Fips ready

[night1rider]

Working PR on needed recipes to run fips ready builds

[Copilot]

Pull request overview

Note

Copilot was unable to run its full agentic suite in this review.

Adds Yocto/BitBake support for building wolfSSL “FIPS Ready” variants, including a kernel module recipe and integration toggles for dependent components.

Changes:

• Introduces new wolfssl-fips-ready and wolfssl-linuxkm-fips-ready recipes plus a sample configuration file.
• Extends libgcrypt/GnuTLS/wolfProvider integration to accept wolfssl-fips-ready as a valid provider and applies required compile flags.
• Updates example image gating and docs to describe using the new FIPS Ready provider.

Reviewed changes

Copilot reviewed 21 out of 21 changed files in this pull request and generated 9 comments.

Show a summary per file

File	Description
recipes-wolfssl/wolfssl/wolfssl-linuxkm-fips-ready.bb	New recipe to build/package the FIPS Ready kernel module and optionally auto-embed a FIPS hash.
recipes-wolfssl/wolfssl/wolfssl-fips-ready.bb	New recipe to build the FIPS Ready userspace wolfSSL from a bundle.
recipes-wolfssl/wolfprovider/wolfssl-fips-ready.bbappend	Enables wolfProvider-related configuration when using the FIPS Ready provider.
recipes-support/libgcrypt/libgcrypt_%.bbappend	Allows wolfssl-fips-ready as a provider for the libgcrypt integration include.
recipes-support/gnutls/wolfssl-gnutls-wrapper_git.bb	Adds a FIPS Ready-specific compile define needed by the wrapper build.
recipes-examples/wolfprovider/wolfprovidertest/files/wolfprovidertest.sh	Adjusts test script to locate the provider library by adding a symlink in the expected directory.
recipes-core/images/wolfssl-linux-fips-images/fips-image-minimal/wolfssl-fips-ready.bbappend	Image-specific config includes for FIPS Ready plus a stamp-h.in workaround.
recipes-core/images/wolfssl-linux-fips-images/fips-image-minimal/fips-image-minimal.bb	Permits either wolfssl-fips or wolfssl-fips-ready providers for the minimal FIPS image.
inc/wolfssl-fips-ready/wolfssl-enable-libgcrypt.inc	Selects modern vs legacy include for libgcrypt integration.
inc/wolfssl-fips-ready/wolfssl-enable-libgcrypt-modern.inc	Adds FIPS Ready/libgcrypt configure flags and defines (modern).
inc/wolfssl-fips-ready/wolfssl-enable-libgcrypt-legacy.inc	Adds FIPS Ready/libgcrypt configure flags and defines (legacy).
inc/wolfssl-fips-ready/wolfssl-enable-gnutls.inc	Selects modern vs legacy include for GnuTLS integration.
inc/wolfssl-fips-ready/wolfssl-enable-gnutls-modern.inc	Adds FIPS Ready/GnuTLS configure flags and defines (modern).
inc/wolfssl-fips-ready/wolfssl-enable-gnutls-legacy.inc	Adds FIPS Ready/GnuTLS configure flags and defines (legacy).
inc/wolfprovider/wolfssl-enable-wolfprovider-fips-ready.inc	Selects modern vs legacy include for wolfProvider integration.
inc/wolfprovider/wolfssl-enable-wolfprovider-fips-ready-modern.inc	Enables wolfProvider + drops a marker file for FIPS Ready builds (modern).
inc/wolfprovider/wolfssl-enable-wolfprovider-fips-ready-legacy.inc	Enables wolfProvider + drops a marker file for FIPS Ready builds (legacy).
inc/libgcrypt/scarthgap/libgcrypt-enable-wolfssl-modern.inc	Selects a suitable libgcrypt-wolfssl branch and adds a FIPS Ready AES macro mapping.
inc/gnutls/scarthgap/gnutls-enable-wolfssl-modern.inc	Extends FIPS enablement logic to include wolfssl-fips-ready.
conf/wolfssl-fips-ready.conf.sample	Adds a sample local.conf fragment for configuring a FIPS Ready bundle build.
README.md	Replaces the old link to a separate FIPS-Ready README with an in-tree “Using wolfssl-fips-ready” section.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.