Announcing wolfTPM v4.1.0

wolfTPM v4.1.0 delivers the post-quantum upgrade path we promised in v4.0.0, alongside a major round of firmware TPM (fwTPM) hardening. It delivers three headline capabilities:

  • TPM 2.0 v1.85 Post-Quantum Cryptography: ML-DSA and ML-KEM native and in the fwTPM.
  • fwTPM Hardening: Dictionary Attack protection to the TCG spec, SPDM secured transport, and session, policy, and NV fixes.
  • Runtime TPM Locality Control: select locality 0-4 at runtime with a single API call.

All of it runs on the same wolfCrypt engine trusted in FIPS 140-3 and DO-178C DAL A deployments.

Feature 1: TPM 2.0 v1.85 Post-Quantum Cryptography

v4.0.0 shipped with post-quantum support listed as coming soon. It is here. The fwTPM now implements the TPM 2.0 v1.85 post-quantum algorithms: ML-DSA sign/verify and ML-KEM encapsulate/decapsulate, with seed handling to TCG Phase B, ML-DSA primary keys via TPM2_CreateLoaded, PQC parameter encryption in the examples, and dedicated PQC CI and fuzz coverage.

Build Only What You Use
Post-quantum keys and code are large, so v4.1.0 adds layered build macros to trim the PQC footprint to the operations you actually perform:

--enable-pqc                          # lean ML-DSA + ML-KEM subset
--enable-mldsa[=all|sign-only|verify-only|no]
--enable-mlkem[=all|enc|dec|no]
--disable-hash-mldsa

–enable-pqc now selects the lean PQC subset, while –enable-v185 remains the full specification build. Per-algorithm (WOLFTPM_MLDSA, WOLFTPM_MLKEM) and per-operation macros each have a matching WOLFTPM_NO_* opt-out. New _ex session, OAEP, and PQC-hash wrappers round out the API, and the build enforces a wolfSSL v5.8.0+ PQC floor with upstream-drift CI.

Feature 2: fwTPM Hardening

The firmware TPM introduced in v4.0.0 received a major round of work to close the gap with discrete hardware.

Dictionary Attack Protection to the TCG Spec

  • noDA honored on objects (TPMA_OBJECT_noDA), not just NV indices.
  • failedTries persisted in NV, including the non-orderly-shutdown +1 penalty.
  • recoveryTime self-heal and separate lockoutRecovery, with DA properties reported via TPM2_GetCapability.
  • New wrappers wolfTPM2_DictionaryAttackLockReset and wolfTPM2_DictionaryAttackParameters, a da_check example, and a CI retry harness.

Sessions, Policy, and NV

  • Transient state kept across command-port reconnects.
  • continueSession set in the password-auth response, and PolicyAuthorize zero-ticket handling.
  • Append-only NV journal for write-once flash ports.
  • Optional transparent TPM_RC_RETRY handling for TPMs that momentarily report busy. Opt in via TPM2_SetCommandRetries or -DWOLFTPM_MAX_RETRIES=N.
  • SPDM secured transport extended to the fwTPM, and FIPS 140-3 capability reporting.

Feature 3: Runtime TPM Locality Control

TPM locality lets a platform distinguish measurements made by trusted early boot code (DRTM) from ordinary software. The new wolfTPM2_SetLocality(dev, locality) API selects locality 0-4 at runtime, and the PCR reset example takes a -loc=n flag. It works on the TIS/SPI driver and the fwTPM over socket and TIS/SHM; platforms without a locality interface cleanly return NOT_COMPILED_IN.

The fwTPM per-PCR locality enforcement was replaced with a single source-of-truth table matching the TCG PC Client profile. Behavior change: DRTM PCRs 17-22 can no longer be extended from locality 0, exactly as the specification requires.

Other v4.1.0 Release Improvements

  • New crypto-primitive examples (getrandom, hash, AES, ECDH) and a WOLFTPM2_ECC_DEFAULT_CURVE option.
  • Optional hardware-reset HAL: –enable-hal-reset pulses the nRST line via the Linux GPIO char device.
  • Freestanding builds via WOLFTPM_NO_STD_HEADERS for bare-metal targets without a standard C library.
  • SBOM generation (make sbom): CycloneDX and SPDX documents for EU Cyber Resilience Act (CRA) compliance.
  • Fixed TPM_CAP_ALGS / TPM_CAP_COMMANDS capability paging, and Nations NS350 example fixes.
  • Extensive security hardening: automated Fenrir review, Coverity fixes across the fwTPM paths, and CodeQL/Semgrep review gates.
  • CI and build improvements: expanded CMake tests, a GHCR container image, and nightly fuzzing.

Getting Started

git clone https://github.com/wolfSSL/wolfTPM.git
cd wolfTPM
git checkout v4.1.0
./configure --enable-fwtpm --enable-pqc
make && make check

For commercial licensing, FIPS 140-3 integration, DO-178C DAL A qualification kits, custom HAL ports, or help deploying TPM 2.0 v1.85 post-quantum, contact facts@wolfSSL.com or +1 425 245 8247.

Download wolfSSL Now