wolfTPM 3.10.0 delivers a critical security fix, expanded embedded platform support, and enterprise-grade TPM resource management—empowering developers to build secure, scalable IoT and edge computing solutions with hardware-backed cryptography.
Password Handling Fix
A bug in the wolfTPM2_SetKeyAuthPassword() function introduced in v3.9.2 has been resolved. This API, primarily used by the C# wrapper, was incorrectly truncating passwords to 2 bytes.
- Impact: Users of the wolfTPM2_SetKeyAuthPassword API or C# wrapper on v3.9.2
- Resolution: Password handling now correctly stores the full authentication credential, with regression tests added
- PR: #439
Note: If you are using this API or the C# wrapper with v3.9.2, we recommend updating.
Espressif ESP32 HAL Support
wolfTPM now natively supports ESP32-S3, ESP32-C6, and other ESP32 variants via SPI and I2C interfaces—bringing TPM 2.0 security to millions of IoT devices.
Key Features
- Native ESP-IDF integration with pre-configured pin mappings
- SPI speeds up to 22 MHz for high-performance cryptographic operations
- I2C support for Infineon SLB9673 TPM modules
- Hardware-backed key storage, secure boot, and device attestation
- PR: #386
Enhanced CMake Build System & TPM Module Selection
Streamlined build configuration with new TPM hardware targeting:
| Option | Supported Hardware |
| WOLFTPM_MODULE=slb9672 | Infineon OPTIGA™ TPM |
| WOLFTPM_MODULE=st33 | STMicro STSAFE-TPM |
| WOLFTPM_MODULE=microchip | Microchip ATTPM20 |
| WOLFTPM_MODULE=nuvoton | Nuvoton NPCT75x |
Interface Options: SPI, I2C, MMIO, Linux devtpm, Windows TBS, Software TPM
cmake .. -DWOLFTPM_MODULE=slb9672 -DWOLFTPM_INTERFACE=DEVTPM
Linux TPM Resource Manager Support
New support for /dev/tpmrm0 enables automatic TPM session virtualization and multi-process coordination.
Enable with: WOLFTPM_USE_TPMRM
| Feature | Raw Device (/dev/tpm0) | Resource Manager (/dev/tpmrm0) |
| Multi-process access | Manual coordination | Automatic isolation |
| Session management | Application handles | Kernel manages |
| Cleanup on exit | Must be explicit | Automatic |
Additional Improvements
| Feature | PR |
| Fixed crypto callback hash algorithm selection | #433 |
| Improved signature verification hash detection | #432 |
| Improved TLS bidirectional shutdown | #431 |
| Coverity static analysis fixes | #441 |
| Added make cppcheck option | Various |
Why wolfTPM?
- Portable – Runs on bare-metal RTOS, Linux, Windows, and macOS
- Lightweight – Small footprint for resource-constrained embedded systems
- Standards-compliant – Full TPM 2.0 specification support
- Production-ready – Trusted by automotive, aerospace, and industrial customers
- Open source – GPLv3 with commercial licensing available
Supported TPM Hardware
Infineon OPTIGA™ SLB9670/9672/9673 • STMicro ST33 • Microchip ATTPM20 • Nuvoton NPCT75x • Nations Tech Z32H330/NS350 • Software TPM simulators
Get Started
git clone https://github.com/wolfSSL/wolfTPM.git cd wolfTPM && ./autogen.sh && ./configure && make
Resources
wolfTPM is developed by wolfSSL Inc., the leading provider of lightweight, portable security solutions for embedded systems, IoT, automotive, and enterprise applications.
If you have questions about any of the above, please contact us at facts@wolfssl.com or call us at +1 424 245 8247.
Download wolfSSL Now