{"id":2235246,"url":"http://patchwork.ozlabs.org/api/1.2/patches/2235246/?format=json","web_url":"http://patchwork.ozlabs.org/project/uboot/patch/40dab2a66e32cda7db755402a27403307709f9a7.1778277334.git.aidan@wolfssl.com/","project":{"id":18,"url":"http://patchwork.ozlabs.org/api/1.2/projects/18/?format=json","name":"U-Boot","link_name":"uboot","list_id":"u-boot.lists.denx.de","list_email":"u-boot@lists.denx.de","web_url":null,"scm_url":null,"webscm_url":null,"list_archive_url":"","list_archive_url_format":"","commit_url_format":""},"msgid":"<40dab2a66e32cda7db755402a27403307709f9a7.1778277334.git.aidan@wolfssl.com>","list_archive_url":null,"date":"2026-05-09T00:04:12","name":"[v3,05/12] tpm: add wolfTPM build rules and Kconfig","commit_ref":null,"pull_url":null,"state":"new","archived":false,"hash":"9339f3e641e72c05ef981d43cf25aef125d67686","submitter":{"id":92785,"url":"http://patchwork.ozlabs.org/api/1.2/people/92785/?format=json","name":"Aidan Garske","email":"aidan@wolfssl.com"},"delegate":null,"mbox":"http://patchwork.ozlabs.org/project/uboot/patch/40dab2a66e32cda7db755402a27403307709f9a7.1778277334.git.aidan@wolfssl.com/mbox/","series":[{"id":503464,"url":"http://patchwork.ozlabs.org/api/1.2/series/503464/?format=json","web_url":"http://patchwork.ozlabs.org/project/uboot/list/?series=503464","date":"2026-05-09T00:04:07","name":"tpm: Add wolfTPM library support for TPM 2.0","version":3,"mbox":"http://patchwork.ozlabs.org/series/503464/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/patches/2235246/comments/","check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/2235246/checks/","tags":{},"related":[],"headers":{"Return-Path":"<u-boot-bounces@lists.denx.de>","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=wolfssl-com.20251104.gappssmtp.com\n header.i=@wolfssl-com.20251104.gappssmtp.com header.a=rsa-sha256\n header.s=20251104 header.b=iC9DUXPg;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de\n (client-ip=85.214.62.61; helo=phobos.denx.de;\n envelope-from=u-boot-bounces@lists.denx.de; receiver=patchwork.ozlabs.org)","phobos.denx.de;\n dmarc=fail (p=none dis=none) header.from=wolfssl.com","phobos.denx.de;\n spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de","phobos.denx.de;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=wolfssl-com.20251104.gappssmtp.com\n header.i=@wolfssl-com.20251104.gappssmtp.com header.b=\"iC9DUXPg\";\n\tdkim-atps=neutral","phobos.denx.de;\n dmarc=fail (p=none dis=none) header.from=wolfssl.com","phobos.denx.de;\n spf=pass smtp.mailfrom=aidan@wolfssl.com"],"Received":["from phobos.denx.de (phobos.denx.de [85.214.62.61])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4gC6c20QzHz1yCg\n\tfor <incoming@patchwork.ozlabs.org>; Sat, 09 May 2026 10:41:06 +1000 (AEST)","from h2850616.stratoserver.net (localhost [IPv6:::1])\n\tby phobos.denx.de (Postfix) with ESMTP id 601A384E21;\n\tSat,  9 May 2026 02:40:15 +0200 (CEST)","by phobos.denx.de (Postfix, from userid 109)\n id B2C7884E0B; Sat,  9 May 2026 02:04:46 +0200 (CEST)","from mail-dl1-x1234.google.com (mail-dl1-x1234.google.com\n [IPv6:2607:f8b0:4864:20::1234])\n (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits))\n (No client certificate requested)\n by phobos.denx.de (Postfix) with ESMTPS id ED6C784E0A\n for <u-boot@lists.denx.de>; Sat,  9 May 2026 02:04:43 +0200 (CEST)","by mail-dl1-x1234.google.com with SMTP id\n a92af1059eb24-12c8c9c4cd8so2159753c88.0\n for <u-boot@lists.denx.de>; Fri, 08 May 2026 17:04:43 -0700 (PDT)","from localhost.localdomain ([207.231.76.218])\n by smtp.gmail.com with ESMTPSA id\n a92af1059eb24-132787673ffsm5505030c88.15.2026.05.08.17.04.41\n (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);\n Fri, 08 May 2026 17:04:41 -0700 (PDT)"],"X-Spam-Checker-Version":"SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de","X-Spam-Level":"*","X-Spam-Status":"No, score=1.4 required=5.0 tests=BAYES_00,DKIM_SIGNED,\n DKIM_VALID,RCVD_IN_DNSWL_BLOCKED,RCVD_IN_SBL_CSS,SPF_HELO_NONE,\n SPF_PASS autolearn=no autolearn_force=no version=3.4.2","DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=wolfssl-com.20251104.gappssmtp.com; s=20251104; t=1778285082; x=1778889882;\n darn=lists.denx.de;\n h=content-transfer-encoding:mime-version:references:in-reply-to\n :message-id:date:subject:cc:to:from:from:to:cc:subject:date\n :message-id:reply-to;\n bh=ktXImSmp24jPe3o0Ul/H4vgOE24na+wCFd6yUC51Ax4=;\n b=iC9DUXPgRAWLNxNet5Uk5KcFxvdgUuBM/tiTXUabxEc98KcA1Sb7FD8pWWixPn23ZL\n k/XMHCjoWxJigSBlkdH2dE114+HnzIGZomKfzV3i0JVJ3qeallEfZfZZLKDIr28BdFY0\n wumfZIb2gaJ4/JrT3CYLlIs85SoMQkx9OZoe0yZgFpleUrp25oy5NGYzlFK89mpRx58c\n K6szSqBtDmUzD0Q2lCt8Azu5mBquB207octAlNQAs/+dGpQAQ5EwtzlRnTl9jRBgbp+N\n x+aGCwmv2GrLCVGLj8FkEVKpdGGKEalPaj8+WsjLGSu5bqDqjqfldpztdWOPVRwR5o+Y\n TqEA==","X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=1e100.net; s=20251104; t=1778285082; x=1778889882;\n h=content-transfer-encoding:mime-version:references:in-reply-to\n :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from\n :to:cc:subject:date:message-id:reply-to;\n bh=ktXImSmp24jPe3o0Ul/H4vgOE24na+wCFd6yUC51Ax4=;\n b=rvjNlHAumUV1T9qPTiEET4m44HsnsWWlRrytBIrktwMmX6QYzRyaE37SdxpaNljLoa\n a/3PeMhTvRHa3oMzGcK8MQRqD+idorbeUNOf+9MnfcShs/66MGZKsVbDowfVenb1x9BU\n DAv9Pfv+IcxoVqDeCy6XW2FOKzc6cUhW76eLRupBPdptYX61BX/VYlauS3TY2dSiusah\n 17di9MQv3TvE8V3LOEIabtAb6vOqxyFzFQtuYOYKgAngrf9sajdtqsiyZSRSjvGC3L1c\n 18/kwk5YHE3MQ9lqIbSm1osZx/PH/Kt33gVckphh9xrFV3H6oLMOyRiK/Yx5o5fqVHRD\n 9/IA==","X-Gm-Message-State":"AOJu0YyU/kOkpz6Vm6LXC46iQLSan3tuTGcVZvBUb+KYC6tNLpR9xgc/\n MjjD2Hlsogr3D0w+7iBkbnn2eT0klNC7h3d9yNZrzCNZqmrSK3Xr+Wv6miBbWev35iTgiBTgpmd\n cIV9S","X-Gm-Gg":"AeBDiesyRYfdyDHXCWLuezL4iOk1L1s3P5urv7nLp4La8407gfirm2KXOWpZns5mutp\n O7m+6Oxo7yoHiSptdCL+iwtKLHPhEH70Y++rNve0oHnsQyv+Rpjy9xDK0LpK+Rr5Y/YTCp3SoUK\n TFnlVvy+EW/6LgSMudPBOXkgJfVBfPLC2yDEVCS9N9SD1ukr9wTQzmJ19iQuL6Re0xB4dQHYrmi\n T41fwCOYGBdkYUOPAtkdoDT/IW9OH2VKSI/3zK7T7XZcq/7R6uWMKU5Kn9BCJ+SEO721/aD4v2h\n CAeVRibU+qutn5Jk0cCvLweJkJMNogQMbIE1Hzx3DMe9iWfzh3uHmc3+wtqp4hKtidOVVb+/9+2\n xoRtFraJZ0EavgZSJ3hap0Q5LrsYM8n0tEZQXQx752PJRnWxhNkM6qfCoOyFHGGGMnRMHQa+huu\n PjHG2FUJtW6vf54vnEb4C7b1q51z3a6DJVR8bmqL9gl+EAEtEqbGwntr2cA4nymLG8UpCTIUkpl\n z95+L204qH0gVitSwo0Ww==","X-Received":"by 2002:a05:7022:4588:b0:12a:6abf:ab1c with SMTP id\n a92af1059eb24-1323ae990d7mr4252670c88.11.1778285082034;\n Fri, 08 May 2026 17:04:42 -0700 (PDT)","From":"Aidan Garske <aidan@wolfssl.com>","To":"u-boot@lists.denx.de","Cc":"David Garske <david@wolfssl.com>,\n Ilias Apalodimas <ilias.apalodimas@linaro.org>","Subject":"[PATCH v3 05/12] tpm: add wolfTPM build rules and Kconfig","Date":"Fri,  8 May 2026 17:04:12 -0700","Message-ID":"\n <40dab2a66e32cda7db755402a27403307709f9a7.1778277334.git.aidan@wolfssl.com>","X-Mailer":"git-send-email 2.47.3","In-Reply-To":"<cover.1778277334.git.aidan@wolfssl.com>","References":"<cover.1778277334.git.aidan@wolfssl.com>","MIME-Version":"1.0","Content-Transfer-Encoding":"8bit","X-Mailman-Approved-At":"Sat, 09 May 2026 02:40:11 +0200","X-BeenThere":"u-boot@lists.denx.de","X-Mailman-Version":"2.1.39","Precedence":"list","List-Id":"U-Boot discussion <u-boot.lists.denx.de>","List-Unsubscribe":"<https://lists.denx.de/options/u-boot>,\n <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>","List-Archive":"<https://lists.denx.de/pipermail/u-boot/>","List-Post":"<mailto:u-boot@lists.denx.de>","List-Help":"<mailto:u-boot-request@lists.denx.de?subject=help>","List-Subscribe":"<https://lists.denx.de/listinfo/u-boot>,\n <mailto:u-boot-request@lists.denx.de?subject=subscribe>","Errors-To":"u-boot-bounces@lists.denx.de","Sender":"\"U-Boot\" <u-boot-bounces@lists.denx.de>","X-Virus-Scanned":"clamav-milter 0.103.8 at phobos.denx.de","X-Virus-Status":"Clean"},"content":"From: Aidan <aidan@wolfssl.com>\n\nHook the wolfTPM source tree (imported as a subtree at lib/wolftpm/ in\nthe preceding commits) into the U-Boot build and add upstream-pull\nsupport to tools/update-subtree.sh, matching how mbedtls, dts, and lwip\nare maintained.\n\nlib/Kconfig:\n  Adds CONFIG_TPM_WOLF under library routines, depending on DM,\n  implying DM_RNG, and selecting SHA1.\n\nlib/Makefile:\n  When CONFIG_TPM_WOLF and CONFIG_TPM_V2 are both enabled, compiles\n  wolfTPM core source files (tpm2.c, tpm2_packet.c, tpm2_tis.c,\n  tpm2_wrap.c, tpm2_param_enc.c) and the HAL layer (tpm_io.c).\n  Sets -I include paths and -DWOLFTPM_USER_SETTINGS so wolfTPM picks\n  up include/configs/user_settings.h.\n\ntools/update-subtree.sh:\n  Registers the wolftpm subtree (path lib/wolftpm, upstream\n  https://github.com/wolfssl/wolfTPM.git) so the existing pull/pick\n  workflow can be used for future wolfTPM updates.\n\nSigned-off-by: Aidan Garske <aidan@wolfssl.com>\n---\n lib/Kconfig             | 13 +++++++++++++\n lib/Makefile            | 17 +++++++++++++++++\n tools/update-subtree.sh |  7 ++++++-\n 3 files changed, 36 insertions(+), 1 deletion(-)","diff":"diff --git a/lib/Kconfig b/lib/Kconfig\nindex 931d5206936..b7dc422e94c 100644\n--- a/lib/Kconfig\n+++ b/lib/Kconfig\n@@ -500,6 +500,19 @@ config TPM\n \t  If you want a fully functional TPM enable all hashing algorithms.\n \t  If you enabled measured boot all hashing algorithms are selected.\n \n+config TPM_WOLF\n+\tbool \"Enable wolfTPM support\"\n+\tdepends on DM\n+\timply DM_RNG\n+\tselect SHA1\n+\thelp\n+\t  This option enables support for wolfTPM in U-Boot. wolfTPM is a\n+\t  portable, open-source TPM 2.0 stack licensed under GPLv2. Enabling\n+\t  this option allows U-Boot to interact with the TPM via wolfTPM,\n+\t  including firmware updates, PCR extend, and other TPM 2.0\n+\t  operations. The wolfTPM source tree lives under lib/wolftpm/ as\n+\t  a subtree (see tools/update-subtree.sh).\n+\n config SPL_TPM\n \tbool \"Trusted Platform Module (TPM) Support in SPL\"\n \tdepends on SPL_DM\ndiff --git a/lib/Makefile b/lib/Makefile\nindex 70667f3728c..0753e33d69e 100644\n--- a/lib/Makefile\n+++ b/lib/Makefile\n@@ -64,6 +64,23 @@ obj-$(CONFIG_EFI_TCG2_PROTOCOL) += tpm_tcg2.o\n obj-$(CONFIG_MEASURED_BOOT) += tpm_tcg2.o\n endif\n \n+# wolfTPM (TPM 2.0 stack, including firmware update support)\n+ifeq ($(CONFIG_TPM_WOLF),y)\n+ifeq ($(CONFIG_TPM_V2),y)\n+ccflags-y += -I$(srctree)/lib/wolftpm \\\n+\t     -I$(srctree)/include/configs \\\n+\t     -DWOLFTPM_USER_SETTINGS\n+obj-y += wolftpm/hal/tpm_io.o\n+obj-$(CONFIG_WOLFTPM_LINUX_DEV) += wolftpm/src/tpm2_linux.o\n+obj-y += wolftpm/src/tpm2.o\n+obj-y += wolftpm/src/tpm2_packet.o\n+obj-y += wolftpm/src/tpm2_tis.o\n+obj-y += wolftpm/src/tpm2_wrap.o\n+obj-y += wolftpm/src/tpm2_param_enc.o\n+obj-y += wolftpm.o\n+endif\n+endif\n+\n obj-$(CONFIG_$(PHASE_)CRC8) += crc8.o\n obj-$(CONFIG_$(PHASE_)CRC16) += crc16.o\n obj-$(CONFIG_$(PHASE_)CRC16) += crc16-ccitt.o\ndiff --git a/tools/update-subtree.sh b/tools/update-subtree.sh\nindex 536b3318573..c5963e6a3ae 100755\n--- a/tools/update-subtree.sh\n+++ b/tools/update-subtree.sh\n@@ -17,7 +17,7 @@ set -e\n print_usage() {\n     echo \"usage: $0 <op> <subtree-name> <ref>\"\n     echo \"  <op>           pull or pick\"\n-    echo \"  <subtree-name> mbedtls or dts or lwip\"\n+    echo \"  <subtree-name> mbedtls or dts or lwip or wolftpm\"\n     echo \"  <ref>          release tag [pull] or commit id [pick]\"\n }\n \n@@ -47,6 +47,11 @@ set_params() {\n             repo_url=https://git.savannah.gnu.org/git/lwip.git\n             remote_name=\"lwip_upstream\"\n             ;;\n+        wolftpm)\n+            path=lib/wolftpm\n+            repo_url=https://github.com/wolfssl/wolfTPM.git\n+            remote_name=\"wolftpm_upstream\"\n+            ;;\n         *)\n             echo \"Invalid subtree name: $subtree_name\"\n             print_usage\n","prefixes":["v3","05/12"]}