Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/1.2/patches/2235253/?format=api
{ "id": 2235253, "url": "http://patchwork.ozlabs.org/api/1.2/patches/2235253/?format=api", "web_url": "http://patchwork.ozlabs.org/project/uboot/patch/1a81d7fcf9ebaf5c41a623d8ba14a5fac694efcb.1778277334.git.aidan@wolfssl.com/", "project": { "id": 18, "url": "http://patchwork.ozlabs.org/api/1.2/projects/18/?format=api", "name": "U-Boot", "link_name": "uboot", "list_id": "u-boot.lists.denx.de", "list_email": "u-boot@lists.denx.de", "web_url": null, "scm_url": null, "webscm_url": null, "list_archive_url": "", "list_archive_url_format": "", "commit_url_format": "" }, "msgid": "<1a81d7fcf9ebaf5c41a623d8ba14a5fac694efcb.1778277334.git.aidan@wolfssl.com>", "list_archive_url": null, "date": "2026-05-09T00:04:18", "name": "[v3,11/12] doc: add wolfTPM documentation", "commit_ref": null, "pull_url": null, "state": "new", "archived": false, "hash": "5a605a339a70a90d2f12b7c378731765c1e3c30c", "submitter": { "id": 92785, "url": "http://patchwork.ozlabs.org/api/1.2/people/92785/?format=api", "name": "Aidan Garske", "email": "aidan@wolfssl.com" }, "delegate": null, "mbox": "http://patchwork.ozlabs.org/project/uboot/patch/1a81d7fcf9ebaf5c41a623d8ba14a5fac694efcb.1778277334.git.aidan@wolfssl.com/mbox/", "series": [ { "id": 503464, "url": "http://patchwork.ozlabs.org/api/1.2/series/503464/?format=api", "web_url": "http://patchwork.ozlabs.org/project/uboot/list/?series=503464", "date": "2026-05-09T00:04:07", "name": "tpm: Add wolfTPM library support for TPM 2.0", "version": 3, "mbox": "http://patchwork.ozlabs.org/series/503464/mbox/" } ], "comments": "http://patchwork.ozlabs.org/api/patches/2235253/comments/", "check": "pending", "checks": "http://patchwork.ozlabs.org/api/patches/2235253/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<u-boot-bounces@lists.denx.de>", "X-Original-To": "incoming@patchwork.ozlabs.org", "Delivered-To": "patchwork-incoming@legolas.ozlabs.org", "Authentication-Results": [ "legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=wolfssl-com.20251104.gappssmtp.com\n header.i=@wolfssl-com.20251104.gappssmtp.com header.a=rsa-sha256\n header.s=20251104 header.b=hHABn7/X;\n\tdkim-atps=neutral", "legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de\n (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de;\n envelope-from=u-boot-bounces@lists.denx.de; receiver=patchwork.ozlabs.org)", "phobos.denx.de;\n dmarc=fail (p=none dis=none) header.from=wolfssl.com", "phobos.denx.de;\n spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de", "phobos.denx.de;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=wolfssl-com.20251104.gappssmtp.com\n header.i=@wolfssl-com.20251104.gappssmtp.com header.b=\"hHABn7/X\";\n\tdkim-atps=neutral", "phobos.denx.de;\n dmarc=fail (p=none dis=none) header.from=wolfssl.com", "phobos.denx.de;\n spf=pass smtp.mailfrom=aidan@wolfssl.com" ], "Received": [ "from phobos.denx.de (phobos.denx.de\n [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4gC6dK6gxhz1yCg\n\tfor <incoming@patchwork.ozlabs.org>; Sat, 09 May 2026 10:42:13 +1000 (AEST)", "from h2850616.stratoserver.net (localhost [IPv6:::1])\n\tby phobos.denx.de (Postfix) with ESMTP id 9F1FC84E4E;\n\tSat, 9 May 2026 02:40:17 +0200 (CEST)", "by phobos.denx.de (Postfix, from userid 109)\n id E172084E0B; Sat, 9 May 2026 02:05:03 +0200 (CEST)", "from mail-dl1-x1234.google.com (mail-dl1-x1234.google.com\n [IPv6:2607:f8b0:4864:20::1234])\n (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits))\n (No client certificate requested)\n by phobos.denx.de (Postfix) with ESMTPS id B165E84E0A\n for <u-boot@lists.denx.de>; Sat, 9 May 2026 02:04:55 +0200 (CEST)", "by mail-dl1-x1234.google.com with SMTP id\n a92af1059eb24-12713e56abdso1740818c88.1\n for <u-boot@lists.denx.de>; Fri, 08 May 2026 17:04:55 -0700 (PDT)", "from localhost.localdomain ([207.231.76.218])\n by smtp.gmail.com with ESMTPSA id\n a92af1059eb24-132787673ffsm5505030c88.15.2026.05.08.17.04.52\n (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);\n Fri, 08 May 2026 17:04:52 -0700 (PDT)" ], "X-Spam-Checker-Version": "SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de", "X-Spam-Level": "*", "X-Spam-Status": "No, score=1.4 required=5.0 tests=BAYES_00,DKIM_SIGNED,\n DKIM_VALID,RCVD_IN_DNSWL_BLOCKED,RCVD_IN_SBL_CSS,SPF_HELO_NONE,\n SPF_PASS autolearn=no autolearn_force=no version=3.4.2", "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=wolfssl-com.20251104.gappssmtp.com; s=20251104; t=1778285094; x=1778889894;\n darn=lists.denx.de;\n h=content-transfer-encoding:mime-version:references:in-reply-to\n :message-id:date:subject:cc:to:from:from:to:cc:subject:date\n :message-id:reply-to;\n bh=ZVl78BWzRmuQ5NbamnoE0xppXe6/utdmROsrAV/HxWs=;\n b=hHABn7/X0R27tBZZT3xZi7q9uGbzj1GnNUWOyhR6Y/pVKvOK+YqVpLU4/sfpOtdP4i\n ufIH5keqYylW2ycbvoz/MJ7z4FaxmBoSONT1pJ1xU76xn9SS6728bECZ0AN0fD7rEnYJ\n kuxyqPdk6h+9a6s7cp/bLmG/59npml3GJsMEionUsLDb3tF04GRoM9ZlXDnrnVHSz4rp\n HkM0AWszY+SJ3VUPLnY1NwO6uTT95p2pnwp0g6ncJtNdGoLdFPv5T19Wg4c0NjRpTjZb\n 0IIlarcusQKvM6X8ilXy+iI2RfbvhYyE9pb2yv4TpmOSGBtyfo+Vp9+pFUcGFfSjzgzq\n rcPg==", "X-Google-DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=1e100.net; s=20251104; t=1778285094; x=1778889894;\n h=content-transfer-encoding:mime-version:references:in-reply-to\n :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from\n :to:cc:subject:date:message-id:reply-to;\n bh=ZVl78BWzRmuQ5NbamnoE0xppXe6/utdmROsrAV/HxWs=;\n b=YLE9bd33QUaNnssjDKCx0OWFcYaLP7aHgtm3WvbdVn7NhN6WxcGPd0J5ra/TJTKSCO\n tFIJ70aNzj8tFOVfLTtLOPzCHgS6VdRonAj9p/Id1C0eU6RV6Me5DRNBmuP6Lx79iN/O\n g7G81+gq+Ehb2OuKyrPHOEKfW8LEVDQCAWO4QPP4n9858cfe8BmqVioREzZtoIqoElt5\n InATPZrG4BMhV54XX7f5Is8HH2H0hqXyW+LGW6aLF4dHlH42JFU12L9aztgo//y3qXP2\n Jchs/sDcOtBQVn02mbLVg4EYlM+7V217v9Z3N8a5IGdHW1wCznRtpmK9dhVe1UkpxwE+\n HbDQ==", "X-Gm-Message-State": "AOJu0Yz7YG1i5s5s3s7aKXtpcUpYebtBBCesp3/2RdnpXJIArEKPlkmR\n wTRzzO7Oqz/4SQ2fuyNQb2axKVRYGc0hOVOBwqFpviBh416Tk0MCzyKVS6T4DsA0kTbdBWeY4vz\n ESKil", "X-Gm-Gg": "AeBDievqwc/rD8yA+GtbYXlHiD2/zFFDS/nJwHV01RpBBgKsTYPVRCiPEqPdQ2QrO1a\n w2HBrr+EpJYNT6l7fP8ebt+qLQRYkZqjO+4ted8vMrU8A4BIFMsbonSrAObCFl7+x8rviNF9yn5\n oUiUknxgiWRwj7CwaGnVwfHLOa76Bum4c86DxY6hLAzB1pbIi4IMB4jwAyU6ta8H5D+gfHdtYHI\n yB9qMNN1U5XOwsepYsNRl6GfEBtWjDBG9IAisC4hT+j/LH9NPG8GIS7LpvljYnNXLBroEFNT8N1\n GpTTwvF0wbFircPP6KdkgQf/HlnvnbvaCUU1IPQe9hUR6bW5LaG2pbAH9A6hFuPX7+ZMv2YQcHE\n 6dKlxVDC5VZhuhvVREUZWyZutheCmhCqgVtCtRRkuFjEaxJPYU2uhNehZCVOJsZinRKWO0/nLwo\n /pnpRjGqv1nhMfXzElL3l/jNnB/Qu/ZM5RRTbTp83y2O28d1mhNfoWeRRJEMv49vvdeS5BIl4B+\n RXT74Do2+WkK+lG15B2Cw==", "X-Received": "by 2002:a05:7022:4399:b0:12d:d496:a964 with SMTP id\n a92af1059eb24-1323b0af73dmr4581437c88.20.1778285093447;\n Fri, 08 May 2026 17:04:53 -0700 (PDT)", "From": "Aidan Garske <aidan@wolfssl.com>", "To": "u-boot@lists.denx.de", "Cc": "David Garske <david@wolfssl.com>,\n Ilias Apalodimas <ilias.apalodimas@linaro.org>", "Subject": "[PATCH v3 11/12] doc: add wolfTPM documentation", "Date": "Fri, 8 May 2026 17:04:18 -0700", "Message-ID": "\n <1a81d7fcf9ebaf5c41a623d8ba14a5fac694efcb.1778277334.git.aidan@wolfssl.com>", "X-Mailer": "git-send-email 2.47.3", "In-Reply-To": "<cover.1778277334.git.aidan@wolfssl.com>", "References": "<cover.1778277334.git.aidan@wolfssl.com>", "MIME-Version": "1.0", "Content-Type": "text/plain; charset=UTF-8", "Content-Transfer-Encoding": "8bit", "X-Mailman-Approved-At": "Sat, 09 May 2026 02:40:11 +0200", "X-BeenThere": "u-boot@lists.denx.de", "X-Mailman-Version": "2.1.39", "Precedence": "list", "List-Id": "U-Boot discussion <u-boot.lists.denx.de>", "List-Unsubscribe": "<https://lists.denx.de/options/u-boot>,\n <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>", "List-Archive": "<https://lists.denx.de/pipermail/u-boot/>", "List-Post": "<mailto:u-boot@lists.denx.de>", "List-Help": "<mailto:u-boot-request@lists.denx.de?subject=help>", "List-Subscribe": "<https://lists.denx.de/listinfo/u-boot>,\n <mailto:u-boot-request@lists.denx.de?subject=subscribe>", "Errors-To": "u-boot-bounces@lists.denx.de", "Sender": "\"U-Boot\" <u-boot-bounces@lists.denx.de>", "X-Virus-Scanned": "clamav-milter 0.103.8 at phobos.denx.de", "X-Virus-Status": "Clean" }, "content": "From: Aidan <aidan@wolfssl.com>\n\nAdd documentation for wolfTPM integration, commands, and testing.\n\ndoc/usage/cmd/wolftpm.rst:\n Comprehensive RST documentation covering:\n - All wolfTPM tpm2 subcommands with usage and examples\n - Infineon TPM firmware update step-by-step guide (extract\n manifest/firmware, load to RAM, perform update, recovery mode)\n - Build instructions for RPi4 and QEMU targets\n - Enabling debug output (U-Boot log system + wolfTPM library)\n - Complete test suite documentation with test coverage table\n - Python test framework setup (QEMU + swtpm instructions,\n helper scripts, verified test results)\n\nREADME.wolftpm.md:\n Quick-start guide with overview, feature comparison vs standard\n U-Boot TPM, command reference, build instructions, hardware\n support details, and file listing.\n\nREADME:\n Add CONFIG_TPM_WOLF reference in the configuration options\n section alongside existing CONFIG_TPM entries.\n\nSigned-off-by: Aidan Garske <aidan@wolfssl.com>\n---\n README | 3 +\n README.wolftpm.md | 154 +++++++++\n doc/usage/cmd/wolftpm.rst | 635 ++++++++++++++++++++++++++++++++++++++\n 3 files changed, 792 insertions(+)\n create mode 100644 README.wolftpm.md\n create mode 100644 doc/usage/cmd/wolftpm.rst", "diff": "diff --git a/README b/README\nindex 20a73bab802..b9bfe14a1c7 100644\n--- a/README\n+++ b/README\n@@ -361,6 +361,9 @@ The following options need to be configured:\n \t\tCONFIG_TPM\n \t\tSupport TPM devices.\n \n+\t\tCONFIG_TPM_WOLF\n+\t\tEnables support for wolfTPM library.\n+\n \t\tCONFIG_TPM_TIS_INFINEON\n \t\tSupport for Infineon i2c bus TPM devices. Only one device\n \t\tper system is supported at this time.\ndiff --git a/README.wolftpm.md b/README.wolftpm.md\nnew file mode 100644\nindex 00000000000..cdebe96ecb1\n--- /dev/null\n+++ b/README.wolftpm.md\n@@ -0,0 +1,154 @@\n+# wolfTPM Support for U-Boot\n+\n+This fork adds [wolfTPM](https://github.com/wolfSSL/wolfTPM) support to U-Boot, providing full TPM 2.0 command support using wolfTPM APIs and the wolfTPM library.\n+\n+## Overview\n+\n+wolfTPM is a portable, open-source TPM 2.0 library that provides:\n+\n+- **Native TPM 2.0 API** - Direct access to all TPM 2.0 commands\n+- **Wrapper API** - Simplified interface for common TPM operations\n+- **Hardware SPI Support** - Direct communication with TPM hardware via SPI\n+- **Firmware Update** - Support for Infineon SLB9672/SLB9673 firmware updates\n+- **No External Dependencies** - Standalone implementation without kernel TPM stack\n+\n+## Why wolfTPM vs Standard U-Boot TPM?\n+\n+| Feature | Standard U-Boot TPM | wolfTPM |\n+|---------|---------------------|---------|\n+| API | Basic TPM commands | Full TPM 2.0 + Wrapper API |\n+| PCR Operations | Basic read/extend | Full PCR management |\n+| Firmware Update | Not supported | Infineon SLB9672/9673 |\n+| Capabilities Query | Limited | Comprehensive `caps` command |\n+| SPI Communication | Via kernel driver | Native wolfTPM TIS layer |\n+| Library Integration | N/A | wolfSSL ecosystem compatible |\n+\n+## Command: `tpm2`\n+\n+When wolfTPM is enabled, the `tpm2` command uses wolfTPM APIs instead of the standard implementation. The command interface is compatible with the standard `tpm2` command, with additional wolfTPM-specific features.\n+\n+### Basic Commands\n+\n+```bash\n+tpm2 autostart # Initialize TPM, startup, and self-test\n+tpm2 init # Initialize TPM software stack\n+tpm2 info # Show TPM device information\n+tpm2 caps # Show TPM capabilities (wolfTPM enhanced)\n+tpm2 self_test full # Run full self-test\n+```\n+\n+### PCR Operations\n+\n+```bash\n+tpm2 pcr_read <pcr> <addr> [algo] # Read PCR value\n+tpm2 pcr_extend <pcr> <addr> [algo] # Extend PCR with digest\n+tpm2 pcr_print # Print all PCR values\n+tpm2 pcr_allocate <algo> <on|off> # Configure PCR banks\n+```\n+\n+### Security Management\n+\n+```bash\n+tpm2 clear <hierarchy> # Clear TPM\n+tpm2 change_auth <hierarchy> <new_pw> [old_pw] # Change password\n+tpm2 dam_reset [password] # Reset DAM counter\n+tpm2 dam_parameters <tries> <recovery> <lockout> # Set DAM params\n+```\n+\n+### Firmware Update (Infineon Only)\n+\n+```bash\n+tpm2 firmware_update <manifest_addr> <size> <firmware_addr> <size>\n+tpm2 firmware_cancel\n+```\n+\n+## Building\n+\n+### For Raspberry Pi 4\n+\n+```bash\n+git clone https://github.com/aidangarske/u-boot.git\n+cd u-boot\n+git checkout rpi4-wolftpm-uboot\n+git submodule update --init lib/wolftpm\n+\n+export CROSS_COMPILE=aarch64-elf-\n+make rpi_4_defconfig\n+make -j$(nproc)\n+```\n+\n+### Configuration Options\n+\n+Enable in `menuconfig` or defconfig:\n+\n+```\n+# Core TPM support\n+CONFIG_TPM=y\n+CONFIG_TPM_V2=y\n+\n+# wolfTPM (replaces standard tpm2 command)\n+CONFIG_TPM_WOLF=y\n+CONFIG_CMD_TPM=y\n+\n+# For Infineon hardware\n+CONFIG_WOLFTPM_SLB9672=y\n+\n+# For QEMU/swtpm testing\n+# CONFIG_WOLFTPM_LINUX_DEV=y\n+```\n+\n+**Note:** The `tpm2` command frontend (`cmd/tpm-v2.c`) is always compiled. The backend is selected at build time: when `CONFIG_TPM_WOLF` is enabled, `cmd/wolftpm.c` provides the wolfTPM backend; otherwise, `cmd/native_tpm2.c` provides the native U-Boot backend.\n+\n+## Hardware Support\n+\n+### Tested Hardware\n+\n+- Raspberry Pi 4 Model B\n+- Infineon SLB9670 TPM (LetsTrust HAT)\n+- Infineon SLB9672 TPM (with firmware update support)\n+\n+### SPI Configuration\n+\n+The TPM is configured on SPI0 CE1 (GPIO7), matching the standard Raspberry Pi `tpm-slb9670` overlay:\n+\n+```\n+SPI0 Pins:\n+- SCLK: GPIO11 (pin 23)\n+- MOSI: GPIO10 (pin 19)\n+- MISO: GPIO9 (pin 21)\n+- CE1: GPIO7 (pin 26)\n+```\n+\n+## Documentation\n+\n+- **Full Guide**: [rpi4-wolftpm-uboot](https://github.com/aidangarske/rpi4-wolftpm-uboot)\n+- **Firmware Update**: See `doc/usage/cmd/wolftpm.rst`\n+- **wolfTPM Library**: [github.com/wolfSSL/wolfTPM](https://github.com/wolfSSL/wolfTPM)\n+\n+## Files Modified/Added\n+\n+```\n+cmd/tpm-v2.c # Shared tpm2 command frontend (dispatch table, help)\n+cmd/native_tpm2.c # Native U-Boot backend (when wolfTPM is OFF)\n+cmd/wolftpm.c # wolfTPM backend (when wolfTPM is ON)\n+cmd/tpm2-backend.h # Backend function declarations\n+lib/wolftpm/ # wolfTPM library (submodule)\n+lib/wolftpm.c # wolfTPM library glue code\n+include/configs/user_settings.h # wolfTPM configuration\n+include/wolftpm.h # wolfTPM header\n+arch/arm/dts/bcm2711-rpi-4-b.dts # Device tree with SPI/TPM config\n+configs/rpi_4_defconfig # RPi4 build configuration\n+drivers/spi/bcm2835_spi.c # BCM2835 SPI driver\n+doc/usage/cmd/wolftpm.rst # Command documentation\n+```\n+\n+## License\n+\n+- U-Boot: GPL-2.0\n+- wolfTPM: GPL-2.0\n+- This integration: GPL-2.0\n+\n+## Author\n+\n+Aidan Garske <aidan@wolfssl.com>\n+wolfSSL Inc.\ndiff --git a/doc/usage/cmd/wolftpm.rst b/doc/usage/cmd/wolftpm.rst\nnew file mode 100644\nindex 00000000000..85e6be544bb\n--- /dev/null\n+++ b/doc/usage/cmd/wolftpm.rst\n@@ -0,0 +1,635 @@\n+wolfTPM Support For Das U-Boot\n+==============================\n+\n+wolfTPM provides experimental support for U-Boot with the following key features:\n+\n+- Utilizes SOFT SPI driver in U-Boot for TPM communication\n+- Implements TPM 2.0 driver functionality through its internal TIS layer\n+- Provides native API access to all TPM 2.0 commands\n+- Includes wrapper API for common TPM 2.0 operations\n+- Supports two integration paths:\n+ - ``__linux__``: Uses existing tpm interface via tpm2_linux.c\n+ - ``__UBOOT__``: Direct SPI communication through tpm_io_uboot.c\n+\n+wolfTPM U-Boot Commands\n+----------------------\n+\n+The following commands are available through the ``tpm2`` command (powered by wolfTPM):\n+\n+Basic Commands\n+~~~~~~~~~~~~~~\n+\n+- ``help`` - Show help text\n+- ``device [num device]`` - Show all devices or set the specified device\n+- ``info`` - Show information about the TPM\n+- ``state`` - Show internal state from the TPM (if available)\n+- ``autostart`` - Initialize the TPM, perform a Startup(clear) and run a full selftest sequence\n+- ``init`` - Initialize the software stack (must be first command)\n+- ``startup <mode> [<op>]`` - Issue a TPM2_Startup command\n+ - ``<mode>``: TPM2_SU_CLEAR (reset state) or TPM2_SU_STATE (preserved state)\n+ - ``[<op>]``: optional shutdown with \"off\"\n+- ``self_test <type>`` - Test TPM capabilities\n+ - ``<type>``: \"full\" (all tests) or \"continue\" (untested tests only)\n+\n+PCR Operations\n+~~~~~~~~~~~~~~\n+\n+- ``pcr_extend <pcr> <digest_addr> [<digest_algo>]`` - Extend PCR with digest\n+- ``pcr_read <pcr> <digest_addr> [<digest_algo>]`` - Read PCR to memory\n+- ``pcr_allocate <algorithm> <on/off> [<password>]`` - Reconfig PCR bank algorithm\n+- ``pcr_setauthpolicy | pcr_setauthvalue <pcr> <key> [<password>]`` - Change PCR access key\n+- ``pcr_print`` - Print current PCR state\n+\n+Security Management\n+~~~~~~~~~~~~~~~~~~~\n+\n+- ``clear <hierarchy>`` - Issue TPM2_Clear command\n+ - ``<hierarchy>``: TPM2_RH_LOCKOUT or TPM2_RH_PLATFORM\n+- ``change_auth <hierarchy> <new_pw> [<old_pw>]`` - Change hierarchy password\n+ - ``<hierarchy>``: TPM2_RH_LOCKOUT, TPM2_RH_ENDORSEMENT, TPM2_RH_OWNER, or TPM2_RH_PLATFORM\n+- ``dam_reset [<password>]`` - Reset internal error counter\n+- ``dam_parameters <max_tries> <recovery_time> <lockout_recovery> [<password>]`` - Set DAM parameters\n+- ``caps`` - Show TPM capabilities and info\n+\n+Firmware Management\n+~~~~~~~~~~~~~~~~~~~\n+\n+- ``firmware_update <manifest_addr> <manifest_sz> <firmware_addr> <firmware_sz>`` - Update TPM firmware\n+- ``firmware_cancel`` - Cancel TPM firmware update\n+\n+Infineon TPM Firmware Update Guide\n+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n+\n+**WARNING: Firmware updates are risky. A failed update can brick your TPM.\n+Only proceed if you have a valid reason to update (security patches, new features)\n+and understand the risks.**\n+\n+The firmware update commands are for Infineon SLB9672/SLB9673 TPMs only. The process\n+requires extracting manifest and firmware data from Infineon's combined ``.BIN`` file.\n+\n+**Prerequisites:**\n+\n+- Infineon firmware file (e.g., ``TPM20_16.13.17733.0_R1.BIN``)\n+- wolfTPM's ``ifx_fw_extract`` tool (in ``lib/wolftpm/examples/firmware/``)\n+- Your TPM's KeyGroupId (shown by ``tpm2 caps`` command)\n+\n+**Step 1: Get your TPM's KeyGroupId**\n+\n+Run ``tpm2 caps`` to find your TPM's KeyGroupId::\n+\n+ U-Boot> tpm2 caps\n+ Mfg IFX (1), Vendor SLB9672, Fw 16.13 (0x4545), FIPS 140-2 1, CC-EAL4 1\n+ Operational mode: Normal TPM operational mode (0x0)\n+ KeyGroupId 0x5, FwCounter 1255 (255 same)\n+ ...\n+\n+In this example, KeyGroupId is ``0x5``.\n+\n+**Step 2: Build the extraction tool (on host machine)**\n+\n+::\n+\n+ cd lib/wolftpm/examples/firmware\n+ gcc -o ifx_fw_extract ifx_fw_extract.c\n+\n+**Step 3: List available key groups in firmware file**\n+\n+::\n+\n+ ./ifx_fw_extract TPM20_16.13.17733.0_R1.BIN\n+ Found group 00000005\n+\n+Verify your TPM's KeyGroupId matches one in the firmware file.\n+\n+**Step 4: Extract manifest and firmware data**\n+\n+Use your KeyGroupId (0x5 in this example)::\n+\n+ ./ifx_fw_extract TPM20_16.13.17733.0_R1.BIN 0x5 manifest.bin firmware.bin\n+ Found group 00000005\n+ Chosen group found: 00000005\n+ Manifest size is 3229\n+ Data size is 925539\n+ Wrote 3229 bytes to manifest.bin\n+ Wrote 925539 bytes to firmware.bin\n+\n+**Step 5: Copy files to SD card**\n+\n+Copy ``manifest.bin`` and ``firmware.bin`` to your boot partition (FAT)::\n+\n+ cp manifest.bin firmware.bin /Volumes/bootfs/ # macOS\n+ cp manifest.bin firmware.bin /boot/firmware/ # Linux\n+\n+**Step 6: Load files into memory**\n+\n+In U-Boot, load the files from SD card into RAM::\n+\n+ U-Boot> fatload mmc 0:1 0x10000000 manifest.bin\n+ 3229 bytes read in 32 ms (97.7 KiB/s)\n+\n+ U-Boot> fatload mmc 0:1 0x10100000 firmware.bin\n+ 925539 bytes read in 86 ms (10.3 MiB/s)\n+\n+**Step 7: Perform firmware update (CAUTION!)**\n+\n+Convert file sizes to hex:\n+\n+- manifest.bin: 3229 bytes = 0xC9D\n+- firmware.bin: 925539 bytes = 0xE1F63\n+\n+Run the firmware update::\n+\n+ U-Boot> tpm2 firmware_update 0x10000000 0xC9D 0x10100000 0xE1F63\n+ TPM2 Firmware Update\n+ Infineon Firmware Update Tool\n+ Manifest Address: 0x10000000 (size: 3229)\n+ Firmware Address: 0x10100000 (size: 925539)\n+ tpm2 init: rc = 0 (Success)\n+ Mfg IFX (1), Vendor SLB9672, Fw 16.13 (0x4545)\n+ Operational mode: Normal TPM operational mode (0x0)\n+ KeyGroupId 0x5, FwCounter 1255 (255 same)\n+ Firmware Update (normal mode):\n+ Mfg IFX (1), Vendor SLB9672, Fw 16.13 (0x4545)\n+ Operational mode: Normal TPM operational mode (0x0)\n+ KeyGroupId 0x5, FwCounter 1255 (255 same)\n+ tpm2 firmware_update: rc=0 (Success)\n+\n+**DO NOT power off or reset during the update!**\n+\n+**Step 8: Verify update**\n+\n+After the update completes, verify with::\n+\n+ U-Boot> tpm2 caps\n+\n+The firmware version should show the new version.\n+\n+**Recovery Mode:**\n+\n+If the TPM enters recovery mode (opMode shows 0x02 or 0x8x), the firmware update\n+command will automatically use recovery mode. You may need to run the update again\n+to complete the process.\n+\n+Canceling a Firmware Update\n+^^^^^^^^^^^^^^^^^^^^^^^^^^^\n+\n+If an update is in progress and needs to be abandoned (opMode 0x01), use::\n+\n+ U-Boot> tpm2 firmware_cancel\n+ tpm2 init: rc = 0 (Success)\n+ tpm2 firmware_cancel: rc=0 (Success)\n+\n+**IMPORTANT: After running firmware_cancel, you MUST reboot/power cycle the system\n+before running any other TPM commands.** If you attempt to run commands without\n+rebooting, you will get ``TPM_RC_REBOOT`` (error 304)::\n+\n+ U-Boot> tpm2 firmware_update ...\n+ tpm2 init: rc = 304 (TPM_RC_REBOOT)\n+ Infineon firmware update failed 0x130: TPM_RC_REBOOT\n+\n+After rebooting, the TPM will return to normal operation and you can retry the\n+firmware update or continue with normal TPM operations.\n+\n+**Note:** If no firmware update is in progress, ``firmware_cancel`` returns\n+``TPM_RC_COMMAND_CODE`` (0x143), which is expected and harmless::\n+\n+ U-Boot> tpm2 firmware_cancel\n+ tpm2 firmware_cancel: rc=323 (TPM_RC_COMMAND_CODE)\n+\n+Enabling wolfTPM in U-Boot\n+--------------------------\n+\n+Enable wolfTPM support in U-Boot by adding these options to your board's defconfig::\n+\n+ CONFIG_TPM=y\n+ CONFIG_TPM_V2=y\n+ CONFIG_TPM_WOLF=y\n+ CONFIG_CMD_WOLFTPM=y\n+\n+ if with __LINUX__:\n+ CONFIG_TPM_LINUX_DEV=y\n+\n+Or use ``make menuconfig`` and enable:\n+\n+Enabling Debug Output\n+~~~~~~~~~~~~~~~~~~~~~\n+\n+wolfTPM commands use U-Boot's logging system (``log_debug()``). To enable debug\n+output, you must first enable the logging subsystem in your board's defconfig::\n+\n+ CONFIG_LOG=y\n+ CONFIG_LOG_MAX_LEVEL=7\n+ CONFIG_LOG_DEFAULT_LEVEL=7\n+\n+Or via ``make menuconfig``:\n+\n+- Console → Enable logging support\n+- Console → Maximum log level to record = 7\n+- Console → Default logging level to display = 7\n+\n+Log levels:\n+- 7 = DEBUG (to show wolfTPM command debug output)\n+\n+**Note:** Without ``CONFIG_LOG=y``, the ``log level`` command will not exist\n+and ``log_debug()`` calls will produce no output.\n+\n+wolfTPM Library Debug\n+^^^^^^^^^^^^^^^^^^^^^\n+\n+For lower-level wolfTPM library debug output (TPM protocol messages), edit\n+``include/configs/user_settings.h`` and uncomment::\n+\n+ #define DEBUG_WOLFTPM /* Basic wolfTPM debug messages */\n+ #define WOLFTPM_DEBUG_VERBOSE /* Verbose debug messages */\n+ #define WOLFTPM_DEBUG_IO /* IO-level debug (SPI transfers) */\n+\n+After enabling, rebuild U-Boot::\n+\n+ make clean\n+ make -j4\n+\n+Menuconfig Paths\n+^^^^^^^^^^^^^^^^\n+\n+The following menuconfig paths are useful for wolfTPM:\n+\n+- Device Drivers → TPM → TPM 2.0 Support\n+- Device Drivers → TPM → wolfTPM Support\n+- Command line interface → Security commands → Enable wolfTPM commands\n+- Console → Enable logging support (for ``log_debug()`` output)\n+\n+Building and Running wolfTPM with U-Boot using QEMU\n+---------------------------------------------------\n+\n+To build and run wolfTPM with U-Boot using QEMU and a TPM simulator, follow these steps:\n+\n+1. Install swtpm::\n+\n+ git clone https://github.com/stefanberger/swtpm.git\n+ cd swtpm\n+ ./autogen.sh\n+ make\n+\n+2. Build U-Boot::\n+\n+ make distclean\n+ export CROSS_COMPILE=aarch64-linux-gnu-\n+ export ARCH=aarch64\n+ make qemu_arm64_defconfig\n+ make -j4\n+\n+3. Create TPM directory::\n+\n+ mkdir -p /tmp/mytpm1\n+\n+4. Start swtpm (in first terminal)::\n+\n+ swtpm socket --tpm2 --tpmstate dir=/tmp/mytpm1 --ctrl type=unixio,path=/tmp/mytpm1/swtpm-sock --log level=20\n+\n+5. Start QEMU (in second terminal)::\n+\n+ qemu-system-aarch64 -machine virt -nographic -cpu cortex-a57 -bios u-boot.bin -chardev socket,id=chrtpm,path=/tmp/mytpm1/swtpm-sock -tpmdev emulator,id=tpm0,chardev=chrtpm -device tpm-tis-device,tpmdev=tpm0\n+\n+6. Example output::\n+\n+ U-Boot 2025.07-rc1-ge15cbf232ddf-dirty (May 06 2025 - 16:25:56 -0700)\n+ ...\n+ => tpm2 help\n+ tpm2 - Issue a TPMv2.x command\n+ Usage:\n+ tpm2 <command> [<arguments>]\n+ ...\n+ => tpm2 info\n+ tpm_tis@0 v2.0: VendorID 0x1014, DeviceID 0x0001, RevisionID 0x01 [open]\n+ => tpm2 startup TPM2_SU_CLEAR\n+ => tpm2 get_capability 0x6 0x20e 0x200 1\n+ Capabilities read from TPM:\n+ Property 0x6a2e45a9: 0x6c3646a9\n+ => tpm2 pcr_read 10 0x100000\n+ PCR #10 sha256 32 byte content (20 known updates):\n+ 20 25 73 0a 00 56 61 6c 75 65 3a 0a 00 23 23 20\n+ 4f 75 74 20 6f 66 20 6d 65 6d 6f 72 79 0a 00 23\n+\n+7. Example commands::\n+\n+ => tpm2 info\n+ tpm_tis@0 v2.0: VendorID 0x1014, DeviceID 0x0001, RevisionID 0x01 [open]\n+ ...\n+ => tpm2 pcr_read 10 0x100000\n+ PCR #10 sha256 32 byte content (20 known updates):\n+ 20 25 73 0a 00 56 61 6c 75 65 3a 0a 00 23 23 20\n+ 4f 75 74 20 6f 66 20 6d 65 6d 6f 72 79 0a 00 23\n+\n+8. Exiting the QEMU:\n+ Press Ctrl-A followed by X\n+\n+Testing wolfTPM\n+---------------\n+\n+wolfTPM includes a comprehensive test suite based on the existing TPM2 tests.\n+The tests are located in:\n+\n+- ``test/cmd/wolftpm.c`` - C unit tests (based on ``test/dm/tpm.c`` and ``test/cmd/hash.c``)\n+- ``test/py/tests/test_wolftpm.py`` - Python integration tests (based on ``test/py/tests/test_tpm2.py``)\n+\n+Running C Unit Tests\n+~~~~~~~~~~~~~~~~~~~~\n+\n+The C unit tests use the U-Boot test framework and can be run in sandbox mode\n+or on real hardware. To run all wolfTPM tests::\n+\n+ # Build sandbox with tests enabled\n+ make sandbox_defconfig\n+ # Enable wolfTPM in menuconfig\n+ make menuconfig\n+ make -j4\n+\n+ # Run U-Boot sandbox\n+ ./u-boot -T\n+\n+ # In U-Boot sandbox, run the unit tests\n+ => ut cmd\n+\n+Individual tests can be run by name::\n+\n+ => ut cmd cmd_test_wolftpm_autostart\n+ => ut cmd cmd_test_wolftpm_init\n+ => ut cmd cmd_test_wolftpm_self_test\n+ => ut cmd cmd_test_wolftpm_caps\n+ => ut cmd cmd_test_wolftpm_clear\n+ => ut cmd cmd_test_wolftpm_pcr_read\n+ => ut cmd cmd_test_wolftpm_pcr_extend\n+\n+Running Tests Manually in QEMU\n+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n+\n+You can also test wolfTPM commands manually in QEMU:\n+\n+1. Start swtpm::\n+\n+ mkdir -p /tmp/mytpm\n+ swtpm socket --tpm2 --tpmstate dir=/tmp/mytpm \\\n+ --ctrl type=unixio,path=/tmp/mytpm/swtpm-sock --log level=20\n+\n+2. Start QEMU with TPM::\n+\n+ qemu-system-aarch64 -machine virt -cpu cortex-a57 -m 1024 \\\n+ -bios u-boot.bin \\\n+ -chardev socket,id=chrtpm,path=/tmp/mytpm/swtpm-sock \\\n+ -tpmdev emulator,id=tpm0,chardev=chrtpm \\\n+ -device tpm-tis-device,tpmdev=tpm0 \\\n+ -nographic\n+\n+3. Run wolfTPM commands at the U-Boot prompt::\n+\n+ => tpm2 autostart\n+ => tpm2 caps\n+ => tpm2 pcr_read 0 sha256\n+ => tpm2 pcr_print\n+ => tpm2 self_test full\n+ => tpm2 clear TPM2_RH_LOCKOUT\n+ => tpm2 dam_parameters 3 10 0\n+\n+Test Coverage\n+~~~~~~~~~~~~~\n+\n+The test suite covers the following wolfTPM functionality:\n+\n++---------------------------+------------------------------------------+\n+| Test Name | Description |\n++===========================+==========================================+\n+| wolftpm_autostart | TPM initialization and startup |\n++---------------------------+------------------------------------------+\n+| wolftpm_init | TPM device initialization |\n++---------------------------+------------------------------------------+\n+| wolftpm_self_test | Full TPM self-test |\n++---------------------------+------------------------------------------+\n+| wolftpm_self_test_continue| Continue incomplete self-tests |\n++---------------------------+------------------------------------------+\n+| wolftpm_caps | Read TPM capabilities |\n++---------------------------+------------------------------------------+\n+| wolftpm_clear | Clear TPM state |\n++---------------------------+------------------------------------------+\n+| wolftpm_pcr_read | Read PCR values |\n++---------------------------+------------------------------------------+\n+| wolftpm_pcr_extend | Extend PCR with digest |\n++---------------------------+------------------------------------------+\n+| wolftpm_pcr_print | Print all PCR values |\n++---------------------------+------------------------------------------+\n+| wolftpm_pcr_allocate | Reconfigure PCR bank algorithm |\n++---------------------------+------------------------------------------+\n+| wolftpm_dam_reset | Reset DAM counter |\n++---------------------------+------------------------------------------+\n+| wolftpm_dam_parameters | Set DAM parameters |\n++---------------------------+------------------------------------------+\n+| wolftpm_change_auth | Change hierarchy password |\n++---------------------------+------------------------------------------+\n+| wolftpm_info | Display TPM info |\n++---------------------------+------------------------------------------+\n+| wolftpm_state | Display TPM state |\n++---------------------------+------------------------------------------+\n+| wolftpm_device | Show/set TPM device |\n++---------------------------+------------------------------------------+\n+| wolftpm_startup_clear | TPM2_Startup with CLEAR mode |\n++---------------------------+------------------------------------------+\n+| wolftpm_startup_state | TPM2_Startup with STATE mode |\n++---------------------------+------------------------------------------+\n+| wolftpm_startup_shutdown | TPM2_Shutdown command |\n++---------------------------+------------------------------------------+\n+| wolftpm_get_capability | Read TPM capabilities by property |\n++---------------------------+------------------------------------------+\n+\n+The following commands are implemented in ``cmd/wolftpm.c`` but do not yet have\n+test coverage due to special requirements. These have been tested locally on \n+hardware but dont have test suites due to different build configurations.\n+\n++---------------------------+------------------------------------------+------------------+\n+| Command | Description | Notes |\n++===========================+==========================================+==================+\n+| pcr_setauthpolicy | Set PCR authorization policy | Requires |\n+| | | wolfCrypt |\n++---------------------------+------------------------------------------+------------------+\n+| pcr_setauthvalue | Set PCR authorization value | Requires |\n+| | | wolfCrypt |\n++---------------------------+------------------------------------------+------------------+\n+| firmware_update | Update TPM firmware (Infineon only) | Requires |\n+| | | Infineon HW |\n++---------------------------+------------------------------------------+------------------+\n+| firmware_cancel | Cancel firmware update (Infineon only) | Requires |\n+| | | Infineon HW |\n++---------------------------+------------------------------------------+------------------+\n+\n+**Note:** The ``pcr_setauthpolicy`` and ``pcr_setauthvalue`` commands require\n+``WOLFTPM2_NO_WOLFCRYPT`` to be undefined (i.e., wolfCrypt must be enabled).\n+The ``firmware_update`` and ``firmware_cancel`` commands require Infineon\n+SLB9672/SLB9673 hardware.\n+\n+Testing on SLB 9672 on Raspberry Pi 4 Hardware\n+----------------------------------------------\n+\n+For testing with real TPM hardware (e.g., Infineon SLB9672 TPM HAT on Raspberry Pi):\n+\n+1. Build U-Boot for Raspberry Pi::\n+\n+ make distclean\n+ export CROSS_COMPILE=aarch64-linux-gnu-\n+ export ARCH=aarch64\n+ make rpi_arm64_defconfig\n+ make -j$(nproc)\n+\n+2. Backup current boot configuration::\n+\n+ sudo cp /boot/firmware/config.txt /boot/firmware/config.txt.backup\n+\n+3. Copy U-Boot to boot partition::\n+\n+ sudo cp u-boot.bin /boot/firmware/\n+\n+4. Edit ``/boot/firmware/config.txt`` and add::\n+\n+ # U-Boot for wolfTPM testing\n+ enable_uart=1\n+ kernel=u-boot.bin\n+ arm_64bit=1\n+\n+5. Connect serial console (recommended) - USB-to-serial adapter on GPIO 14/15\n+ (pins 8/10) at 115200 baud.\n+\n+6. Reboot and test at U-Boot prompt::\n+\n+ U-Boot> tpm2 device\n+ U-Boot> tpm2 info\n+ U-Boot> tpm2 autostart\n+ U-Boot> tpm2 caps\n+ U-Boot> tpm2 pcr_read 0 0x1000000 SHA256\n+\n+7. To restore normal Linux boot::\n+\n+ sudo cp /boot/firmware/config.txt.backup /boot/firmware/config.txt\n+ sudo reboot\n+\n+**Note:** The Raspberry Pi build uses GPIO-based soft SPI for TPM communication.\n+Standard SPI0 pins are used: GPIO 11 (SCLK), GPIO 10 (MOSI), GPIO 9 (MISO),\n+GPIO 7 (CE1 for TPM). Adjust ``arch/arm/dts/bcm2711-rpi-4-b-u-boot.dtsi`` if\n+your TPM HAT uses different GPIO pins.\n+\n+Python Test Framework\n+~~~~~~~~~~~~~~~~~~~~~\n+\n+**Why QEMU+swtpm is required (not sandbox):**\n+\n+The native ``test_tpm2.py`` tests run directly in sandbox because the native\n+TPM backend uses U-Boot's driver model, which has a built-in sandbox TPM\n+emulator. wolfTPM bypasses driver model entirely and communicates with TPM\n+hardware directly via its own SPI/MMIO HAL layer. This means there is no\n+sandbox emulator for wolfTPM to talk to. Instead, wolfTPM Python tests require\n+QEMU with swtpm (software TPM emulator) which provides a real TPM device\n+interface that wolfTPM can communicate with via MMIO.\n+\n+**Prerequisites:**\n+\n+Install swtpm and QEMU::\n+\n+ sudo apt-get install -y swtpm qemu-system-aarch64 pytest\n+\n+**Running wolfTPM Python Tests with QEMU+swtpm:**\n+\n+1. Build U-Boot for QEMU arm64 with wolfTPM and autodetect enabled::\n+\n+ make qemu_arm64_defconfig\n+ scripts/config --enable CONFIG_CMD_WOLFTPM --enable CONFIG_TPM_AUTODETECT\n+ make olddefconfig\n+ make -j$(nproc)\n+\n+2. Create the test helper scripts in the U-Boot root directory:\n+\n+ ``u-boot-test-flash`` (no-op for QEMU)::\n+\n+ #!/bin/bash\n+ exit 0\n+\n+ ``u-boot-test-console`` (starts swtpm + QEMU)::\n+\n+ #!/bin/bash\n+ SWTPM_DIR=/tmp/mytpm\n+ SWTPM_SOCK=${SWTPM_DIR}/swtpm-sock\n+ mkdir -p ${SWTPM_DIR}\n+ if [ ! -S \"${SWTPM_SOCK}\" ]; then\n+ swtpm socket --tpm2 --tpmstate dir=${SWTPM_DIR} \\\n+ --ctrl type=unixio,path=${SWTPM_SOCK} --log level=0 &\n+ sleep 1\n+ fi\n+ exec qemu-system-aarch64 -machine virt -nographic -cpu cortex-a57 \\\n+ -bios u-boot.bin \\\n+ -chardev socket,id=chrtpm,path=${SWTPM_SOCK} \\\n+ -tpmdev emulator,id=tpm0,chardev=chrtpm \\\n+ -device tpm-tis-device,tpmdev=tpm0\n+\n+ ``u-boot-test-reset`` (no-op)::\n+\n+ #!/bin/bash\n+ exit 0\n+\n+ ``u-boot-test-release`` (cleanup)::\n+\n+ #!/bin/bash\n+ pkill -f \"swtpm.*mytpm\" 2>/dev/null\n+ exit 0\n+\n+ Make them executable::\n+\n+ chmod +x u-boot-test-flash u-boot-test-console u-boot-test-reset u-boot-test-release\n+\n+3. Run the wolfTPM Python tests::\n+\n+ export PATH=\".:$PATH\"\n+ ./test/py/test.py --bd qemu_arm64 --build-dir . -k \"test_wolftpm and not ut_cmd\" -v\n+\n+**Verified output (QEMU arm64 + swtpm, 19 passed, 2 skipped):**\n+\n+::\n+\n+ test_wolftpm_autostart PASSED\n+ test_wolftpm_init PASSED\n+ test_wolftpm_self_test_full PASSED\n+ test_wolftpm_self_test_continue PASSED\n+ test_wolftpm_caps PASSED\n+ test_wolftpm_clear PASSED\n+ test_wolftpm_change_auth SKIPPED (requires wolfCrypt)\n+ test_wolftpm_dam_parameters PASSED\n+ test_wolftpm_dam_reset PASSED\n+ test_wolftpm_pcr_read PASSED\n+ test_wolftpm_pcr_extend PASSED\n+ test_wolftpm_pcr_print PASSED\n+ test_wolftpm_info PASSED\n+ test_wolftpm_state PASSED\n+ test_wolftpm_device PASSED\n+ test_wolftpm_startup_clear PASSED\n+ test_wolftpm_startup_state PASSED\n+ test_wolftpm_startup_shutdown PASSED\n+ test_wolftpm_get_capability SKIPPED\n+ test_wolftpm_pcr_allocate PASSED\n+ test_wolftpm_cleanup PASSED\n+\n+The native ``test_tpm2.py`` tests can be run directly in sandbox::\n+\n+ ./test/py/test.py --bd sandbox --build -k test_tpm2 -v\n+\n+Enabling Debug Output\n+~~~~~~~~~~~~~~~~~~~~~\n+\n+To see debug messages, enable logging before running::\n+\n+ # At U-Boot prompt\n+ => log level 7\n+\n+Or enable in defconfig::\n+\n+ CONFIG_LOG=y\n+ CONFIG_LOG_MAX_LEVEL=7\n+ CONFIG_LOG_DEFAULT_LEVEL=7\n+\n+For wolfTPM library-level debug, edit ``include/configs/user_settings.h``::\n+\n+ #define DEBUG_WOLFTPM\n+ #define WOLFTPM_DEBUG_IO /* Shows SPI transfer details */\n", "prefixes": [ "v3", "11/12" ] }