Generic cryptocb support

[bigbrett]

Adds first-class support to wolfBoot for using crypto callbacks. The goal is to facilitate platform-specific hardware acceleration through cryptoCbs without requiring a ton of hard-coded/#ifdef blocks, or at least minimizing core library intrusiveness.

• Introduces 3 compile-time macros to allow configurable (and different) devIds for PK, hashing, and symmetric crypto operations. These default to INVALID_DEVID but can be set in options.mk/arch.mk for the platform.
• wolfHSM and renesas targets now leverage new scheme to set devIds

Known limitation: wolfBoot currently uses a wolfCrypt ECC API that DOES NOT dispatch to crypto callbacks. IMO this is something that should be changed in wolfCrypt, or an additional "non-raw" verify method should be introduced to wolfBoot that can be opt-in. This is left for a future PR.

Note: Renesas integration is a bit janky given the dual IDE and build system integration. Would like to see it tested it on real hardware.

[Copilot]

Pull request overview

Note

Copilot was unable to run its full agentic suite in this review.

Adds first-class crypto callback (cryptoCb) support to wolfBoot by introducing configurable per-class wolfCrypt devIds and a simulator-based CI test that verifies crypto dispatch through cryptoCb.

Changes:

• Introduces WOLFBOOT_DEVID_{HASH,PUBKEY,CRYPT} macros (default INVALID_DEVID) and updates crypto init paths to use them.
• Adds simulator cryptoCb callback + “sunnyday update” verification script and a GitHub Actions workflow to exercise many algorithm/config combinations.
• Updates Renesas and wolfHSM build/config wiring to set devIds using the new abstraction.

Reviewed changes

Copilot reviewed 12 out of 12 changed files in this pull request and generated 14 comments.

Show a summary per file

File	Description
tools/scripts/sim-cryptocb-sunnyday-update.sh	New script to run simulator update flow and grep cryptoCb dispatch in logs
src/libwolfboot.c	Routes AES init and device registration through WOLFBOOT_DEVID_CRYPT
src/image.c	Routes PK + hash init through WOLFBOOT_DEVID_* devId macros
options.mk	Adds sim cryptoCb test toggles + wires wolfHSM devId macros
include/wolfboot/wolfboot.h	Defines default per-class devId macros
include/user_settings.h	Renesas devId adjustments + forward declaration for WC_RNG when needed
hal/sim.c	Adds simulator cryptoCb implementation + registers callback + flush before exec
arch.mk	Renesas RX TSIP assigns pubkey/crypt devIds
IDE/Renesas/e2studio/RZN2L/user_settings.h	Sets WOLFBOOT_DEVID_{PUBKEY,CRYPT} for RSIP
IDE/Renesas/e2studio/RX72N/include/user_settings.h	Sets WOLFBOOT_DEVID_{PUBKEY,CRYPT} for TSIP
IDE/Renesas/e2studio/RA6M4/wolfBoot/user_settings.h	Sets RENESAS_DEVID and WOLFBOOT_DEVID_{PUBKEY,CRYPT} for SCE
.github/workflows/test-cryptocb-simulator.yml	New CI workflow to validate cryptoCb dispatch across many configs

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Pull request overview

Copilot reviewed 13 out of 13 changed files in this pull request and generated 5 comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.