// the find
nihalpasham/rustBoot
rustBoot is a standalone bootloader written entirely in `Rust`, designed to run on anything from a microcontroller to a system on chip. It can be used to boot into bare-metal firmware or Linux.
rustBoot is a Rust-native secure bootloader targeting embedded systems from Cortex-M microcontrollers up to Cortex-A SoCs running Linux. It handles multi-slot firmware updates with cryptographic verification, anti-rollback, and power-fail-safe swap logic. The target audience is firmware engineers who want mcuboot-style update semantics without the C baggage.
The multi-slot partition scheme with power-interruptible swap is the right design — if your MCU browns out mid-update, you still boot. ECC signature verification via RustCrypto crates is solid: no OpenSSL dependency hell, no unsafe crypto rolled by hand. Board support is unusually broad for a project this size: nRF52840, RP2040, several STM32 lines, Raspberry Pi 4, and NXP i.MX8MN all have concrete examples, not just stubs. The signing utility being pure Rust means your CI pipeline doesn't need a Python/OpenSSL toolchain.
The last commit was September 2024 and the book explicitly says 'still a work in progress' — TrustZone-M support, external SPI flash, and secure element integration are all listed as planned but unbuilt, which are exactly the features you'd need for a production IoT device. Star count (296) and fork count (28) suggest a small community; if you hit a board-specific bug, you're probably debugging it yourself. The workspace structure — dozens of nearly-identical per-board Cargo.toml files — means adding a new board is a copy-paste exercise rather than a config entry, and there's no abstraction layer making that easier. No mention of FIPS compliance or PSA Certified alignment, which matters if you're shipping into regulated markets.