add wolfBoot image verification to image manager#339
add wolfBoot image verification to image manager#339bigbrett wants to merge 3 commits intowolfSSL:mainfrom
Conversation
There was a problem hiding this comment.
Pull request overview
Extends the server image manager to support verifying wolfBoot-format images (manifest TLV header carrying hash/signature and optional cert chain) in addition to existing “raw blob + NVM signature” verification.
Changes:
- Adds wolfBoot image type support and new wolfBoot verification method APIs (RSA4096+SHA256, with and without cert-chain validation).
- Updates server image-manager verification flow to load key/signature material based on image type (RAW vs WOLFBOOT vs WOLFBOOT_CERT).
- Adds test coverage for the two new verification methods and a script to generate offline wolfBoot test vectors.
Reviewed changes
Copilot reviewed 4 out of 5 changed files in this pull request and generated 5 comments.
| File | Description |
|---|---|
wolfhsm/wh_server_img_mgr.h |
Adds wolfBoot constants, new image type enum, expands image descriptor struct, declares new verify methods. |
src/wh_server_img_mgr.c |
Implements wolfBoot TLV parsing + hashing + RSA4096 verification; adds cert-chain verification path using server cert API; updates per-image key/sig loading logic. |
test/wh_test_server_img_mgr.c |
Adds positive/negative tests for wolfBoot RSA4096 verification and cert-chain verification. |
test/scripts/gen_wolfboot_test_data.sh |
Adds a generator script intended to produce the wolfBoot test artifact header used by the new tests. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
wolfSSL-Fenrir-bot
left a comment
wolfSSL-Fenrir-bot
left a comment
There was a problem hiding this comment.
Fenrir Automated Review — PR #339
Scan targets checked: wolfhsm-consttime, wolfhsm-core-bugs, wolfhsm-defaults, wolfhsm-mutation, wolfhsm-proptest, wolfhsm-src, wolfhsm-zeroize
Findings: 5
5 finding(s) posted as inline comments (see file-level comments below)
This review was generated automatically by Fenrir. Findings are non-blocking.
bigbrett
force-pushed
the
img-mgr-wolfboot
branch
from
d4e7a9e to
dfb7ec0
Compare
bigbrett
force-pushed
the
img-mgr-wolfboot
branch
from
dfb7ec0 to
02953a7
Compare
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 4 out of 5 changed files in this pull request and generated 2 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
bigbrett
force-pushed
the
img-mgr-wolfboot
branch
from
02953a7 to
dcd7772
Compare
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 4 out of 5 changed files in this pull request and generated 1 comment.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
bigbrett
force-pushed
the
img-mgr-wolfboot
branch
from
bc6f32e to
920e13c
Compare
bigbrett
force-pushed
the
img-mgr-wolfboot
branch
from
920e13c to
d9a61d0
Compare
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 4 out of 5 changed files in this pull request and generated no new comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Add wolfBoot image verification to server image manager
Extends the server image manager to verify wolfBoot-format images in addition to opaque blobs. wolfBoot images carry their signature (and optionally a certificate chain) in a TLV-formatted manifest header, so the manager now knows how to parse the header and source verification material from it rather than from fixed NVM IDs.
What's new
whServerImgMgrImgTypeenum distinguishes image loading behavior:RAW(existing — key from keystore, sig from NVM),WOLFBOOT(key from keystore, sig from header), andWOLFBOOT_CERT(root CA from NVM, cert chain + sig from header).whServerImgMgrImggainshdrAddr/hdrSize/imgTypefields;sigNvmIdis repurposed as the root CA NVM ID in the cert-chain case.wh_Server_ImgMgrVerifyMethodWolfBootRsa4096WithSha256— standard wolfBoot verification against a keystore-provisioned public key.wh_Server_ImgMgrVerifyMethodWolfBootCertChainRsa4096WithSha256— verifies the embedded cert chain against an HSM-provisioned root CA using the server cert API, then uses the leaf public key to verify the image signature.test/gen/wh_test_wolfboot_img_data.h) produced offline bytest/scripts/gen_wolfboot_test_data.sh.Future work
Only RSA4096+SHA256 is supported in this PR. Follow-ups will add additional wolfBoot-supported verification mechanisms (ECC, ed25519, etc.), reusing the same header-parsing and cert-chain plumbing.