptoCell 310

For more detailed information on our supported hardware take a look at our Hardware Support list.

We also offer support for PKCS11 to interface to various HSMs like:

• Infineon TriCore Aurix
• Renesas RH850
• ST SPC58

Wolfcrypt also gives support for PSA (Platform Security Architecture). This includes the following algorithms:

• hashes: SHA-1, SHA-224, SHA-256
• AES: AES-ECB, AES-CBC, AES-CTR, AES-GCM, AES-CCM
• ECDH PK callbacks (P-256)
• ECDSA PK callbacks (P-256)
• RNG

Another product of interest could be wolfBoot, which – as the name suggests – is a bootloader that can use an HSM (Hardware Security Module) for validation and verification. It supports use of the ARM TrustZone technology. WolfBoot also supports all of the TPMs and secure elements listed above, as it inherits all of wolfCrypt’s capabilities. WolfBoot can also be used in an fTPM (Firmware TPM) environment where the bootloader code is running on the same device as the one providing TPM functionality.

Check out the latest updates on the keystores and secure elements supported by wolfSSL.

If you have questions about any of the above, please contact us at facts@wolfSSL.com, call us at +1 425 245 8247 or view our FAQ page.

Download wolfSSL Now

wolfSSL is proud to partner with Weston Embedded Solutions, developers of the Cesium RTOS line of real time kernels and protocol stacks for embedded systems. Weston Embedded Solutions and their products trace their roots back to Micrium and the popular uC/OS software that pioneered the use of real time kernels more than 30 years ago. Cesium RTOS is popular among customers demanding real time performance and proven reliability in the most critical embedded applications. This partnership allows wolfSSL to broaden its portfolio of supported real time operating systems giving customers integrated access to the most reliable and trusted embedded kernels and middleware components.

The combination of wolfSSL’s state-of-the-art SSL/TLS library and Weston Embedded Solutions’ highly reliable Cesium RTOS provide a level of protection that is simply unmatched in the industry. Customers can now enjoy enhanced security and performance, reduced development time, and increased flexibility in their embedded systems.

The ultra configurability of wolfSSL will let you make the optimizations and trade offs that make the most sense for you. Whether your application requires a small code size, no stack usage, no heap usage, minimal memory usage or blazing performance, wolfSSL and Weston Embedded Solutions will get you where you need to be.

If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.

Download wolfSSL Now

Designed by Freepik: www.freepik.com

wolfBoot v2.0 is here, and with it a number of new features and enhancements. Rounding out our post-quantum support, in addition to LMS/HSS, wolfBoot now supports the XMSS/XMSS^MT post-quantum stateful hash-based signature (HBS) scheme. XMSS is the eXtended Merkle Signature Scheme, while XMSS^MT is its multi-tree generalization that allows it to scale efficiently into a large number of signatures by constructing a hypertree from layers of XMSS subtrees.

Like our previous LMS support, XMSS wolfBoot support includes keygen, signing, verifying, and importing externally generated public keys. Furthermore, XMSS wolfBoot support builds on our previous XMSS wolfCrypt integration, and thus supports all SHA256 parameter sets from tables 10 and 11 of NIST SP 800-208, while also allowing for hardware acceleration of hash operations when computing the hash-chains needed for XMSS signatures.

Thus wolfBoot now supports both post-quantum stateful HBS schemes recommended by NIST SP 800-208 and the NSA’s CNSA 2.0 suite. Do you have a post-quantum secure-boot requirement from the CNSA 2.0 timeline? Are you curious about integrating post-quantum support into your secure-boot process? If so, please contact us at facts@wolfSSL.com.

If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.

Download wolfSSL Now

Designed by @Noxifer81

We are excited to announce wolfBoot’s support for the Renesas RX72N. The RX72N MCU is the flagship model of RX series, using a 32-bit RX72N 240 MHz microcontroller.

wolfBoot is a portable secure bootloader solution that offers firmware authentication and firmware update mechanisms. Due to its minimalistic design and tiny HAL API, wolfBoot is completely independent from any OS or bare-metal application.

By adding wolfBoot support for the board, it demonstrates simple secure firmware update by wolfBoot. A sample application v1 is securely updated to v2. Both versions behave the same except displaying its version of v1 or v2. They are compiled by e2Studio and run on the target board. Detailed steps to run the application can be found at GitHub README.

Additionally, you are able to run wolfBoot with Renesas TSIP (Trusted Secure IP) driver, which supports high-speed hardware encryption. You can find the Readme at wolfBoot GitHub.

Current support for Renesas TSIP driver acceleration includes:

• SHA256/RSA

If interested in trying wolfBoot on the RX72N or have questions about any of the above, please contact facts@wolfSSL.com or call us at +1 425 245 8247.

Download wolfSSL Now

We are excited to invite you to our upcoming two-part webinar series on Mastering libcurl, presented by the founder and lead developer of cURL and libcurl, Daniel Stenberg. The first part will take place on November 16th at 9 AM PT, and the second part is scheduled for November 20th at 9 AM PT.

Watch the webinars here:

Part 1: Mastering libcurl part 1

Part 2: Mastering libcurl part 2

Sneak peek of the webinar

• Getting started with cURL
• API and Architecture
• Functional Features
• Advanced Functionality
• HTTP, URLs and more

libcurl is a powerful tool that has revolutionized the way developers interact with the internet. Whether you’re a seasoned programmer or a curious novice, this webinar is the perfect opportunity to unlock your potential and discover the endless possibilities of libcurl.

Don’t miss out on this exclusive webinar to learn from the founder of cURL and take your development skills to the next level. Click the links above to watch now!

Check out Daniel’s blog for more details.

As always, our webinars will include Q&A sessions throughout. If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.

Download wolfSSL Now