wolfSSL
diff --git a/‎.editorconfig‎
Lines changed: 0 additions & 11 deletions b/‎.editorconfig‎
Lines changed: 0 additions & 11 deletions
diff --git a/‎.github/workflows/test-build-cmake-dot-config.yml‎
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/test-build-cmake-dot-config.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/test-library.yml‎
Lines changed: 92 additions & 6 deletions b/‎.github/workflows/test-library.yml‎
Lines changed: 92 additions & 6 deletions
diff --git a/‎.github/workflows/test-vscode.yml‎
Lines changed: 109 additions & 0 deletions b/‎.github/workflows/test-vscode.yml‎
Lines changed: 109 additions & 0 deletions
diff --git a/‎.vscode/launch.json‎
Lines changed: 0 additions & 20 deletions b/‎.vscode/launch.json‎
Lines changed: 0 additions & 20 deletions
diff --git a/‎.vscode/settings.json‎
Lines changed: 0 additions & 11 deletions b/‎.vscode/settings.json‎
Lines changed: 0 additions & 11 deletions
diff --git a/‎.vscode/tasks.json‎
Lines changed: 0 additions & 35 deletions b/‎.vscode/tasks.json‎
Lines changed: 0 additions & 35 deletions
diff --git a/‎CMakeLists.txt‎
Lines changed: 1 addition & 1 deletion b/‎CMakeLists.txt‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎IDE/VSCode/README.md‎
Lines changed: 2 additions & 2 deletions b/‎IDE/VSCode/README.md‎
Lines changed: 2 additions & 2 deletions
@@ -99,4 +99,4 @@ jobs:
             fi
 
             # Sample build
-            cmake --build build-stm32h7 -j
+            cmake --build build-stm32h7 --parallel 8
@@ -41,6 +41,7 @@ jobs:
     steps:
       - uses: actions/checkout@v4
         with:
+          clean: true
           submodules: true
 
       - name: make clean
@@ -54,28 +55,89 @@ jobs:
           HASH: ${{ matrix.hash }}
           MATH: ${{ matrix.math }}
         run: |
+          # Test various library parameters
+
+          export MAKE_SIGN="${ASYM^^}"
+          export MAKE_HASH="${HASH^^}"
+          export MAKE_MATH='${{ matrix.math }}' # e.g., "SPMATH=1 WOLFBOOT_SMALL_STACK=1"
+          export PRIVATE_KEY="wolfboot_signing_private_key.der"
+
+          echo "This MAKE_SIGN=$MAKE_SIGN"
+          echo "This MAKE_HASH=$MAKE_HASH"
+          echo "This MAKE_MATH=$MAKE_MATH"
+
           # Sample build
           build_once() {
               # Convert asym and hash to upper case, optionally add additional param
-              make -j test-lib SIGN=${ASYM^^} HASH=${HASH^^} ${MATH} "$@"
+              echo "Build test-lib..."
+              echo "make -j1 test-lib SIGN=${MAKE_SIGN} HASH=${MAKE_HASH} ${MATH} \"$@\""
+                    make -j1 test-lib SIGN=${MAKE_SIGN} HASH=${MAKE_HASH} ${MATH}  "$@"
           }
 
           set -euo pipefail
 
           # Get the reference config
           cp config/examples/library.config .config
 
+          # peek
+          echo "Existing files?"
+          if [ -f "src/keystore.c" ]; then
+            echo "WARNING: Found unexpected src/keystore.c"
+          fi
+          if [ -f "include/target.h" ]; then
+            echo "WARNING: Found unexpected include/target.h"
+          fi
+          if [ -f "keystore.der" ]; then
+            echo "WARNING: Found unexpected keystore.der"
+          fi
+          if [ -f "wolfboot_signing_private_key.der" ]; then
+            echo "WARNING: Found unexpected wolfboot_signing_private_key.der"
+          fi
+          if [ -f "./tools/keytools/keystore.der" ]; then
+            echo "WARNING: Found unexpected ./tools/keytools/keystore.der"
+          fi
+          if [ -f "./tools/keytools/wolfboot_signing_private_key.der" ]; then
+            echo "WARNING: Found unexpected ./tools/keytools/wolfboot_signing_private_key.der"
+          fi
+
           # Keytools
-          make keytools
-          ./tools/keytools/keygen --${ASYM} -g wolfboot_signing_private_key.der
+          echo ""
+          echo "make -j1 keytools SIGN=\"${MAKE_SIGN}\" HASH=\"${MAKE_HASH}\" $MATH"
+                make -j1 keytools SIGN="${MAKE_SIGN}"   HASH="${MAKE_HASH}"   $MATH
+
+          # Generate keys
+          echo ""
+          echo "./tools/keytools/keygen --${ASYM} -g wolfboot_signing_private_key.der"
+                ./tools/keytools/keygen --${ASYM} -g wolfboot_signing_private_key.der
+
+          # Force fresh files
+          # peek
+          echo "Existing files?"
+          if [ -f "src/keystore.c" ]; then
+            echo "Found unexpected src/keystore.c"
+          fi
+          if [ -f "include/target.h" ]; then
+            echo "Found unexpected include/target.h"
+          fi
+          if [ -f "keystore.der" ]; then
+            echo "Found unexpected keystore.der"
+          fi
+          if [ -f "wolfboot_signing_private_key.der" ]; then
+            echo "Found unexpected wolfboot_signing_private_key.der"
+          fi
 
           # Sign
+          echo ""
           echo "Test" > test.bin
-          ./tools/keytools/sign --${ASYM} --${HASH} test.bin wolfboot_signing_private_key.der 1
+          echo "Sign test.bin"
+          echo "./tools/keytools/sign --${ASYM} --${HASH} test.bin wolfboot_signing_private_key.der 1"
+                ./tools/keytools/sign --${ASYM} --${HASH} test.bin wolfboot_signing_private_key.der 1
 
           # First attempt
           if build_once >build.out 2>build.err; then
             echo "Success on first attempt, WOLFBOOT_HUGE_STACK not applied."
+            cat build.out
+            cat build.err
             exit 0
           fi
 
@@ -90,12 +152,16 @@ jobs:
             build_once WOLFBOOT_HUGE_STACK=1
           else
             echo "Build failed for another reason:"
+            cat build.out
             cat build.err
             exit 1
           fi
 
       - name: Run test-lib
         run: |
+          # Check test_v1_signed.bin
+
+          echo "./test-lib test_v1_signed.bin"
           ./test-lib test_v1_signed.bin
           ./test-lib test_v1_signed.bin 2>&1 | grep "Firmware Valid"
 
@@ -104,5 +170,25 @@ jobs:
           # Corrupt signed binary
           truncate -s -1 test_v1_signed.bin
           echo "A" >> test_v1_signed.bin
-          ./test-lib test_v1_signed.bin
-          ./test-lib test_v1_signed.bin 2>&1 | grep "Failure"
+
+          # Run once, capture output and status
+          set +e
+          output=$(./test-lib test_v1_signed.bin 2>&1)
+          status=$?
+          set -e
+
+          echo "$output"
+
+          # Must have failed (non-zero exit)
+          if [ $status -eq 0 ]; then
+            echo "Expected failure, but exit code was 0"
+            exit 1
+          fi
+
+          # Must include the expected Failure message
+          echo "$output" | grep -F "Failure" >/dev/null || {
+            echo "Expected 'Failure' not found in output"
+            exit 1
+          }
+
+          echo "Got expected non-zero exit and 'Failure' message."
@@ -0,0 +1,109 @@
+name: wolfBoot VSCode
+
+on:
+  push:
+    # TODO: branches: [ 'master', 'main', 'release/**' ]
+    branches: [ '*' ]
+  pull_request:
+    branches: [ '*' ]
+  workflow_dispatch:
+    inputs:
+      workspace_path:
+        description: "Path to the .code-workspace file"
+        required: true
+        default: "IDE/VSCode/wolfBoot.code-workspace"
+      cmake_list_presets:
+        description: "Also run 'cmake --list-presets'"
+        required: true
+        default: "true"
+
+jobs:
+  check:
+    runs-on: ubuntu-latest
+    # Provide fallbacks when not workflow_dispatch
+    env:
+      WORKSPACE_PATH: ${{ github.event_name == 'workflow_dispatch' && inputs.workspace_path || 'IDE/VSCode/wolfBoot.code-workspace' }}
+      CMAKE_LIST: ${{ github.event_name == 'workflow_dispatch' && inputs.cmake_list_presets || 'true' }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Install Python and CMake deps
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y python3 python3-pip ninja-build
+          cmake --version
+          ninja --version
+
+      - name: Validate workspace JSONC and folder paths
+        shell: python3 {0}
+        env:
+          WORKSPACE_PATH: ${{ env.WORKSPACE_PATH }}
+        run: |
+          import os, sys, re, json, pathlib
+          print("pwd:", pathlib.Path(".").resolve())
+          ws_rel = os.environ.get("WORKSPACE_PATH", "").strip()
+          print("WORKSPACE_PATH:", ws_rel or "<EMPTY>")
+
+          if not ws_rel:
+              print("WORKSPACE_PATH input is required", file=sys.stderr)
+              sys.exit(2)
+
+          ws = pathlib.Path(ws_rel)
+          if not ws.exists():
+              print(f"Workspace file not found: {ws}", file=sys.stderr)
+              sys.exit(3)
+
+          txt = ws.read_text(encoding="utf-8", errors="replace")
+          # strip /* */ and // comments (JSONC -> JSON)
+          txt = re.sub(r"/\*.*?\*/", "", txt, flags=re.S)
+          txt = re.sub(r"//.*", "", txt)
+          try:
+              data = json.loads(txt)
+          except Exception:
+              print("Failed to parse workspace as JSON after removing comments.", file=sys.stderr)
+              raise
+
+          folders = data.get("folders", [])
+          if not isinstance(folders, list) or not folders:
+              print("No 'folders' defined in workspace.", file=sys.stderr)
+              sys.exit(4)
+
+          ws_dir = ws.parent.resolve()
+          errors = 0
+          for idx, item in enumerate(folders):
+              if not isinstance(item, dict):
+                  print(f"folders[{idx}] is not an object", file=sys.stderr)
+                  errors += 1
+                  continue
+              path = item.get("path"); uri = item.get("uri")
+              if path is None and uri is None:
+                  print(f"folders[{idx}] missing 'path' or 'uri'", file=sys.stderr)
+                  errors += 1
+                  continue
+              if path is not None:
+                  if not isinstance(path, str):
+                      print(f"folders[{idx}].path is not a string", file=sys.stderr)
+                      errors += 1
+                  else:
+                      resolved = (ws_dir / path).resolve()
+                      print(f"[ok] folders[{idx}] path='{path}' -> '{resolved}'")
+                      if not resolved.exists():
+                          print(f"[warn] resolved path does not exist on runner: {resolved}", file=sys.stderr)
+              if uri is not None:
+                  print(f"[info] folders[{idx}] uses 'uri': {uri}")
+
+          if errors:
+              sys.exit(5)
+
+          settings = data.get("settings", {})
+          if settings and not isinstance(settings, dict):
+              print("settings is not an object", file=sys.stderr)
+              sys.exit(6)
+
+          print("Workspace JSONC and folder paths look sane.")
+
+      - name: List CMake presets (optional)
+        if: ${{ env.CMAKE_LIST == 'true' }}
+        run: |
+          cmake --list-presets || true
@@ -1413,7 +1413,7 @@ if(NOT SIGN STREQUAL "NONE")
     add_custom_command(
         OUTPUT ${KEYSTORE} ${WOLFBOOT_SIGNING_PRIVATE_KEY}
         COMMAND "${KEYGEN_TOOL}" ${KEYTOOL_OPTIONS}
-                # --no-overwrite # not yet, see https://github.com/wolfSSL/wolfBoot/pull/636
+                --no-overwrite
                 -g ${WOLFBOOT_SIGNING_PRIVATE_KEY}
                 -keystoreDir ${CMAKE_CURRENT_BINARY_DIR}
         DEPENDS ${KEYGEN_TOOL}
 
@@ -33,7 +33,7 @@ set(USE_DOT_CONFIG false)
 
 ### VS Code extensions
 
-- CMake Tools (ms-vscode.cmake-tools)
+- [CMake Tools (ms-vscode.cmake-tools)](https://marketplace.visualstudio.com/items?itemName=ms-vscode.cmake-tools)
 - C/C++ (ms-vscode.cpptools)
 - Cortex-Debug (marus25.cortex-debug)
 
@@ -45,7 +45,7 @@ cmake, ninja-build, gcc-arm-none-eabi, openocd
 
 #### Windows path:
 
-Windows path: CMake, Ninja, Arm GNU Toolchain, OpenOCD (or ST's OpenOCD)
+Windows path: CMake, Ninja, Arm GNU Toolchain, OpenOCD (or STâ€™s OpenOCD)
 
 Install via PowerShell (will need to restart VSCode):