When looking to store your cryptographic secrets, it is important to have a good platform to store them on. Even more important is the ease of accessing and using those secrets.
With wolfTPM, we have support for all TPM 2.0 APIs. Additionally we provide the following wrappers:
- Key Generation/Loading
- RSA encrypt/decrypt
- ECC sign/verify
- ECDH
- NV storage
- Hashing/HMAC
- AES
- Sealing/Unsealing
- Attestation
- PCR Extend/Quote
- Secure Root of Trust
Supported Platforms
In wolfTPM we already added support for the following platforms:
- Raspberry Pi (Linux)
- MMIO (Memory mapped IO)
- MMIO (Memory mapped IO)
- Atmel ASF
- Xilinx (Ultrascale+ / Microblaze)
- QNX
- Infineon TriCore (TC2xx/TC3xx)
- Barebox
- Zephyr Project RTOS
- U-Boot Bootloader
- Microchip Harmony (MPLABX)
TPM 2.0 Modules
These TPM (Trusted Platform Module) 2.0 modules are tested and running in the field:
- STM ST33TP* SPI/I2C
- Infineon OPTIGA SLB9670/SLB9672/SLB9673
- Microchip ATTPM20
- Nations Tech Z32H330TC
- Nuvoton NPCT650/NPCT750
- Nations NS350
PKCS#11 Support
We have our own wolfPKCS11 with support for TPM 2.0 using wolfTPM. We also offer support for PKCS11 to interface to various HSMs like:
- Infineon TriCore Aurix
- Renesas RH850
- ST SPC58
Direct Secure Element Access
For direct Secure Element access, we have ports in wolfSSL for:
- ST-SAFE
- Microchip ATECC508/608
- Microchip TA100
- NXP SE050
- TROPIC01 Secure Element
Hardware Cryptographic Acceleration
Wolfcrypt has support for the following:
NXP Platforms
- NXP CAAM (Cryptographic Acceleration and Assurance Module) on i.MX6 (QNX), i.MX8 (QNX/Linux), RT1170 FreeRTOS
Intel & ARM Security
Maxim Integrated
- MAXQ1065/1080 RNG
- MAX32665 and MAX32666 TPU (Trust Protection Unit)
STM32 Platform Support
- STM32MP135F – Complete hardware acceleration suite with STM32CubeIDE support, HAL support for SHA-2/SHA-3/AES/RNG/ECC optimizations
- STM32H5 – Advanced performance microcontroller support
- STM32WBA – Wireless connectivity focused platform
- STM32G4 – General purpose microcontroller series
- STM32U575xx – Ultra-low-power microcontroller boards
- STM32 Cube Expansion Pack – Enhanced development support
Renesas Hardware Acceleration
- Renesas TSIP – RSA Public Encrypt/Private Decrypt operations, AES-CTR mode support
- Renesas SCE – RSA crypto-only support
Infineon Security Solutions
- Infineon TriCore (TC2XX/TC3XX) – Hardware security module with TPM support
- Infineon SLB9672/SLB9673 – Advanced TPM modules with firmware update capabilities
- Infineon Modus Toolbox – Development environment integration
- Infineon CyHal I2C/SPI – Hardware abstraction layer support
Development Board Support
- Raspberry Pi RP2350 – Latest generation with enhanced RNG optimizations
- Raspberry Pi RP2040 – Improved support with RNG optimizations
- SiFive HiFive Unleashed Board – RISC-V development board support
Bootloader and OS Integration
- U-Boot Bootloader – Secure boot integration with TPM support
- Zephyr Project RTOS – Real-time operating system with TPM integration
- Microchip Harmony (MPLABX) – Complete development ecosystem support
Advanced Features
- Memory Mapped I/O (MMIO) TPMs – Direct memory access to TPM modules
- Pre-provisioned Device Identity Keys – Support for manufacturer-provisioned security credentials
- Firmware Update Support – Secure firmware update capabilities for supported TPM modules
For more detailed information on our supported hardware take a look at our Hardware Support list.
PSA (Platform Security Architecture)
Wolfcrypt also can make use of PSA (Platform Security Architecture). This includes the following algorithms:
- Hashes: SHA-1, SHA-224, SHA-256
- AES: AES-ECB, AES-CBC, AES-CTR, AES-GCM, AES-CCM
- ECDH PK callbacks (P-256)
- ECDSA PK callbacks (P-256)
- RNG
wolfBoot Integration
Another product of interest could be wolfBoot, which – as the name suggests – is a bootloader that can use an HSM (Hardware Security Module) for validation and verification. It also provides secure vaults accessible via PKCS#11 API and secured through the ARM TrustZone technology. WolfBoot also supports all of the TPMs and secure elements listed above, as it inherits all of wolfCrypt’s capabilities. WolfBoot can also be combined with wolfTPM to implement measured boot.
If you have questions about any of the above, please contact us at facts@wolfssl.com or call us at +1 425 245 8247.
Download wolfSSL Now