Maintaining the security and longevity of embedded systems requires the ability to update firmware reliably and securely. wolfSSL is excited to announce the addition of comprehensive firmware upgrade support for STMicroelectronics ST33KTPM2X modules within wolfTPM.
This latest enhancement simplifies the complex process of Field Upgrades for ST33 TPMs, providing a unified API that handles version detection and multiple signature formats.
Download wolfSSL →
Support for LMS and Legacy Signatures
The ST33 TPM family has evolved through different firmware generations, each with unique authentication requirements. wolfTPM now supports both:
- Generation 1 (Legacy): Firmware versions prior to 512, which utilize a non-LMS format.
- Generation 2 (Modern): Firmware versions 512 and higher (e.g., 9.512), which mandate the use of LMS (Leighton-Micali Signatures).
Intelligent Version Detection
One of the most powerful aspects of this new feature is the automated routing logic. The wolfTPM2_FirmwareUpgradeHash() function automatically detects the current firmware version of the attached ST33 TPM and selects the appropriate upgrade path; whether it requires a 177-byte legacy manifest or the modern 2697-byte LMS manifest.
Key API Functions
wolfTPM2_FirmwareUpgradeWithLMS(): Dedicated path for modern LMS-based updates.wolfTPM2_FirmwareUpgradeCancel(): Provides a secure way to abandon an in-progress update using password-based authentication.tpm2_st33_firmware_send_blob(): Handles the chunking and transmission of firmware data to the TPM, ensuring reliable delivery even in resource-constrained environments.
Testing and Verification
We have verified this implementation on ST33KTPM2X hardware, confirming successful transitions from legacy versions to the latest LMS-required firmware. Developers can use the newly included test script, examples/firmware/test_st33_firmware.sh, to verify their own update procedures.
Resources
If you are looking for assistance with TPM integration or secure boot services for the Infineon AURIX, ST33, or other secure elements, contact us at facts@wolfssl.com or call us at +1 425 245 8247.
Download wolfSSL Now