Merge pull request #642 from danielinux/prepare-release-2.7.0

Updated ChangeLog & version number.

Author: LinuxJedi

.github/workflows/test-build-cmake-mac.yml

@@ -34,41 +34,36 @@ jobs:
       HOMEBREW_NO_AUTO_UPDATE: "1"    # avoid updating taps during install
       HOMEBREW_NO_ANALYTICS: "1"
       HOMEBREW_CURL_RETRIES: "6"      # ask curl inside brew to retry
+      HOMEBREW_NO_INSTALL_CLEANUP: "1"
 
     steps:
       - name: Checkout (with submodules)
         uses: actions/checkout@v4
         with:
           submodules: true
 
-      - name: Cache Homebrew bottles # downloads (so retries don't redownload)
-        uses: actions/cache@v4
-        with:
-          path: |
-            ~/Library/Caches/Homebrew
-            /Users/runner/Library/Caches/Homebrew
-          key: homebrew-${{ runner.os }}-mac14-cmake-gcc-newlib
-          restore-keys: |
-            homebrew-${{ runner.os }}-
-
       - name: Install toolchain and build tools
         run: |
-          # Install with step throttle to hopefully avoid stuck jobs
-
           set -euxo pipefail
 
-          throttle_delay=5
-          brew update
+          # Keep Homebrew pinned on the runner; only install what we need.
+          brew list cmake >/dev/null 2>&1 || brew install --force-bottle cmake
+          brew list ninja >/dev/null 2>&1 || brew install --force-bottle ninja
+
+          # Fetch ARM GCC directly (avoid Homebrew cask checksum churn)
+          ARM_GCC_VERSION="14.3.rel1"
+          ARM_GCC_BASENAME="arm-gnu-toolchain-${ARM_GCC_VERSION}-darwin-arm64-arm-none-eabi"
+          ARM_GCC_TARBALL="${ARM_GCC_BASENAME}.tar.xz"
+          ARM_GCC_URL="https://developer.arm.com/-/media/Files/downloads/gnu/${ARM_GCC_VERSION}/binrel/${ARM_GCC_TARBALL}"
+          ARM_GCC_DIR="$HOME/.local/arm-gcc"
 
-          sleep "$throttle_delay"
-          brew install --force-bottle cmake
+          rm -rf "${ARM_GCC_DIR}"
+          mkdir -p "${ARM_GCC_DIR}"
 
-          sleep "$throttle_delay"
-          brew install --force-bottle ninja
+          curl -L --retry 3 --retry-delay 5 -o "${ARM_GCC_TARBALL}" "${ARM_GCC_URL}"
+          tar -xJf "${ARM_GCC_TARBALL}" -C "${ARM_GCC_DIR}"
 
-          # Use cask to include headers such as <stdlib.h>
-          sleep "$throttle_delay"
-          brew install --cask gcc-arm-embedded
+          echo "${ARM_GCC_DIR}/${ARM_GCC_BASENAME}/bin" >> "$GITHUB_PATH"
 
       - name: Probe ARM GCC (paths + smoke build)
         run: |

.github/workflows/test-build-cmake-presets.yml

@@ -58,13 +58,10 @@ jobs:
       # Currently only supported on Ubuntu
 
       # ARM GCC toolchain (adds the bin dir to PATH)
-      - name: Set up ARM none-eabi GCC 14.x
-        if: matrix.target != 'sim'
-        uses: carlosperate/arm-none-eabi-gcc-action@v1
-        with:
-          release: "14.2.Rel1" # <-- use 'release', not 'version'
-          path-env-var: ARM_NONE_EABI_GCC_PATH
-
+      - name: Set up ARM none-eabi GCC
+        run: |
+          sudo apt update
+          sudo apt install -y gcc-arm-none-eabi
 
       - name: List all environment variables
         run: |

README.md

@@ -646,3 +646,32 @@ For Visual Studio, the developer command prompt will need to be activated.
     * wolfPKCS11: latest (ddeb887)
     * wolfHSM: latest (e0b2019)
 
+### V 2.7.0 - (2025-11-26)
+  * New hardware targets
+    * Vorago VA416x0 (new HAL, linker scripts, test application, and programming helpers)
+    * Nordic nRF5340 TrustZone build and configuration
+  * Improvements to supported targets
+    * TrustZone-M support unified across ARMv8-M targets
+    * TrustZone-M aware dual-bank configuration, increased update/erase reliability and isolation
+    * nRF5340: Added support for TrustZone-M
+    * STM32H5: SPI driver and TPM support with new TrustZone NSC APIs,
+    * Simulator: dual-bank flow and bank-swap test script to validate redundant-slot updates
+    * RP2350: RAM cache for flash writes to improve robustness
+    * Infineon AURIX TC3xx: replaced IDE project with HAL module integration and UART/boot flag handling fixes
+  * New features and improvements
+    * Filesystem-backed partition state access with `library_fs` target and CLI tool for querying or managing boot partitions
+    * libwolfboot: added MTD (Memory Technology Device) backed tracking of update status
+    * CMake: Added presets. Improve support for more reliable out-of-tree builds and list handling. Improve documentation.
+    * Key tools: `keygen --no-overwrite` option, stricter image header/sector size checks, and expanded ML-DSA test configurations
+    * Added `WOLFBOOT_RESTORE_CLOCK` configuration and additional logging/debugging for library filesystem status and keystore handling
+  * Bug fixes
+    * Hardened encrypted and delta update flows (IV reuse prevention, fallback/regression fixes, improved unit coverage)
+    * Fixed SPI flash protocol errors and write verification issues
+    * Corrected STM32 internal flash page erase masks and multiple STM32H5 update path fixes (including dual-bank and TPM builds)
+    * Resolved P1021 stage1 and MMU build issues
+    * cleanup of compiler warnings across targets (STM32WB55 PKA, nRF5340 non-TZ, others)
+  * Updated modules
+    * wolfSSL v5.8.4-stable (59f4fa568)
+    * wolfTPM v2.4.0-594-g6d5df60
+    * wolfPKCS11 v2.0.0-stable-33-g81af264
+    * wolfHSM v1.3.0 (8ac56d7)

include/wolfboot/version.h

@@ -29,8 +29,8 @@ extern "C" {
 #endif
 
 
-#define LIBWOLFBOOT_VERSION_STRING "2.6.0"
-#define LIBWOLFBOOT_VERSION_HEX 0x02060000
+#define LIBWOLFBOOT_VERSION_STRING "2.7.0"
+#define LIBWOLFBOOT_VERSION_HEX 0x02070000
 
 #ifndef WOLFBOOT_VERSION
     #define WOLFBOOT_VERSION LIBWOLFBOOT_VERSION_HEX