wolfBoot support for the Xilinx UltraScale+ was added in 2020 and is a direct U-Boot replacement for improved security.

wolfBoot provides enhanced features compared to U-Boot such as:

Firmware integrity and signature verification on each boot Image integrity checking SHA2-256 or SHA3-384. Validation of the signature using ECC P256/P384, RSA (2048-bit or 3072-bit), ED25519 and LMS or XMSS. Multiple boot partition support Rollback to last known working or fail-safe “golden” image on failure TPM 2.0 Support Measured Boot (PCR’s) Sealing secret to unlock or decrypt a storage device Root of trust options Onboard eFUSES Public key embedded in wolfBoot partition TPM 2.0 NV (supported with wolfTPM) Delta/Differential updates using bentley-mcilroy scheme Encrypted updates using AES CFB or ChaCha20/Poly1305

Additional wolfBoot Features:

QSPI, SDMC and eMMC boot support ELF (32 and 64) loader support FDT (Flattened Device Tree) support for fixups AARCH64 EL1/EL3 support

We have included a full example for building with Xilinx SDK and integrating into the FSBL chain of trust. Also creation of the flash boot.bin image with boot.bif and bootgen.

Tested support with bare-metal, QNX, GreenHills Integrity OS and Linux/Fedora. 24x7 support available

Links:

https://github.com/wolfSSL/wolfBoot/tree/master/IDE/XilinxSDK https://github.com/wolfSSL/wolfBoot/blob/master/docs/Targets.md#xilinx-zynq-ultrascale https://github.com/dgarske/UltraZed-EG-wolf

If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.

Download wolfSSL Now