wolfSSL is excited to announce firmware TPM (fTPM) support in wolfTPM — a production-ready, open-source, embedded firmware TPM 2.0 implementation built on wolfCrypt. wolfTPM fTPM fills a critical gap in embedded security: teams that need software-based TPM services on MCUs and SoCs can now use an open-source implementation with commercial support, portable platform integration, and the ability to pair TPM functionality with wolfCrypt FIPS 140-3 validated cryptography configurations. Whether you are implementing secure boot, measured boot, remote attestation, or protected key storage, wolfTPM fTPM provides TPM 2.0 behavior without requiring a discrete TPM chip, using isolated execution such as TrustZone secure world, a dedicated FPGA softcore, or another hardware-enforced boundary.
Implementation details and discussion are available in PR #474.
Design assumptions and deployment targets
wolfTPM fTPM is designed for systems with a hardware isolation boundary. Typical deployment patterns include:
- Arm TrustZone separation (secure/non-secure worlds)
- Dedicated core architectures for TPM service isolation
- FPGA softcore deployments, including RISC-V MiV-RV32 on AMD/Xilinx UltraScale+ and Microchip PolarFire MPSoC
An out-of-box STM32H563ZI TrustZone reference is being migrated to wolftpm-examples/puf.
Transport modes (socket, mssim/swtpm, and TIS)
wolfTPM fTPM supports two primary transport models, selected by build configuration and deployment model:
- Socket transport (–enable-swtpm)
- Compatible with Microsoft simulator protocol (mssim) and swtpm TCTI styles.
- Works well for host-based bring-up, CI, and tool interoperability.
- Typical tpm2-tools environment settings:
- TPM2TOOLS_TCTI=”mssim:host=localhost,port=2321″
- TPM2TOOLS_TCTI=”swtpm:host=localhost,port=2321″
- TIS register transport (without –enable-swtpm)
- Uses TPM TIS register-level access (for example, shared memory or platform bus integration).
- Better aligned with embedded/bare-metal integration where direct register transport is required.
Architecture and feature set
The firmware TPM implementation is organized around clear subsystem boundaries:
- Command engine for TPM 2.0 command decode/dispatch/response flow
- TIS transport layer for host communication over TPM-compatible interfaces
- Crypto integration layer mapped to wolfCrypt primitives and policy controls
- NV state subsystem for persistent TPM objects, counters, and state continuity
Key technical capabilities include:
- TPM 2.0 command-path integration suitable for firmware-resident deployments
- Measured-boot and attestation-oriented integration points in embedded boot chains
- Portability across platform isolation models through the src/fwtpm/ports/ structure
- Alignment with existing TPM-oriented provisioning and lifecycle workflows
- Optional deployment with wolfCrypt FIPS 140-3 validated cryptography configurations for regulated environments
Secure layout:
- Core firmware TPM code: src/fwtpm/
- Platform ports: src/fwtpm/ports/
- STM32H563ZI TrustZone reference: moving to wolftpm-examples/puf
- Firmware TPM documentation: docs/FWTPM.md
Getting Strated (build and try)
Quick local bring-up for socket mode (mssim/swtpm compatible):
./autogen.sh ./configure --enable-fwtpm --enable-swtpm make
Then run the fwTPM build/test helper:
scripts/fwtpm_build_test.sh --quick
For full matrix testing:
scripts/fwtpm_build_test.sh --all
For platform-focused integration, start with:
- wolftpm-examples/puf for STM32H563ZI + TrustZone reference material
- docs/FWTPM.md for configuration options and deployment notes
For production use, ensure platform-specific hardening for isolation policy, NV protection, key lifecycle, and secure update strategy.
If you have questions about any of the above, please contact us at facts@wolfssl.com or call us at +1 425 245 8247.
Download wolfSSL Now