wolfBoot support for the Xilinx Zynq UltraScale+ MPSoC

wolfBoot support for the Xilinx UltraScale+ was added in 2020 and is a direct U-Boot replacement for improved security.

wolfBoot provides enhanced features compared to U-Boot such as:

• Firmware integrity and signature verification on each boot
  • Image integrity checking SHA2-256 or SHA3-384.
  • Validation of the signature using ECC P256/P384, RSA (2048-bit or 3072-bit), ED25519 and LMS or XMSS.
• Multiple boot partition support
  • Rollback to last known working or fail-safe “golden” image on failure
• TPM 2.0 Support
  • Measured Boot (PCR’s)
  • Sealing secret to unlock or decrypt a storage device
• Root of trust options
  • Onboard eFUSES
  • Public key embedded in wolfBoot partition
  • TPM 2.0 NV (supported with wolfTPM)
• Delta/Differential updates using bentley-mcilroy scheme
• Encrypted updates using AES CFB or ChaCha20/Poly1305

Additional wolfBoot Features:

• QSPI, SDMC and eMMC boot support
• ELF (32 and 64) loader support
• FDT (Flattened Device Tree) support for fixups
• AARCH64 EL1/EL3 support

We have included a full example for building with Xilinx SDK and integrating into the FSBL chain of trust. Also creation of the flash boot.bin image with boot.bif and bootgen.

Tested support with bare-metal, QNX, GreenHills Integrity OS and Linux/Fedora.
24×7 support available

Links:

• https://github.com/wolfSSL/wolfBoot/tree/master/IDE/XilinxSDK
• https://github.com/wolfSSL/wolfBoot/blob/master/docs/Targets.md#xilinx-zynq-ultrascale
• https://github.com/dgarske/UltraZed-EG-wolf

If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.

Download wolfSSL Now