Improve ARMORED code + minor fixes

[danielinux]

ARMORED=1

• Improved fault mitigation: more redundancy, hardened
• Added redundancy to ML_DSA verification

STM32_TZ SAU:

• Set UPDATE partition to secure. It is only accessed via NSC when the application is running
• flash_top_secure in hal_tz_sau_init to the same range

Fixes:

• Bug preventing rollback in case of ARMORED=1.
• rolled-back image state handling: force update flags on rollback. Set success after complete rollback.

[Copilot]

Pull request overview

This PR enhances fault mitigation in ARMORED mode with improved redundancy checks, adds ARMORED support for ML_DSA signature verification, fixes rollback handling bugs, and reconfigures STM32 TrustZone SAU regions to set the UPDATE partition as secure.

Changes:

• Enhanced ARMORED mode with additional redundancy in signature verification and version checking
• Added redundant verification checks for ML_DSA signatures when ARMORED=1
• Fixed rollback logic to properly handle version checks and state transitions with ARMORED enabled
• Reconfigured STM32_TZ SAU to mark UPDATE partition as secure and adjusted flash region mappings

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 6 comments.

Show a summary per file

File	Description
tools/test.mk	Updated size limits for test targets to accommodate increased code size from ARMORED enhancements
src/update_flash.c	Added rollback detection logic, refactored version check to work with ARMORED, and improved rollback state handling
src/image.c	Added ARMORED redundancy checks to ML_DSA verification and updated signature verification macros
include/image.h	Refactored VERIFY_VERSION_ALLOWED macro for both GCC and IAR with improved redundancy and changed signed to unsigned comparisons
hal/stm32_tz.c	Reconfigured SAU regions to mark UPDATE partition as secure with dynamic flash_top_secure calculation

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The clobbered registers list for the IAR version is missing 'lr', 'cc', and 'memory' compared to the GCC version on line 620. Since this inline assembly calls functions with 'bl' instructions (which modifies 'lr') and performs comparisons (which modifies condition codes), these should be included in the clobber list to ensure the compiler preserves these registers correctly.

[Copilot]

The IAR version includes additional validation checks (lines 641-651) that trigger breakpoints if fb_ok is neither 0 nor 1, while the GCC version (lines 546-556) does not have equivalent validation. This inconsistency means the two compiler paths have different security hardening levels. Consider adding similar validation to the GCC version for consistency.

[Copilot]

The SAU configuration has been significantly changed. Region 1 now covers the entire flash window (0x08000000 to FLASH_TOP) as non-secure, while Region 2 marks only the UPDATE partition as secure. This means the BOOT partition is now accessible as non-secure via Region 1. Verify this is the intended behavior and that the BOOT partition doesn't need secure access protection during runtime. The description states the UPDATE partition is only accessed via NSC, but this configuration change may have broader security implications.

[rizlik]

NIT: can you use a constant instead of 0x08000000?

[rizlik]

I"m slightly confused here, if the FLASH_TOP is also the top of WOLFBOOT_PARTITION_UPDATE_ADDRESS then flash_top_secure stores the top bit only, otherwise it stores the full address. Is it on purpose?

[rizlik]

This makes the region NSC, not secure as mentioned by the comment on line 307

[rizlik]

do we need multiple b. here

[rizlik]

ditto

[rizlik]

do you think cmp cmp cmp cmp beq beq beq beq is a more robust pattern?

[rizlik]

NIT: do you think it make sense to call it fallback or in_fallback to match fallback_allowed?

[rizlik]

can you elaborate the reason of the fb_ok aliasing here?

[rizlik]

what's the reason of this?