wolfSSL
diff --git a/‎.github/workflows/footprint.yml‎
Lines changed: 5 additions & 10 deletions b/‎.github/workflows/footprint.yml‎
Lines changed: 5 additions & 10 deletions
diff --git a/‎.github/workflows/test-build-cmake-dot-config.yml‎
Lines changed: 4 additions & 50 deletions b/‎.github/workflows/test-build-cmake-dot-config.yml‎
Lines changed: 4 additions & 50 deletions
diff --git a/‎.github/workflows/test-build-cmake-presets.yml‎
Lines changed: 5 additions & 9 deletions b/‎.github/workflows/test-build-cmake-presets.yml‎
Lines changed: 5 additions & 9 deletions
diff --git a/‎.github/workflows/test-build-cmake-script.yml‎
Lines changed: 4 additions & 49 deletions b/‎.github/workflows/test-build-cmake-script.yml‎
Lines changed: 4 additions & 49 deletions
diff --git a/‎.github/workflows/test-build-cmake.yml‎
Lines changed: 4 additions & 50 deletions b/‎.github/workflows/test-build-cmake.yml‎
Lines changed: 4 additions & 50 deletions
diff --git a/‎.github/workflows/test-build-lms.yml‎
Lines changed: 4 additions & 51 deletions b/‎.github/workflows/test-build-lms.yml‎
Lines changed: 4 additions & 51 deletions
@@ -8,27 +8,23 @@ on:
 
 jobs:
   footprint_test:
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-latest
+    container:
+      image: ghcr.io/wolfssl/wolfboot-ci-arm:v1.0
     timeout-minutes: 15
 
     steps:
       - uses: actions/checkout@v4
         with:
           submodules: true
 
-      # Get the arm-non-eabi-gcc toolchain
-      - name: Install arm-none-eabi-gcc
-        run : |
-          sudo apt-get install -y gcc-arm-none-eabi
+      - name: Trust workspace
+        run: git config --global --add safe.directory "$GITHUB_WORKSPACE"
 
       - name: make clean
         run: |
           make keysclean && rm -f include/target.h
 
-      - name: Install wolfSSL
-        run: |
-          sudo apt-get install --no-install-recommends -y -q make libwolfssl-dev
-
       - name: Select config
         run: |
           cp config/examples/stm32f407-discovery.config .config && make include/target.h
@@ -40,4 +36,3 @@ jobs:
       - name: Build wolfboot and test footprint
         run: |
           make test-size-all
-
@@ -9,6 +9,8 @@ jobs:
   wolfboot_dot_config_test:
     name: cmake .config test (${{ matrix.target }})
     runs-on: ubuntu-latest
+    container:
+      image: ghcr.io/wolfssl/wolfboot-ci-arm:v1.0
     timeout-minutes: 15
 
     strategy:
@@ -36,56 +38,8 @@ jobs:
         with:
           submodules: true
 
-      - name: Workaround for sources.list
-        run: |
-            # Replace sources
-
-            set -euxo pipefail
-
-            # Peek (what repos are active now)
-            apt-cache policy
-            grep -RInE '^(deb|Types|URIs)' /etc/apt || true
-
-            # Enable nullglob so *.list/*.sources that don't exist don't break sed
-            shopt -s nullglob
-
-            echo "Replace sources.list (legacy)"
-            sudo sed -i \
-              -e "s|https\?://azure\.archive\.ubuntu\.com/ubuntu/?|http://mirror.arizona.edu/ubuntu/|g" \
-              /etc/apt/sources.list || true
-
-            echo "Replace sources.list.d/*.list (legacy)"
-            for f in /etc/apt/sources.list.d/*.list; do
-              sudo sed -i \
-                -e "s|https\?://azure\.archive\.ubuntu\.com/ubuntu/?|http://mirror.arizona.edu/ubuntu/|g" \
-                "$f"
-            done
-
-            echo "Replace sources.list.d/*.sources (deb822)"
-            for f in /etc/apt/sources.list.d/*.sources; do
-              sudo sed -i \
-                -e "s|https\?://azure\.archive\.ubuntu\.com/ubuntu/?|http://mirror.arizona.edu/ubuntu/|g" \
-                -e "s|https\?://azure\.archive\.ubuntu\.com|http://mirror.arizona.edu|g" \
-                "$f"
-            done
-
-            echo "Fix /etc/apt/apt-mirrors.txt (used by URIs: mirror+file:...)"
-            if grep -qE '^[[:space:]]*https?://azure\.archive\.ubuntu\.com/ubuntu/?' /etc/apt/apt-mirrors.txt; then
-              # Replace azure with our mirror (idempotent)
-              sudo sed -i 's|https\?://azure\.archive\.ubuntu\.com/ubuntu/|http://mirror.arizona.edu/ubuntu/|g' /etc/apt/apt-mirrors.txt
-            fi
-
-            # Peek (verify changes)
-            grep -RIn "azure.archive.ubuntu.com" /etc/apt || true
-            grep -RInE '^(deb|Types|URIs)' /etc/apt || true
-            echo "--- apt-mirrors.txt ---"
-            cat /etc/apt/apt-mirrors.txt || true
-
-      - name: Install requirements
-        run: |
-            # Run system updates and install toolchain
-            sudo apt-get update
-            sudo apt-get install -y gcc-arm-none-eabi gcc-powerpc-linux-gnu cmake
+      - name: Trust workspace
+        run: git config --global --add safe.directory "$GITHUB_WORKSPACE"
 
       - name: Run dot-config examples
         run: |
 
@@ -8,11 +8,14 @@ on:
 
 permissions:
   contents: read
+  packages: read
 
 jobs:
   ubuntu-cmake:
     name: Build on Ubuntu
     runs-on: ubuntu-latest
+    container:
+      image: ghcr.io/wolfssl/wolfboot-ci-arm:v1.0
     timeout-minutes: 20
     defaults:
       run:
@@ -53,15 +56,8 @@ jobs:
         with:
           submodules: true
 
-      # Lock down network/runner
-      # See https://github.com/step-security/harden-runner/releases
-      # Currently only supported on Ubuntu
-
-      # ARM GCC toolchain (adds the bin dir to PATH)
-      - name: Set up ARM none-eabi GCC
-        run: |
-          sudo apt update
-          sudo apt install -y gcc-arm-none-eabi
+      - name: Trust workspace
+        run: git config --global --add safe.directory "$GITHUB_WORKSPACE"
 
       - name: List all environment variables
         run: |
 
@@ -13,6 +13,8 @@ jobs:
   wolfboot_build_script_test:
     name: Build wolfBoot (target=${{ matrix.target }})
     runs-on: ubuntu-latest
+    container:
+      image: ghcr.io/wolfssl/wolfboot-ci-arm:v1.0
     timeout-minutes: 15
 
     strategy:
@@ -42,55 +44,8 @@ jobs:
         with:
           submodules: true
 
-      - name: Workaround for sources.list
-        run: |
-            # Replace sources
-
-            set -euxo pipefail
-
-            # Peek (what repos are active now)
-            apt-cache policy
-            grep -RInE '^(deb|Types|URIs)' /etc/apt || true
-
-            # Enable nullglob so *.list/*.sources that don't exist don't break sed
-            shopt -s nullglob
-
-            echo "Replace sources.list (legacy)"
-            sudo sed -i \
-              -e "s|https\?://azure\.archive\.ubuntu\.com/ubuntu/?|http://mirror.arizona.edu/ubuntu/|g" \
-              /etc/apt/sources.list || true
-
-            echo "Replace sources.list.d/*.list (legacy)"
-            for f in /etc/apt/sources.list.d/*.list; do
-              sudo sed -i \
-                -e "s|https\?://azure\.archive\.ubuntu\.com/ubuntu/?|http://mirror.arizona.edu/ubuntu/|g" \
-                "$f"
-            done
-
-            echo "Replace sources.list.d/*.sources (deb822)"
-            for f in /etc/apt/sources.list.d/*.sources; do
-              sudo sed -i \
-                -e "s|https\?://azure\.archive\.ubuntu\.com/ubuntu/?|http://mirror.arizona.edu/ubuntu/|g" \
-                -e "s|https\?://azure\.archive\.ubuntu\.com|http://mirror.arizona.edu|g" \
-                "$f"
-            done
-
-            echo "Fix /etc/apt/apt-mirrors.txt (used by URIs: mirror+file:...)"
-            if grep -qE '^[[:space:]]*https?://azure\.archive\.ubuntu\.com/ubuntu/?' /etc/apt/apt-mirrors.txt; then
-              # Replace azure with our mirror (idempotent)
-              sudo sed -i 's|https\?://azure\.archive\.ubuntu\.com/ubuntu/|http://mirror.arizona.edu/ubuntu/|g' /etc/apt/apt-mirrors.txt
-            fi
-
-            # Peek (verify changes)
-            grep -RIn "azure.archive.ubuntu.com" /etc/apt || true
-            grep -RInE '^(deb|Types|URIs)' /etc/apt || true
-            echo "--- apt-mirrors.txt ---"
-            cat /etc/apt/apt-mirrors.txt || true
-
-      - name: Install requirements
-        run: |
-          sudo apt-get update
-          sudo apt-get install -y gcc-arm-none-eabi gcc-powerpc-linux-gnu cmake
+      - name: Trust workspace
+        run: git config --global --add safe.directory "$GITHUB_WORKSPACE"
 
       - name: View Presets
         run: |
 
@@ -7,63 +7,17 @@ on:
 jobs:
   cmake_automated_test:
     runs-on: ubuntu-latest
+    container:
+      image: ghcr.io/wolfssl/wolfboot-ci-arm:v1.0
     timeout-minutes: 15
 
     steps:
       - uses: actions/checkout@v4
         with:
           submodules: true
 
-      - name: Workaround for sources.list
-        run: |
-            # Replace sources
-
-            set -euxo pipefail
-
-            # Peek (what repos are active now)
-            apt-cache policy
-            grep -RInE '^(deb|Types|URIs)' /etc/apt || true
-
-            # Enable nullglob so *.list/*.sources that don't exist don't break sed
-            shopt -s nullglob
-
-            echo "Replace sources.list (legacy)"
-            sudo sed -i \
-              -e "s|https\?://azure\.archive\.ubuntu\.com/ubuntu/?|http://mirror.arizona.edu/ubuntu/|g" \
-              /etc/apt/sources.list || true
-
-            echo "Replace sources.list.d/*.list (legacy)"
-            for f in /etc/apt/sources.list.d/*.list; do
-              sudo sed -i \
-                -e "s|https\?://azure\.archive\.ubuntu\.com/ubuntu/?|http://mirror.arizona.edu/ubuntu/|g" \
-                "$f"
-            done
-
-            echo "Replace sources.list.d/*.sources (deb822)"
-            for f in /etc/apt/sources.list.d/*.sources; do
-              sudo sed -i \
-                -e "s|https\?://azure\.archive\.ubuntu\.com/ubuntu/?|http://mirror.arizona.edu/ubuntu/|g" \
-                -e "s|https\?://azure\.archive\.ubuntu\.com|http://mirror.arizona.edu|g" \
-                "$f"
-            done
-
-            echo "Fix /etc/apt/apt-mirrors.txt (used by URIs: mirror+file:...)"
-            if grep -qE '^[[:space:]]*https?://azure\.archive\.ubuntu\.com/ubuntu/?' /etc/apt/apt-mirrors.txt; then
-              # Replace azure with our mirror (idempotent)
-              sudo sed -i 's|https\?://azure\.archive\.ubuntu\.com/ubuntu/|http://mirror.arizona.edu/ubuntu/|g' /etc/apt/apt-mirrors.txt
-            fi
-
-            # Peek (verify changes)
-            grep -RIn "azure.archive.ubuntu.com" /etc/apt || true
-            grep -RInE '^(deb|Types|URIs)' /etc/apt || true
-            echo "--- apt-mirrors.txt ---"
-            cat /etc/apt/apt-mirrors.txt || true
-
-
-      - name: Install requirements
-        run: |
-          sudo apt-get update
-          sudo apt-get install -y gcc-arm-none-eabi gcc-powerpc-linux-gnu cmake
+      - name: Trust workspace
+        run: git config --global --add safe.directory "$GITHUB_WORKSPACE"
 
       - name: Run CMake build for STM32U5
         run: |
 
@@ -18,64 +18,17 @@ jobs:
 
   build:
     runs-on: ubuntu-latest
+    container:
+      image: ghcr.io/wolfssl/wolfboot-ci-arm:v1.0
     timeout-minutes: 30
 
     steps:
       - uses: actions/checkout@v4
         with:
           submodules: true
 
-      - name: Workaround for sources.list
-        run: |
-            # Replace sources
-
-            set -euxo pipefail
-
-            # Peek (what repos are active now)
-            apt-cache policy
-            grep -RInE '^(deb|Types|URIs)' /etc/apt || true
-
-            # Enable nullglob so *.list/*.sources that don't exist don't break sed
-            shopt -s nullglob
-
-            echo "Replace sources.list (legacy)"
-            sudo sed -i \
-              -e "s|https\?://azure\.archive\.ubuntu\.com/ubuntu/?|http://mirror.arizona.edu/ubuntu/|g" \
-              /etc/apt/sources.list || true
-
-            echo "Replace sources.list.d/*.list (legacy)"
-            for f in /etc/apt/sources.list.d/*.list; do
-              sudo sed -i \
-                -e "s|https\?://azure\.archive\.ubuntu\.com/ubuntu/?|http://mirror.arizona.edu/ubuntu/|g" \
-                "$f"
-            done
-
-            echo "Replace sources.list.d/*.sources (deb822)"
-            for f in /etc/apt/sources.list.d/*.sources; do
-              sudo sed -i \
-                -e "s|https\?://azure\.archive\.ubuntu\.com/ubuntu/?|http://mirror.arizona.edu/ubuntu/|g" \
-                -e "s|https\?://azure\.archive\.ubuntu\.com|http://mirror.arizona.edu|g" \
-                "$f"
-            done
-
-            echo "Fix /etc/apt/apt-mirrors.txt (used by URIs: mirror+file:...)"
-            if grep -qE '^[[:space:]]*https?://azure\.archive\.ubuntu\.com/ubuntu/?' /etc/apt/apt-mirrors.txt; then
-              # Replace azure with our mirror (idempotent)
-              sudo sed -i 's|https\?://azure\.archive\.ubuntu\.com/ubuntu/|http://mirror.arizona.edu/ubuntu/|g' /etc/apt/apt-mirrors.txt
-            fi
-
-            # Peek (verify changes)
-            grep -RIn "azure.archive.ubuntu.com" /etc/apt || true
-            grep -RInE '^(deb|Types|URIs)' /etc/apt || true
-            echo "--- apt-mirrors.txt ---"
-            cat /etc/apt/apt-mirrors.txt || true
-
-      - name: Update repository
-        run: sudo apt-get update
-
-      - name: Install cross compilers
-        run: |
-          sudo apt-get install -y gcc-arm-none-eabi gcc-aarch64-linux-gnu gcc-powerpc-linux-gnu gnu-efi
+      - name: Trust workspace
+        run: git config --global --add safe.directory "$GITHUB_WORKSPACE"
 
       - name: make clean
         run: |