Month: June 2021

wolfTPM is the only TPM 2.0 library designed for baremetal and embedded systems. It also has native Windows and Linux support, alongside a TPM simulator for rapid development and testing.

When it comes to choosing a TPM 2.0 dedicated chip for your project, there are multiple options: Nuvoton NPCT75x, STMicroelectronics ST33, Infineon SLB9670, Microchip ATTPM20P, etc.

Here are our highlights when using ST33 chip with wolfTPM:

• Only wolfTPM supports GPIO control for ST33
  • Depending on the chip variant, a ST33 could offer up to four(4) extra GPIO 
  • The access to these GPIO is protected by the TPM 2.0 authorization
  • Making the GPIO control offered by wolfTPM a great tool for signaling across subsystems for critical, important or security events
  • wolfTPM also provides an open-source example code ready for use

• ST33 has the most Non-volatile memory storage on the market, right now
  • Typically, TPM 2.0 NVRAM storage is limited, this makes ST33  stand out. Multiple certificates and keys can be stored in the ST33 non-volatile memory
  • wolfTPM offers open-source examples on how to securely store secrets and keys in the TPM’s NVRAM

• Using ST33 for Automotive, Industrial, Medical and Aerospace devices with wolfTPM is easy
  • Critical-safety systems often use state machines and RTOS
  • Baremetal and RTOS do not provide driver for TPM 2.0
  • Thanks to wolfTPM’s design, using ST33 without a driver is possible
  • wolfTPM has its own internal TIS layer and direct support for I2C and SPI

• Using ST33 for IoT devices with wolfTPM is highly recommended, because our TPM 2.0 stack is lightweight. In comparison with other libraries, wolfTPM produces 20 times less code and 100 times less memory.
  
• Only ST33 supports AES symmetric operations for encryption and decryption by default, using TPM2_EncryptDecrypt2. Other TPM 2.0 modules support by default only AES CFB for parameter encryption.

 

Contact us at facts@wolfssl.com if you want more information about wolfTPM or if you have any questions about using ST33 TPM 2.0 in embedded systems.

 

wolfSSL is up and running and tested on Apple’s new M1 chip, and with the right options it is blazing fast! We have decided to benchmark our wolfCrypt/wolfSSL libraries on the Apple M1, to show you just how well the the M1 will perform in our standard cryptographic benchmarks.

See below for more details!

Algorithm	Stock	FPECC	Tuned	units
AES-128-CBC-enc	293.883	290.948	1398.339	MB/s
AES-128-CBC-dec	373.651	370.746	13249.163	MB/s
AES-192-CBC-enc	254.407	252.17	1262.787	MB/s
AES-192-CBC-dec	309.909	299.734	10647.85	MB/s
AES-256-CBC-enc	222.387	217.493	1089.026	MB/s
AES-256-CBC-dec	262.953	256.281	8721.781	MB/s
AES-128-GCM-enc	179.345	174.943	1747.438	MB/s
AES-128-GCM-dec	178.981	172.858	916.025	MB/s
AES-192-GCM-enc	162.299	162.208	1741.425	MB/s
AES-192-GCM-dec	162.174	159.531	918.173	MB/s
AES-256-GCM-enc	149.777	145.503	1737.536	MB/s
AES-256-GCM-dec	149.824	147.596	916.683	MB/s
GMAC Table 4-bit	349.384	347.843	1133.42	MB/s
CHACHA	634.519	627.355	1610.471	MB/s
POLY1305	2033.201	2041.016	3875.21	MB/s
CHA-POLY	467.391	460.927	1159.885	MB/s
RNG	94.615	92.271	824.593	MB/s
SHA1	698.103	721.239	740.663	MB/s
SHA2-224	203.827	205.559	2342.624	MB/s
SHA2-256	205.875	205.747	2345.45	MB/s
SHA2-384	490.398	493.513	469.233	MB/s
SHA2-512	498.631	495.535	472.364	MB/s
SHA3-224	575.71	570.766	535.922	MB/s
SHA3-256	543.394	540.197	517.069	MB/s
SHA3-384	410.624	412.87	400.126	MB/s
SHA3-512	279.388	285.977	282.751	MB/s
HMAC-MD5	498.966	508.38	511.853	MB/s
HMAC-SHA1	721.945	735.642	714.138	MB/s
HMAC-SHA2-224	205.603	205.892	2320.677	MB/s
HMAC-SHA2-256	205.961	205.791	2350.719	MB/s
HMAC-SHA2-384	498.012	494.334	465.534	MB/s
HMAC-SHA2-512	498.887	496.538	456.999	MB/s
RSA 2048 public	19270.458	19386.083	61480.153	ops/sec
RSA 2048 private	310.831	312.818	1855.512	ops/sec
DH 2048 agree	1032.402	1019.901	3984.282	ops/sec
ECDHE P-256 agree	1627.55	12351.73	22747.658	ops/sec
ECDSA P-256 sign	1570.605	9734.156	40588.639	ops/sec
ECDSA P-256 verify	2388.126	9321.698	22289.143	ops/sec
ECC P-256 key gen	1613.476	11507.204	64141.471	ops/sec
DH 2048 key gen	2042.726	2059.996	4098.742	ops/sec

If you have questions on these benchmarks, or if you would like some support to help replicate them on your system, let us know at facts@wolfSSL.com or give us a call!

The i.MX RT1060 is a powerful crossover MCU implementation of the Arm Cortex-M7 core, designed and produced by NXP. This MCU contains a TRNG and a data co-processor (DCP). The latter is capable of performing AES encryption and decryption, as well as calculating SHA and SHA256 digest.

Starting from version 4.7.0, wolfSSL provides a port driver that can redirect all the AES and SHA/SHA256 operations to the DCP, which has a number of advantages over the software implementation counterparts, reducing the footprint of the compiled library, improving performance and using less power.

The DCP driver can be enabled via the compile-time flag WOLFSSL_IMXRT_DCP, which delegates all the AES and SHA/SHA256 operations to the hardware co-processor. When this option is enabled, all TLS connections using these algorithms will rely on the hardware to perform the operations.

wolfSSL can also use the TRNG present in this core as an entropy source to seed the DRBG. Support for TRNG on this board can be enabled by adding the compile-time flag FREESCALE_KSDK_2_0_TRNG.

WolfSSL is not the only component in the product family that directly benefits from the presence of these secure elements on this target platform. SSH servers and clients based on wolfSSH will automatically use the accelerators for both SHA and AES when available and compiled in. The port for i.MX-RT1060 of wolfBoot, our secure bootloader, uses the SHA256 hardware acceleration to speed up the verification of the integrity of the firmware image. A full port of wolfBoot for i.MX-RT1060 is available, and its hardware abstraction layer is distributed with wolfBoot since version 1.7.1.

i.MX-RT1060 is a popular choice as edge computing platform, often deployed in combination with a real-time operating system and TCP/IP connectivity. WolfSSL, wolfSSH, wolfBoot and wolfMQTT can be easily added to these scenarios to enable secure communication, secure remote shell and filesystem services, as well as secure boot and remote firmware updates. The extra hardware security provided by DCP and TRNG makes the i.MX-RT1060 a reliable platform to build professional grade security with the latest standards.

Ask us more information about solutions based on i.MX RT1060 and other embedded systems, contact us today at facts@wolfssl.com.