Example for wolfCrypt PUF on STM32H5#565
Conversation
danielinux
left a comment
danielinux
left a comment
There was a problem hiding this comment.
Check availability of PUF_TEST=0 option
There was a problem hiding this comment.
Pull request overview
Note
Copilot was unable to run its full agentic suite in this review.
Adds a new bare‑metal SRAM PUF example demonstrating wolfCrypt’s PUF enrollment/reconstruction and key derivation on STM32H5 (NUCLEO‑H563ZI).
Changes:
- Adds a self-contained PUF example app (startup, linker script, STM32 UART/TRNG HAL, wolfCrypt settings).
- Adds build system + documentation for test mode vs real SRAM mode.
- Updates top-level docs and ignores the example’s build output directory.
Reviewed changes
Copilot reviewed 8 out of 9 changed files in this pull request and generated 8 comments.
Show a summary per file
| File | Description |
|---|---|
| puf/user_settings.h | Minimal wolfCrypt configuration enabling SRAM PUF + dependencies for bare-metal use |
| puf/stm32.c | STM32H5 bare-metal UART printf retarget + TRNG-based custom RAND block generator + HAL init |
| puf/startup.c | Minimal Cortex‑M startup: vector table, Reset_Handler, SystemInit |
| puf/main.c | PUF demo flow (test mode synthetic SRAM; hardware path reads NOLOAD SRAM section) |
| puf/linker.ld | Linker script reserving a NOLOAD SRAM region for PUF raw bytes |
| puf/README.md | Build/flash/run docs for the example + API usage notes |
| puf/Makefile | Standalone build for the example (PUF_TEST switch, pulls required wolfCrypt sources) |
| README.md | Adds a pointer to the new puf/ example |
| .gitignore | Ignores puf/Build artifacts |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
danielinux
left a comment
danielinux
left a comment
There was a problem hiding this comment.
Tested with emulator:
-
make -C puf PUF_TEST=0
The build switch is now wired correctly in puf/Makefile:29 and documented in puf/README.md:39. The hardware path now includes an explicit reconstruction/self-check flow in puf/main.c:277.I reran it under m33mu:
- --puf-seed 0x1
- enrollment identity: 0953b0685892eff9259d7f21642795bdacb2d86dd50b31229e25937a9bf1f5b7
- reconstructed identity matched
- enrollment key: 370a69677beeb5af426bb65a7579b80ca88329708b598de8087faffa82062c7f
- reconstructed key matched
- --puf-seed 0x1 --puf-noise 2
- enrollment identity: 49760781a942fb63e5a96e7c8d46dde422978ca79c353290f8019b0d01519098
- reconstructed identity matched
- enrollment key: f295936a25161baf212147a8a0c0d89577f7f9932b378e6714742285e22ae23b
- reconstructed key matched
- --puf-seed 0x1 --puf-cold-boot 1 --puf-noise 2
- enrollment identity: 56feda60f16fa40ab1e4a6e8d2490d0c239ecae540dc7a630ede49b39d80557a
- reconstructed identity matched
- enrollment key: 691bdf4454563ab133536267327cb614ae5b455204f6d2e447aa057185f284a2
- reconstructed key matched
So the reconstruction comments were addressed in the code, and the updated example passes under m33mu with deterministic SRAM and with seeded noise.
No description provided.