Hello kind folks at wolfSSL Support,

I had missed that this was the official support channels. I first wanted to see if I could remedy it myself, but I might need your help yes.

First I wanted to know if there were some things I might have missed when compiling with debug flags? Right now I am intrigued to find that the example in debug mode AND the application in release mode are verified fine but not the application in debug mode.

This is for a commercial effort.

Specifically, we are using STMH753ZIT6

I have successfully booted
- my custom application when it is compiled with speed optimisation -O3 (although it will crash later down the line, need to access to debugger to figure out why)
- the test-app wolfBoot/hal/stm32h7.c with the debug flags

Hash generated from tools/keytools/sign differs from the sha256 calculated from the bootloader when I compile my application with -g -g3 or -Ofast -g

To be precise, it fails in the integrity check (verified using wolfboot config DEBUG=1)

int wolfBoot_start(void)
{
    struct wolfBoot_image os_image;
    int ret = 0;
    memset(&os_image, 0, sizeof(os_image));

    os_image.hdr = (uint8_t*)gImage;

    if ((ret = wolfBoot_open_image_address(&os_image, (uint8_t*)gImage)) < 0) {
        goto exit;
    }

    if ((ret = wolfBoot_verify_integrity(&os_image)) < 0) {
        goto exit; // <= Application images compiled with debug flags fail this check
    }

    if ((ret = wolfBoot_verify_authenticity(&os_image)) < 0) {
        goto exit;
    }

    wolfBoot_printf("Firmware Valid\n");

    do_boot((uint32_t*)os_image.fw_base);
    /* ... */
}

Are there any tips as to what I should look to integrate my app with the bootloader? I have exhausted all online docs I could find.

The app was created long before we needed a bootloader, so there had been no considerations taken. It is an STM32h7 project mostly bootstrapped with CubeMX.

WolfBoot version v2.5.0

My project file tree

/build.sh
/CMakeLists.txt
/bootloader/wolfBoot/
link_with_bootloader.ld
link_no_bootloader.ld
/* ... Application source files ... */

I have zip'ped relevant build files as an attachment

ARCH?=ARM
TARGET?=stm32h7
SIGN?=ECC256
HASH?=SHA256
DEBUG?=1
DEBUG_UART?=0
VTOR?=1
NO_ASM?=0
EXT_FLASH?=0
SPI_FLASH?=0
QSPI_FLASH?=0
OCTOSPI_FLASH?=0
ALLOW_DOWNGRADE?=0
NVM_FLASH_WRITEONCE?=0
WOLFBOOT_VERSION?=1
V?=0
SPMATH?=1
RAM_CODE?=0
DUALBANK_SWAP?=0
WOLFBOOT_PARTITION_SIZE?=0xC0000
WOLFBOOT_SECTOR_SIZE?=0x20000
WOLFBOOT_PARTITION_BOOT_ADDRESS?=0x8020000
WOLFBOOT_PARTITION_UPDATE_ADDRESS?=0x80E0000
WOLFBOOT_PARTITION_SWAP_ADDRESS?=0x81A0000
CFLAGS_EXTRA?=-mfloat-abi=hard -mfpu=fpv4-sp-d16
PULL_LINKER_DEFINES?=1

Notes

- I always bin-assemble the bootloader.bin and the application_v1_signed.bin into a factory.bin before flashing it to the target
- I changed the WOLFBOOT_PARTITION_SIZE from 0xD0000 to 0xC0000, because 0xD0000 is NOT a multiple of WOLFBOOT_SECTOR_SIZE=0x20000
- I made an early return in the clock setup for the bootloader. My board is custom and the configuration failed when setting up the external high-speed oscillator (HSE)

/* This implementation will setup HSI RC 64 MHz as System Clock Source */
static void clock_pll_on(int powersave)
{
    /* ... */
    pllm = 1;
    plln = 120;
    pllp = 2;
    pllq = 20;
    pllr = 2;
    d1cpre =   RCC_PRESCALER_DIV_NONE;
    hpre  =    RCC_PRESCALER_DIV_2;
    d1ppre =  (RCC_PRESCALER_DIV_2 >> 1);
    d2ppre1 = (RCC_PRESCALER_DIV_2 >> 1);
    d2ppre2 = (RCC_PRESCALER_DIV_2 >> 1);
    d3ppre =  (RCC_PRESCALER_DIV_2 >> 1);
    flash_waitstates = 4;

    flash_set_waitstates(flash_waitstates);

    /* Enable internal high-speed oscillator. */
    RCC_CR |= RCC_CR_HSION;
    DMB();
    while ((RCC_CR & RCC_CR_HSIRDY) == 0) {};

    /* Select HSI as SYSCLK source. */
    reg32 = RCC_CFGR;
    reg32 &= ~((1 << 2) |(1 << 1) | (1 << 0));
    RCC_CFGR = (reg32 | RCC_CFGR_SW_HSISYS);
    DMB();
    return; // <= Early return
    /* Enable external high-speed oscillator. */
    reg32 = RCC_CR;
    reg32 |= RCC_CR_HSEBYP;
    /* ... */
}