wolfBoot is a secure bootloader that leverages wolfSSL’s underlying wolfCrypt module to provide signature authentication for the running firmware. wolfBoot is easily ported and integrated in existing embedded software projects. wolfBoot is designed to be a portable, OS-agnostic, secure bootloader solution for all embedded systems, relying on wolfCrypt for firmware authentication.

wolfBoot comes with an included RSA/ECC/Ed25519 key generation tool. This tool generates a key-pair upon building the wolfBoot library. The generated key-pair can then be used to sign the firmware that is being loaded onto the device, and to transform a bootable firmware image to comply with the firmware image format required by the bootloader.

Due to its minimalist design and the tiny Hardware Abstraction Layer (HAL) API, wolfBoot is completely independent of any OS or bare-metal application and can be easily ported and integrated into existing embedded software solutions.

Upon receiving and installing a verified update, wolfBoot keeps a backup copy of the newest firmware image that has been confirmed to work correctly. If the new version is not confirmed by the application itself, or whenever the image installed is damaged or corrupt, the bootloader will restore the state of the system before the most recent update.

Update images can be encrypted using a symmetric key, and stored to external non-volatile memory supports, such as external SPI FLASH, or stored in a neighbor system and accessed via UART.

wolfBoot is entirely written in C and assembly language and does not use any dynamic memory allocation, making it usable in safety-critical environments. Support for DO-178 and MISRA are planned for wolfBoot in 2021.


  • Multi-slot partitioning of the flash device
  • Integrity verification of the firmware image(s)
  • Authenticity verification of the firmware image(s) using wolfCrypt’s Digital Signature Algorithms (DSA)
  • Highly reliable, transport-agnostic firmware update mechanism
  • Automatic backup of the previous image, restored in case of failed update
  • Minimalist Hardware Abstraction Layer (HAL) interface to facilitate portability across different vendors/MCUs
  • Copy/swap images from secondary slots into the primary slots to consent firmware update operations
  • Dual-bank hardware-assisted image swap (where supported by the target)
  • In-place chain-loading of the firmware image in the primary slot
  • Memory-mapped staging on MMU-equipped processors
  • RSA/ECC/Ed25519 key generator
  • Image signing tools
  • Supports encryption of the update payloads
  • Includes wolfBoot test applications
  • Minimalist design
  • OS-independent

Architectures Supported:

  • 32-bit ARMv6/ARMv7/ARMv8 (Cortex-M)
  • 32-bit RISC-V (RV32)
  • 64-bit ARM (Cortex-A) with support for linux bootstrap

HAL Support for:

  • SiFive HiFive1 RISC-V
  • STM32
  • Nordic nRF52
  • Atmel SAMR21
  • TI cc26x2
  • NXP Kinetis, LPC, i.MX-RT
  • Raspberry pi
  • Xilinx Zynq
  • Cypress PSoC6

FIPS 140-2 validated cryptography library with wolfCrypt.