Allow NULL NVM context#392
Conversation
There was a problem hiding this comment.
Pull request overview
Refactors server-side code to make the NVM context optional at wh_Server_Init time, so platforms without persistent storage can run the server using only the in-RAM key cache. Cache-only crypto continues to work when keys are primed, while NVM-only features (object request API, counters, certificate chain verification against stored roots, key commit, SHE persistence, image-sig load) now fail gracefully at runtime instead of crashing.
Changes:
- Make
whServerConfig.nvmoptional and guard allserver->nvmdereferences in the keystore, counter handler, and lock helpers; global-key routing falls back to the per-context local cache when nvm is NULL. - Add comprehensive unit tests (both
test/andtest-refactor/server/) that stand up a server withnvm == NULLand exercise priming, read, freshen, AES-CBC round trip, erase, erase-checked, revoke, NVM-only request handlers, SHE keystore, and threadsafe lock no-ops. - Update API docs/header comments to describe the optional-NVM mode and what does/doesn't work without NVM.
Reviewed changes
Copilot reviewed 10 out of 10 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| wolfhsm/wh_server.h | Documents nvm as optional in whServerConfig and updates wh_Server_Init Doxygen. |
| src/wh_server.c | wh_Server_NvmLock/Unlock return OK as a no-op when nvm == NULL. |
| src/wh_server_keystore.c | NULL-safe server->nvm in cache routing, policy check, unique-id allocation, freshen/read/commit/erase/erase-checked/revoke. |
| src/wh_server_counter.c | Removes server->nvm == NULL early BADARGS so handler formats a real error response. |
| docs/src/5-Features.md | New "Optional NVM Backing" section + TOC entry. |
| test/wh_test.c | Invokes the new whTest_NvmOptional() test under server+crypto build. |
| test/wh_test_nvm_optional.h | Public declaration of the new test entrypoint. |
| test/wh_test_nvm_optional.c | New self-contained test that stands up an NVM-less server and exercises the keystore, counter, NVM request handler, and SHE paths. |
| test-refactor/wh_test_list.c | Registers whTest_NvmOptional under the server test list. |
| test-refactor/server/wh_test_nvm_optional.c | Mirror of the standalone test for the shared-context refactor runner; temporarily detaches/restores server->nvm. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
wolfSSL-Fenrir-bot
left a comment
wolfSSL-Fenrir-bot
left a comment
There was a problem hiding this comment.
Fenrir Automated Review — PR #392
Scan targets checked: wolfhsm-core-bugs, wolfhsm-crypto-bugs, wolfhsm-src
No new issues found in the changed files. ✅
bigbrett
force-pushed
the
nvm-optional
branch
4 times, most recently
from
551e17d to
36e9ce5
Compare
Refactors some server-side code to allow for a NULL NVM context on server init. This formalizes the use case of relying on the keycache only for platforms without NVM.