Fenrir fixes#771
Open
mattia-moffa wants to merge 9 commits intowolfSSL:masterfrom
Open
Conversation
…erencing in crypto dispatcher F#3541, F#3542
Contributor
There was a problem hiding this comment.
Pull request overview
Note
Copilot was unable to run its full agentic suite in this review.
This PR bundles a set of fixes across update-related unit tests, signing tooling I/O, boot/update logic safety checks, and HAL erase/test correctness.
Changes:
- Add unit-test assertions to verify
hal_flash_protect()is called with expected parameters during boot paths (guarded by#ifndef TZEN). - Fix file I/O modes and
fread/fwriteargument ordering intools/keytools/sign.c. - Harden and correct several low-level behaviors (header parsing size checks, negative keystore IDs, PSA IPC vector validation, and flash erase boundary handling).
Reviewed changes
Copilot reviewed 13 out of 13 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| tools/unit-tests/unit-update-ram.c | Track and assert hal_flash_protect() usage in RAM update unit tests. |
| tools/unit-tests/unit-update-ram-nofixed.c | Track and assert hal_flash_protect() usage in “nofixed” RAM tests. |
| tools/unit-tests/unit-update-flash.c | Track and assert hal_flash_protect() usage in flash update unit tests. |
| tools/unit-tests/unit-update-disk.c | Track and assert hal_flash_protect() usage in disk update unit tests. |
| tools/keytools/sign.c | Fix base diff file open mode and correct fread/fwrite usage. |
| src/update_flash_hwswap.c | Adjust max_v initialization logic (now declared without initializer). |
| src/libwolfboot.c | Improve error handling in trailer write and validate header field sizes when parsing blobs. |
| src/flash_otp_keystore.c | Reject negative key IDs in keystore accessors. |
| src/arm_tee_psa_ipc.c | Add additional in/out vector validation in PSA IPC crypto dispatch. |
| hal/stm32u5.c | Fix erase end-address computation to include small-length ranges. |
| hal/stm32l5.c | Fix erase end-address computation to include small-length ranges. |
| hal/stm32h5.c | Fix erase end-address computation to include small-length ranges. |
| hal/hal.c | Prevent overwrite in unaligned source flash test by reducing loop bound. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
+737
to
+738
| ck_assert_uint_eq((uintptr_t)mock_flash_protect_addr, | ||
| (uintptr_t)WOLFBOOT_ORIGIN); |
| uint32_t boot_v = 0U; | ||
| uint32_t update_v = 0U; | ||
| uint32_t max_v = (boot_v > update_v) ? boot_v : update_v; | ||
| uint32_t max_v; |
| if (out_vec == NULL || out_len < 2) { | ||
| if (out_vec == NULL || out_len < 2 || | ||
| out_vec[0].base == NULL || | ||
| out_vec[0].len < sizeof(uint32_t)) { |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
From F#3534 to F#3543