Conversation
There was a problem hiding this comment.
Pull request overview
Updates the pinned commits for several cryptography-related git submodules.
Changes:
- Bumped
lib/wolfsslsubmodule commit reference - Bumped
lib/wolfTPM,lib/wolfPSA,lib/wolfPKCS11, andlib/wolfHSMsubmodule commit references
Reviewed changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| lib/wolfssl | Updates the submodule pointer to a newer commit |
| lib/wolfTPM | Updates the submodule pointer to a newer commit |
| lib/wolfPSA | Updates the submodule pointer to a newer commit |
| lib/wolfPKCS11 | Updates the submodule pointer to a newer commit |
| lib/wolfHSM | Updates the submodule pointer to a newer commit |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
You can also share your feedback on Copilot code review. Take the survey.
There was a problem hiding this comment.
Pull request overview
Updates wolf* submodules while adding build-time compatibility shims/workarounds to keep wolfBoot building against the new upstream revisions (notably around wolfSSL hash/sha512 header dependencies and PKCS11 user settings).
Changes:
- Bump wolfSSL/wolfTPM/wolfPSA/wolfPKCS11/wolfHSM submodule commits.
- Add wolfSSL compatibility shim (
wolfssl_compat.h) and hash wrapper (wolfssl_hash_compat.c), and switch builds to use them. - Update Make/CMake build flags (forced include, PKCS11
WOLFPKCS11_USER_SETTINGS) and adjust HSM simulator crypto initialization.
Reviewed changes
Copilot reviewed 17 out of 17 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| tools/unit-tests/Makefile | Force-includes new wolfSSL compat header; adds PKCS11 user settings define for a unit-test target. |
| tools/tpm/Makefile | Force-includes compat header; swaps wolfSSL hash.o for wolfBoot hash compat object. |
| test-app/wcs/hash_compat.c | Adds a wrapper TU that includes wolfBoot’s hash compat implementation. |
| test-app/Makefile | Switches test-app hashing sources/objects to wolfBoot wrapper and adds wrapper TU for TZEN build. |
| test-app/CMakeLists.txt | Adds PKCS11 user settings define; switches hash source to wolfBoot wrapper. |
| src/wolfssl_hash_compat.c | Introduces wolfBoot-side wrapper that includes wolfSSL hash.c after including sha512.h. |
| options.mk | Adds WOLFPKCS11_USER_SETTINGS when WOLFCRYPT_TZ_PKCS11=1. |
| lib/wolfssl | Updates wolfSSL submodule pointer. |
| lib/wolfTPM | Updates wolfTPM submodule pointer. |
| lib/wolfPSA | Updates wolfPSA submodule pointer. |
| lib/wolfPKCS11 | Updates wolfPKCS11 submodule pointer. |
| lib/wolfHSM | Updates wolfHSM submodule pointer. |
| include/wolfssl_compat.h | Adds compat header to pre-include sha512 for SHA-384 builds. |
| include/user_settings.h | Makes WOLFPKCS11_USER_SETTINGS definition idempotent. |
| hal/sim.c | Changes crypto context initialization and conditionally sets devId in server config. |
| Makefile | Force-includes new wolfSSL compat header globally in root Make build. |
| CMakeLists.txt | Adds PKCS11 user settings define; swaps wolfSSL hash.c source for wolfBoot wrapper. |
Comments suppressed due to low confidence (1)
lib/wolfssl:1
- The PR title suggests only submodule updates, but this PR also introduces new source/header files and modifies multiple build systems (Make/CMake) plus runtime initialization (
hal/sim.c). Consider updating the PR title/description to reflect the added compatibility shim and build-flag changes so reviewers/maintainers can track the intent beyond submodule bumps.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
You can also share your feedback on Copilot code review. Take the survey.
There was a problem hiding this comment.
Pull request overview
Updates vendored wolf* submodules and adjusts build system/workarounds to accommodate upstream changes/regressions (notably around wolfSSL hash.c and PKCS#11 user settings), plus a small Linux simulator portability tweak.
Changes:
- Bump wolfSSL/wolfTPM/wolfPSA/wolfPKCS11/wolfHSM submodules.
- Replace direct compilation of wolfSSL
hash.cwith awolfssl_hash_compatwrapper in multiple build entrypoints. - Enable
WOLFPKCS11_USER_SETTINGSin PKCS#11-related builds; adjust TPM autodetect define placement; add amemfd_createfallback in sim.
Reviewed changes
Copilot reviewed 15 out of 15 changed files in this pull request and generated 8 comments.
Show a summary per file
| File | Description |
|---|---|
| tools/unit-tests/Makefile | Adds WOLFPKCS11_USER_SETTINGS to PKCS#11 unit-test build flags. |
| tools/tpm/Makefile | Switches TPM tool build from wolfSSL hash.o to wolfBoot wolfssl_hash_compat.o. |
| test-app/wcs/hash_compat.c | Adds a test-app wrapper that includes wolfBoot’s hash compat source. |
| test-app/Makefile | Repoints test-app object lists from wolfSSL hash.* to wolfssl_hash_compat.* / hash_compat.o. |
| test-app/CMakeLists.txt | Adds WOLFPKCS11_USER_SETTINGS and switches PKCS#11 sources to wolfssl_hash_compat.c. |
| src/wolfssl_hash_compat.c | Introduces a temporary wrapper TU that includes wolfSSL hash.c. |
| options.mk | Adds WOLFPKCS11_USER_SETTINGS; changes when WOLFTPM_AUTODETECT is defined. |
| lib/wolfssl | Updates submodule pointer. |
| lib/wolfTPM | Updates submodule pointer. |
| lib/wolfPSA | Updates submodule pointer. |
| lib/wolfPKCS11 | Updates submodule pointer. |
| lib/wolfHSM | Updates submodule pointer. |
| include/user_settings.h | Makes WOLFPKCS11_USER_SETTINGS define idempotent. |
| hal/sim.c | Adds syscall-based memfd_create fallback; changes some init patterns. |
| CMakeLists.txt | Adds WOLFPKCS11_USER_SETTINGS; switches top-level builds from wolfSSL hash.c to compat file. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
You can also share your feedback on Copilot code review. Take the survey.
There was a problem hiding this comment.
Pull request overview
Updates wolf* submodules and adjusts build system inputs to accommodate upstream changes (PKCS11 user settings and a temporary wolfSSL hash.c compatibility shim), plus minor simulator portability tweaks.
Changes:
- Bump wolfSSL/wolfTPM/wolfPSA/wolfPKCS11/wolfHSM submodule commits.
- Add
WOLFPKCS11_USER_SETTINGSto relevant unit-test, app, and top-level build definitions. - Replace direct compilation of wolfSSL
hash.c/hash.owith a wolfBoot-sidewolfssl_hash_compatwrapper; makememfd_createusage more portable in simulator.
Reviewed changes
Copilot reviewed 14 out of 14 changed files in this pull request and generated 7 comments.
Show a summary per file
| File | Description |
|---|---|
| tools/unit-tests/Makefile | Adds WOLFPKCS11_USER_SETTINGS define for PKCS11 unit test target. |
| tools/tpm/Makefile | Swaps wolfSSL hash.o for local wolfssl_hash_compat.o. |
| test-app/Makefile | Swaps wolfSSL/wcs hash.o references for wolfssl_hash_compat.o. |
| test-app/CMakeLists.txt | Adds WOLFPKCS11_USER_SETTINGS and swaps hash.c for wolfssl_hash_compat.c. |
| src/wolfssl_hash_compat.c | Introduces temporary wrapper that includes wolfSSL hash.c. |
| options.mk | Adds PKCS11 user settings define; scopes WOLFTPM_AUTODETECT to SPI branch. |
| lib/wolfssl | Updates submodule pointer. |
| lib/wolfTPM | Updates submodule pointer. |
| lib/wolfPSA | Updates submodule pointer. |
| lib/wolfPKCS11 | Updates submodule pointer. |
| lib/wolfHSM | Updates submodule pointer. |
| include/user_settings.h | Makes WOLFPKCS11_USER_SETTINGS definition idempotent. |
| hal/sim.c | Adds syscall-based memfd_create wrapper and adjusts init for updated HSM structs. |
| CMakeLists.txt | Adds PKCS11 user settings define and swaps hash.c for wolfssl_hash_compat.c. |
Comments suppressed due to low confidence (1)
lib/wolfssl:1
- The PR title suggests only submodule updates, but this PR also changes build flags, replaces wolfSSL
hash.ccompilation with a compatibility wrapper, and modifies simulator behavior. Please update the PR title/description to reflect these additional functional/build changes so reviewers and release notes capture the full impact.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
You can also share your feedback on Copilot code review. Take the survey.
There was a problem hiding this comment.
Pull request overview
Updates wolf* submodules and adjusts the build/test plumbing to accommodate upstream changes/regressions (notably around wolfSSL hash.c and PKCS11 user settings), plus small simulator/HSM workflow refinements.
Changes:
- Bumps
wolfssl,wolfTPM,wolfPSA,wolfPKCS11, andwolfHSMsubmodule commits. - Replaces direct compilation of wolfSSL
hash.c/hash.owith a temporary in-repo compatibility wrapper source/object. - Expands PKCS11 build defines and adjusts simulator/HSM configs and CI workflow behavior.
Reviewed changes
Copilot reviewed 18 out of 18 changed files in this pull request and generated 6 comments.
Show a summary per file
| File | Description |
|---|---|
| tools/unit-tests/Makefile | Adds WOLFPKCS11_USER_SETTINGS define for PKCS11 unit target. |
| tools/tpm/Makefile | Switches TPM tool build from wolfSSL hash.o to local compat object. |
| tools/scripts/sim-sunnyday-update.sh | Removes trailing blank lines. |
| test-app/Makefile | Uses compat hash object instead of wolfSSL hash.o / wcs/hash.o. |
| test-app/CMakeLists.txt | Adds PKCS11 user settings define; swaps hash.c for compat wrapper. |
| src/wolfssl_hash_compat.c | Introduces a temporary wrapper that includes wolfSSL hash.c. |
| options.mk | Adds PKCS11 user settings define; scopes WOLFTPM_AUTODETECT to SPI path. |
| lib/wolfssl | Updates submodule pointer. |
| lib/wolfTPM | Updates submodule pointer. |
| lib/wolfPSA | Updates submodule pointer. |
| lib/wolfPKCS11 | Updates submodule pointer. |
| lib/wolfHSM | Updates submodule pointer. |
| include/user_settings.h | Ensures WOLFPKCS11_USER_SETTINGS is defined idempotently. |
| hal/sim.c | Adds memfd_create syscall wrapper and improves HSM client error output. |
| config/examples/sim-wolfHSM-client-mldsa.config | Enables local keys by default. |
| config/examples/sim-wolfHSM-client-ecc.config | Enables local keys by default. |
| CMakeLists.txt | Adds PKCS11 user settings define; swaps hash.c for compat wrapper. |
| .github/workflows/test-wolfhsm-simulator.yml | Adds matrix knob for server keyfile mode; adjusts server startup logic. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
You can also share your feedback on Copilot code review. Take the survey.
danielinux
force-pushed
the
prepare-release-2.8.0
branch
from
c0eac80 to
ca5d06b
Compare
There was a problem hiding this comment.
Pull request overview
Updates vendored crypto/security submodules and aligns build/test configurations with new PKCS11 and TPM settings.
Changes:
- Bump wolfSSL/wolfTPM/wolfPSA/wolfPKCS11 submodule commits.
- Enable
WOLFPKCS11_USER_SETTINGSacross Make/CMake and user settings header. - Adjust simulator to avoid direct
memfd_create()dependency; tweak TPM autodetect flag placement.
Reviewed changes
Copilot reviewed 11 out of 11 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| tools/unit-tests/Makefile | Adds WOLFPKCS11_USER_SETTINGS define for PKCS11 unit test target. |
| tools/scripts/sim-sunnyday-update.sh | Removes trailing blank lines. |
| test-app/CMakeLists.txt | Adds WOLFPKCS11_USER_SETTINGS for PKCS11 test app builds. |
| options.mk | Adds WOLFPKCS11_USER_SETTINGS; changes where WOLFTPM_AUTODETECT is applied. |
| lib/wolfssl | Updates wolfSSL submodule pointer. |
| lib/wolfTPM | Updates wolfTPM submodule pointer. |
| lib/wolfPSA | Updates wolfPSA submodule pointer. |
| lib/wolfPKCS11 | Updates wolfPKCS11 submodule pointer. |
| include/user_settings.h | Ensures WOLFPKCS11_USER_SETTINGS is defined when PKCS11 secure mode is enabled. |
| hal/sim.c | Wraps memfd_create via syscall helper for portability/buildability. |
| CMakeLists.txt | Adds WOLFPKCS11_USER_SETTINGS to ARM PKCS11 build definitions. |
Comments suppressed due to low confidence (1)
options.mk:1
- This hunk removes the unconditional
WOLFTPM_AUTODETECTand re-adds it only in the SPI-driver branch later. That materially changes which builds define autodetect (e.g., MMIO/non-SPI paths no longer get it). If this is intentional, please add a short comment near this block explaining why autodetect should only apply when building the SPI driver; otherwise, consider restoring the define for the non-SPI/MMIO paths that still rely on wolfTPM autodetection logic.
WOLFCRYPT_OBJS+=$(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/asn.o
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
You can also share your feedback on Copilot code review. Take the survey.
There was a problem hiding this comment.
Pull request overview
Updates dependency submodules and aligns build/test configurations with new PKCS11 and TPM settings, plus improves simulator portability around memfd_create.
Changes:
- Bump wolfSSL, wolfTPM, wolfPSA, and wolfPKCS11 submodules.
- Add
WOLFPKCS11_USER_SETTINGScompile definition across Make/CMake targets that enable secure PKCS11. - Add a Linux syscall-based
memfd_createwrapper for the simulator and adjust size-test limits.
Reviewed changes
Copilot reviewed 12 out of 12 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| tools/unit-tests/Makefile | Adds PKCS11 user-settings define for unit test target. |
| tools/test.mk | Updates expected size limits for multiple signing configurations. |
| tools/scripts/sim-sunnyday-update.sh | Removes trailing blank lines. |
| test-app/CMakeLists.txt | Adds PKCS11 user-settings define for test app build. |
| options.mk | Adds PKCS11 user-settings define; changes where WOLFTPM_AUTODETECT is set. |
| lib/wolfssl | Updates submodule pointer. |
| lib/wolfTPM | Updates submodule pointer. |
| lib/wolfPSA | Updates submodule pointer. |
| lib/wolfPKCS11 | Updates submodule pointer. |
| include/user_settings.h | Makes WOLFPKCS11_USER_SETTINGS definition idempotent. |
| hal/sim.c | Adds memfd_create syscall wrapper and uses it in boot flow. |
| CMakeLists.txt | Adds PKCS11 user-settings define for ARM secure PKCS11 builds. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
You can also share your feedback on Copilot code review. Take the survey.
There was a problem hiding this comment.
Pull request overview
Updates wolfSSL-related submodules and aligns build/test configuration with the updated dependencies (PKCS11 user settings, size limits, and simulator portability).
Changes:
- Bump wolfSSL/wolfTPM/wolfPSA/wolfPKCS11 submodule commits.
- Enable
WOLFPKCS11_USER_SETTINGSacross Make/CMake test and build targets. - Adjust stack-usage limits for wolfTPM builds and update simulator
memfd_createusage + size-test thresholds.
Reviewed changes
Copilot reviewed 12 out of 12 changed files in this pull request and generated 10 comments.
Show a summary per file
| File | Description |
|---|---|
| tools/unit-tests/Makefile | Adds PKCS11 user-settings define for the unit-pkcs11_store target. |
| tools/test.mk | Updates expected binary size limits for several signing configurations. |
| tools/scripts/sim-sunnyday-update.sh | Removes trailing blank lines. |
| test-app/CMakeLists.txt | Adds PKCS11 user-settings define for test app builds. |
| options.mk | Introduces shared wolfTPM stack-usage limit; enables PKCS11 user settings; removes WOLFTPM_AUTODETECT. |
| lib/wolfssl | Updates submodule commit pointer. |
| lib/wolfTPM | Updates submodule commit pointer. |
| lib/wolfPSA | Updates submodule commit pointer. |
| lib/wolfPKCS11 | Updates submodule commit pointer. |
| include/user_settings.h | Ensures WOLFPKCS11_USER_SETTINGS is defined when secure PKCS11 is enabled. |
| hal/sim.c | Adds memfd_create syscall wrapper for portability and uses it in boot path. |
| CMakeLists.txt | Adds PKCS11 user-settings define to ARM PKCS11 build definitions. |
Comments suppressed due to low confidence (1)
lib/wolfssl:1
- The PR title suggests only submodule updates, but this PR also changes build flags (e.g.,
WOLFPKCS11_USER_SETTINGS), stack-usage thresholds, test size limits, and simulator behavior (memfd_create). Consider updating the PR title/description to reflect these functional/build changes, or splitting non-submodule changes into a separate PR to keep review scope clear.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
You can also share your feedback on Copilot code review. Take the survey.
|
FYI, I have an update for wolfHSM here: #729 |
danielinux
force-pushed
the
prepare-release-2.8.0
branch
from
bc79dbf to
16dadd6
Compare
There was a problem hiding this comment.
Pull request overview
Updates crypto/TPM/PSA/PKCS11 submodules and aligns build/system configuration with new upstream expectations (notably PKCS11 user settings and TPM stack-usage limits), plus a small simulator portability tweak.
Changes:
- Bumps wolfssl/wolfTPM/wolfPSA/wolfPKCS11 submodule commits.
- Adds
WOLFPKCS11_USER_SETTINGSacross Make/CMake test and build configurations. - Adjusts TPM stack usage thresholds and introduces a
memfd_createsyscall wrapper for the simulator.
Reviewed changes
Copilot reviewed 12 out of 12 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| tools/unit-tests/Makefile | Adds WOLFPKCS11_USER_SETTINGS to the PKCS11 unit test build flags. |
| tools/test.mk | Updates test-size LIMIT thresholds to match new binary sizes. |
| tools/scripts/sim-sunnyday-update.sh | Removes trailing blank lines. |
| test-app/CMakeLists.txt | Adds WOLFPKCS11_USER_SETTINGS for PKCS11 test app builds. |
| options.mk | Centralizes TPM stack usage to a higher threshold; updates PKCS11 flags; tweaks TPM defines/indentation. |
| lib/wolfssl | Submodule commit bump. |
| lib/wolfTPM | Submodule commit bump. |
| lib/wolfPSA | Submodule commit bump. |
| lib/wolfPKCS11 | Submodule commit bump. |
| include/user_settings.h | Ensures WOLFPKCS11_USER_SETTINGS is defined when secure PKCS11 is enabled. |
| hal/sim.c | Wraps memfd_create behind a syscall-based helper. |
| CMakeLists.txt | Adds WOLFPKCS11_USER_SETTINGS to ARM secure PKCS11 definitions. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Update all submodules to latest upstream version to prepare for new release.
Exception: lib/wolfHSM update addressed separately in PR #729