// the find
wolfSSL/wolfBoot
wolfBoot is a portable, OS-agnostic, secure bootloader for microcontrollers, supporting firmware authentication and firmware update mechanisms.
wolfBoot is a secure bootloader for 32-bit microcontrollers (and increasingly 64-bit targets) that handles firmware authentication via digital signatures and safe firmware update with rollback. It sits below your application firmware and is the thing that decides whether to boot or refuse. Target audience is anyone shipping embedded products that need OTA updates without shipping unsigned firmware.
The hardware support breadth is genuinely impressive — STM32, NXP i.MX-RT, Nordic nRF, Renesas, RISC-V, PowerPC, x86-FSP, and more, each with real config examples rather than just claimed support. Post-quantum algorithm support (ML-DSA, LMS/XMSS) is already present, which matters for devices with 10+ year lifespans. The simulator target lets you run and test update flows on a dev machine without touching hardware, and the GitHub Actions CI matrix covers enough combinations to catch regressions. The powerfail-safe update logic is handled correctly — interrupted swaps leave the device in a recoverable state rather than bricked.
The build system is a `.config` file fed into a Makefile, and getting the right combination of `SIGN=`, `HASH=`, `WOLFBOOT_PARTITION_*` defines correct for your specific flash layout is trial-and-error — the troubleshooting section in the README is a symptom of this, not a solution. The Python key tools were deprecated in v2.0 but the C replacements require wolfcrypt-py or wolfSSL installed separately, so first-run setup is still friction-heavy on a fresh machine. wolfHSM integration adds real capability but it ties you deeper into the wolfSSL ecosystem stack (wolfSSL + wolfTPM + wolfHSM + wolfPKCS11), and if you hit a bug that spans the boundary between these libraries you're debugging across four codebases. Documentation exists but it's scattered across `/docs/*.md` files with no clear reading order, making it easy to miss a required step when porting to a new target.