Add support for DICE attestation + PSA attestation#668
Open
danielinux wants to merge 26 commits intowolfSSL:masterfrom
Open
Add support for DICE attestation + PSA attestation#668danielinux wants to merge 26 commits intowolfSSL:masterfrom
danielinux wants to merge 26 commits intowolfSSL:masterfrom
Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
Adds a DICE-based PSA Initial Attestation implementation (COSE_Sign1 token builder) and extends the TrustZone PSA plumbing so non-secure code can exercise PSA Crypto + Initial Attestation (plus new hash clone / cipher service IDs).
Changes:
- Implement DICE token construction and expose it via the ARM TEE PSA attestation service path.
- Extend the ARM TEE crypto shim with hash clone and basic cipher operations (setup/iv/update/finish/abort).
- Update STM32H5 test app + build system/docs to enable and exercise PSA crypto + attestation from non-secure.
Reviewed changes
Copilot reviewed 24 out of 24 changed files in this pull request and generated 18 comments.
Show a summary per file
| File | Description |
|---|---|
| zephyr/src/arm_tee_crypto_api.c | Switches operation handle storage to opaque, adds hash clone and cipher PSA wrappers. |
| zephyr/include/arm_tee_crypto_defs.h | Adds new service IDs for hash clone and cipher operations. |
| tools/keytools/otp/Makefile | Adds wolfSSL path/config defines and optional hash objects for OTP primer. |
| tools/config.mk | Introduces new config toggles for attestation IAK/test. |
| test-app/wcs/user_settings.h | Gates PKCS11 settings on WOLFBOOT_TZ_PKCS11, enables AES-CBC and key export/PKCS formats. |
| test-app/hal_trng_psa.c | Adds PSA-backed TRNG implementation for bare-metal test app. |
| test-app/arm_tee_ns_interface_stub.c | Adds minimal non-Zephyr dispatcher stub for bare-metal PSA calls. |
| test-app/app_stm32h5.c | Adds PSA init, PSA random, and PSA Initial Attestation test/printing flow. |
| test-app/Makefile | Adds PSA/TZ build wiring, local wolfSSL object directory build rule, and attestation test toggle. |
| test-app/ARM-stm32h5.ld | Exposes end symbol for linker compatibility. |
| test-app/ARM-stm32h5-ns.ld | Exposes end symbol for linker compatibility (non-secure). |
| src/dice/dice.c | New DICE claim collection + CBOR/COSE_Sign1 encoding and signing implementation. |
| src/arm_tee_psa_ipc.c | Wires DICE token service into PSA attestation calls; adds hash clone + cipher slot dispatch. |
| options.mk | Adds WOLFBOOT_ATTESTATION_IAK build flag and extra wolfCrypt objects for PSA TZ mode. |
| include/wolfboot/dice.h | Public header for DICE token size/token generation APIs. |
| include/hal.h | Adds attestation-related HAL hook declarations. |
| hal/stm32l5.c | Implements basic UDS derivation and lifecycle for STM32L5. |
| hal/stm32h5.c | Implements basic UDS derivation and lifecycle for STM32H5. |
| hal/hal.c | Adds weak stub implementations for new attestation HAL hooks. |
| docs/Targets.md | Documents STM32H5 WOLFBOOT_TZ_PSA behavior and points to DICE docs. |
| docs/STM32-TZ.md | Adds PSA Initial Attestation section referencing DICE implementation. |
| docs/DICE.md | New documentation describing DICE attestation protocol, HAL hooks, and usage. |
| Makefile | Adds dice object to build when PSA/TZ is enabled (via new flag). |
| CMakeLists.txt | Adds dice source to build when PSA/TZ is enabled (via new flag). |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Member
Author
|
Addressed robot reviewer comments (all valid points), rebased on latest master, re-tested. In particular, to fix the objection on the demo using UID as UDS, I've implemented three possible UDS mechanisms:
|
Member
Author
|
Depends on wolfPSA/#3 |
dgarske
requested changes
Jan 28, 2026
Contributor
dgarske
left a comment
dgarske
left a comment
There was a problem hiding this comment.
Copilot has a few things that need fixed still too.
hal/stm32l5.c
Outdated
| wc_Sha256Update(&hash, uid, sizeof(uid)); | ||
| wc_Sha256Final(&hash, digest); | ||
| copy_len = sizeof(digest); | ||
| #else |
Address rewiewer's comment: Sensitive key material (cdi, seed, priv) is derived and stored on-stack. Consider explicitly zeroizing these buffers on all return paths once the ECC key has been imported, to reduce the lifetime of UDS/CDI-derived material in memory (especially since this is long-term attestation key material). Renaming for alignment with existing config parameters: WOLFBOOT_TZ_PSA -> WOLFCRYPT_TZ_PSA
- Use OTP as UDS for attestation by default. - otp_primer can create a new UDS on provisioning - alternatively, WOLFBOOT_UDS_UID_FALLBACK_FORTEST option allows to fall back to UID for testing the attestation without having to write UDS to OTP. stm32h5-tz-psa.config now defaults to WOLFBOOT_UDS_UID_FALLBACK_FORTEST=1.
Instruction to provision keys via iRoT / OBKeys (STM32H5 only)
in build tests
+ added includes for pkcs11_test_ecc.c
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.