Skip to content

Add WOLFSSL_BARMETAL macro #9426

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 5 commits into
base: master
Choose a base branch
from
Open

Add WOLFSSL_BARMETAL macro #9426

wants to merge 5 commits into from

Conversation

@jackctj117
Copy link
Contributor

@jackctj117 jackctj117 commented Nov 13, 2025
edited
Loading

Description

Adds --enable-baremetal configure option and WOLFSSL_BAREMETAL macro to simplify configuration for bare-metal embedded systems. This option encapsulates commonly-used defines for bare-metal environments into a single flag.

The WOLFSSL_BAREMETAL macro defines:

  • SINGLE_THREADED - No threading support
  • NO_DEV_RANDOM - No /dev/random access
  • NO_FILESYSTEM - No file system access
  • NO_WRITEV - No writev() system call
  • NO_STDIO_FILESYSTEM - No stdio-based file operations
  • WOLFSSL_NO_SOCK - No socket support
  • WOLFSSL_NO_GETPID - No process ID support
  • NO_ASN_TIME - Conditionally defined only when WOLFCRYPT_ONLY is also defined. For systems without RTC, this bypasses certificate date checking.

Important: Users must provide their own entropy source when using this configuration since NO_DEV_RANDOM is defined. Implement wc_GenerateSeed() with platform-specific hardware RNG.

Changes based on reviewer feedback:

  • Removed WOLFCRYPT_ONLY from the macro - users should enable it separately via --enable-cryptonly if needed
  • Made NO_ASN_TIME conditional on WOLFCRYPT_ONLY to avoid forcing certificate date checking to be disabled

Testing

Tested with autotools build system:

./autogen.sh
./configure --enable-baremetal
grep WOLFSSL_BAREMETAL wolfssl/options.h  # Verified macro is defined
# Verified NO_ASN_TIME is NOT defined with just --enable-baremetal
make clean && make

Tested with both flags:

./configure --enable-baremetal --enable-cryptonly
# Verified NO_ASN_TIME IS defined when WOLFCRYPT_ONLY is present
make clean && make

Tested with CMake build system:

mkdir build && cd build
cmake -DWOLFSSL_BAREMETAL=yes ..
make

Verified that WOLFSSL_BAREMETAL in settings.h correctly defines all component macros when enabled, and that NO_ASN_TIME is only defined when WOLFCRYPT_ONLY is also present.

Checklist

  • added tests
  • updated/added doxygen
  • updated appropriate READMEs
  • Updated manual and documentation

Review Focus Areas

  1. Conditional NO_ASN_TIME logic: Verify the #ifdef WOLFCRYPT_ONLY wrapper around NO_ASN_TIME is the intended behavior
  2. Placement in settings.h: Confirm the WOLFSSL_BAREMETAL block at line 345 doesn't conflict with later platform-specific blocks
  3. Entropy requirements: Users will need to provide their own wc_GenerateSeed() implementation - consider if this needs additional documentation

@jackctj117 jackctj117 self-assigned this Nov 13, 2025
@jackctj117 jackctj117 requested a review from dgarske November 13, 2025 20:58
dgarske
dgarske requested changes Nov 13, 2025
View reviewed changes
@devin-ai-integration @jackctj117
Address PR feedback: Make WOLFCRYPT_ONLY and NO_ASN_TIME optional
7593364 
- Remove WOLFCRYPT_ONLY from WOLFSSL_BAREMETAL macro
  Users should enable it separately via --enable-cryptonly

- Make NO_ASN_TIME conditional on WOLFCRYPT_ONLY
  Only define NO_ASN_TIME when WOLFCRYPT_ONLY is already defined
  Add comment explaining this is for systems without RTC

This allows users to use --enable-baremetal for bare-metal builds
without forcing crypto-only mode, while still providing the option
to disable certificate date checking when building crypto-only.

Co-Authored-By: [email protected] <[email protected]>
dgarske
dgarske requested changes Nov 13, 2025
View reviewed changes
Copy link
Contributor

@dgarske dgarske left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Very nice! Is it possible to setup a CI build to test this and add a bit of documentation like the PR description has?

dgarske
dgarske requested changes Nov 14, 2025
View reviewed changes
dgarske
dgarske requested changes Nov 14, 2025
View reviewed changes
@dgarske dgarske self-assigned this Nov 14, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dgarske dgarske dgarske approved these changes

At least 1 approving review is required to merge this pull request.

Assignees

@dgarske dgarske

@wolfSSL-Bot wolfSSL-Bot

@jackctj117 jackctj117

Labels

Not For This Release

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@jackctj117 @dgarske @wolfSSL-Bot