Conversation
There was a problem hiding this comment.
Pull request overview
This PR bundles a set of correctness and safety fixes across TPM RoT handling, FDT parsing, keyvault store scanning, SDHCI response parsing, and STM32H5 OTP protection—plus new unit tests to prevent regressions.
Changes:
- Add bounds checks for TPM NV auth buffers (both tool and runtime) and validate FDT string offsets/termination.
- Fix store header table scan bounds (PSA/PKCS11) and correct SDHCI response bit spanning logic.
- Introduce shared OTP block rounding helper and add multiple new unit tests + unit-test build integration.
Reviewed changes
Copilot reviewed 17 out of 18 changed files in this pull request and generated 7 comments.
Show a summary per file
| File | Description |
|---|---|
| tools/unit-tests/unit-tpm-check-rot-auth.c | New unit test for oversized TPM keystore auth handling. |
| tools/unit-tests/unit-sdhci-response-bits.c | New unit test for SDHCI response bit extraction edge case. |
| tools/unit-tests/unit-rot-auth.c | New unit test covering oversized auth input in TPM RoT tool path. |
| tools/unit-tests/unit-psa_store.c | Adds unit test to ensure header search does not scan past header sector. |
| tools/unit-tests/unit-pkcs11_store.c | Adds unit test to ensure header search does not scan past header sector. |
| tools/unit-tests/unit-hal-otp.c | New unit tests for OTP block rounding helper behavior. |
| tools/unit-tests/unit-fdt.c | New unit tests for FDT string offset validation. |
| tools/unit-tests/Makefile | Adds/builds new unit test executables and per-test flags (e.g., WOLFBOOT_FDT). |
| tools/tpm/rot.c | Reject oversized auth buffer before copying into TPM handle auth buffer. |
| src/tpm.c | Guard TPM keystore auth copy with buffer-size check. |
| src/sdhci.c | Fix response bit-span check when extraction crosses a 32-bit word boundary. |
| src/psa_store.c | Fix object header search loop bounds to stop at end of header sector. |
| src/pkcs11_store.c | Fix object header search loop bounds to stop at end of header sector. |
| src/libwolfboot.c | Fix PKCS11 init state variable name typo. |
| src/fdt.c | Add stroffset range checking and bounded string termination search in string table. |
| include/hal_otp.h | New inline helper for rounding OTP blocks needed for a given length. |
| hal/stm32h5.c | Use shared OTP rounding helper and correct bitmap shift constant type. |
| .gitignore | Ignore newly added unit test binaries. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
danielinux
force-pushed
the
fixes-20260330
branch
from
2873655 to
918e00c
Compare
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 17 out of 18 changed files in this pull request and generated 2 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
mattia-moffa
left a comment
mattia-moffa
left a comment
There was a problem hiding this comment.
Everything else looks good
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 17 out of 18 changed files in this pull request and generated 4 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
I've also simplified the PKCS11 test by using pre-provisioned keys since it was non-deterministically failing |
F/1481 - Validate FDT string offsets (
cd7cb799)F/1482 - Guard TPM keystore auth in
check_rot(9a5fbee5)F/1480 - Reject oversized TPM ROT auth input (
1cb6c750)F/1472 - Fix store header search bounds (
ec094fca)F/1475 - Fix stm32h5 OTP readonly block rounding (
3a1b48b6)F/1474 - Fix PKCS11 init state typo (
bf55be2f)F/1471 - Fix SDHCI response bit span check (
2cd09f70)