wolfHSM-v1.3.0

wolfHSM Release v1.3.0

Due to NDA restrictions, access to the Infineon, ST Micro, TI, and Renesas ports is limited. Please contact [email protected] for access.

New Feature Additions

• Introduced key wrap client/server APIs with demos and tests in #157 and #185
• Added HKDF key derivation with cached-key reuse support in #204 and #211
• Added image manager module for authenticated firmware handling in #129
• Added non-exportable object support and basic NVM access controls in #147
• Added flash-log based NVM backend for large write granularities in #179
• Added SHA-224/384/512 crypto support across client and server in #144
• Expanded DMA coverage to AES-GCM, RNG seeding, and shared-memory offset transfers in #158, #213, and 36862ce

Bug Fixes

• Enforced NVM object boundaries during reads in #182
• Prevented stale data reads from erased flash pages in #181
• Corrected NVM flash state handling when recovery is required in #175
• Fixed AES-CTR temporary buffer sizing in #183
• Restored AES-GCM DMA post-write callbacks and optional output handling in #215 and #221
• Fixed POSIX TCP socket error handling in #203

Enhancements and Optimizations

• Added GitHub Action based code coverage reporting in #201
• Added clang-format and clang-tidy automation in #176 and #167
• Added ASAN configuration to example builds and CI workflows in #218
• Improved benchmark tooling and shared memory transport configurability in #158

wolfHSM-v1.2.0

wolfHSM Release v1.2.0 (June 27, 2025)

Due to NDA restrictions, access to the Infineon, ST Micro, and Renesas ports is limited. Please contact [email protected] for access.

New Feature Additions

• Basic X509 certificate support in #96
• DMA support for CMAC in #97
• attribute certificate support in #101
• Add benchmark framework in #107
• client/server-only builds + relocate examples in #122

Bug Fixes

• Fix flashunit program in #104
• Keycache test fixes in #125

Enhancements and Optimizations

• Refactor DMA API to be generic across all address sizes in #102
• Remove whPacket union in #103
• set RNG on curve25519 keys to support blinding in #109
• new x509 API: verify and cache pubKey in #110
• Add hierarchical makefiles in #124

wolfHSM-v1.1.0

wolfHSM Release v1.1.0 (January 23, 2025)

Due to NDA restrictions, access to the Infineon and ST Micro ports is limited. Please contact [email protected] for access.

New Feature Additions

• Added support for ML-DSA (PR#84 and PR#86)
• Added support for DMA-based keystore operations (PR#85)

Bug Fixes

• Fixes memory error in ECC verify (PR#81)
• Removes unused argument warnings on 32 bit targets (PR#82)
• Fixes memory leak in SHE test (PR#88)

Enhancements and Optimizations

• Improved handling of Curve25519 DER encoded keys using new wolfCrypt APIs (PR#83)

Update with Bug Fix

wolfHSM Release v1.0.1 (October 21, 2024)

Bug-fix release. Due to NDA restrictions, access to the Infineon and ST Micro ports is limited. Please contact [email protected] for access.

New Feature Additions

• Initial release of whnvmtool to pre-build NVM images (PR#77)

Bug Fixes

• Corrected FreshenKey server function to load keys from NVM when not in cache (PR#78)

Enhancements and Optimizations

• Updated RSA key handling to support private-only and public-only keys (PR#76)

Initial Release

Initial release after internal and early evaluator testing. Due to NDA restrictions, access to the Infineon and ST Micro ports is limited. Please contact [email protected] for access.

New Feature Additions

• POSIX simulator and test environment
• Memory fencing and cache controls for memory transport
• Support for Aurix Tricore TC3xx and ST SPC58NN
• DMA support for SHA2 and NVM objects
• Cancellation for CMAC
• Support NO_MALLOC and STATIC_MEMORY
• SHE+ interface

Enhancements and Optimizations

• Reduction in static server memory requirements
• Hardware offload for AURIX and ST C3 modules