wolfSSL
diff --git a/‎include/user_settings.h‎
Lines changed: 4 additions & 2 deletions b/‎include/user_settings.h‎
Lines changed: 4 additions & 2 deletions
diff --git a/‎include/wolfboot/wcs_wolfhsm.h‎
Lines changed: 32 additions & 0 deletions b/‎include/wolfboot/wcs_wolfhsm.h‎
Lines changed: 32 additions & 0 deletions
diff --git a/‎options.mk‎
Lines changed: 64 additions & 38 deletions b/‎options.mk‎
Lines changed: 64 additions & 38 deletions
diff --git a/‎src/wc_callable.c‎
Lines changed: 7 additions & 0 deletions b/‎src/wc_callable.c‎
Lines changed: 7 additions & 0 deletions
diff --git a/‎src/wolfhsm_callable.c‎
Lines changed: 159 additions & 0 deletions b/‎src/wolfhsm_callable.c‎
Lines changed: 159 additions & 0 deletions
@@ -756,12 +756,14 @@ extern int tolower(int c);
 #endif
 
 #if defined(WOLFBOOT_ENABLE_WOLFHSM_CLIENT) || \
-    defined(WOLFBOOT_ENABLE_WOLFHSM_SERVER)
+    defined(WOLFBOOT_ENABLE_WOLFHSM_SERVER) || \
+    defined(WOLFCRYPT_TZ_WOLFHSM)
 #   define WOLF_CRYPTO_CB
 #   undef  HAVE_ANONYMOUS_INLINE_AGGREGATES
 #   define HAVE_ANONYMOUS_INLINE_AGGREGATES 1
 #   define WOLFSSL_KEY_GEN
-#endif /* WOLFBOOT_ENABLE_WOLFHSM_CLIENT || WOLFBOOT_ENABLE_WOLFHSM_SERVER */
+#endif /* WOLFBOOT_ENABLE_WOLFHSM_CLIENT || WOLFBOOT_ENABLE_WOLFHSM_SERVER ||
+          WOLFCRYPT_TZ_WOLFHSM */
 
 #if defined(WOLFBOOT_ENABLE_WOLFHSM_SERVER) && \
     defined(WOLFBOOT_CERT_CHAIN_VERIFY)
 
@@ -0,0 +1,32 @@
+/* wcs_wolfhsm.h
+ *
+ * Copyright (C) 2026 wolfSSL Inc.
+ *
+ * This file is part of wolfBoot.
+ */
+
+#ifndef WOLFBOOT_WCS_WOLFHSM_H
+#define WOLFBOOT_WCS_WOLFHSM_H
+
+#include <stdint.h>
+#include "wolfboot/wc_secure.h"
+
+#ifdef WOLFCRYPT_TZ_WOLFHSM
+
+/* Match wolfHSM's WH_COMM_MTU; bridge buffers are sized to this. */
+#ifndef WCS_WOLFHSM_MAX_REQ_SIZE
+#define WCS_WOLFHSM_MAX_REQ_SIZE 1288U
+#endif
+
+#ifndef WCS_WOLFHSM_MAX_RSP_SIZE
+#define WCS_WOLFHSM_MAX_RSP_SIZE 1288U
+#endif
+
+int CSME_NSE_API wcs_wolfhsm_transmit(const uint8_t *cmd, uint32_t cmdSz,
+        uint8_t *rsp, uint32_t *rspSz);
+
+void wcs_wolfhsm_init(void);
+
+#endif /* WOLFCRYPT_TZ_WOLFHSM */
+
+#endif /* WOLFBOOT_WCS_WOLFHSM_H */
@@ -1,4 +1,43 @@
 WOLFCRYPT_OBJS+=$(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/asn.o
+
+# Shared wolfHSM client/server object lists. Defined here at the top so any
+# downstream block (legacy WOLFHSM_CLIENT/SERVER, or WOLFCRYPT_TZ_WOLFHSM TZ
+# engine) can reference them by variable name without ordering hazards.
+WOLFHSM_CLIENT_OBJS := \
+  $(WOLFBOOT_LIB_WOLFHSM)/src/wh_client.o \
+  $(WOLFBOOT_LIB_WOLFHSM)/src/wh_client_nvm.o \
+  $(WOLFBOOT_LIB_WOLFHSM)/src/wh_client_cryptocb.o \
+  $(WOLFBOOT_LIB_WOLFHSM)/src/wh_client_crypto.o \
+  $(WOLFBOOT_LIB_WOLFHSM)/src/wh_client_dma.o \
+  $(WOLFBOOT_LIB_WOLFHSM)/src/wh_crypto.o \
+  $(WOLFBOOT_LIB_WOLFHSM)/src/wh_dma.o \
+  $(WOLFBOOT_LIB_WOLFHSM)/src/wh_utils.o \
+  $(WOLFBOOT_LIB_WOLFHSM)/src/wh_comm.o \
+  $(WOLFBOOT_LIB_WOLFHSM)/src/wh_message_comm.o \
+  $(WOLFBOOT_LIB_WOLFHSM)/src/wh_message_nvm.o \
+  $(WOLFBOOT_LIB_WOLFHSM)/src/wh_message_customcb.o
+
+WOLFHSM_SERVER_OBJS := \
+  $(WOLFBOOT_LIB_WOLFHSM)/src/wh_utils.o \
+  $(WOLFBOOT_LIB_WOLFHSM)/src/wh_comm.o \
+  $(WOLFBOOT_LIB_WOLFHSM)/src/wh_nvm.o \
+  $(WOLFBOOT_LIB_WOLFHSM)/src/wh_nvm_flash.o \
+  $(WOLFBOOT_LIB_WOLFHSM)/src/wh_keyid.o \
+  $(WOLFBOOT_LIB_WOLFHSM)/src/wh_flash_unit.o \
+  $(WOLFBOOT_LIB_WOLFHSM)/src/wh_crypto.o \
+  $(WOLFBOOT_LIB_WOLFHSM)/src/wh_server.o \
+  $(WOLFBOOT_LIB_WOLFHSM)/src/wh_server_nvm.o \
+  $(WOLFBOOT_LIB_WOLFHSM)/src/wh_server_crypto.o \
+  $(WOLFBOOT_LIB_WOLFHSM)/src/wh_server_counter.o \
+  $(WOLFBOOT_LIB_WOLFHSM)/src/wh_server_keystore.o \
+  $(WOLFBOOT_LIB_WOLFHSM)/src/wh_server_customcb.o \
+  $(WOLFBOOT_LIB_WOLFHSM)/src/wh_message_customcb.o \
+  $(WOLFBOOT_LIB_WOLFHSM)/src/wh_message_keystore.o \
+  $(WOLFBOOT_LIB_WOLFHSM)/src/wh_message_crypto.o \
+  $(WOLFBOOT_LIB_WOLFHSM)/src/wh_message_counter.o \
+  $(WOLFBOOT_LIB_WOLFHSM)/src/wh_message_nvm.o \
+  $(WOLFBOOT_LIB_WOLFHSM)/src/wh_message_comm.o
+
 USE_CLANG?=0
 ifeq ($(USE_CLANG),1)
   USE_GCC?=0
@@ -1095,14 +1134,39 @@ ifeq ($(WOLFCRYPT_TZ_WOLFHSM),1)
   CFLAGS+=-DWOLFCRYPT_SECURE_MODE
   CFLAGS+=-DWOLFHSM_CFG_ENABLE_SERVER
   CFLAGS+=-DWOLFHSM_CFG_COMM_DATA_LEN=1280
+  CFLAGS+=-DWOLFHSM_CFG_PORT_STM32_TZ_NSC
+  CFLAGS+=-DWOLFHSM_CFG_NO_SYS_TIME
   CFLAGS+=-I"$(WOLFBOOT_LIB_WOLFHSM)"
+  CFLAGS+=-I"$(WOLFBOOT_LIB_WOLFHSM)/port/stmicro/stm32-tz"
   ifeq ($(USE_CLANG),1)
     CLANG_MULTILIB_FLAGS:=$(filter -mthumb -mlittle-endian,$(LDFLAGS)) $(filter -mcpu=%,$(CFLAGS))
     LIBS+=$(shell $(CLANG_GCC_NAME) $(CLANG_MULTILIB_FLAGS) -print-file-name=libc.a)
     LIBS+=$(shell $(CLANG_GCC_NAME) $(CLANG_MULTILIB_FLAGS) -print-libgcc-file-name)
   else
     LDFLAGS+=--specs=nano.specs
   endif
+  WOLFCRYPT_OBJS+=src/store_sbrk.o
+  WOLFCRYPT_OBJS+=src/wolfhsm_callable.o
+  WOLFCRYPT_OBJS+=$(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/cryptocb.o
+  WOLFCRYPT_OBJS+=$(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/coding.o
+  WOLFCRYPT_OBJS+=$(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/hmac.o
+  ifneq ($(SIGN),ED25519)
+    WOLFCRYPT_OBJS+=$(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/sha512.o
+  endif
+  WOLFCRYPT_OBJS+=$(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/wc_encrypt.o
+  ifeq ($(ENCRYPT_WITH_AES128)$(ENCRYPT_WITH_AES256),)
+      WOLFCRYPT_OBJS+=$(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/aes.o
+  endif
+  WOLFCRYPT_OBJS+=$(RSA_OBJS)
+  ifeq ($(findstring ECC,$(SIGN)),)
+  ifeq ($(findstring ECC,$(SIGN_SECONDARY)),)
+      WOLFCRYPT_OBJS+=$(ECC_OBJS)
+      WOLFCRYPT_OBJS+=$(MATH_OBJS)
+  endif
+  endif
+  WOLFHSM_OBJS+=$(WOLFHSM_SERVER_OBJS)
+  WOLFHSM_OBJS+=$(WOLFBOOT_LIB_WOLFHSM)/src/wh_flash_ramsim.o
+  WOLFHSM_OBJS+=$(WOLFBOOT_LIB_WOLFHSM)/port/stmicro/stm32-tz/wh_transport_nsc.o
   STACK_USAGE=20000
 endif
 
@@ -1301,44 +1365,6 @@ ifneq ($(WOLFBOOT_PART_ID),)
   SIGN_OPTIONS+=--id $(WOLFBOOT_PART_ID)
 endif
 
-# Shared wolfHSM client/server object lists. Both the legacy WOLFHSM_CLIENT=1 /
-# WOLFHSM_SERVER=1 flags and the WOLFCRYPT_TZ_WOLFHSM=1 TZ engine reference
-# these to avoid object-list duplication.
-WOLFHSM_CLIENT_OBJS := \
-  $(WOLFBOOT_LIB_WOLFHSM)/src/wh_client.o \
-  $(WOLFBOOT_LIB_WOLFHSM)/src/wh_client_nvm.o \
-  $(WOLFBOOT_LIB_WOLFHSM)/src/wh_client_cryptocb.o \
-  $(WOLFBOOT_LIB_WOLFHSM)/src/wh_client_crypto.o \
-  $(WOLFBOOT_LIB_WOLFHSM)/src/wh_client_dma.o \
-  $(WOLFBOOT_LIB_WOLFHSM)/src/wh_crypto.o \
-  $(WOLFBOOT_LIB_WOLFHSM)/src/wh_dma.o \
-  $(WOLFBOOT_LIB_WOLFHSM)/src/wh_utils.o \
-  $(WOLFBOOT_LIB_WOLFHSM)/src/wh_comm.o \
-  $(WOLFBOOT_LIB_WOLFHSM)/src/wh_message_comm.o \
-  $(WOLFBOOT_LIB_WOLFHSM)/src/wh_message_nvm.o \
-  $(WOLFBOOT_LIB_WOLFHSM)/src/wh_message_customcb.o
-
-WOLFHSM_SERVER_OBJS := \
-  $(WOLFBOOT_LIB_WOLFHSM)/src/wh_utils.o \
-  $(WOLFBOOT_LIB_WOLFHSM)/src/wh_comm.o \
-  $(WOLFBOOT_LIB_WOLFHSM)/src/wh_nvm.o \
-  $(WOLFBOOT_LIB_WOLFHSM)/src/wh_nvm_flash.o \
-  $(WOLFBOOT_LIB_WOLFHSM)/src/wh_keyid.o \
-  $(WOLFBOOT_LIB_WOLFHSM)/src/wh_flash_unit.o \
-  $(WOLFBOOT_LIB_WOLFHSM)/src/wh_crypto.o \
-  $(WOLFBOOT_LIB_WOLFHSM)/src/wh_server.o \
-  $(WOLFBOOT_LIB_WOLFHSM)/src/wh_server_nvm.o \
-  $(WOLFBOOT_LIB_WOLFHSM)/src/wh_server_crypto.o \
-  $(WOLFBOOT_LIB_WOLFHSM)/src/wh_server_counter.o \
-  $(WOLFBOOT_LIB_WOLFHSM)/src/wh_server_keystore.o \
-  $(WOLFBOOT_LIB_WOLFHSM)/src/wh_server_customcb.o \
-  $(WOLFBOOT_LIB_WOLFHSM)/src/wh_message_customcb.o \
-  $(WOLFBOOT_LIB_WOLFHSM)/src/wh_message_keystore.o \
-  $(WOLFBOOT_LIB_WOLFHSM)/src/wh_message_crypto.o \
-  $(WOLFBOOT_LIB_WOLFHSM)/src/wh_message_counter.o \
-  $(WOLFBOOT_LIB_WOLFHSM)/src/wh_message_nvm.o \
-  $(WOLFBOOT_LIB_WOLFHSM)/src/wh_message_comm.o
-
 # wolfHSM client options
 ifeq ($(WOLFHSM_CLIENT),1)
   WOLFCRYPT_OBJS += \
 
@@ -34,6 +34,10 @@
 #include "wolfboot/wcs_fwtpm.h"
 #endif
 
+#ifdef WOLFCRYPT_TZ_WOLFHSM
+#include "wolfboot/wcs_wolfhsm.h"
+#endif
+
 static WC_RNG wcs_rng;
 
 int CSME_NSE_API wcs_get_random(uint8_t *rand, uint32_t size)
@@ -48,6 +52,9 @@ void wcs_Init(void)
 #ifdef WOLFBOOT_TZ_FWTPM
     wcs_fwtpm_init();
 #endif
+#ifdef WOLFCRYPT_TZ_WOLFHSM
+    wcs_wolfhsm_init();
+#endif
 }
 
 #endif /* WOLFCRYPT_SECURE_MODE */
@@ -0,0 +1,159 @@
+/* wolfhsm_callable.c
+ *
+ * Copyright (C) 2026 wolfSSL Inc.
+ *
+ * This file is part of wolfBoot.
+ */
+
+#ifdef WOLFCRYPT_TZ_WOLFHSM
+
+#include <stdint.h>
+#include <string.h>
+
+#include "store_sbrk.h"
+#include "wolfboot/wcs_wolfhsm.h"
+
+#include "wolfssl/wolfcrypt/settings.h"
+#include "wolfssl/wolfcrypt/random.h"
+
+#include "wolfhsm/wh_comm.h"
+#include "wolfhsm/wh_error.h"
+#include "wolfhsm/wh_flash.h"
+#include "wolfhsm/wh_flash_ramsim.h"
+#include "wolfhsm/wh_nvm.h"
+#include "wolfhsm/wh_nvm_flash.h"
+#include "wolfhsm/wh_server.h"
+
+#include "wh_transport_nsc.h"
+
+extern unsigned int _start_heap;
+extern unsigned int _heap_size;
+
+void *_sbrk(unsigned int incr)
+{
+    static uint8_t *heap;
+    return wolfboot_store_sbrk(incr, &heap, (uint8_t *)&_start_heap,
+        (uint32_t)(&_heap_size));
+}
+
+/* Phase 1b uses a 32 KiB ramsim partition pair for the NVM backend; Phase 3
+ * swaps this for a flash-backed adapter over wolfBoot's hal_flash_*.
+ * pageSize must match WHFU_BYTES_PER_UNIT (8) — wolfHSM programs the flash
+ * one unit at a time, so a larger pageSize causes the modulo check in
+ * whFlashRamsim_Program to fail. */
+#define WCS_WOLFHSM_RAMSIM_SIZE      (32U * 1024U)
+#define WCS_WOLFHSM_RAMSIM_SECTOR    (8U * 1024U)
+#define WCS_WOLFHSM_RAMSIM_PAGE      8U
+
+static uint8_t                   g_ramsim_buf[WCS_WOLFHSM_RAMSIM_SIZE];
+static whFlashRamsimCtx          g_ramsim_ctx;
+static whFlashRamsimCfg          g_ramsim_cfg = {
+    .memory     = g_ramsim_buf,
+    .size       = WCS_WOLFHSM_RAMSIM_SIZE,
+    .sectorSize = WCS_WOLFHSM_RAMSIM_SECTOR,
+    .pageSize   = WCS_WOLFHSM_RAMSIM_PAGE,
+    .erasedByte = 0xFFU,
+    .initData   = NULL,
+};
+static whFlashCb                 g_flash_cb = WH_FLASH_RAMSIM_CB;
+
+static whNvmFlashContext         g_nvm_flash_ctx;
+static whNvmFlashConfig          g_nvm_flash_cfg = {
+    .cb      = &g_flash_cb,
+    .context = &g_ramsim_ctx,
+    .config  = &g_ramsim_cfg,
+};
+static whNvmCb                   g_nvm_flash_cb = WH_NVM_FLASH_CB;
+static whNvmContext              g_nvm_ctx;
+static whNvmConfig               g_nvm_cfg = {
+    .cb      = &g_nvm_flash_cb,
+    .context = &g_nvm_flash_ctx,
+    .config  = &g_nvm_flash_cfg,
+};
+
+static whServerCryptoContext     g_crypto_ctx;
+static whTransportNscServerContext g_srv_tx_ctx;
+static whTransportNscServerConfig g_srv_tx_cfg = { { 0 } };
+static whCommServerConfig        g_comm_cfg = {
+    .transport_context = &g_srv_tx_ctx,
+    .transport_cb      = &whTransportNscServer_Cb,
+    .transport_config  = &g_srv_tx_cfg,
+    .server_id         = 56, /* server identifier; NS client uses client_id=1 */
+};
+static whServerConfig            g_server_cfg = {
+    .comm_config = &g_comm_cfg,
+    .nvm         = &g_nvm_ctx,
+    .crypto      = &g_crypto_ctx,
+#if defined WOLF_CRYPTO_CB
+    .devId       = INVALID_DEVID,
+#endif
+};
+
+static whServerContext           g_server;
+static int                       g_wolfhsm_ready;
+
+void wcs_wolfhsm_init(void)
+{
+    int rc;
+
+    rc = wc_InitRng(g_crypto_ctx.rng);
+    if (rc != 0) {
+        return;
+    }
+    rc = wh_Nvm_Init(&g_nvm_ctx, &g_nvm_cfg);
+    if (rc != WH_ERROR_OK) {
+        return;
+    }
+    rc = wh_Server_Init(&g_server, &g_server_cfg);
+    if (rc != WH_ERROR_OK) {
+        return;
+    }
+    (void)wh_Server_SetConnected(&g_server, WH_COMM_CONNECTED);
+    g_wolfhsm_ready = 1;
+}
+
+/* Single NSC veneer. Per call: validate the NS pointers/sizes (single-fetch
+ * defeats TOCTOU on *rspSz), park the buffers in the secure-side transport
+ * context, run wh_Server_HandleRequestMessage exactly once, write back the
+ * captured response size. */
+int CSME_NSE_API wcs_wolfhsm_transmit(const uint8_t *cmd, uint32_t cmdSz,
+        uint8_t *rsp, uint32_t *rspSz)
+{
+    uint32_t rsp_capacity;
+    int rc;
+
+    if (cmd == NULL || rsp == NULL || rspSz == NULL) {
+        return WH_ERROR_BADARGS;
+    }
+    /* Single fetch of the caller-supplied capacity; subsequent code uses
+     * only this local copy. The NS caller cannot mutate it under us. */
+    rsp_capacity = *rspSz;
+
+    if (cmdSz == 0U || cmdSz > WCS_WOLFHSM_MAX_REQ_SIZE) {
+        return WH_ERROR_BADARGS;
+    }
+    if (rsp_capacity == 0U || rsp_capacity > WCS_WOLFHSM_MAX_RSP_SIZE) {
+        return WH_ERROR_BADARGS;
+    }
+    if (!g_wolfhsm_ready) {
+        return WH_ERROR_NOTREADY;
+    }
+
+    g_srv_tx_ctx.req_buf         = cmd;
+    g_srv_tx_ctx.req_size        = (uint16_t)cmdSz;
+    g_srv_tx_ctx.rsp_buf         = rsp;
+    g_srv_tx_ctx.rsp_capacity    = (uint16_t)rsp_capacity;
+    g_srv_tx_ctx.rsp_size        = 0;
+    g_srv_tx_ctx.request_pending = 1;
+
+    rc = wh_Server_HandleRequestMessage(&g_server);
+
+    if (rc == WH_ERROR_OK) {
+        *rspSz = (uint32_t)g_srv_tx_ctx.rsp_size;
+    } else {
+        *rspSz = 0;
+    }
+    return rc;
+}
+
+#endif /* WOLFCRYPT_TZ_WOLFHSM */