From ae262860db67838c9db3ed81b2eb0a3805d12b7e Mon Sep 17 00:00:00 2001 From: Daniele Lacamera Date: Tue, 29 Apr 2025 11:51:59 +0200 Subject: [PATCH 1/8] Updated wolfTPM submodule --- lib/wolfTPM | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/wolfTPM b/lib/wolfTPM index 6e1205b1..0cd21b53 160000 --- a/lib/wolfTPM +++ b/lib/wolfTPM @@ -1 +1 @@ -Subproject commit 6e1205b1e11e600c31e4a14764331e33def7beb4 +Subproject commit 0cd21b53c48e9e4aa05652fe20badcc4883c7f33 From 06e8da7a4dd280b9cb8e34ec60e890d8661c98e3 Mon Sep 17 00:00:00 2001 From: Daniele Lacamera Date: Tue, 29 Apr 2025 14:06:10 +0200 Subject: [PATCH 2/8] Updated wolfSSL submodule to v.5.8.0 --- lib/wolfssl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/wolfssl b/lib/wolfssl index 239b85c8..b077c81e 160000 --- a/lib/wolfssl +++ b/lib/wolfssl @@ -1 +1 @@ -Subproject commit 239b85c80438bf60d9a5b9e0ebe9ff097a760d0d +Subproject commit b077c81eb635392e694ccedbab8b644297ec0285 From d05d769e80d0bd71fd947e22dc8d631ba19bb92f Mon Sep 17 00:00:00 2001 From: Daniele Lacamera Date: Tue, 29 Apr 2025 14:25:54 +0200 Subject: [PATCH 3/8] Fixes: footprint size increased --- tools/test.mk | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/tools/test.mk b/tools/test.mk index 19672a88..b1dc0427 100644 --- a/tools/test.mk +++ b/tools/test.mk @@ -990,9 +990,9 @@ test-size-all: make keysclean make test-size SIGN=ED25519 LIMIT=11448 NO_ARM_ASM=1 make keysclean - make test-size SIGN=ECC256 LIMIT=17968 NO_ARM_ASM=1 + make test-size SIGN=ECC256 LIMIT=17988 NO_ARM_ASM=1 make clean - make test-size SIGN=ECC256 NO_ASM=1 LIMIT=13512 NO_ARM_ASM=1 + make test-size SIGN=ECC256 NO_ASM=1 LIMIT=13536 NO_ARM_ASM=1 make keysclean make test-size SIGN=RSA2048 LIMIT=11232 NO_ARM_ASM=1 make clean @@ -1002,9 +1002,9 @@ test-size-all: make clean make test-size SIGN=RSA4096 NO_ASM=1 LIMIT=12096 NO_ARM_ASM=1 make keysclean - make test-size SIGN=ECC384 LIMIT=17536 NO_ARM_ASM=1 + make test-size SIGN=ECC384 LIMIT=17556 NO_ARM_ASM=1 make clean - make test-size SIGN=ECC384 NO_ASM=1 LIMIT=14904 NO_ARM_ASM=1 + make test-size SIGN=ECC384 NO_ASM=1 LIMIT=14924 NO_ARM_ASM=1 make keysclean make test-size SIGN=ED448 LIMIT=13464 NO_ARM_ASM=1 make keysclean @@ -1018,7 +1018,7 @@ test-size-all: make keysclean make test-size SIGN=XMSS XMSS_PARAMS='XMSS-SHA2_10_256' \ IMAGE_SIGNATURE_SIZE=2500 IMAGE_HEADER_SIZE?=4096 \ - LIMIT=8252 NO_ARM_ASM=1 + LIMIT=8292 NO_ARM_ASM=1 make keysclean make clean make test-size SIGN=ML_DSA ML_DSA_LEVEL=2 LIMIT=20168 \ From 54210851e84fd03320b36b25c9c1df32e65f65cd Mon Sep 17 00:00:00 2001 From: Daniele Lacamera Date: Tue, 29 Apr 2025 17:13:29 +0200 Subject: [PATCH 4/8] Updated wolfHSM submodule --- .github/workflows/test-wolfhsm-simulator.yml | 3 ++- lib/wolfHSM | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/test-wolfhsm-simulator.yml b/.github/workflows/test-wolfhsm-simulator.yml index 6cee7367..342af1ac 100644 --- a/.github/workflows/test-wolfhsm-simulator.yml +++ b/.github/workflows/test-wolfhsm-simulator.yml @@ -54,7 +54,8 @@ jobs: with: repository: wolfssl/wolfHSM-examples # Make sure to update this when the wolfHSM submodule is updated! - ref: wolfHSM-v1.1.0 + #ref: wolfHSM-v1.1.0 + ref: 3e03bd4d4a8439ed4a8a9577823c89e4c37eb9be path: wolfHSM-examples - name: Build example POSIX TCP server diff --git a/lib/wolfHSM b/lib/wolfHSM index 6ce59d6d..ea4c3db1 160000 --- a/lib/wolfHSM +++ b/lib/wolfHSM @@ -1 +1 @@ -Subproject commit 6ce59d6da341eed9ad41ae383b8246121dc788a8 +Subproject commit ea4c3db1e05b878f39c107b375c4c57ac93ab35a From c4a3415e98fb624cea582ed76e38da68bbc0424d Mon Sep 17 00:00:00 2001 From: Daniele Lacamera Date: Tue, 29 Apr 2025 17:49:38 +0200 Subject: [PATCH 5/8] Updated bootloader version number --- include/wolfboot/version.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/wolfboot/version.h b/include/wolfboot/version.h index 2ad645e2..f363b050 100644 --- a/include/wolfboot/version.h +++ b/include/wolfboot/version.h @@ -29,8 +29,8 @@ extern "C" { #endif -#define LIBWOLFBOOT_VERSION_STRING "2.4.0" -#define LIBWOLFBOOT_VERSION_HEX 0x02040000 +#define LIBWOLFBOOT_VERSION_STRING "2.5.0" +#define LIBWOLFBOOT_VERSION_HEX 0x02050000 #ifndef WOLFBOOT_VERSION #define WOLFBOOT_VERSION LIBWOLFBOOT_VERSION_HEX From 3b563973d2dc6e2f19d37c8d5084546778952d58 Mon Sep 17 00:00:00 2001 From: Daniele Lacamera Date: Wed, 30 Apr 2025 11:49:35 +0200 Subject: [PATCH 6/8] Updated wolfPKCS11 submodule --- lib/wolfPKCS11 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/wolfPKCS11 b/lib/wolfPKCS11 index 7808688f..bbbb2fda 160000 --- a/lib/wolfPKCS11 +++ b/lib/wolfPKCS11 @@ -1 +1 @@ -Subproject commit 7808688fdeb05150496a10ae6c4de4f797b9d6b0 +Subproject commit bbbb2fda18abd89d81e4a3e308164a218edae17a From c4a6b1c4dfb040f96c79cf0d4baadd4e4361045c Mon Sep 17 00:00:00 2001 From: Daniele Lacamera Date: Wed, 30 Apr 2025 12:11:34 +0200 Subject: [PATCH 7/8] Updated Changelog in README.md --- README.md | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/README.md b/README.md index fbe56161..48232713 100644 --- a/README.md +++ b/README.md @@ -685,3 +685,35 @@ Use `make keysclean` to delete keys and regenerate. * wolfPKCS11 latest * wolfHSM latest +### V 2.5.0 - (2025-05-05) + * New hardware targets + * RP2350 (Raspberry Pi Pico 2, ARM Cortex-M33 with TrustZone) + * NXP MCXA153 + * NXP MCXW716 + * STM32F1 series (STM32F103 “Blue Pill” board) + * Improvements to supported targets + * Xilinx UltraScale+ (ZynqMP) + * Added hardware-accelerated SHA3 hashing via the CSU engine + * Added support for enabling JTAG at runtime when `CSU_DEBUG` is set + * Introduced support for the device’s PUF (Physically Unclonable Function) for unique key generation and secure key storage (requires eFuses) + * Renesas RX + * Added option for TSIP hardware crypto engine + * Infineon TriCore (AURIX TC3xx) + * Updated IDE project files for ARM Developer Studio 1.10.6, fixing build issues and ensuring support for latest toolchain + * Fix to support write operations spanning over multiple sectors + * New features and improvements + * Added support for non-contiguous elf sections, scattered elf firmware loading and verification. + * PQC: Simplified LMS/XMSS integration, deprecated support for third-party libraries + * Support to build wolfBoot as a static library (`libwolfboot.a`) for easier integration and testing of the bootloader logic in custom workflows + * Extended support for ARMORED glitch mitigations to the IAR toolchain + * CMake build refactoring, extended support to more targets + * Various documentation and configuration improvements + * Bug fixes + * Fix alignment enforcement on IAR compiler + * Fix build error on Windows in key generation tool (`_chsize_s` declaration issue in `sign.c`) + * Updated modules + * wolfSSL v5.8.0 + * wolfTPM v3.9.0 + * wolfPKCS11 latest + * wolfHSM latest + From d587a793c0bf522708a61d3f27070dcd0329c947 Mon Sep 17 00:00:00 2001 From: Daniele Lacamera Date: Wed, 30 Apr 2025 13:45:08 +0200 Subject: [PATCH 8/8] Added WOLFSSL_PUBLIC_MP to user_settings when PKCS11 is enabled. --- include/user_settings.h | 1 + 1 file changed, 1 insertion(+) diff --git a/include/user_settings.h b/include/user_settings.h index 10d2c8b7..299bbf3b 100644 --- a/include/user_settings.h +++ b/include/user_settings.h @@ -144,6 +144,7 @@ extern int tolower(int c); # define WOLFSSL_HAVE_SP_ECC # endif +#define WOLFSSL_PUBLIC_MP /* Curve */ # if defined(WOLFBOOT_SIGN_ECC256) || defined(WOLFCRYPT_SECURE_MODE) || \