wolfTPM: Hardware SPI and TPM 2.0 Firmware Update Support for U-Boot

    • Secure boot architectures require more than just the presence of a TPM; they require a high-performance communication interface and a mechanism for lifecycle management. wolfSSL has updated wolfTPM and U-Boot to support native Hardware SPI communication and direct TPM 2.0 firmware updates for the Raspberry Pi 4.

    These changes move away from generic software-based implementations, providing a more robust foundation for early-boot security operations.

    Technical Enhancement: Hardware SPI vs. Software Bit-Banging
    Historically, U-Boot implementations for the Raspberry Pi 4 often relied on a software bit-banging driver (soft_spi) for TPM communication. This approach is sensitive to CPU timing and increases the overhead of the bootloader.

    Our latest updates introduce a native hardware SPI driver path for wolfTPM within U-Boot. The advantages of this transition include:

    • Reduced CPU Utilization: The hardware peripheral handles the serialized clock and data lines, freeing the CPU from manual GPIO toggling.
    • Clock Speed Stability: Native SPI ensures consistent signal timing and higher baud rates, which are critical when transmitting large cryptographic payloads or firmware blobs.
    • Improved Reliability: Hardware-level control reduces the risk of timing violations that can cause interrupted TPM transactions or communication timeouts.

    The SPI driver changes can be reviewed in wolfTPM Pull Request #451.

    TPM 2.0 Firmware Management in the Bootloader
    A significant limitation of standard U-Boot TPM support is the lack of firmware management commands. This update integrates the full wolfTPM API, specifically enabling the TPM2_FieldUpgrade command set.

    This allows developers to perform TPM firmware updates directly from the U-Boot environment. The benefits of this architectural choice include:

    • OS-Independent Lifecycle Management: Update the TPM hardware before any operating system or kernel is loaded, ensuring the root of trust is patched before the high-level software stack is even active.
    • Simplified Provisioning: In factory environments, a single U-Boot script can provision and update the TPM without needing a complex Linux recovery image.
    • Full API Access: Beyond firmware updates, the integration provides access to the extensive wolfTPM command set (NVRAM management, advanced policy sessions, and key sealing) which far exceeds the native U-Boot tpm command capability.

    Validation and Testing
    This implementation has been verified across two primary targets to ensure consistent behavior:

    1. Physical Hardware: Validated on Raspberry Pi 4 using the hardware SPI interface.
    2. Simulation: Verified using the TCG swtpm simulator via MMIO, allowing for integration testing in QEMU-based CI/CD pipelines.

    Accessing the Updates
    The changes are available across three primary repositories. We are currently working with u-boot to upstream these changes. But for now we can use these repositories:

    Component Repository / Branch
    U-Boot Source aidangarske/u-boot (rpi4-wolftpm-uboot)
    wolfTPM PR wolfSSL/wolfTPM (Pull Request #451)
    Integration Guide aidangarske/rpi4-wolftpm-uboot

    The integration guide includes the necessary config flags and build scripts to enable hardware SPI and the expanded wolfTPM command set.

    Contact Us
    If you have questions about any of the above, please contact us at facts@wolfssl.com or call us at +1 425 245 8247.

    Download wolfSSL Now