cancel
Showing results for 
Search instead for 
Did you mean: 

WireGuard on STM32U5A5VJT6 ?

xezi
Associate

Hello,

I'm currently working on a project using the STM32U5A5VJT6 processor, and I'm exploring the feasibility of implementing WireGuard in a bare-metal environment. I found one mention of WireGuard in this community post [link], however afaik it is an application for an OS based ST product. So I'm looking for more detailed insights.

  • Is STM actively working on any initiatives to bring WireGuard support to processors like the STM32U5A5VJT6, especially for bare-metal implementations?
  • The WireGuard protocol was primarily designed for OS-based systems with kernel support, which makes bare-metal implementation exceptionally challenging. Given the cryptographic and networking demands, has anyone made significant progress or come across alternative approaches that could support WireGuard (or similar VPN functionality) on an STM32?
  • I encountered Mongoose’s library for networking on STM32, which offers some guidance on web server setups. Are there other resources or community-driven efforts that address VPNs or similar secure communication protocols for STM32 processors without an OS?

Any advice, resources, or shared experiences would be greatly appreciated!

Thank you,
Xezi

3 REPLIES 3
Pavel A.
Evangelist III

Exactly because of difficulties of porting crypto libraries to bare metal, consider instead a [more or less] lightweight OS that is posix-compatible enough. Of course this will require more RAM and flash than typical bare metal things but should be affordable.

Crucial points for a VPN implementation: it must be

- compatible, with continued support, not vendor-locked

- easy to review, test, validate

- easy to patch / update / upgrade

All this calls for OS-based implementation. Not necessarily Linux.

 

xezi
Associate

Thank you for your input.

 

For this project, we are committed to using ThreadX, which brings its own set of challenges for implementing WireGuard. While there is a WireGuard implementation in C [link], it depends on lwIP, and as a community-driven project, it doesn’t fully align with the robustness and warranties our requirements demand. From my initial research, it appears that porting lwIP functionalities to ThreadX would be quite complex and might require significant adaptation to achieve compatibility, especially for low-level networking operations.

 

If anyone has experience with similar ports or alternative secure communication protocols that integrate more seamlessly with ThreadX and NetX Duo, I’d greatly appreciate any insights.

Pavel A.
Evangelist III

as a community-driven project, it doesn’t fully align with the robustness and warranties our requirements demand.

And ThreadX? It is no longer backed by Microsoft.