{"id":19579731,"url":"https://github.com/wolfssl/meta-wolfssl","last_synced_at":"2025-04-27T08:31:50.285Z","repository":{"id":2025681,"uuid":"21364260","full_name":"wolfSSL/meta-wolfssl","owner":"wolfSSL","description":"wolfSSL layer for OpenEmbedded and Yocto, containing product recipes, examples, and bbappend files.","archived":false,"fork":false,"pushed_at":"2025-04-01T21:17:40.000Z","size":1148,"stargazers_count":31,"open_issues_count":4,"forks_count":23,"subscribers_count":24,"default_branch":"master","last_synced_at":"2025-04-04T23:11:12.597Z","etag":null,"topics":["bblayers","bitbake","cryptography","mqtt","openembedded","poky","security","ssh","tls","tls13","tpm2","wolfmqtt","wolfssh","wolfssl","wolftpm","yocto","yocto-project"],"latest_commit_sha":null,"homepage":"https://www.wolfssl.com","language":"BitBake","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/wolfSSL.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"COPYING","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2014-06-30T20:03:15.000Z","updated_at":"2025-04-01T21:17:45.000Z","dependencies_parsed_at":"2023-11-07T03:23:54.966Z","dependency_job_id":"15588e75-261c-4352-8e18-53f487bf7a0c","html_url":"https://github.com/wolfSSL/meta-wolfssl","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wolfSSL%2Fmeta-wolfssl","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wolfSSL%2Fmeta-wolfssl/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wolfSSL%2Fmeta-wolfssl/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wolfSSL%2Fmeta-wolfssl/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/wolfSSL","download_url":"https://codeload.github.com/wolfSSL/meta-wolfssl/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":251112527,"owners_count":21538162,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bblayers","bitbake","cryptography","mqtt","openembedded","poky","security","ssh","tls","tls13","tpm2","wolfmqtt","wolfssh","wolfssl","wolftpm","yocto","yocto-project"],"created_at":"2024-11-11T07:18:49.886Z","updated_at":"2025-04-27T08:31:50.278Z","avatar_url":"https://github.com/wolfSSL.png","language":"BitBake","readme":"meta-wolfssl\n==========\n\nThis layer provides both [Yocto](https://www.yoctoproject.org/) and\n[OpenEmbedded](http://www.openembedded.org/wiki/Main_Page) recipes for wolfSSL\nproducts and examples, as well as .bbappend files for configuring common open\nsource packages and projects with support for wolfSSL.\n\nThis layer currently provides recipes for the following wolfSSL products:\n\n- [wolfSSL embedded SSL/TLS library](https://www.wolfssl.com/products/wolfssl/)\n- [wolfSSH lightweight SSH library](https://www.wolfssl.com/products/wolfssh/)\n- [wolfMQTT lightweight MQTT client library](https://www.wolfssl.com/products/wolfmqtt/)\n- [wolfTPM portable TPM 2.0 library](https://www.wolfssl.com/products/wolftpm/)\n- [wolfSSL-py A Python wrapper for the wolfSSL library](https://github.com/wolfSSL/wolfssl-py)\n- [wolfCrypt-py A Python Wrapper for the wolfCrypt API](https://github.com/wolfSSL/wolfcrypt-py)\n\nThese recipes have been tested using these versions of yocto:\n\n- Scarthgap     (v5.0)\n- Nanbield      (v4.3)\n- Langdale      (v4.1)\n- Kirkstone     (v4.0)\n- Hardknott     (v3.3)\n- Gatesgarth    (v3.2)\n- Dunfell       (v3.1)\n- Zeus          (v3.0)\n- Thud          (v2.6)\n- Sumo          (v2.5)\n\nThe wolfSSL library recipe is also included in the openembedded meta-networking\nlayer, located [here](https://github.com/openembedded/meta-openembedded/tree/master/meta-networking/recipes-connectivity/wolfssl).\n\nwolfSSL is a lightweight SSL/TLS library written in C and targeted at embedded\nand RTOS environments - primarily because of its small size, speed, and\nfeature set. With common build sizes between 20-100kB, it is typically up to\n20 times smaller than OpenSSL. Other feature highlights include support for\n[TLS 1.3](https://www.wolfssl.com/tls13) and DTLS 1.2, full client and server\nsupport, abstraction layers for easy porting, CRL and OCSP support, key and cert\ngeneration, support for hardware cryptography modules, and much more. For a full\nfeature list, please visit the\n[wolfSSL product page](https://www.wolfssl.com/products/wolfssl/).\n\nSetup\n-----\n\nClone meta-wolfssl onto your machine:\n\n```\ngit clone https://github.com/wolfSSL/meta-wolfssl.git\n```\n\nAfter installing your build's Yocto/OpenEmbedded components:\n\n1.  Insert the 'meta-wolfssl' layer in `build/conf/bblayers.conf` location\n    into your build's bblayers.conf\n    file, in the BBLAYERS section:\n\n    ```\n    BBLAYERS ?= \" \\\n       ...\n       /path/to/yocto/poky/meta-wolfssl \\\n       ...\n    \"\n    ```\n\n2.  Once the 'meta-wolfssl' layer has been added to your BBLAYERS collection,\n    you have two options\n\n    1.  If you want to directly add wolfSSL recipes to your image recipe\n        proceed to step 3.\n\n\n    2.  If you want to run `bitbake wolf*` on a particular recipe then it needs\n        to be added to the IMAGE_INSTALL.\n        This can be done by adding the following line to `local.conf` located in\n        `path/to/poky/build/conf`.\n        - For Dunfell and newer versions of Yocto:\n        ```\n        IMAGE_INSTALL:append = \" wolfssl wolfssh wolfmqtt wolftpm \"\n        ```\n\n        - For versions of Yocto older than Dunfell:\n\n        ```\n        IMAGE_INSTALL_append = \" wolfssl wolfssh wolfmqtt wolftpm \"\n        ```\n\n        ```\n        $ bitbake wolfssl\n        $ bitbake wolfssh\n        $ bitbake wolfmqtt\n        $ bitbake wolftpm\n        $ bitbake wolfclu - This command would result in an error\n        ```\n\n\n3.  Edit your build's local.conf file to install the recipes you would like\n    to include (ie: wolfssl, wolfssh, wolfmqtt, wolftpm)\n\n    - For Dunfell and newer versions of Yocto\n\n    ```\n    IMAGE_INSTALL:append = \" wolfssl wolfssh wolfmqtt wolftpm wolfclu \"\n    ```\n\n    - For versions of Yocto older than Dunfell\n    ```\n    IMAGE_INSTALL_append = \" wolfssl wolfssh wolfmqtt wolftpm wolfclu \"\n    ```\n\n    This will add the necassary --enable-* options necassary to use your\n    specific combination of recipes.\n\n    If you did step 2.2 make sure you comment out recipes that you don't desire\n    because leaving them uncommented may add unneed --enable-* options in your\n    build, which could increase the size of the build and turn on uneeded\n    features.\n\nOnce your image has been built, the default location for the wolfSSL library\non your machine will be in the \"/usr/lib\" directory.\n\nNote: If you need to install the development headers for these libraries, you\nwill want to use the \"-dev\" variant of the package. For example, to install\nboth the wolfSSL library and headers into your image, use \"wolfssl-dev\" along\nwith IMAGE_INSTALL:append, ie:\n\n- For Dunfell and newer versions of Yocto\n```\nIMAGE_INSTALL:append = \"wolfssl-dev\"\n```\n\n- For versions of Yocto older than Dunfell\n```\nIMAGE_INSTALL_append = \"wolfssl-dev\"\n```\n\n\nAfter building your image, you will find wolfSSL headers in the\n\"/usr/include\" directory and applications in \"usr/bin\".\n\nCustomizing the wolfSSL Library Configuration\n---------------------------------------------\n\nCustom applications that use wolfSSL libraries may wish to enable or disable\nspecific Autoconf/configure options when the library is compiled. This can be\ndone through the use of an application-specific .bbappend file for the wolfSSL\nlibrary.\n\nFor example, if your application wanted TLS 1.3 support compiled into the\nwolfSSL library, you would want to create a .bbappend file for wolfSSL in\nyour application recipe/layer, ie:\n\n```\nwolfssl_%.bbappend\n```\n\nInside this .bbappend file, you can use the EXTRA_OECONF variable to add\nadditional configure options to the wolfSSL library build.  For enabling\nTLS 1.3 this would be:\n\n```\nEXTRA_OECONF += \"--enable-tls13\"\n```\n\nMake sure this .bbappend file gets picked up when bitbake is compiling your\napplication.\n\nBuilding Other Applications with wolfSSL\n----------------------------------------\n\nSupport for building many open source projects with wolfSSL is included in the\nvarious recipes-* directories. As an example, take a look at\nrecipes_support/curl/wolfssl_%.bbappend. This .bbappend adds `--enable-curl` to\nthe wolfSSL configuration line via `EXTRA_OECONF`. curl_%.bbappend sets up curl\nto use wolfSSL as its crypto and TLS provider. curl_7.82.0.bbappend is a\n.bbappend specifically for adding wolfSSL support to curl version 7.82.0.\n\nIn the curl project, wolfSSL is supported upstream, but other projects may not\nhave native wolfSSL support. We've added wolfSSL support to many popular open\nsource projects, and the patches can be found in our\n[open source projects (OSP) repository](https://github.com/wolfSSL/osp). Several\nof these patches are used here. OpenSSH is one example. Under\nrecipes-connectivity/openssh/files, you'll find a patch for OpenSSH 8.5p1 that\nadds wolfSSL support. One directory up in recipes-connectivity/openssh, you'll\nfind openssh_8.5p1.bbappend which\n\n1. Adds the patch to the build.\n2. Removes OpenSSH's OpenSSL dependency.\n3. Adds the wolfSSL dependency.\n4. Adds `--with-wolfssl` to the configuration line.\n\nAdditionally, there's another wolfssl_%.bbappend which adds `--enable-openssh`\nto the wolfSSL configuration. This is the general pattern you'll see for other\nprojects that depend on wolfSSL, too.\n\nThis layer offers wolfSSL support for the following open source projects:\n\n- [curl](https://layers.openembedded.org/layerindex/recipe/5765/)\n- [OpenSSH](https://layers.openembedded.org/layerindex/recipe/5083/)\n\nwolfSSL Example Application Recipes\n-----------------------------------\n\nSeveral wolfSSL example application recipes are included in this layer. These\ninclude:\n\n- wolfCrypt test application      (depends on wolfssl)\n- wolfCrypt benchmark application (depends on wolfssl)\n\nThe recipes for these applications are located at:\n\n```\nmeta-wolfssl/recipes-examples/wolfcrypt/wolfcrypttest/wolfcrypttest.bb\nmeta-wolfssl/recipes-examples/wolfcrypt/wolfcryptbenchmark/wolfcryptbenchmark.bb\n```\n\nThese can be compiled individually with bitbake:\n\n```\n$ bitbake wolfcrypttest\n$ bitbake wolfcryptbenchmark\n```\n\nTo install these applications into your image, you will need to edit your\n\"build/conf/local.conf\" file and add them to the \"IMAGE_INSTALL\"\nvariable. For example, to install the wolfSSL, wolfSSH, and wolfMQTT libraries\nin addition to the wolfCrypt test and benchmark applications:\n\n\n- For Dunfell and newer versions of Yocto\n```\nIMAGE_INSTALL:append = \" wolfssl wolfssh wolfmqtt wolftpm wolfclu wolfcrypttest wolfcryptbenchmark \"\n```\n\n- For versions of Yocto older than Dunfell\n```\nIMAGE_INSTALL_append = \" wolfssl wolfssh wolfmqtt wolftpm wolfclu wolfcrypttest wolfcryptbenchmark \"\n```\n\nWhen your image builds, these will be installed to the '/usr/bin' system\ndirectory. When inside your executing image, you can run them from the\nterminal.\n\nExcluding Recipe from Build\n---------------------------\n\nRecipes can be excluded from your build by deleting their respective \".bb\" file,\nor by deleting the recipe directory.\n\nWolfssl-py and Wolfcrypt-py Installation Requirements\n-----------------------------------------------------\n\nTo use the python wrapper for wolfSSL and wolfcrypt in a yocto build it will\nrequire python3, python3-cffi and wolfSSL are built on the target system.\n\nIf you are using older version of yocto (2.x) or (3.x), you will need to download\nand add the meta-oe and meta-python recipes from openembedded's [meta-openembedded](https://github.com/openembedded/meta-openembedded) to the image.\n\nIt will be necassary then to make sure at minimum that the IMAGE_INSTALL:append\nlooks as follows:\n\n- For Dunfell and newer versions of Yocto\n    + if wolfSSL-py is desired on target system\n    ```\n    IMAGE_INSTALL:append = \" wolfssl wolfssl-py python3 \"\n    ```\n    + if wolfCrypt-py is desired on target system\n    ```\n    IMAGE_INSTALL:append = \" wolfssl wolfcrypt-py python3 \"\n    ```\n    + if wolfSSL-py and wolfCrypt-py are both desired on target system\n    ```\n    Image_INSTALL:append = \" wolfssl wolfssl-py wolfcrypt-py python3 python3-cffi\"\n    ```\n\n- For versions of Yocto older than Dunfell\n    + if wolfSSL-py is desired on target system\n    ```\n    IMAGE_INSTALL_append = \" wolfssl wolfssl-py python3 \"\n    ```\n    + if wolfCrypt-py is desired on target system\n    ```\n    IMAGE_INSTALL_append = \" wolfssl wolfcrypt-py python3 \"\n    ```\n    + if wolfSSL-py and wolfCrypt-py are both desired on target system\n    ```\n    Image_INSTALL_append = \" wolfssl wolfssl-py wolfcrypt-py python3 python3-cffi\"\n    ```\n\nTesting Wolfssl-py and Wolfcrypt-py\n-----------------------------------\n\nTo test the python wrapper for wolfSSL and wolfcrypt in a yocto build it will\nrequire python3, python3-pytest, python3-cffi and wolfSSL are built on the target system.\n\nIt will be necassary then to make sure at minimum that the IMAGE_INSTALL:append\nlooks as follows:\n\n\n- If wolfSSL-py and wolfCrypt-py are both desired on target system\n\n    + For Dunfell and newer versions of Yocto\n    ```\n    IMAGE_INSTALL:append = \" wolfssl wolfssl-py wolfcrypt-py wolf-py-tests python3 python3-cffi python3-pytest\"\n    ```\n\n    + For versions of Yocto older than Dunfell\n    ```\n    IMAGE_INSTALL_append = \" wolfssl wolfssl-py wolfcrypt-py wolf-py-tests python3 python3-cffi python3-pytest\"\n    ```\n\nThis places the tests in the root home directory\n```\n$ cd /home/root/wolf-py-tests/\n$ ls wolfcrypt-py-test wolfssl-py-test\n```\n\nnavigate into the desired test:\n\n    + for wolfssl-py\n    ```\n    $ cd /home/root/wolf-py-tests/wolfssl-py-test\n\n    ```\n    + for wolfcrypt-py\n    ```\n    $ cd /home/root/wolf-py-tests/wolfcrypt-py-test\n    ```\n\nonce in the desired test directory, begin the test by calling pytest\n```\n$ pytest\n```\n\nThis should then result in a pass or fail for the desired suit.\n\nIf you are testing this with the core-image-minimal yocto build, make sure\nto add a DNS server to /etc/resolv.conf like such with root perms\n\n```\necho \"nameserver 8.8.8.8\" \u003e\u003e /etc/resolv.conf\n```\n\nRunning Image on the QEMU\n-------------------------\n\nTo run meta-wolfssl image on the QEMU (Quick EMUlator) you can follow these\ngeneral steps. For this example we will use the Yocto Project Poky.\nRefer to:\n[Yocto Project](https://docs.yoctoproject.org/brief-yoctoprojectqs/index.html) for a detailed guide.\n\n1. Initialize the Build\nThis can be done by running these commands:\n\n```\n$ cd poky\n$ source oe-init-build-env\n```\n\nThis will initialize the build environment and let you run\nbitbake in the build directory.\n\n2. Run bitbake\nNext you can run bitbake to build the OS image that you want. Make sure\nyou have the correct variables added in the `local.conf` For this example\nwe will run `core-image-base`. Which can be built by running this comamnd\nfrom the `build` directoy:\n\n```\n$ bitbake core-image-base\n```\n\nThis will run bitbake and build the image with your added\nmeta-wolfssl recipes.\n\n3. Run the Image in QEMU\nYou can now simulate your image with the QEMU This can be done by running\nthe qemu that comes in your Yocto Project the default system is usually\n`qemux86-64` but you can find what its set to by looking at your `local.conf`.\nWe can run this command to start the emulator:\n\n```\n$ runqemu qemux86-64\n```\n\n4. Run Your Recipes\nNow that you are in the QEMU you can navigate your way to the `usr/bin`\ndirectory which contains the your wolfssl your applications. Lets say we\nincluded these images in our `local.conf`\n\n```\nIMAGE_INSTALL:append = \" wolfssl wolfcrypttest wolfcryptbenchmark \"\n```\n\nIn that case we can run wolfcrypttest and wolfcryptbenchmark examples from\nthe `usr/bin` directory like so:\n\n```\n$ ./wolfcrypttest\n$ ./wolfcryptbenchmark\n```\n\nThis will run the wolfcrypt test and benchmark examples from the QEMU.\n\nwolfProvider\n------------\nTo build wolfProvider view the instructions in this [README](recipes-wolfssl/wolfprovider/README.md)\n\nwolfEngine\n------------\nTo build wolfEngine view the instructions in this [README](recipes-wolfssl/wolfengine/README.md)\n\nFIPS-READY\n----------\nFor building FIPS-Ready for wolfSSL view the instruction in this [README](recipes-wolfssl/wolfssl/fips-ready/README.md)\n\nCommercial/FIPS Bundles\n-----------------------\nFor building FIPS and/or commercial bundles of wolfSSL products view the instructions in this [README](recipes-wolfssl/wolfssl/commercial/README.md).\n\nTo gain access to these bundles contact support@wolfssl.com to get a qoute.\n\nMaintenance\n-----------\n\nLayer maintainers:\n- wolfSSL Support (\u003csupport@wolfssl.com\u003e)\n- Chris Conlon (\u003cchris@wolfssl.com\u003e)\n- Jacob Barthelmeh (\u003cjacob@wolfssl.com\u003e)\n\nWebsite\n-------\nhttps://www.wolfssl.com\n\nLicense\n-------\n\nwolfSSL is open source and dual licensed under both the GPLv2 and a standard\ncommercial license. wolfSSL also offers commercial licensing for our\n[FIPS-validated wolfCrypt module](wolfssl.com/license/fips.). For commercial\nlicense questions, please contact wolfSSL at licensing@wolfssl.com. For product\nsupport inquiries please contact support@wolfssl.com.\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwolfssl%2Fmeta-wolfssl","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fwolfssl%2Fmeta-wolfssl","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwolfssl%2Fmeta-wolfssl/lists"}