Draft
Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
Updates the pinned commits for several cryptography-related git submodules.
Changes:
- Bumped
lib/wolfsslsubmodule commit reference - Bumped
lib/wolfTPM,lib/wolfPSA,lib/wolfPKCS11, andlib/wolfHSMsubmodule commit references
Reviewed changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| lib/wolfssl | Updates the submodule pointer to a newer commit |
| lib/wolfTPM | Updates the submodule pointer to a newer commit |
| lib/wolfPSA | Updates the submodule pointer to a newer commit |
| lib/wolfPKCS11 | Updates the submodule pointer to a newer commit |
| lib/wolfHSM | Updates the submodule pointer to a newer commit |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
You can also share your feedback on Copilot code review. Take the survey.
Contributor
There was a problem hiding this comment.
Pull request overview
Updates wolf* submodules while adding build-time compatibility shims/workarounds to keep wolfBoot building against the new upstream revisions (notably around wolfSSL hash/sha512 header dependencies and PKCS11 user settings).
Changes:
- Bump wolfSSL/wolfTPM/wolfPSA/wolfPKCS11/wolfHSM submodule commits.
- Add wolfSSL compatibility shim (
wolfssl_compat.h) and hash wrapper (wolfssl_hash_compat.c), and switch builds to use them. - Update Make/CMake build flags (forced include, PKCS11
WOLFPKCS11_USER_SETTINGS) and adjust HSM simulator crypto initialization.
Reviewed changes
Copilot reviewed 17 out of 17 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| tools/unit-tests/Makefile | Force-includes new wolfSSL compat header; adds PKCS11 user settings define for a unit-test target. |
| tools/tpm/Makefile | Force-includes compat header; swaps wolfSSL hash.o for wolfBoot hash compat object. |
| test-app/wcs/hash_compat.c | Adds a wrapper TU that includes wolfBoot’s hash compat implementation. |
| test-app/Makefile | Switches test-app hashing sources/objects to wolfBoot wrapper and adds wrapper TU for TZEN build. |
| test-app/CMakeLists.txt | Adds PKCS11 user settings define; switches hash source to wolfBoot wrapper. |
| src/wolfssl_hash_compat.c | Introduces wolfBoot-side wrapper that includes wolfSSL hash.c after including sha512.h. |
| options.mk | Adds WOLFPKCS11_USER_SETTINGS when WOLFCRYPT_TZ_PKCS11=1. |
| lib/wolfssl | Updates wolfSSL submodule pointer. |
| lib/wolfTPM | Updates wolfTPM submodule pointer. |
| lib/wolfPSA | Updates wolfPSA submodule pointer. |
| lib/wolfPKCS11 | Updates wolfPKCS11 submodule pointer. |
| lib/wolfHSM | Updates wolfHSM submodule pointer. |
| include/wolfssl_compat.h | Adds compat header to pre-include sha512 for SHA-384 builds. |
| include/user_settings.h | Makes WOLFPKCS11_USER_SETTINGS definition idempotent. |
| hal/sim.c | Changes crypto context initialization and conditionally sets devId in server config. |
| Makefile | Force-includes new wolfSSL compat header globally in root Make build. |
| CMakeLists.txt | Adds PKCS11 user settings define; swaps wolfSSL hash.c source for wolfBoot wrapper. |
Comments suppressed due to low confidence (1)
lib/wolfssl:1
- The PR title suggests only submodule updates, but this PR also introduces new source/header files and modifies multiple build systems (Make/CMake) plus runtime initialization (
hal/sim.c). Consider updating the PR title/description to reflect the added compatibility shim and build-flag changes so reviewers/maintainers can track the intent beyond submodule bumps.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
You can also share your feedback on Copilot code review. Take the survey.
| .req = (whTransportMemCsr*)req, | ||
| .req_size = sizeof(req), | ||
| .resp = (whTransportMemCsr*)resp, | ||
| .resp_size = sizeof(resp), |
Member
Author
There was a problem hiding this comment.
false claim based on old API. This is due to the API change in wolfHSM
Contributor
There was a problem hiding this comment.
Pull request overview
Updates vendored wolf* submodules and adjusts build system/workarounds to accommodate upstream changes/regressions (notably around wolfSSL hash.c and PKCS#11 user settings), plus a small Linux simulator portability tweak.
Changes:
- Bump wolfSSL/wolfTPM/wolfPSA/wolfPKCS11/wolfHSM submodules.
- Replace direct compilation of wolfSSL
hash.cwith awolfssl_hash_compatwrapper in multiple build entrypoints. - Enable
WOLFPKCS11_USER_SETTINGSin PKCS#11-related builds; adjust TPM autodetect define placement; add amemfd_createfallback in sim.
Reviewed changes
Copilot reviewed 15 out of 15 changed files in this pull request and generated 8 comments.
Show a summary per file
| File | Description |
|---|---|
| tools/unit-tests/Makefile | Adds WOLFPKCS11_USER_SETTINGS to PKCS#11 unit-test build flags. |
| tools/tpm/Makefile | Switches TPM tool build from wolfSSL hash.o to wolfBoot wolfssl_hash_compat.o. |
| test-app/wcs/hash_compat.c | Adds a test-app wrapper that includes wolfBoot’s hash compat source. |
| test-app/Makefile | Repoints test-app object lists from wolfSSL hash.* to wolfssl_hash_compat.* / hash_compat.o. |
| test-app/CMakeLists.txt | Adds WOLFPKCS11_USER_SETTINGS and switches PKCS#11 sources to wolfssl_hash_compat.c. |
| src/wolfssl_hash_compat.c | Introduces a temporary wrapper TU that includes wolfSSL hash.c. |
| options.mk | Adds WOLFPKCS11_USER_SETTINGS; changes when WOLFTPM_AUTODETECT is defined. |
| lib/wolfssl | Updates submodule pointer. |
| lib/wolfTPM | Updates submodule pointer. |
| lib/wolfPSA | Updates submodule pointer. |
| lib/wolfPKCS11 | Updates submodule pointer. |
| lib/wolfHSM | Updates submodule pointer. |
| include/user_settings.h | Makes WOLFPKCS11_USER_SETTINGS define idempotent. |
| hal/sim.c | Adds syscall-based memfd_create fallback; changes some init patterns. |
| CMakeLists.txt | Adds WOLFPKCS11_USER_SETTINGS; switches top-level builds from wolfSSL hash.c to compat file. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
You can also share your feedback on Copilot code review. Take the survey.
Comment on lines
+575
to
578
| int fd = sim_memfd_create("test_app", 0); | ||
| size_t wret; | ||
| if (fd == -1) { | ||
| wolfBoot_printf( "memfd error\n"); |
Contributor
There was a problem hiding this comment.
Pull request overview
Updates wolf* submodules and adjusts build system inputs to accommodate upstream changes (PKCS11 user settings and a temporary wolfSSL hash.c compatibility shim), plus minor simulator portability tweaks.
Changes:
- Bump wolfSSL/wolfTPM/wolfPSA/wolfPKCS11/wolfHSM submodule commits.
- Add
WOLFPKCS11_USER_SETTINGSto relevant unit-test, app, and top-level build definitions. - Replace direct compilation of wolfSSL
hash.c/hash.owith a wolfBoot-sidewolfssl_hash_compatwrapper; makememfd_createusage more portable in simulator.
Reviewed changes
Copilot reviewed 14 out of 14 changed files in this pull request and generated 7 comments.
Show a summary per file
| File | Description |
|---|---|
| tools/unit-tests/Makefile | Adds WOLFPKCS11_USER_SETTINGS define for PKCS11 unit test target. |
| tools/tpm/Makefile | Swaps wolfSSL hash.o for local wolfssl_hash_compat.o. |
| test-app/Makefile | Swaps wolfSSL/wcs hash.o references for wolfssl_hash_compat.o. |
| test-app/CMakeLists.txt | Adds WOLFPKCS11_USER_SETTINGS and swaps hash.c for wolfssl_hash_compat.c. |
| src/wolfssl_hash_compat.c | Introduces temporary wrapper that includes wolfSSL hash.c. |
| options.mk | Adds PKCS11 user settings define; scopes WOLFTPM_AUTODETECT to SPI branch. |
| lib/wolfssl | Updates submodule pointer. |
| lib/wolfTPM | Updates submodule pointer. |
| lib/wolfPSA | Updates submodule pointer. |
| lib/wolfPKCS11 | Updates submodule pointer. |
| lib/wolfHSM | Updates submodule pointer. |
| include/user_settings.h | Makes WOLFPKCS11_USER_SETTINGS definition idempotent. |
| hal/sim.c | Adds syscall-based memfd_create wrapper and adjusts init for updated HSM structs. |
| CMakeLists.txt | Adds PKCS11 user settings define and swaps hash.c for wolfssl_hash_compat.c. |
Comments suppressed due to low confidence (1)
lib/wolfssl:1
- The PR title suggests only submodule updates, but this PR also changes build flags, replaces wolfSSL
hash.ccompilation with a compatibility wrapper, and modifies simulator behavior. Please update the PR title/description to reflect these additional functional/build changes so reviewers and release notes capture the full impact.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
You can also share your feedback on Copilot code review. Take the survey.
| */ | ||
|
|
||
| #include <wolfssl/wolfcrypt/sha512.h> | ||
| #include <wolfcrypt/src/hash.c> |
|
|
||
| # Add wolfCrypt core implementation files | ||
| APP_OBJS+=$(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/hash.o | ||
| APP_OBJS+=../src/wolfssl_hash_compat.o |
| APP_OBJS+=./wcs/hmac.o | ||
| APP_OBJS+=./wcs/pwdbased.o | ||
| APP_OBJS+=./wcs/hash.o | ||
| APP_OBJS+=../src/wolfssl_hash_compat.o |
| int fd = sim_memfd_create("test_app", 0); | ||
| size_t wret; | ||
| if (fd == -1) { | ||
| wolfBoot_printf( "memfd error\n"); |
|
|
||
| # Add wolfCrypt core implementation files | ||
| APP_OBJS+=$(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/hash.o | ||
| APP_OBJS+=../src/wolfssl_hash_compat.o |
| WOLFCRYPT_APP_OBJS+=\ | ||
| $(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/memory.o \ | ||
| $(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/hash.o \ | ||
| ../src/wolfssl_hash_compat.o \ |
| APP_OBJS+=./wcs/hmac.o | ||
| APP_OBJS+=./wcs/pwdbased.o | ||
| APP_OBJS+=./wcs/hash.o | ||
| APP_OBJS+=../src/wolfssl_hash_compat.o |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.