Announcing wolfTPM v4.0.0

    • wolfTPM v4.0.0 is our largest release to date. It delivers three headline capabilities:

    • Firmware TPM (fwTPM) – a portable TPM 2.0 built on wolfCrypt.
    • SPDM Secured Transport – encrypted host-to-TPM communication.
    • ST33 TPM 2.0 Firmware Update – new update tool for STMicro ST33KTPM2X.

    All three are powered by the same wolfCrypt engine trusted in FIPS 140-3 and DO-178C DAL A deployments.

    Feature 1: Firmware TPM (fwTPM)

    The fwTPM is a portable TPM 2.0 command processor. It is implemented entirely on top of wolfCrypt. It covers 105 of 113 commands in the TPM 2.0 v1.38 specification (93%). The full object, session, policy, attestation, PCR, and NV families are included.

    Use it as a drop-in replacement for a discrete TPM chip. Or use it in CI as a replacement for external simulators like the Microsoft TPM simulator and IBM swTPM.

    Why It Matters

    • Reduce BOM and physical attack surface. Parts that never shipped with a TPM can now gain TPM services. No extra chip. No exposed bus.
    • Portability. The same fwTPM runs on a Cortex-M in TrustZone, a dedicated RPU on an MPSoC, a hardened RISC-V core, or an FPGA soft core.
    • Supply-chain integrity. Your TPM becomes part of your signed firmware image. No separate silicon vendor in the trust path.
    • Same crypto you already trust. RSA, ECC, SHA-2/3, AES, and HMAC all come from the FIPS 140-3 wolfCrypt module, qualifiable to DO-178C DAL A for avionics.

    Where fwTPM Runs

    fwTPM is designed to live in an isolated execution environment. Proven homes include:

    • Microchip PolarFire SoC (MPFS250T) – Run in FPGA with Mi-V RISC-V soft-core or run in a dedicated core (E51 Monitor or U54)
    • Arm TrustZone-M. Reference port on STMicro STM32H5 (NUCLEO-H563ZI). TrustZone-M gives isolated code, data, flash, and crypto peripherals.
    • AMD/Xilinx Zynq UltraScale+ MPSoC and Versal Gen 1 / Gen 2. Multiple deployment options on the same part: Arm TrustZone on the APU, a dedicated Cortex-R5F (UltraScale+) or R52 (Versal Gen 2) on the RPU, or a MicroBlaze V (RISC-V) soft core.
    • AMD Spartan UltraScale+ (MicroBlaze V or Cortex-M1 soft core)
    • Altera Agilex 5 (Nios V soft core). TPM functionality entirely inside programmable logic.

    Integration

    • Transports: Socket mssim or swtpm (auto detected), shared memory IO and register-level TIS for bare-metal SPI, I2C or UART.
    • NV storage: File-backed on hosted systems. HAL callback for embedded flash. TLV journal format suits wear-levelled flash.
    • Footprint knobs: Features can be disabled if not required to reduce code size. Attestation, Policy, NV, Credential, Dictionary Attack.

    Feature 2: SPDM Secured Transport

    When a TPM speaks to its host over a PCB trace, that trace is attackable. SPDM closes the gap. Commands and responses ride over a vendor-defined TCG channel. The channel is encrypted with AES-256-GCM and integrity-checked on every packet.

    What’s New

    • Vendors: Nuvoton NPCT75x and Nations Technologies NS350. (More coming soon)
    • Session modes:
      • Identity-key mode over ECDH P-384, on both NPCT75x and NS350.
      • PSK mode on NS350.
    • Auto-connect with SPDM-only lock-down. Once locked, wolfTPM establishes the encrypted session on every open. Plaintext commands are rejected.
    • New spdm_ctrl utility. Full lifecycle: enable, disable, provision PSK, clear PSK, lock, unlock.

    Why It Matters

    Anywhere the TPM is physically accessible – servers in colocation, defense platforms, medical devices, industrial controllers, in-vehicle ECUs – SPDM closes the last-inch attack surface.

    Feature 3: ST33 TPM 2.0 Firmware Update

    STMicro’s ST33KTPM2X introduced a new Generation 2 firmware format using LMS signing. wolfTPM v4.0.0 adds the st33_fw_update example tool for supporting firmware updates on older Gen 1 and newer Gen 2 firmware versions. See examples/firmware/README.md for usage.

    Other v4.0.0 Release Improvements

    New HALs

    • Raspberry Pi 4 hardware SPI
    • U-Boot (tpm_io_uboot.c)
    • Espressif ESP-IDF SPI
    • Linux auto-detection between /dev/tpmX and direct SPI

    Hardening

    • Fenrir and Coverity findings addressed across tpm2_wrap, tpm2_packet, tpm2_asn, NV, session auth, SPDM, and fwTPM paths.
    • ForceZero on every sensitive stack buffer.
    • Constant-time export for ECDH shared secrets and ECC signature r/s.
    • Short-circuit OR removed from all auth paths.
    • Bounds checks and NULL-deref guards across ASN.1, PCR, and key-load code.

    CI

    • ASan and UBSan sanitizer jobs.
    • Pedantic gcc and clang matrices.
    • macOS and Windows fwTPM builds.
    • Weekly libFuzzer plus per-PR smoke.

    Coming Soon: TPM 2.0 v1.85 Post-Quantum

    Right behind this release. Post-quantum algorithms from TPM 2.0 v1.85 are landing in both the fwTPM server and the wolfTPM client library:

    • ML-KEM (Kyber) for key encapsulation
    • ML-DSA (Dilithium) for signatures

    Why now? Harvest-Now-Decrypt-Later (HNDL) mitigation for long-lived device identity keys. Deploy fwTPM today. Get a drop-in PQC upgrade path without respinning silicon.

    Getting Started

    git clone https://github.com/wolfSSL/wolfTPM.git
cd wolfTPM
git checkout v4.0.0
./configure --enable-fwtpm
make && make check

    For commercial licensing, FIPS 140-3 integration, DO-178C DAL A qualification kits, custom HAL ports, or early access to the v1.85 PQC branch, contact facts@wolfssl.com or +1 425 245 8247.

    Download wolfSSL Now