Conversation
There was a problem hiding this comment.
Pull request overview
Note
Copilot was unable to run its full agentic suite in this review.
Adds LPC55S69 hardware-crypto enablement and supporting tooling for flashing/debug plus wolfCrypt test/benchmark support on the test application.
Changes:
- Add Lauterbach
.cmmscripts for factory flashing, update-image flashing, and debug setup. - Enable/parameterize LPC55S69 crypto acceleration build knobs (PKA), RNG/HashCrypt/Casper integration, and wolfCrypt test/benchmark execution.
- Update LPC55S69 linker/config defaults (RAM size, partitions, hash algorithm) to accommodate new crypto/test needs.
Reviewed changes
Copilot reviewed 14 out of 14 changed files in this pull request and generated 11 comments.
Show a summary per file
| File | Description |
|---|---|
| tools/scripts/lpc55s69/lpc55s69_flash_update.cmm | Adds Lauterbach script to program a signed update image. |
| tools/scripts/lpc55s69/lpc55s69_flash_factory_bin.cmm | Adds Lauterbach script to erase and flash a factory image. |
| tools/scripts/lpc55s69/lpc55s69_debug.cmm | Adds Lauterbach script to load symbols and set breakpoints for debugging. |
| test-app/wolfcrypt_support.c | Uses LPC55S69 SysTick millisecond counter for timing APIs used by wolfCrypt tests/benchmarks. |
| test-app/syscalls.c | Adds vsnprintf forward declaration to route printf-family functions. |
| test-app/startup_arm.c | Maps SysTick ISR name for LPC55S69 builds. |
| test-app/app_lpc55s69.c | Adds SysTick timebase, wolfCrypt test/benchmark runner, and weak syscall stubs. |
| test-app/Makefile | Adds RSA object and LPC55S69 hardware-crypto build/ld flags (PKA vs no-hwaccel). |
| test-app/ARM-lpc55s69.ld | Increases RAM, adds heap/stack region symbols used by runtime/debug. |
| include/user_settings.h | Adjusts RNG/DRBG and cipher settings for LPC55S69 (incl. interleave limitation). |
| hal/lpc55s69.c | Initializes HashCrypt/Casper and adjusts RNG peripheral handling based on hwaccel macros. |
| config/examples/lpc55s69.config | Updates defaults (SHA256, PKA off, partition locations) and documents larger-sector option. |
| config/examples/lpc55s69-tz.config | Same as above for TZ build. |
| arch.mk | Adds include paths and objects for LPC55S69 Casper/HashCrypt/RNG under PKA builds. |
Comments suppressed due to low confidence (1)
hal/lpc55s69.c:1
- The return values of
wc_hashcrypt_init()/wc_casper_init()are ignored. If initialization fails (clocking, reset state, secure/non-secure access, etc.), later crypto operations may fail in harder-to-debug ways. Recommend checking the return codes and either logging (whenDEBUG_UART) and/or failing fast in a controlled way.
/* lpc55s69.c
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| DO ~~/demo/arm/flash/lpc55xx PREPAREONLY | ||
|
|
||
| ;; flash.erase all ;; NOT FOR UPDATE | ||
| FLASH.ReProgram ALL | ||
| Data.LOAD.Binary "\\wsl.localhost\Ubuntu-22.04\home\tcook\wolf\wolfBoot\test-app\image_v2_signed.bin" 0x18000 |
There was a problem hiding this comment.
This hard-codes a developer-specific WSL UNC path (including username and distro). Consider parameterizing the image path (e.g., via a CMM variable / argument / prompt) or using a repository-relative path so the script is reproducible across environments.
| DO ~~/demo/arm/flash/lpc55xx PREPAREONLY | |
| ;; flash.erase all ;; NOT FOR UPDATE | |
| FLASH.ReProgram ALL | |
| Data.LOAD.Binary "\\wsl.localhost\Ubuntu-22.04\home\tcook\wolf\wolfBoot\test-app\image_v2_signed.bin" 0x18000 | |
| LOCAL &image_path | |
| ENTRY &image_path | |
| IF "&image_path"=="" | |
| ( | |
| ENTER &image_path "Path to signed image binary" | |
| ) | |
| DO ~~/demo/arm/flash/lpc55xx PREPAREONLY | |
| ;; flash.erase all ;; NOT FOR UPDATE | |
| FLASH.ReProgram ALL | |
| Data.LOAD.Binary "&image_path" 0x18000 |
|
|
||
| flash.erase all | ||
| FLASH.ReProgram ALL | ||
| Data.LOAD.Binary "\\wsl.localhost\Ubuntu-22.04\home\tcook\wolf\wolfBoot\factory.bin" 0 |
There was a problem hiding this comment.
This hard-codes a developer-specific WSL UNC path. Recommend making the binary path an input parameter (or using a relative path) so the factory flashing script can be used in CI/docs and by other developers without edits.
| data.load "\\wsl.localhost\Ubuntu-22.04\home\tcook\wolf\wolfBoot\wolfboot.elf" /nocode | ||
| symbol.sourcepath.TranslateSUBpath "\home\tcook\wolf" "\\wsl.localhost\Ubuntu-22.04\home\tcook\wolf" |
There was a problem hiding this comment.
The debug script bakes in a specific local filesystem layout (WSL path + home directory). This will fail for anyone else and is difficult to automate. Consider using parameterized paths (passed in at invocation time) or deriving paths from the script location to make debugging setup portable.
| * other OS facilities that don't exist in bare-metal. | ||
| * wolfCrypt test/benchmark code calls standard printf, not wolfBoot_printf. | ||
| */ | ||
| int vsnprintf(char *buf, unsigned int size, const char *fmt, va_list argp); |
There was a problem hiding this comment.
This forward declaration does not match the standard vsnprintf signature (uses unsigned int instead of size_t, and may conflict with the libc prototype). This can cause compile warnings/errors or ABI mismatches. Prefer including the proper header and not redeclaring it, or match the exact standard prototype (size_t-based) consistently.
| void WEAKFUNCTION *_sbrk(int incr) | ||
| { | ||
| (void)incr; | ||
| return 0; | ||
| } |
There was a problem hiding this comment.
_sbrk returning 0 unconditionally is unsafe: allocators may treat 0 as a valid heap pointer and proceed, leading to writes to address 0 and hard faults. Either implement _sbrk using linker-provided heap/stack bounds (_start_heap, _end_stack) or fail correctly by returning (void*)-1 and setting errno to ENOMEM.
| APP_OBJS+=$(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/sp_c32.o | ||
|
|
||
| # Add RSA support (needed by test suite) | ||
| APP_OBJS+=$(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/rsa.o |
There was a problem hiding this comment.
RSA is being linked whenever WOLFCRYPT_SUPPORT=1, but the comment indicates it’s only needed for the test suite. Consider gating rsa.o under WOLFCRYPT_TEST (and/or WOLFCRYPT_BENCHMARK if required) to avoid unnecessary code size in non-test builds.
| APP_OBJS+=$(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/rsa.o | |
| ifeq ($(WOLFCRYPT_TEST),1) | |
| APP_OBJS+=$(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/rsa.o | |
| endif |
| #ifdef WOLFCRYPT_SECURE_MODE | ||
| void hal_trng_init(void) | ||
| { | ||
| #ifdef __WOLFBOOT | ||
| #ifndef WOLFSSL_NXP_LPC55S69_NO_HWACCEL | ||
| # ifdef __WOLFBOOT | ||
| CLOCK_EnableClock(kCLOCK_Rng); | ||
| RESET_PeripheralReset(kRNG_RST_SHIFT_RSTn); | ||
| #endif | ||
| # endif | ||
| RNG_Init(RNG); | ||
| #endif | ||
| } |
There was a problem hiding this comment.
When WOLFSSL_NXP_LPC55S69_NO_HWACCEL is defined, TRNG init becomes a no-op and hal_trng_get_entropy() deterministically returns -1. In WOLFCRYPT_SECURE_MODE, that likely breaks any code requiring entropy (and can silently downgrade security if callers don’t handle it). Consider decoupling TRNG availability from the 'no hw accel' macro (RNG is not the same as Casper/HashCrypt), or emit a compile-time error if secure mode is enabled without a usable entropy source.
| int hal_trng_get_entropy(unsigned char *out, unsigned int len) | ||
| { | ||
| #ifndef WOLFSSL_NXP_LPC55S69_NO_HWACCEL | ||
| if (RNG_GetRandomData(RNG, out, len) == kStatus_Success) | ||
| return 0; | ||
| #endif | ||
|
|
||
| return -1; | ||
| } |
There was a problem hiding this comment.
When WOLFSSL_NXP_LPC55S69_NO_HWACCEL is defined, TRNG init becomes a no-op and hal_trng_get_entropy() deterministically returns -1. In WOLFCRYPT_SECURE_MODE, that likely breaks any code requiring entropy (and can silently downgrade security if callers don’t handle it). Consider decoupling TRNG availability from the 'no hw accel' macro (RNG is not the same as Casper/HashCrypt), or emit a compile-time error if secure mode is enabled without a usable entropy source.
| FLASH_MULTI_SECTOR_ERASE?=1 | ||
|
|
||
| # 512-byte pages erasable/writeable | ||
| # use 1024-byte sector to accomodate RSA4096 signature |
There was a problem hiding this comment.
Correct typo: 'accomodate' should be 'accommodate'.
| # use 1024-byte sector to accomodate RSA4096 signature | |
| # use 1024-byte sector to accommodate RSA4096 signature |
| WOLFCRYPT_TZ_PKCS11?=1 | ||
|
|
||
| # 512-byte pages erasable/writeable | ||
| # use 1024-byte sector to accomodate RSA4096 signature |
There was a problem hiding this comment.
Correct typo: 'accomodate' should be 'accommodate'.
| # use 1024-byte sector to accomodate RSA4096 signature | |
| # use 1024-byte sector to accommodate RSA4096 signature |
danielinux
left a comment
danielinux
left a comment
There was a problem hiding this comment.
do not tie RNG to NO_HWACCEL. CASPER/HASHCRYPT acceleration can be disabled while the hardware RNG is still required by WOLFCRYPT_SECURE_MODE, e.g. when compiling with trustzone.
You still need something like:
ifeq ($(WOLFCRYPT_TZ),1)
OBJS+=$(MCUXPRESSO)/drivers/rng_1/fsl_rng.o
endif
when PKA=0.
Then in hal/lpc55s69.c, you should remove the WOLFSSL_NXP_LPC55S69_NO_HWACCEL guards around RNG_Init() and RNG_GetRandomData(), or replace them with a dedicated RNG macro if you need one
No description provided.