ML-DSA and ML-KEM Support for TPM 2.0 Library Specification v1.85
Quantum-Safe TPM Operations Are on the Way
wolfSSL is excited to announce that post-quantum cryptography (PQC) support is coming to wolfTPM. wolfTPM will be among the first TPM 2.0 libraries to implement the newly-published TCG TPM 2.0 Library Specification v1.85, which adds the NIST-standardized post-quantum algorithms ML-DSA (Module-Lattice-Based Digital Signature, FIPS 204) and ML-KEM (Module-Lattice-Based Key-Encapsulation Mechanism, FIPS 203).
With the arrival of cryptographically relevant quantum computers on the horizon, organizations deploying long-lived secrets such as device identities, firmware signing keys, attestation keys, and data-at-rest encryption keys need to migrate away from classical RSA and ECC now, not after “Q-Day.” wolfTPM is a lightweight, portable TPM 2.0 stack trusted by embedded, IoT, automotive, and industrial customers worldwide, and adding quantum-safe algorithms keeps wolfTPM on the leading edge of secure-hardware software.
What’s Being Added
wolfTPM is adding full support for the eight new TPM 2.0 v1.85 post-quantum commands:
| Command | Description |
| TPM2_Encapsulate | ML-KEM key encapsulation |
| TPM2_Decapsulate | ML-KEM key decapsulation |
| TPM2_SignSequenceStart | ML-DSA message signing for arbitrarily-sized messages |
| TPM2_SignSequenceComplete | ML-DSA sign sequence completion |
| TPM2_VerifySequenceStart | ML-DSA verification start |
| TPM2_VerifySequenceComplete | ML-DSA verification completion |
| TPM2_SignDigest | Hash-ML-DSA pre-hashed signing |
| TPM2_VerifyDigestSignature | Hash-ML-DSA pre-hashed verification |
Supported parameter sets cover the full NIST-approved range:
| Algorithm | FIPS Standard | Parameter Sets |
| ML-KEM | FIPS 203 | ML-KEM-512 / 768 / 1024 |
| ML-DSA | FIPS 204 | ML-DSA-44 / 65 / 87 |
Why wolfTPM PQC Matters
- Quantum-safe device identity: ML-DSA endorsement and attestation keys protect device identity against future quantum attacks.
- Long-term data confidentiality: ML-KEM key encapsulation defeats harvest-now-decrypt-later threats to archived encrypted data.
- NIST-compliant, FIPS-aligned: Algorithms follow FIPS 203 (ML-KEM) and FIPS 204 (ML-DSA) as standardized by NIST in 2024, with all wire formats matching the TCG TPM 2.0 Library Specification v1.85.
- Portable: wolfTPM’s small footprint and zero dynamic allocation make PQC TPM accessible on embedded platforms, not just servers.
- Built on wolfCrypt: The same FIPS-validated cryptographic core that powers wolfSSL’s TLS 1.3 PQ support drives wolfTPM’s PQC path.
Ready for Early Access?
Post-quantum wolfTPM is in active development. You can track the work-in-progress pull request here: wolfSSL/wolfTPM#445: TPM 2.0 v1.85 Post-Quantum Support.
We’re working with customers for early evaluation and integration. If you’re designing the next generation of secure IoT, automotive ECUs, industrial controllers, or any long-lived-key system that will live into the quantum era, reach out now.
Stay tuned for the full release announcement and a separate announcement about post-quantum support in wolfTPM’s firmware TPM (fwTPM), our software-TPM implementation targeting embedded, bare-metal, and constrained environments.
If you have questions about any of the above, please contact us at facts@wolfssl.com or call us at +1 425 245 8247.
Download wolfSSL Now