Fixes for STM32H5 demo. Fixes MQTT broker and improrves testing/docs. Expands CI test

[dgarske]

No description provided.

[Copilot]

Pull request overview

Updates the STM32H563 demo to better support the wolfMQTT broker on bare-metal (wolfIP TLS + UART logging), expands documentation for broker usage, and adds a fuller CI job that boots the firmware in m33mu and integration-tests multiple services.

Changes:

• Configure wolfMQTT broker to use wolfIP-provided TLS context and route broker logs to UART via a custom PRINTF.
• Add wolfmqtt_log() UART printf-style logger for WBLOG/broker logging.
• Expand STM32H563 CI to build and integration-test echo/HTTPS/TLS-echo/MQTT/SSH in emulation.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 5 comments.

File	Description
src/port/stm32h563/user_settings.h	Enables broker custom net/TLS integration and custom UART logging macros; raises broker log level.
src/port/stm32h563/main.c	Adds wolfmqtt_log() implementation using vsnprintf + UART output.
src/port/stm32h563/README.md	Updates build/flash instructions and adds detailed MQTT broker usage/testing docs.
.github/workflows/stm32h563-m33mu.yml	Adds a “full” CI job that emulates the firmware and performs network service checks incl. MQTT.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

You can also share your feedback on Copilot code review. Take the survey.

[Copilot]

Pull request overview

Copilot reviewed 21 out of 21 changed files in this pull request and generated 10 comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

You can also share your feedback on Copilot code review. Take the survey.

[dgarske]

This needs to use wolfMQTT

[danielinux]

this breaks the test

[danielinux]

1.6 is the working version

[danielinux]

no moprobe in container: this will break the test

[Copilot]

Pull request overview

Copilot reviewed 21 out of 21 changed files in this pull request and generated 7 comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

You can also share your feedback on Copilot code review. Take the survey.

[Copilot]

The step title says the wolfSSL/wolfSSH/wolfMQTT clones are “pinned to stable tags”, but the commands clone default branches without a tag/commit checkout. This makes CI non-reproducible and can introduce breakage from upstream changes; consider checking out explicit tags or specific commits (or updating the step description to match reality).

[Copilot]

The cert extraction pipeline likely captures more than just the certificate because certs.h does not contain a line matching ^";$/ (the closing line is of the form "-----END CERTIFICATE-----\\n";). As written, the range can run to EOF and include the embedded private key in /tmp/wolfip_cert.pem, which is both unnecessary and may break --cafile parsing. Consider tightening the extraction to stop at the end-certificate line (or using a more direct grep/sed that only emits the CERTIFICATE PEM block).

Suggested change

	sed -n '/server_cert_pem\[\]/,/^";$/p' src/port/certs.h \
	sed -n '/server_cert_pem\[\]/,/^"-----END CERTIFICATE-----\\\\n";$/p' src/port/certs.h \

[Copilot]

The BOARD_IP regex allows values starting with -, which can be interpreted as options by commands like ping, nc, and ssh (option injection). Consider rejecting a leading hyphen (e.g., [[ $BOARD_IP != -* ]]) and/or using -- before the host argument where supported.

Suggested change

	if ! [[ "$BOARD_IP" =~ ^[A-Za-z0-9._-]+$ ]]; then
	if [[ "$BOARD_IP" == -* ]] || ! [[ "$BOARD_IP" =~ ^[A-Za-z0-9._-]+$ ]]; then

[Copilot]

run_cmd executes its argument via eval, which is unnecessary for the fixed command patterns used in this script and expands the attack surface if validation ever regresses. Prefer executing commands directly (or using a bash array for argv) so ${BOARD_IP} stays a single, safely-quoted argument.

Suggested change

	eval "$1" 2>&1 | sed 's/^/ /'
	bash -c "$1" 2>&1 | sed 's/^/ /'

[Copilot]

vsnprintf can return a negative value on encoding error, in which case the contents of buf are unspecified. Consider handling n < 0 explicitly (e.g., emit a fallback message and return) before calling uart_puts(buf).

[Copilot]

In this port, the DHCP timing comments/values assume DHCP_DISCOVER_RETRIES=1, but src/port/va416xx/config.h does not override DHCP_DISCOVER_RETRIES/DHCP_REQUEST_RETRIES, so the wolfIP defaults (3) still apply. Either define these retry macros for VA416xx when DHCP is enabled, or update the timing comments/timeout constants to match the actual retry behavior.

Suggested change

	* wolfIP's internal DHCP state machine only retries for ~4 seconds
	* (DHCP_DISCOVER_RETRIES=1 x 2s timeout). After that it sets state to
	* DHCP_OFF and the UDP socket stops accepting unicast DHCP responses
	* (because DHCP_IS_RUNNING becomes false). We re-init periodically to
	* keep trying, but must space re-inits apart to avoid socket churn
	* (close/reopen loses in-flight responses). */
	* wolfIP's internal DHCP state machine retries for a finite period based
	* on DHCP_DISCOVER_RETRIES and DHCP_REQUEST_RETRIES (wolfIP defaults are 3).
	* After the stack gives up it sets state to DHCP_OFF and the UDP socket
	* stops accepting unicast DHCP responses (because DHCP_IS_RUNNING becomes
	* false). We re-init periodically to keep trying, but must space re-inits
	* far enough apart to avoid socket churn (close/reopen loses in-flight
	* responses) and to ensure the previous DHCP attempt has fully timed out. */

[Copilot]

WOLFSSL_ROOT now defaults to $(ROOT)/../wolfssl-alt, but the README/workflows (and the other STM32 port Makefiles) reference cloning wolfssl into ../wolfssl. Unless wolfssl-alt is guaranteed to exist for contributors, this default will break the common build path; consider reverting the default to ../wolfssl (and documenting any alternative fork via an opt-in override).

Suggested change

	WOLFSSL_ROOT ?= $(ROOT)/../wolfssl-alt
	WOLFSSL_ROOT ?= $(ROOT)/../wolfssl