Merge branch 'master' of https://github.com/wolfSSL/wolfBoot into pr-cmake-improvements

Author: gojimmypi

.github/workflows/test-configs.yml

@@ -320,6 +320,12 @@ jobs:
       arch: arm
       config-file: ./config/examples/stm32h5-tz.config
 
+  stm32h5_tz_tpm_test:
+    uses: ./.github/workflows/test-build.yml
+    with:
+      arch: arm
+      config-file: ./config/examples/stm32h5-tz-tpm.config
+
   stm32h5_tz_dualbank_test:
     uses: ./.github/workflows/test-build.yml
     with:
@@ -463,6 +469,13 @@ jobs:
 
   # TODO: ti-tms570lc435.config requires CCS_ROOT
 
+  # Cannot run on CI without the SDK (see VORAGO_SDK_DIR)
+  # vorago_va416x0_test:
+  #   uses: ./.github/workflows/test-build.yml
+  #   with:
+  #     arch: arm
+  #     config-file: ./config/examples/vorago_va416x0.config
+
   x86_64_efi_test:
     uses: ./.github/workflows/test-build.yml
     with:

.github/workflows/test-renode-nrf52.yml

@@ -61,16 +61,23 @@ jobs:
 
 # LMS TEST
       - name: Renode Tests LMS-8-5-5
-        run: ./tools/renode/docker-test.sh "SIGN=LMS LMS_LEVELS=2 LMS_HEIGHT=5 LMS_WINTERNITZ=8 WOLFBOOT_SMALL_STACK=0 IMAGE_SIGNATURE_SIZE=2644 IMAGE_HEADER_SIZE=5288"
+        run: ./tools/renode/docker-test.sh "SIGN=LMS LMS_LEVELS=2 LMS_HEIGHT=5 LMS_WINTERNITZ=8 WOLFBOOT_SMALL_STACK=0 IMAGE_SIGNATURE_SIZE=2644 IMAGE_HEADER_SIZE=5288 WOLFBOOT_SECTOR_SIZE=0x2000"
 
 # XMSS TEST
       - name: Renode Tests XMSS-SHA2_10_256
-        run: ./tools/renode/docker-test.sh "SIGN=XMSS XMSS_PARAMS='XMSS-SHA2_10_256' WOLFBOOT_SMALL_STACK=0 IMAGE_SIGNATURE_SIZE=2500 IMAGE_HEADER_SIZE=5000"
+        run: ./tools/renode/docker-test.sh "SIGN=XMSS XMSS_PARAMS='XMSS-SHA2_10_256' WOLFBOOT_SMALL_STACK=0 IMAGE_SIGNATURE_SIZE=2500 IMAGE_HEADER_SIZE=5000 WOLFBOOT_SECTOR_SIZE=0x2000"
 
-# ML-DSA TEST
+# ML-DSA Level 2 TEST
       - name: Renode Tests ML-DSA-44
-        run: ./tools/renode/docker-test.sh "SIGN=ML_DSA ML_DSA_LEVEL=2 WOLFBOOT_SMALL_STACK=0 IMAGE_SIGNATURE_SIZE=2420 IMAGE_HEADER_SIZE=4840"
+        run: ./tools/renode/docker-test.sh "SIGN=ML_DSA ML_DSA_LEVEL=2 WOLFBOOT_SMALL_STACK=0 IMAGE_SIGNATURE_SIZE=2420 IMAGE_HEADER_SIZE=4840 WOLFBOOT_SECTOR_SIZE=0x2000"
 
+# ML-DSA Level 3 TEST
+      - name: Renode Tests ML-DSA-65
+        run: ./tools/renode/docker-test.sh "SIGN=ML_DSA ML_DSA_LEVEL=3 WOLFBOOT_SMALL_STACK=0 IMAGE_SIGNATURE_SIZE=3309 IMAGE_HEADER_SIZE=8192 WOLFBOOT_SECTOR_SIZE=0x2000"
+
+# ML-DSA Level 5 TEST
+      - name: Renode Tests ML-DSA-87
+        run: ./tools/renode/docker-test.sh "SIGN=ML_DSA ML_DSA_LEVEL=5 WOLFBOOT_SMALL_STACK=0 IMAGE_SIGNATURE_SIZE=4627 IMAGE_HEADER_SIZE=12288 WOLFBOOT_SECTOR_SIZE=0x3000"
 
       - name: Upload Output Dir
         uses: actions/upload-artifact@v4

.github/workflows/test-sunnyday-simulator.yml

@@ -104,12 +104,12 @@ jobs:
       - name: Run dualbank swap simulation
         run: |
           tools/scripts/sim-dualbank-swap-update.sh
-      
+
       - name: Cleanup before WOLFBOOT_SMALL_STACK test
         run: |
           make keysclean
           mv .config.orig .config
-      
+
       - name: Build wolfboot.elf (ECC256, WOLFBOOT_SMALL_STACK)
         run: |
           make clean && make test-sim-internal-flash-with-update SIGN=ECC256 WOLFBOOT_SMALL_STACK=1 SPMATH=1
@@ -617,10 +617,18 @@ jobs:
         run: |
           tools/scripts/sim-pq-sunnyday-update.sh config/examples/sim-xmss.config
 
-      - name: Run sunny day ML-DSA update test
+      - name: Run sunny day ML-DSA level 2 update test
         run: |
           tools/scripts/sim-pq-sunnyday-update.sh config/examples/sim-ml-dsa.config
 
+      - name: Run sunny day ML-DSA level 3 update test
+        run: |
+          tools/scripts/sim-pq-sunnyday-update.sh config/examples/sim-ml-dsa3.config
+
+      - name: Run sunny day ML-DSA level 5 update test
+        run: |
+          tools/scripts/sim-pq-sunnyday-update.sh config/examples/sim-ml-dsa5.config
+
       # 64 Bit simulator, Hybrid auth ML_DSA + ECDSA
       #
       - name: make clean

Makefile

@@ -104,8 +104,12 @@ CFLAGS+= \
 
 # Setup default optimizations (for GCC)
 ifeq ($(USE_GCC_HEADLESS),1)
-  CFLAGS+=-Wall -Wextra -Wno-main -ffreestanding -Wno-unused -nostartfiles
+  CFLAGS+=-Wall -Wextra -Wno-main -ffreestanding -nostartfiles
   CFLAGS+=-ffunction-sections -fdata-sections -fomit-frame-pointer
+  # Allow unused parameters and functions
+  CFLAGS+=-Wno-unused-parameter -Wno-unused-function
+  # Error on unused variables
+  CFLAGS+=-Wunused-variable
   LDFLAGS+=-Wl,-gc-sections -Wl,-Map=wolfboot.map -ffreestanding -nostartfiles
   # Not setting LDFLAGS directly since it is passed to the test-app
   LSCRIPT_FLAGS+=-T $(LSCRIPT)
@@ -402,6 +406,10 @@ $(LSCRIPT): $(LSCRIPT_IN) FORCE
 		sed -e "s/@ARCH_FLASH_OFFSET@/$(ARCH_FLASH_OFFSET)/g" | \
 		sed -e "s/@BOOTLOADER_PARTITION_SIZE@/$(BOOTLOADER_PARTITION_SIZE)/g" | \
 		sed -e "s/@WOLFBOOT_ORIGIN@/$(WOLFBOOT_ORIGIN)/g" | \
+		sed -e "s/@WOLFBOOT_KEYVAULT_ADDRESS@/$(WOLFBOOT_KEYVAULT_ADDRESS)/g" | \
+		sed -e "s/@WOLFBOOT_KEYVAULT_SIZE@/$(WOLFBOOT_KEYVAULT_SIZE)/g" | \
+		sed -e "s/@WOLFBOOT_NSC_ADDRESS@/$(WOLFBOOT_NSC_ADDRESS)/g" | \
+		sed -e "s/@WOLFBOOT_NSC_SIZE@/$(WOLFBOOT_NSC_SIZE)/g" | \
 		sed -e "s/@WOLFBOOT_PARTITION_BOOT_ADDRESS@/$(WOLFBOOT_PARTITION_BOOT_ADDRESS)/g" | \
 		sed -e "s/@WOLFBOOT_PARTITION_SIZE@/$(WOLFBOOT_PARTITION_SIZE)/g" | \
 		sed -e "s/@WOLFBOOT_PARTITION_UPDATE_ADDRESS@/$(WOLFBOOT_PARTITION_UPDATE_ADDRESS)/g" | \
@@ -465,7 +473,7 @@ utilsclean: clean
 	$(Q)$(MAKE) -C tools/test-update-server -s clean
 	$(Q)$(MAKE) -C tools/uart-flash-server -s clean
 	$(Q)$(MAKE) -C tools/unit-tests -s clean
-	$(Q)if [ "$(WOLFHSM_CLIENT)" = "1" ]; then $(MAKE) -C lib/wolfHSM/tools/whnvmtool -s clean; fi
+	$(Q)if [ "$(WOLFHSM_CLIENT)" = "1" ]; then $(MAKE) -C $(WOLFBOOT_LIB_WOLFHSM)/tools/whnvmtool -s clean; fi
 	$(Q)$(MAKE) -C tools/keytools/otp -s clean
 	$(Q)$(MAKE) -C tools/squashelf -s clean
 
@@ -480,6 +488,8 @@ include/target.h: $(TARGET_H_TEMPLATE) FORCE
 	$(Q)cat $(TARGET_H_TEMPLATE) | \
 	sed -e "s/@WOLFBOOT_PARTITION_SIZE@/$(WOLFBOOT_PARTITION_SIZE)/g" | \
 	sed -e "s/@WOLFBOOT_SECTOR_SIZE@/$(WOLFBOOT_SECTOR_SIZE)/g" | \
+	sed -e "s/@WOLFBOOT_NSC_ADDRESS@/$(WOLFBOOT_NSC_ADDRESS)/g" | \
+	sed -e "s/@WOLFBOOT_NSC_SIZE@/$(WOLFBOOT_NSC_SIZE)/g" | \
 	sed -e "s/@WOLFBOOT_PARTITION_BOOT_ADDRESS@/$(WOLFBOOT_PARTITION_BOOT_ADDRESS)/g" | \
 	sed -e "s/@WOLFBOOT_PARTITION_UPDATE_ADDRESS@/$(WOLFBOOT_PARTITION_UPDATE_ADDRESS)/g" | \
 	sed -e "s/@WOLFBOOT_PARTITION_SWAP_ADDRESS@/$(WOLFBOOT_PARTITION_SWAP_ADDRESS)/g" | \
@@ -531,6 +541,7 @@ cppcheck:
 	cppcheck -f --enable=warning --enable=portability \
 		--suppress="ctunullpointer" --suppress="nullPointer" \
 		--suppress="objectIndex" --suppress="comparePointers" \
+		--check-level=exhaustive \
 		--error-exitcode=89 --std=c89 src/*.c hal/*.c hal/spi/*.c hal/uart/*.c
 
 otp: tools/keytools/otp/otp-keystore-primer.bin FORCE

arch.mk

@@ -101,12 +101,14 @@ ifeq ($(ARCH),AARCH64)
     MATH_OBJS += $(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/sp_c32.o
     MATH_OBJS += $(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/sp_arm64.o
   endif
-  ifeq ($(NO_ARM_ASM),0)
+  ifneq ($(NO_ARM_ASM),1)
     ARCH_FLAGS=-mstrict-align
     CFLAGS+=$(ARCH_FLAGS) -DWOLFSSL_ARMASM -DWOLFSSL_ARMASM_INLINE -DWC_HASH_DATA_ALIGNMENT=8 -DWOLFSSL_AARCH64_PRIVILEGE_MODE
     WOLFCRYPT_OBJS += $(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/cpuid.o \
                       $(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/port/arm/armv8-sha512-asm_c.o \
-                      $(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/port/arm/armv8-sha3-asm_c.o
+                      $(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/port/arm/armv8-sha3-asm_c.o \
+                      $(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/port/arm/armv8-aes-asm_c.o \
+                      $(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/port/arm/armv8-sha256-asm_c.o
   endif
 endif
 
@@ -190,13 +192,14 @@ ifeq ($(ARCH),ARM)
     ARCH_FLASH_OFFSET=0x08000000
     SPI_TARGET=stm32
     ifneq ($(PKA),0)
-      PKA_EXTRA_OBJS+= $(STM32CUBE)/Drivers/STM32WBxx_HAL_Driver/Src/stm32wbxx_hal_pka.o  $(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/port/st/stm32.o
-      PKA_EXTRA_CFLAGS+=-DWOLFSSL_STM32_PKA -I$(STM32CUBE)/Drivers/STM32WBxx_HAL_Driver/Inc \
-          -Isrc -I$(STM32CUBE)/Drivers/BSP/P-NUCLEO-WB55.Nucleo/ -I$(STM32CUBE)/Drivers/CMSIS/Device/ST/STM32WBxx/Include \
-          -I$(STM32CUBE)/Drivers/STM32WBxx_HAL_Driver/Inc/ \
-          -I$(STM32CUBE)/Drivers/CMSIS/Include \
-          -Ihal \
-          -DSTM32WB55xx
+      PKA_EXTRA_OBJS+= $(STM32CUBE)/Drivers/STM32WBxx_HAL_Driver/Src/stm32wbxx_hal_pka.o $(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/port/st/stm32.o
+      PKA_EXTRA_CFLAGS+=-DWOLFSSL_STM32WB -DWOLFSSL_STM32_PKA -DWOLFSSL_STM32_CUBEMX -DNO_STM32_HASH -DSTM32WB55xx
+      PKA_EXTRA_CFLAGS+=-Isrc -Ihal \
+          -I$(STM32CUBE)/Drivers/STM32WBxx_HAL_Driver/Inc \
+          -I$(STM32CUBE)/Drivers/BSP/P-NUCLEO-WB55.Nucleo/ \
+          -I$(STM32CUBE)/Drivers/CMSIS/Device/ST/STM32WBxx/Include \
+          -I$(STM32CUBE)/Drivers/STM32WBxx_HAL_Driver/Inc \
+          -I$(STM32CUBE)/Drivers/CMSIS/Include
     endif
   endif
 
@@ -250,7 +253,6 @@ ifeq ($(ARCH),ARM)
     WOLFBOOT_ORIGIN=0x10000000
     ifeq ($(TZEN),1)
       LSCRIPT_IN=hal/$(TARGET).ld
-      CFLAGS+=-DTZEN
     else
       LSCRIPT_IN=hal/$(TARGET)-ns.ld
     endif
@@ -266,6 +268,26 @@ ifeq ($(ARCH),ARM)
      CFLAGS+=-DWOLFBOOT_USE_STDLIBC
   endif
 
+  ifeq ($(TARGET),va416x0)
+    CFLAGS+=-I$(WOLFBOOT_ROOT)/hal/vorago/ \
+            -I$(VORAGO_SDK_DIR)/common/drivers/hdr/ \
+            -I$(VORAGO_SDK_DIR)/common/mcu/hdr/ \
+            -I$(VORAGO_SDK_DIR)/common/utils/hdr/
+    SDK_OBJS=$(VORAGO_SDK_DIR)/common/drivers/src/va416xx_hal.o \
+             $(VORAGO_SDK_DIR)/common/drivers/src/va416xx_hal_spi.o \
+             $(VORAGO_SDK_DIR)/common/drivers/src/va416xx_hal_clkgen.o \
+             $(VORAGO_SDK_DIR)/common/drivers/src/va416xx_hal_ioconfig.o \
+             $(VORAGO_SDK_DIR)/common/drivers/src/va416xx_hal_irqrouter.o \
+             $(VORAGO_SDK_DIR)/common/drivers/src/va416xx_hal_uart.o \
+             $(VORAGO_SDK_DIR)/common/drivers/src/va416xx_hal_timer.o \
+             $(VORAGO_SDK_DIR)/common/mcu/src/system_va416xx.o
+    ifeq ($(USE_HAL_SPI_FRAM),1)
+      SDK_OBJS+=$(VORAGO_SDK_DIR)/common/utils/src/spi_fram.o
+      CFLAGS+=-DUSE_HAL_SPI_FRAM
+    endif
+    OBJS+=$(SDK_OBJS)
+  endif
+
 ## Cortex CPU
 
 ifeq ($(CORTEX_A5),1)
@@ -303,7 +325,6 @@ else
           $(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/port/arm/thumb2-chacha-asm.o \
           $(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/port/arm/thumb2-chacha-asm_c.o
 
-
     CORTEXM_ARM_EXTRA_CFLAGS+=-DWOLFSSL_ARMASM -DWOLFSSL_ARMASM_NO_HW_CRYPTO \
                               -DWOLFSSL_ARMASM_NO_NEON -DWOLFSSL_ARMASM_THUMB2
   endif
@@ -400,10 +421,6 @@ endif
 endif
 endif
 
-ifeq ($(TZEN),1)
-  CFLAGS+=-DTZEN
-endif
-
 
 ## Renesas RX
 ifeq ($(ARCH),RENESAS_RX)
@@ -673,6 +690,12 @@ ifeq ($(TARGET),mcxw)
       $(MCUXPRESSO_DRIVERS)/drivers/fsl_romapi.o
 endif
 
+ifeq ($(TARGET),nrf5340_net)
+  # Net core doesn't support DSP and FP
+  CFLAGS+=-mcpu=cortex-m33+nodsp+nofp
+  LDFLAGS+=-mcpu=cortex-m33+nodsp+nofp
+endif
+
 ifeq ($(TARGET),imx_rt)
   CFLAGS+=\
       -I$(MCUXPRESSO_DRIVERS) \
@@ -1160,15 +1183,15 @@ ifeq ($(ARCH), AURIX_TC3)
       # Common wolfHSM port files
       CFLAGS += -I$(WOLFHSM_INFINEON_TC3XX)/port -DWOLFHSM_CFG_DMA
       OBJS += $(WOLFHSM_INFINEON_TC3XX)/port/tchsm_common.o \
-	          $(WOLFHSM_INFINEON_TC3XX)/port/tchsm_hsmhost.o
+              $(WOLFHSM_INFINEON_TC3XX)/port/tchsm_hsmhost.o
       # General wolfHSM files
       OBJS += $(WOLFBOOT_LIB_WOLFHSM)/src/wh_transport_mem.o
 
       # NVM image generation variables
       WH_NVM_BIN ?= whNvmImage.bin
       WH_NVM_HEX ?= whNvmImage.hex
       WH_NVM_PART_SIZE ?= 0x8000
-	  # Default to base of HSM DFLASH1
+      # Default to base of HSM DFLASH1
       WH_NVM_BASE_ADDRESS ?= 0xAFC00000
 
       # Select config file based on certificate chain verification
@@ -1205,25 +1228,25 @@ ifeq ($(ARCH), AURIX_TC3)
 
       LSCRIPT_IN=hal/$(TARGET)_hsm.ld
 
-	  # wolfHSM port server-specific files
+      # wolfHSM port server-specific files
       ifeq ($(WOLFHSM_SERVER),1)
         USE_GCC_HEADLESS=0
 
         CFLAGS += -I$(WOLFHSM_INFINEON_TC3XX)/port/server
 
         OBJS += $(WOLFHSM_INFINEON_TC3XX)/port/server/port_halflash_df1.o \
-				$(WOLFHSM_INFINEON_TC3XX)/port/server/io.o \
-				$(WOLFHSM_INFINEON_TC3XX)/port/server/sysmem.o \
-				$(WOLFHSM_INFINEON_TC3XX)/port/server/tchsm_hh_hsm.o \
-				$(WOLFHSM_INFINEON_TC3XX)/port/server/tchsm_utils.o
-
-				# SW only for now, as we dont have the right protection macros
-				#$(WOLFHSM_INFINEON_TC3XX)/port/server/ccb_hsm.o \
-				#$(WOLFHSM_INFINEON_TC3XX)/port/server/tchsm_hash.o \
-				#$(WOLFHSM_INFINEON_TC3XX)/port/server/tchsm_aes.o \
-				#$(WOLFHSM_INFINEON_TC3XX)/port/server/tchsm_cmac.o \
-				#$(WOLFHSM_INFINEON_TC3XX)/port/server/tchsm_pk.o \
-				#$(WOLFHSM_INFINEON_TC3XX)/port/server/tchsm_trng.o
+          $(WOLFHSM_INFINEON_TC3XX)/port/server/io.o \
+          $(WOLFHSM_INFINEON_TC3XX)/port/server/sysmem.o \
+          $(WOLFHSM_INFINEON_TC3XX)/port/server/tchsm_hh_hsm.o \
+          $(WOLFHSM_INFINEON_TC3XX)/port/server/tchsm_utils.o
+
+        # SW only for now, as we dont have the right protection macros
+        #$(WOLFHSM_INFINEON_TC3XX)/port/server/ccb_hsm.o \
+        #$(WOLFHSM_INFINEON_TC3XX)/port/server/tchsm_hash.o \
+        #$(WOLFHSM_INFINEON_TC3XX)/port/server/tchsm_aes.o \
+        #$(WOLFHSM_INFINEON_TC3XX)/port/server/tchsm_cmac.o \
+        #$(WOLFHSM_INFINEON_TC3XX)/port/server/tchsm_pk.o \
+        #$(WOLFHSM_INFINEON_TC3XX)/port/server/tchsm_trng.o
       endif
 
       # HSM BSP specific object files

config/examples/nrf5340.config

@@ -26,8 +26,8 @@ QSPI_FLASH?=1
 # Flash is 4KB pages (app)
 WOLFBOOT_SECTOR_SIZE?=0x1000
 
-# Application offset (reserve 48KB for wolfBoot)
-WOLFBOOT_PARTITION_BOOT_ADDRESS?=0xC000
+# Application offset (reserve 64KB for wolfBoot)
+WOLFBOOT_PARTITION_BOOT_ADDRESS?=0x10000
 
 # Application Partition Size (952KB)
 WOLFBOOT_PARTITION_SIZE?=0xEE000

config/examples/nrf5340_net.config

@@ -30,8 +30,8 @@ ARCH_FLASH_OFFSET=0x01000000
 # Flash is 2KB pages
 WOLFBOOT_SECTOR_SIZE?=0x800
 
-# Application offset (reserve 48KB for wolfBoot)
-WOLFBOOT_PARTITION_BOOT_ADDRESS?=0x0100C000
+# Application offset (reserve 64KB for wolfBoot)
+WOLFBOOT_PARTITION_BOOT_ADDRESS?=0x01010000
 
 # Application Partition Size (184KB)
 WOLFBOOT_PARTITION_SIZE?=0x2E000

config/examples/sim-ml-dsa-ecc-hybrid.config

@@ -13,7 +13,8 @@ SIGN_SECONDARY=ECC384
 
 # sizes should be multiple of system page size
 WOLFBOOT_PARTITION_SIZE=0x40000
-WOLFBOOT_SECTOR_SIZE=0x1000
+# sector size must be larger than IMAGE_HEADER_SIZE
+WOLFBOOT_SECTOR_SIZE=0x2000
 WOLFBOOT_PARTITION_BOOT_ADDRESS=0x80000
 # if on external flash, it should be multiple of system page size
 WOLFBOOT_PARTITION_UPDATE_ADDRESS=0x100000

config/examples/sim-ml-dsa.config

@@ -49,7 +49,7 @@ IMAGE_HEADER_SIZE=8192
 # ML_DSA_LEVEL=5
 # IMAGE_SIGNATURE_SIZE=4627
 # IMAGE_HEADER_SIZE=12288
-# This example needsd larger sector size.
+# NOTE: This example needs larger sector size.
 # WOLFBOOT_SECTOR_SIZE=0x3000
 #
 

config/examples/sim-ml-dsa3.config

@@ -0,0 +1,52 @@
+# ML-DSA signature example, based on sim.config example.
+#
+# The acceptable parameter values are those in FIPS 204:
+#
+#   ML_DSA_LEVEL = {2, 3, 5}
+#
+# This corresponds to these security levels (from FIPS 204, Table 1.):
+#
+#               Claimed Security Strength
+#   ML-DSA-44      Category 2
+#   ML-DSA-65      Category 3
+#   ML-DSA-87      Category 5
+#
+# The signature, pub key, and priv key lengths are all a function
+# of this parameter. Refer to this table (from FIPS 204, Table 2.)
+# to configure your IMAGE_SIGNATURE_SIZE:
+#
+#   Table 2. Sizes (in bytes) of keys and signatures of ML-DSA
+#
+#               Private Key   Public Key   Signature Size
+#   ML-DSA-44      2560          1312         2420
+#   ML-DSA-65      4032          1952         3309
+#   ML-DSA-87      4896          2592         4627
+#
+
+ARCH=sim
+TARGET=sim
+SIGN=ML_DSA
+HASH=SHA256
+WOLFBOOT_SMALL_STACK=0
+SPI_FLASH=0
+DEBUG=0
+DELTA_UPDATES=0
+
+#
+# ML-DSA config examples:
+#
+# Category 3:
+ML_DSA_LEVEL=3
+IMAGE_SIGNATURE_SIZE=3309
+IMAGE_HEADER_SIZE=8192
+
+# sizes should be multiple of system page size
+WOLFBOOT_PARTITION_SIZE=0x40000
+WOLFBOOT_SECTOR_SIZE=0x2000
+WOLFBOOT_PARTITION_BOOT_ADDRESS=0x20000
+# if on external flash, it should be multiple of system page size
+WOLFBOOT_PARTITION_UPDATE_ADDRESS=0x60000
+WOLFBOOT_PARTITION_SWAP_ADDRESS=0xA0000
+
+# required for keytools
+WOLFBOOT_FIXED_PARTITIONS=1