Skip to content

config refactor#766

Draft
bigbrett wants to merge 6 commits intowolfSSL:masterfrom
bigbrett:wolfcrypt-cfg-refactor
Draft

config refactor#766
bigbrett wants to merge 6 commits intowolfSSL:masterfrom
bigbrett:wolfcrypt-cfg-refactor

Conversation

@bigbrett
Copy link
Copy Markdown
Contributor

@bigbrett bigbrett commented May 1, 2026
edited
Loading

super secret plz dont look just yet

Background / Motivation

Problem. The current wolfBoot wolfCrypt configuration is split between two tightly coupled files that have grown into a tangle:

  • options.mk (1481 lines) — translates high-level Make variables (SIGN, HASH, WOLFTPM, WOLFHSM_CLIENT, WOLFCRYPT_TZ_*, ENCRYPT*, etc.) into WOLFCRYPT_OBJS (linker input) and -Dxxx CFLAGS (preprocessor input).
  • include/user_settings.h (781 lines) — consumes those -Dxxx flags and configures wolfCrypt features.

This led to tightly coupled, hard-to-reason-about logic built around deeply nested, negated #ifdef chains. Adding or modifying a feature required:

  • Updating multiple unrelated sections
  • Extending fragile negation chains
  • Carefully preserving ordering to avoid conflicts

Negative wolfCrypt flags (NO_*, WC_NO_*) made this worse: they don’t compose safely, so enabling a feature often meant editing multiple disable sites or introducing #undefs, increasing risk and maintenance cost.

Additionally, important configuration behavior lived in options.mk, meaning non-Make builds (IDE, CMake) could not reliably reproduce the same configuration without duplicating logic.

Summary

This PR replaces the monolithic configuration with a modular, fragment-based system and introduces a WOLFBOOT_NEEDS_* marker model to decouple feature intent from final wolfCrypt configuration.

Key Changes

  • Shim-based entrypoint

    • include/user_settings.h now only orchestrates includes in a fixed order.

  • Fragmented configuration

    • Configuration split into small, self-contained headers (SIGN, HASH, TPM, TrustZone, etc.).
    • Fragments are strictly additive (#define only) and independent.

  • Cascade layer (cascade.h)

    • Moves feature-flag implications from options.mk into the preprocessor.
    • Declares all WOLFBOOT_NEEDS_* markers from high-level flags.

  • Central reconciliation (finalize.h)

    • Single point translating NEEDS markers into wolfCrypt negative flags.
    • Consolidates all disable logic.

  • NEEDS marker model

    • Features declare what they require (e.g., RNG, AES, ASN).
    • The system derives what to disable automatically.

Benefits

  • Eliminates negated #ifdef chains

    • No more scattered “if not X and not Y and not Z → disable” logic.

  • Decouples features

    • Adding a feature no longer requires modifying unrelated code paths.

  • Single source of truth for disables

    • All NO_* / WC_NO_* decisions live in finalize.h.

  • Improved build portability

    • IDE/CMake builds now match Make builds using only WOLFBOOT_* flags.

  • Simpler reasoning

    • Feature requirements: fragment headers
    • Final configuration: finalize.h

  • Safer extensibility

    • New features integrate via markers instead of modifying global logic.

No User-Facing Changes

  • .config inputs and WOLFBOOT_* flags are unchanged.
  • Generated binaries remain equivalent for the same configurations.

Developer Impact

New features follow a consistent pattern:

  1. Add fragment header
  2. Include it in the shim
  3. Declare required WOLFBOOT_NEEDS_* markers in cascade.h
  4. Only touch finalize.h when introducing a new negative-polarity feature

Resulting flow:

WOLFBOOT_* flags
    → cascade.h (derive + declare NEEDS)
    → fragments (additive config)
    → finalize.h (apply disables)
    → final wolfCrypt configuration

Scope

  • Structural refactor only
  • No intended functional or cryptographic changes

Copilot AI review requested due to automatic review settings May 1, 2026 17:49
Copilot AI reviewed May 1, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Note

Copilot was unable to run its full agentic suite in this review.

Refactors wolfCrypt/wolfSSL configuration into composable include/user_settings/* fragments and simplifies Make-side -D flag emission for hash-based signature parameterization.

Changes:

  • Splits the monolithic include/user_settings.h into ordered “fragment” headers (cascade/base/sign/hash/features/finalize) and turns user_settings.h into a dispatcher.
  • Moves SIGN/HASH algorithm-specific configuration into dedicated sign_*.h and hash_*.h fragments with central dispatch headers.
  • Updates options.mk so LMS/XMSS Make variables carry only user-provided parameter values, with wolfCrypt-side defines derived in headers.

Reviewed changes

Copilot reviewed 24 out of 24 changed files in this pull request and generated 4 comments.

Show a summary per file
File Description
options.mk Drops wolfCrypt-side LMS/XMSS defines from Make flags; keeps only user parameter -Ds.
include/user_settings.h Replaced large inline configuration with ordered includes of fragment headers.
include/user_settings/base.h New: baseline wolfCrypt settings shared by all builds.
include/user_settings/cascade.h New: feature implication cascades + WOLFBOOT_NEEDS_* markers.
include/user_settings/sign_dispatch.h New: includes per-signature fragments based on SIGN flags.
include/user_settings/sign_rsa.h New: RSA verification configuration (and NO_RSA fallback).
include/user_settings/sign_ecc.h New: ECC verification configuration and carve-outs.
include/user_settings/sign_ed25519.h New: ED25519 verification configuration and carve-outs.
include/user_settings/sign_ed448.h New: ED448 verification configuration and carve-outs.
include/user_settings/sign_ml_dsa.h New: ML-DSA (Dilithium) verification configuration and carve-outs.
include/user_settings/sign_lms.h New: LMS verification config; maps Make parameters to wolfCrypt defines.
include/user_settings/sign_xmss.h New: XMSS verification config; maps Make parameters to wolfCrypt defines.
include/user_settings/hash_dispatch.h New: includes hash fragments based on WOLFBOOT_HASH_*.
include/user_settings/hash_sha384.h New: SHA-384 hash selection fragment (+ optional NO_SHA256).
include/user_settings/hash_sha3.h New: SHA3-384 hash selection fragment (+ optional NO_SHA256).
include/user_settings/encrypt.h New: EXT_ENCRYPTED / SECURE_PKCS11 wolfCrypt configuration.
include/user_settings/trustzone.h New: TrustZone secure-mode wolfCrypt configuration.
include/user_settings/tpm.h New: wolfTPM-related config for WOLFBOOT_TPM builds.
include/user_settings/wolfhsm.h New: crypto-callback/key-gen config for wolfHSM client/server builds.
include/user_settings/cert_chain.h New: cert-chain verify mode config for wolfHSM server.
include/user_settings/renesas.h New: Renesas HW crypto offload settings.
include/user_settings/platform.h New: platform-specific SP-math word-size and minor platform knobs.
include/user_settings/test_bench.h New: test/benchmark-specific configuration and RNG selection.
include/user_settings/finalize.h New: reconciles WOLFBOOT_NEEDS_* into NO_* / WC_NO_* and global disables.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread include/user_settings/finalize.h
Comment thread include/user_settings/trustzone.h
Comment thread include/user_settings/sign_ecc.h
Comment thread include/user_settings/cascade.h Outdated
@bigbrett bigbrett self-assigned this May 4, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees

@bigbrett bigbrett

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@bigbrett