wolfSSL · dgarske · Apr 30, 2025 · Apr 29, 2025 · Apr 29, 2025 · Apr 29, 2025
diff --git a/.github/workflows/test-wolfhsm-simulator.yml b/.github/workflows/test-wolfhsm-simulator.yml
@@ -54,7 +54,8 @@ jobs:
         with:
           repository: wolfssl/wolfHSM-examples
           # Make sure to update this when the wolfHSM submodule is updated!
-          ref: wolfHSM-v1.1.0
+          #ref: wolfHSM-v1.1.0
+          ref: 3e03bd4d4a8439ed4a8a9577823c89e4c37eb9be
           path: wolfHSM-examples
 
       - name: Build example POSIX TCP server

diff --git a/README.md b/README.md
@@ -685,3 +685,35 @@ Use `make keysclean` to delete keys and regenerate.
     * wolfPKCS11 latest
     * wolfHSM latest
 
+### V 2.5.0 - (2025-05-05)
+  * New hardware targets
+    * RP2350 (Raspberry Pi Pico 2, ARM Cortex-M33 with TrustZone)
+    * NXP MCXA153
+    * NXP MCXW716
+    * STM32F1 series (STM32F103 “Blue Pill” board)
+  * Improvements to supported targets
+    * Xilinx UltraScale+ (ZynqMP)
+        * Added hardware-accelerated SHA3 hashing via the CSU engine
+        * Added support for enabling JTAG at runtime when `CSU_DEBUG` is set
+        * Introduced support for the device’s PUF (Physically Unclonable Function) for unique key generation and secure key storage (requires eFuses)
+    * Renesas RX
+        * Added option for TSIP hardware crypto engine
+    * Infineon TriCore (AURIX TC3xx)
+        * Updated IDE project files for ARM Developer Studio 1.10.6, fixing build issues and ensuring support for latest toolchain
+        * Fix to support write operations spanning over multiple sectors
+  * New features and improvements
+    * Added support for non-contiguous elf sections, scattered elf firmware loading and verification.
+    * PQC: Simplified LMS/XMSS integration, deprecated support for third-party libraries
+    * Support to build wolfBoot as a static library (`libwolfboot.a`) for easier integration and testing of the bootloader logic in custom workflows
+    * Extended support for ARMORED glitch mitigations to the IAR toolchain
+    * CMake build refactoring, extended support to more targets
+    * Various documentation and configuration improvements
+  * Bug fixes
+    * Fix alignment enforcement on IAR compiler
+    * Fix build error on Windows in key generation tool (`_chsize_s` declaration issue in `sign.c`)
+  * Updated modules
+    * wolfSSL v5.8.0
+    * wolfTPM v3.9.0
+    * wolfPKCS11 latest
+    * wolfHSM latest
+
diff --git a/include/user_settings.h b/include/user_settings.h
@@ -144,6 +144,7 @@ extern int tolower(int c);
 #       define WOLFSSL_HAVE_SP_ECC
 #   endif
 
+#define WOLFSSL_PUBLIC_MP
 
     /* Curve */
 #   if defined(WOLFBOOT_SIGN_ECC256) || defined(WOLFCRYPT_SECURE_MODE) || \

diff --git a/include/wolfboot/version.h b/include/wolfboot/version.h
@@ -29,8 +29,8 @@ extern "C" {
 #endif
 
 
-#define LIBWOLFBOOT_VERSION_STRING "2.4.0"
-#define LIBWOLFBOOT_VERSION_HEX 0x02040000
+#define LIBWOLFBOOT_VERSION_STRING "2.5.0"
+#define LIBWOLFBOOT_VERSION_HEX 0x02050000
 
 #ifndef WOLFBOOT_VERSION
     #define WOLFBOOT_VERSION LIBWOLFBOOT_VERSION_HEX

diff --git a/lib/wolfHSM b/lib/wolfHSM
diff --git a/lib/wolfPKCS11 b/lib/wolfPKCS11
diff --git a/lib/wolfTPM b/lib/wolfTPM
diff --git a/lib/wolfssl b/lib/wolfssl
diff --git a/tools/test.mk b/tools/test.mk
@@ -990,9 +990,9 @@ test-size-all:
 	make keysclean
 	make test-size SIGN=ED25519 LIMIT=11448 NO_ARM_ASM=1
 	make keysclean
-	make test-size SIGN=ECC256  LIMIT=17968 NO_ARM_ASM=1
+	make test-size SIGN=ECC256  LIMIT=17988 NO_ARM_ASM=1
 	make clean
-	make test-size SIGN=ECC256 NO_ASM=1 LIMIT=13512 NO_ARM_ASM=1
+	make test-size SIGN=ECC256 NO_ASM=1 LIMIT=13536 NO_ARM_ASM=1
 	make keysclean
 	make test-size SIGN=RSA2048 LIMIT=11232  NO_ARM_ASM=1
 	make clean
@@ -1002,9 +1002,9 @@ test-size-all:
 	make clean
 	make test-size SIGN=RSA4096 NO_ASM=1 LIMIT=12096 NO_ARM_ASM=1
 	make keysclean
-	make test-size SIGN=ECC384 LIMIT=17536 NO_ARM_ASM=1
+	make test-size SIGN=ECC384 LIMIT=17556 NO_ARM_ASM=1
 	make clean
-	make test-size SIGN=ECC384 NO_ASM=1 LIMIT=14904 NO_ARM_ASM=1
+	make test-size SIGN=ECC384 NO_ASM=1 LIMIT=14924 NO_ARM_ASM=1
 	make keysclean
 	make test-size SIGN=ED448 LIMIT=13464 NO_ARM_ASM=1
 	make keysclean
@@ -1018,7 +1018,7 @@ test-size-all:
 	make keysclean
 	make test-size SIGN=XMSS XMSS_PARAMS='XMSS-SHA2_10_256' \
 		IMAGE_SIGNATURE_SIZE=2500 IMAGE_HEADER_SIZE?=4096 \
-		LIMIT=8252 NO_ARM_ASM=1
+		LIMIT=8292 NO_ARM_ASM=1
 	make keysclean
 	make clean
 	make test-size SIGN=ML_DSA ML_DSA_LEVEL=2 LIMIT=20168 \
+11 −7		.github/workflows/build-and-test.yml
+2 −0		.gitignore
+16 −0		ChangeLog.md
+2 −1		port/posix/posix_flash_file.c
+404 −486		src/wh_client.c
+785 −0		src/wh_client_cert.c
+1,663 −1,122		src/wh_client_crypto.c
+38 −361		src/wh_client_cryptocb.c
+54 −298		src/wh_client_nvm.c
+471 −356		src/wh_client_she.c
+3 −1		src/wh_flash_unit.c
+161 −0		src/wh_message_cert.c
+128 −0		src/wh_message_counter.c
+853 −0		src/wh_message_crypto.c
+239 −0		src/wh_message_keystore.c
+12 −39		src/wh_message_nvm.c
+424 −0		src/wh_message_she.c
+27 −16		src/wh_server.c
+627 −0		src/wh_server_cert.c
+141 −71		src/wh_server_counter.c
+1,687 −875		src/wh_server_crypto.c
+24 −206		src/wh_server_dma.c
+245 −244		src/wh_server_keystore.c
+14 −105		src/wh_server_nvm.c
+1,072 −572		src/wh_server_she.c
+259 −259		src/wh_she_crypto.c
+5 −5		src/wh_utils.c
+36 −2		test/Makefile
+13 −4		test/user_settings.h
+10 −0		test/wh_test.c
+517 −0		test/wh_test_cert.c
+44 −0		test/wh_test_cert.h
+1,503 −0		test/wh_test_cert_data.h
+155 −0		test/wh_test_cert_data_acert.h
+108 −116		test/wh_test_check_struct_padding.c
+49 −44		test/wh_test_clientserver.c
+2 −1		test/wh_test_comm.c
+12 −2		test/wh_test_common.h
+223 −115		test/wh_test_crypto.c
+2 −0		test/wh_test_flash_ramsim.c
+132 −1		test/wh_test_nvm_flash.c
+7 −0		test/wh_test_nvm_flash.h
+5 −2		test/wh_test_she.c
+2 −0		test/wh_test_wolfcrypt_test.c
+2 −3		test/wolfhsm_cfg.h
+131 −0		tools/testcertgen/gen_acerts.sh
+310 −0		tools/testcertgen/gen_test_cert_chain.sh
+557 −376		wolfhsm/wh_client.h
+94 −3		wolfhsm/wh_client_crypto.h
+28 −26		wolfhsm/wh_error.h
+102 −0		wolfhsm/wh_flash.h
+3 −4		wolfhsm/wh_message.h
+185 −0		wolfhsm/wh_message_cert.h
+120 −0		wolfhsm/wh_message_counter.h
+808 −0		wolfhsm/wh_message_crypto.h
+226 −0		wolfhsm/wh_message_keystore.h
+23 −58		wolfhsm/wh_message_nvm.h
+394 −0		wolfhsm/wh_message_she.h
+75 −181		wolfhsm/wh_packet.h
+12 −165		wolfhsm/wh_server.h
+102 −0		wolfhsm/wh_server_cert.h
+4 −2		wolfhsm/wh_server_counter.h
+10 −5		wolfhsm/wh_server_crypto.h
+153 −13		wolfhsm/wh_server_keystore.h
+4 −3		wolfhsm/wh_server_she.h
+16 −0		wolfhsm/wh_settings.h
+30 −1		wolfhsm/wh_utils.h
+5 −5		.github/workflows/build-workflow.yml
+30 −5		README.md
+13 −0		configure.ac
+18 −0		examples/maxq10xx_init.sh
+88 −1		src/crypto.c
+439 −20		src/internal.c
+14 −0		src/slot.c
+107 −2		tests/pkcs11test.c
+15 −0		wolfpkcs11/internal.h
+1 −0		wolfpkcs11/pkcs11.h
+2 −0		.gitignore
+16 −4		CMakeLists.txt
+22 −0		ChangeLog.md
+3 −25		autogen.sh
+2 −2		configure.ac
+236 −0		examples/endorsement/README.md
+1 −0		examples/endorsement/endorsement.h
+10 −2		examples/endorsement/get_ek_certs.c
+12 −3		examples/endorsement/include.am
+42 −0		examples/endorsement/trusted_certs.h
+137 −0		examples/endorsement/trusted_certs_der.h
+347 −0		examples/endorsement/verify_ek_cert.c
+25 −6		examples/keygen/keygen.c
+8 −0		examples/nvram/extend.c
+143 −141		examples/run_examples.sh
+1 −1		examples/tls/tls_client.c
+1 −1		examples/tls/tls_server.c
+3 −0		hal/tpm_io.c
+3 −0		hal/tpm_io.h
+223 −3		hal/tpm_io_microchip.c
+1 −0		src/include.am
+353 −0		src/tpm2_asn.c
+17 −5		src/tpm2_wrap.c
+147 −0		wolftpm/tpm2_asn.h
+205 −3		wolftpm/tpm2_wrap.h
+2 −2		wolftpm/version.h