wolfSSL · dgarske · Jul 31, 2025 · Jul 24, 2025 · Jul 24, 2025 · Jul 29, 2025
diff --git a/.github/workflows/test-build-aarch64.yml b/.github/workflows/test-build-aarch64.yml
@@ -0,0 +1,57 @@
+name: Wolfboot Build workflow for AARCH64
+
+on:
+
+  workflow_call:
+    inputs:
+      arch:
+        required: true
+        type: string
+      config-file:
+        required: true
+        type: string
+      make-args:
+        required: false
+        type: string
+
+jobs:
+
+  build:
+    runs-on: ubuntu-24.04
+
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          submodules: true
+
+      - name: Workaround for sources.list
+        run: sudo sed -i 's|http://azure.archive.ubuntu.com/ubuntu/|http://mirror.arizona.edu/ubuntu/|g' /etc/apt/sources.list
+
+      - name: Update repository
+        run: sudo apt-get update
+
+      - name: Install dependencies
+        run: |
+          sudo apt-get install -y build-essential curl
+
+      - name: Install cross compiler
+        run: |
+          curl -O https://armkeil.blob.core.windows.net/developer/Files/downloads/gnu/14.3.rel1/binrel/arm-gnu-toolchain-14.3.rel1-x86_64-aarch64-none-elf.tar.xz
+          tar xf arm-gnu-toolchain-14.3.rel1-x86_64-aarch64-none-elf.tar.xz -C /opt/
+          echo "/opt/arm-gnu-toolchain-14.3.rel1-x86_64-aarch64-none-elf/bin" >> $GITHUB_PATH
+
+      - name: make clean
+        run: |
+          make distclean
+
+      - name: Select config
+        run: |
+          cp ${{inputs.config-file}} .config
+
+      - name: Build tools
+        run: |
+          make -C tools/keytools && make -C tools/bin-assemble
+
+      - name: Build wolfboot
+        run: |
+          make ${{inputs.make-args}}
diff --git a/.github/workflows/test-build-pico-sdk.yml b/.github/workflows/test-build-pico-sdk.yml
@@ -32,6 +32,11 @@ jobs:
           repository: raspberrypi/pico-sdk
           path: pico-sdk
 
+      - name: pico-sdk submodules initialization
+        run: |
+          cd pico-sdk
+          git submodule update --init --recursive
+
       - name: Workaround for sources.list
         run: sudo sed -i 's|http://azure.archive.ubuntu.com/ubuntu/|http://mirror.arizona.edu/ubuntu/|g' /etc/apt/sources.list
 

diff --git a/.github/workflows/test-configs.yml b/.github/workflows/test-configs.yml
@@ -464,11 +464,10 @@ jobs:
       config-file: ./config/examples/x86_64_efi.config
 
   zynqmp_test:
-    uses: ./.github/workflows/test-build.yml
+    uses: ./.github/workflows/test-build-aarch64.yml
     with:
       arch: aarch64
       config-file: ./config/examples/zynqmp.config
-      make-args: CROSS_COMPILE=aarch64-linux-gnu-
 
   sim_wolfhsm_test:
     uses: ./.github/workflows/test-build.yml

diff --git a/IDE/pico-sdk/rp2350/test-app/CMakeLists.txt b/IDE/pico-sdk/rp2350/test-app/CMakeLists.txt
@@ -1,5 +1,6 @@
 cmake_minimum_required(VERSION 3.13)
-set(WOLFBOOT_PATH ../../../../)
+set(WOLFBOOT_PATH "${CMAKE_CURRENT_SOURCE_DIR}/../../../..")
+get_filename_component(WOLFBOOT_PATH "${WOLFBOOT_PATH}" ABSOLUTE)
 set(CMAKE_CXX_COMPILER arm-none-eabi-gcc)
 set(LIB_PICO_RUNTIME_INIT=0)
 
@@ -27,7 +28,7 @@ target_compile_options(blink PRIVATE
 )
 target_compile_definitions(blink PRIVATE PICO_NO_RUNTIME=1)
 
-pico_set_linker_script(blink ../../../../../hal/rp2350-app.ld)
+pico_set_linker_script(blink ${WOLFBOOT_PATH}/hal/rp2350-app.ld)
 target_link_libraries(blink pico_stdlib)
 
 # create map/bin/hex/uf2 file etc.

diff --git a/IDE/pico-sdk/rp2350/wolfboot/CMakeLists.txt b/IDE/pico-sdk/rp2350/wolfboot/CMakeLists.txt
@@ -1,5 +1,6 @@
 cmake_minimum_required(VERSION 3.13)
-set(WOLFBOOT_PATH ../../../..)
+set(WOLFBOOT_PATH "${CMAKE_CURRENT_SOURCE_DIR}/../../../..")
+get_filename_component(WOLFBOOT_PATH "${WOLFBOOT_PATH}" ABSOLUTE)
 set(CMAKE_CXX_COMPILER arm-none-eabi-gcc)
 
 include(${PICO_SDK_PATH}/pico_sdk_init.cmake)
@@ -65,7 +66,7 @@ target_include_directories(wolfboot PRIVATE
 )
 
 target_link_libraries(wolfboot pico_stdlib hardware_flash)
-pico_set_linker_script(wolfboot ../../../../../hal/rp2350.ld)
+pico_set_linker_script(wolfboot ${WOLFBOOT_PATH}/hal/rp2350.ld)
 
 pico_enable_stdio_usb(wolfboot 1)
 pico_enable_stdio_uart(wolfboot 0)

diff --git a/lib/wolfHSM b/lib/wolfHSM
diff --git a/lib/wolfPKCS11 b/lib/wolfPKCS11
diff --git a/lib/wolfTPM b/lib/wolfTPM
diff --git a/lib/wolfssl b/lib/wolfssl
diff --git a/options.mk b/options.mk
@@ -712,7 +712,7 @@ ifeq ($(WOLFTPM),1)
       SIM_TPM=1
     endif
     ifeq ($(SIM_TPM),1)
-      CFLAGS+=-DWOLFTPM_SWTPM -DTPM_TIMEOUT_TRIES=0 -DHAVE_NETDB_H
+      CFLAGS+=-DWOLFTPM_SWTPM -DTPM_TIMEOUT_TRIES=0 -DHAVE_NETDB_H -DHAVE_UNISTD_H
       OBJS+=./lib/wolfTPM/src/tpm2_swtpm.o
     else
       # Use memory-mapped WOLFTPM on x86-64

diff --git a/test-app/wcs/user_settings.h b/test-app/wcs/user_settings.h
@@ -26,6 +26,8 @@
 #define H_USER_SETTINGS_
 
 #include <target.h>
+#include <time.h>
+int clock_gettime (clockid_t clock_id, struct timespec *tp);
 #include "wolfboot/wc_secure.h"
 
 #define WOLFCRYPT_ONLY

diff --git a/tools/test.mk b/tools/test.mk
@@ -961,39 +961,39 @@ test-all: clean
 
 
 test-size-all:
-	make test-size SIGN=NONE LIMIT=4824 NO_ARM_ASM=1
+	make test-size SIGN=NONE LIMIT=4854 NO_ARM_ASM=1
 	make keysclean
-	make test-size SIGN=ED25519 LIMIT=11428 NO_ARM_ASM=1
+	make test-size SIGN=ED25519 LIMIT=11458 NO_ARM_ASM=1
 	make keysclean
-	make test-size SIGN=ECC256  LIMIT=17968 NO_ARM_ASM=1
+	make test-size SIGN=ECC256  LIMIT=18656 NO_ARM_ASM=1
 	make clean
-	make test-size SIGN=ECC256 NO_ASM=1 LIMIT=13536 NO_ARM_ASM=1
+	make test-size SIGN=ECC256 NO_ASM=1 LIMIT=13566 NO_ARM_ASM=1
 	make keysclean
-	make test-size SIGN=RSA2048 LIMIT=11264 NO_ARM_ASM=1
+	make test-size SIGN=RSA2048 LIMIT=11302 NO_ARM_ASM=1
 	make clean
-	make test-size SIGN=RSA2048 NO_ASM=1 LIMIT=11844 NO_ARM_ASM=1
+	make test-size SIGN=RSA2048 NO_ASM=1 LIMIT=11882 NO_ARM_ASM=1
 	make keysclean
-	make test-size SIGN=RSA4096 LIMIT=11552 NO_ARM_ASM=1
+	make test-size SIGN=RSA4096 LIMIT=11586 NO_ARM_ASM=1
 	make clean
-	make test-size SIGN=RSA4096 NO_ASM=1 LIMIT=12132 NO_ARM_ASM=1
+	make test-size SIGN=RSA4096 NO_ASM=1 LIMIT=12166 NO_ARM_ASM=1
 	make keysclean
-	make test-size SIGN=ECC384 LIMIT=17464 NO_ARM_ASM=1
+	make test-size SIGN=ECC384 LIMIT=18616 NO_ARM_ASM=1
 	make clean
-	make test-size SIGN=ECC384 NO_ASM=1 LIMIT=14912 NO_ARM_ASM=1
+	make test-size SIGN=ECC384 NO_ASM=1 LIMIT=14942 NO_ARM_ASM=1
 	make keysclean
-	make test-size SIGN=ED448 LIMIT=13416 NO_ARM_ASM=1
+	make test-size SIGN=ED448 LIMIT=13526 NO_ARM_ASM=1
 	make keysclean
-	make test-size SIGN=RSA3072 LIMIT=11404 NO_ARM_ASM=1
+	make test-size SIGN=RSA3072 LIMIT=11444 NO_ARM_ASM=1
 	make clean
-	make test-size SIGN=RSA3072 NO_ASM=1 LIMIT=11948 NO_ARM_ASM=1
+	make test-size SIGN=RSA3072 NO_ASM=1 LIMIT=11988 NO_ARM_ASM=1
 	make keysclean
 	make test-size SIGN=LMS LMS_LEVELS=2 LMS_HEIGHT=5 LMS_WINTERNITZ=8 \
 		WOLFBOOT_SMALL_STACK=0 IMAGE_SIGNATURE_SIZE=2644 \
-		IMAGE_HEADER_SIZE?=5288 LIMIT=7516 NO_ARM_ASM=1
+		IMAGE_HEADER_SIZE?=5288 LIMIT=7546 NO_ARM_ASM=1
 	make keysclean
 	make test-size SIGN=XMSS XMSS_PARAMS='XMSS-SHA2_10_256' \
 		IMAGE_SIGNATURE_SIZE=2500 IMAGE_HEADER_SIZE?=4096 \
-		LIMIT=8292 NO_ARM_ASM=1
+		LIMIT=8322 NO_ARM_ASM=1
 	make keysclean
 	make clean
 	make test-size SIGN=ML_DSA ML_DSA_LEVEL=2 LIMIT=18866 \
+57 −0		.github/workflows/static-analysis.yml
+16 −9		.gitignore
+22 −0		ChangeLog.md
+22 −0		Makefile
+1 −1		benchmark/bench_modules/wh_bench_mod_rsa.c
+15 −0		examples/Makefile
+18 −3		examples/demo/client/wh_demo_client_all.c
+3 −3		examples/demo/client/wh_demo_client_all.h
+2 −1		examples/demo/client/wh_demo_client_counter.c
+4 −3		examples/demo/client/wh_demo_client_counter.h
+1 −5		examples/demo/client/wh_demo_client_crypto.c
+4 −15		examples/demo/client/wh_demo_client_crypto.h
+2 −1		examples/demo/client/wh_demo_client_keystore.c
+4 −3		examples/demo/client/wh_demo_client_keystore.h
+4 −3		examples/demo/client/wh_demo_client_nvm.c
+3 −3		examples/demo/client/wh_demo_client_nvm.h
+336 −0		examples/demo/client/wh_demo_client_secboot.c
+10 −0		examples/demo/client/wh_demo_client_secboot.h
+2 −1		examples/demo/client/wh_demo_client_wcbench.h
+1 −1		examples/demo/client/wh_demo_client_wctest.c
+2 −1		examples/demo/client/wh_demo_client_wctest.h
+23 −5		examples/posix/tcp/wh_client_tcp/wh_client_tcp.c
+1 −1		examples/posix/tcp/wh_client_tcp/wolfhsm_cfg.h
+60 −3		examples/posix/tcp/wh_server_tcp/wh_server_tcp.c
+2 −0		examples/posix/tcp/wh_server_tcp/wolfhsm_cfg.h
+7 −5		src/wh_client.c
+8 −0		src/wh_client_cryptocb.c
+3 −5		src/wh_client_she.c
+9 −9		src/wh_nvm_flash.c
+22 −4		src/wh_server_crypto.c
+449 −0		src/wh_server_img_mgr.c
+256 −259		src/wh_she_crypto.c
+20 −8		src/wh_transport_mem.c
+3 −3		src/wh_utils.c
+11 −9		test/Makefile
+4 −0		test/config/wolfhsm_cfg.h
+9 −0		test/wh_test.c
+54 −24		test/wh_test_crypto.c
+1,300 −0		test/wh_test_server_img_mgr.c
+25 −0		test/wh_test_server_img_mgr.h
+14 −0		tools/Makefile
+12 −0		tools/static-analysis/cppcheck-suppressions.txt
+86 −0		tools/static-analysis/run_cppcheck.sh
+9 −0		tools/testcertgen/Makefile
+1 −0		tools/whnvmtool/.gitignore
+1 −1		wolfhsm/wh_error.h
+4 −5		wolfhsm/wh_server.h
+277 −0		wolfhsm/wh_server_img_mgr.h
+24 −0		wolfhsm/wh_settings.h
+1 −1		wolfhsm/wh_utils.h
+30 −0		.clang-tidy
+6 −0		.codespellrc
+190 −0		.github/workflows/alpine-architecture-tests.yml
+2 −1		.github/workflows/build-workflow.yml
+207 −0		.github/workflows/clang-tidy.yml
+29 −0		.github/workflows/codespell.yml
+92 −0		.github/workflows/debian-package-test.yml
+370 −0		.github/workflows/nss-cmsutil-test.yml
+282 −0		.github/workflows/nss-curl-test.yml
+315 −0		.github/workflows/nss-pdfsig-test.yml
+350 −0		.github/workflows/nss-ssltap-test.yml
+199 −0		.github/workflows/sanitizer-tests.yml
+158 −0		.github/workflows/storage-upgrade-test-tpm.yml
+161 −0		.github/workflows/storage-upgrade-test.yml
+15 −3		.github/workflows/unit-test.yml
+97 −0		.github/workflows/wolfssl-v5.6.6-build-workflow.yml
+11 −0		.gitignore
+1 −0		Docker/include.am
+5 −0		Docker/packaging/debian/Dockerfile
+2 −1		IDE/VisualStudio/wolftpm.vcxproj
+2 −0		Makefile.am
+89 −7		configure.ac
+69 −0		debian/README.Debian
+6 −0		debian/changelog
+41 −0		debian/control
+41 −0		debian/control.in
+27 −0		debian/copyright
+89 −0		debian/include.am
+3 −0		debian/libwolfpkcs11-dev.install
+3 −0		debian/libwolfpkcs11-dev.lintian-overrides
+1 −0		debian/libwolfpkcs11.install
+7 −0		debian/libwolfpkcs11.lintian-overrides
+56 −0		debian/rules
+3 −4		examples/add_cert_file.c
+6 −170		examples/add_rsa_key.c
+2 −3		examples/add_rsa_key_file.c
+1 −0		examples/include.am
+1 −1		examples/slot_info.c
+3 −3		pre-commit.sh
+3,310 −456		src/crypto.c
+3,207 −381		src/internal.c
+1,077 −195		src/slot.c
+44 −16		src/wolfpkcs11.c
+1 −0		tests/README.md
+222 −0		tests/debug_test.c
+26 −0		tests/include.am
+519 −0		tests/object_id_uniqueness_test.c
+355 −65		tests/pkcs11mtt.c
+145 −1		tests/pkcs11str.c
+6,766 −1,242		tests/pkcs11test.c
+671 −0		tests/rsa_session_persistence_test.c
+30 −3		tests/testdata.h
+466 −0		tests/token_path_test.c
+33 −0		tests/unit.h
+360 −136		wolfpkcs11/internal.h
+247 −69		wolfpkcs11/pkcs11.h
+8 −6		wolfpkcs11/store.h