Skip to content

Improve ARMORED code + minor fixes #665

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
dgarske merged 12 commits into from
Jan 14, 2026
Merged

Improve ARMORED code + minor fixes #665

dgarske merged 12 commits into from
Jan 14, 2026

Conversation

@danielinux
Copy link
Member

@danielinux danielinux commented Jan 12, 2026
edited
Loading

ARMORED=1

  • Improved fault mitigation: more redundancy, hardened
  • Added redundancy to ML_DSA verification

STM32_TZ SAU:

  • Set UPDATE partition to secure. It is only accessed via NSC when the application is running
  • flash_top_secure in hal_tz_sau_init to the same range

Fixes:

  • Bug preventing rollback in case of ARMORED=1.
  • rolled-back image state handling: force update flags on rollback. Set success after complete rollback.

@rizlik rizlik requested a review from Copilot January 12, 2026 11:18
Copilot AI reviewed Jan 12, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR enhances fault mitigation in ARMORED mode with improved redundancy checks, adds ARMORED support for ML_DSA signature verification, fixes rollback handling bugs, and reconfigures STM32 TrustZone SAU regions to set the UPDATE partition as secure.

Changes:

  • Enhanced ARMORED mode with additional redundancy in signature verification and version checking
  • Added redundant verification checks for ML_DSA signatures when ARMORED=1
  • Fixed rollback logic to properly handle version checks and state transitions with ARMORED enabled
  • Reconfigured STM32_TZ SAU to mark UPDATE partition as secure and adjusted flash region mappings

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 6 comments.

Show a summary per file
File Description
tools/test.mk Updated size limits for test targets to accommodate increased code size from ARMORED enhancements
src/update_flash.c Added rollback detection logic, refactored version check to work with ARMORED, and improved rollback state handling
src/image.c Added ARMORED redundancy checks to ML_DSA verification and updated signature verification macros
include/image.h Refactored VERIFY_VERSION_ALLOWED macro for both GCC and IAR with improved redundancy and changed signed to unsigned comparisons
hal/stm32_tz.c Reconfigured SAU regions to mark UPDATE partition as secure with dynamic flash_top_secure calculation

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@danielinux
Update src/image.c: remove duplicated code
d4e66e5 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
@danielinux danielinux requested a review from rizlik January 12, 2026 11:42
rizlik
rizlik requested changes Jan 12, 2026
View reviewed changes
@danielinux
Uniform STM32L5 flash write hal
5ac5191 
- update partition is now secure, only accessible via NSC
- removed legacy security settings in hal_flash_write/erase when running
  in secure mode
- Added explicit IMAGE_HEADER_SIZE to default config
@danielinux
Simplified/fixed SAU setup
22fbc78
@danielinux
Addressed reviewer's comments.
fdf241d
@danielinux
Made all cmp/flag checks more redundant in ARMORED
da35fd5
@danielinux danielinux requested review from Copilot and rizlik January 14, 2026 07:41
rizlik
rizlik requested changes Jan 14, 2026
View reviewed changes
rizlik
rizlik previously approved these changes Jan 14, 2026
View reviewed changes
@danielinux danielinux assigned dgarske and unassigned rizlik Jan 14, 2026
@danielinux danielinux requested a review from dgarske January 14, 2026 11:04
dgarske
dgarske requested changes Jan 14, 2026
View reviewed changes
Copy link
Contributor

@dgarske dgarske left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice!

dgarske
dgarske previously approved these changes Jan 14, 2026
View reviewed changes
@dgarske dgarske requested a review from mattia-moffa January 14, 2026 17:38
mattia-moffa
mattia-moffa reviewed Jan 14, 2026
View reviewed changes
@danielinux danielinux dismissed stale reviews from dgarske and rizlik via 847f1f1 January 14, 2026 19:54
@dgarske dgarske merged commit 16887c6 into wolfSSL:master Jan 14, 2026
303 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dgarske dgarske dgarske approved these changes

@mattia-moffa mattia-moffa mattia-moffa approved these changes

@rizlik rizlik rizlik left review comments

Copilot code review Copilot Awaiting requested review from Copilot

Assignees

@danielinux danielinux

@dgarske dgarske

@mattia-moffa mattia-moffa

@wolfSSL-Bot wolfSSL-Bot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@danielinux @dgarske @rizlik @mattia-moffa @wolfSSL-Bot