Below you will find the wolfTPM ChangeLog documenting the changes that took place with each release of wolfTPM since the project’s beginning in 2018.
- Fixed possible KDFa buffer overrun (PR #147)
- Fixed typo on
- Improved examples to use the key templates. (PR #136)
- Added symmetric key support for key generation examples (PR #143)
- Added NVRAM examples (PR #145)
- Added STM32 CubeMX I2C support (PR #142)
- Added details for TPM 2.0 with Windows TBS (PR #144)
- Added alternate subject name to example certificates for TLS (PR #141)
- Updated expired wolfSSL certs (PR #139)
- Removed EK from the attestation and signed timestamp examples (PR #152)
Added AES CFB parameter encryption, HMAC sessions, TPM simulator, Windows TPM (TBSI) support and more examples for time/keys.
- Refactor of the session authentication. New struct `TPM2_AUTH_SESSION` and `wolfTPM2_SetAuth_*` API's. (PR #129 and #133)
- Added Windows TPM TBSI support (PR #127)
- Added TPM simulator support using TPM TCP protocol (PR #121)
- Added minGW support (PR #127)
- Added AES CFB parameter encryption support (PR #129)
- Added XOR parameter encryption support (PR #122)
- Added "-aes" or "-xor" option to some examples to enable parameter encryption. (PR #129)
- Added HMAC session support (PR #129)
- Added support for encrypted RSA salt for salted-unbounded session (PR #129)
- Added innerWrap and outerWrap support for sensitive to private. (PR #129)
- Improvements to the KDFa (PR #129)
- Improved the param encryption to use buffers inline (PR #129)
- Added Key generation and loading examples using disk to store the key (PR #131)
- Added support for importing external private key to get a key blob for easy re-loading. (PR #132)
- Add TPM clock increment example (PR #117)
- Add test vectors for AES CFB and make it the default for tests (PR #125)
- Improved documentation and code comments (PR #126)
- Add script to run unit tests with software TPM (PR #124)
- Fix when building wolfSSL with old names `NO_OLD_WC_NAMES`. (PR #113)
- Fix for TPM2 commands with more than one auth session. (PR #95)
- Bugfixes for TPM2_Packet_AppendSymmetric and TPM2_Packet_ParseSymmetric. (PR #111)
- TPM attestation fixes. (PR #103)
- If creating an NV and it already exists, set auth and handle anyways. (PR #99)
- Cleanups, removed unused code from the PCR examples. (PR #112)
- Improvements to the signed timestamp example. (PR #108)
- Add example of a TPM2.0 Quote using wolfTPM. (PR #107)
- Added NPCT75x Nuvoton support and dynamic module detection support. (PR #102)
- Added RSA sign/verify support and expanded RSA key loading API's. (PR #101)
- Attestation key wrappers. (PR #100)
- Add missing xor overload to TPMU_SYM_KEY_BITS. (PR #97)
- Signed timestamp example (AIK and Attestation). (PR #96)
- Adding more testing. (PR #93)
- Add TPM benchmarking results for Nuvoton NPCT650 TPM2.0 module. (PR #92)
- Fixed obsolete workaround for ST33 and TIS header size. (PR #85)
- Fixes for building with older wolfSSL versions not supporting `wc_HashFree`. (PR #87)
- Fixes for building without wolfCrypt RSA (when `NO_RSA` is defined). (PR #89)
- Fixes for ECC verify in crypto callback to try software if the curve is not supported (`TPM_RC_CURVE`) by the TPM hardware. (PR #89)
- Fixes for building with `WOLFTPM2_USE_SW_ECDHE`. (PR #86)
- Added support for using `/dev/tpmX`. (PR #91)
- Added example for using an ECC primary storage key (root owner). (PR #84)
- Added Xilinx Zynq MPSoC bare-metal SPI support. (PR #85)
- Added support for Nuvoton TPM 2.0 NPCT650. (PR #91)
- Added support for Nations Technologies Inc. TPM 2.0 module (Z32H330). (PR #88)
- Cleanup of the session auth, so after being set it is also cleared. (PR #84)
- Moved the chip specific settings to `tpm2_types.h`. (PR #85)
- Fixes for coverity checks on buffers. (PR #78)
- Fix visibility warnings in Cygwin. (PR #80)
- Added wrapper for changing a key's authentication
wolfTPM2_ChangeAuthKey. (PR #77)
- Added support for using authentication with NV. (PR #79)
- Adds new wrapper API's:
wolfTPM2_NVDeleteAuth. (PR #79)
- Added new wrappers for shutdown and handle cleanup. (PR #81)
- Fix for wolfCrypt init/cleanup issue with reference count. (PR #75)
- Fix to restore existing TPM context after calling `wolfTPM2_Test`. (PR #74)
- Fix to resolve handling of unsupported ECC curves with the TPM module and ECDHE. (PR #69)
- Fix for `wolfTPM2_SetCommand` to ensure auth is cleared. (PR #69)
- Added `--enable-smallstack` build options for reducing stack usage. (PR #73)
- Added support for keeping an HMAC key loaded. (PR #72)
- Added API unit test framework. (PR #71)
- Added new wrapper API `wolfTPM2_OpenExisting` for accessing device that's already started. (PR #71)
- Added new `wolfTPM2_ExtendPCR` wrapper. (PR #70)
- Added crypto callback flags for FIPS mode and Use Symmetric options. (PR #69)
- Added `WOLFTPM_DEBUG_TIMEOUT` macro for debugging the timeout checking. (PR #69)
- Added support for ST33 `TPM2_SetMode` command for disabling power saving. (PR #69)
- Improvements for chip detection, compatibility and startup performance (PR #67)
- Added support for `XPRINTF`.
- Fix printf type warnings.
- Moved the TPM hardware type build macro detection until after the `user_settings.h` include.
- Optimization to initialize Mutex and RNG only when use is required.
- Added missing stdio.h for printf in examples.
- Added new API's `TPM2_SetActiveCtx`, `TPM2_ChipStartup`, `TPM2_SetHalIoCb` and `TPM2_Init_ex`.
- Allowed way to indicate `BOOL` type already defined.
- Added C++ support.
- Added new API `wolfTPM2_Test` for testing for TPM and optionally returning capabilities. (PR #66)
- Added way to include generated `wolftpm/options.h` (or customized one) using `WOLFTPM_USER_SETTINGS`. (PR #63)
- Fixed issue with cleanup not unregistering the crypto callback.
- Added support for Microchip ATTPM20 part.
- Added support for Barebox (experimental).
- Added TLS benchmarking for CPS and KB/Sec. Enabled with TLS_BENCH_MODE.
- Added TLS client/server support for symmetric AES/HMAC/RNG. Enabled with WOLFTPM_USE_SYMMETRIC.
- Added TLS client/server support for mutual authentication.
- Added TIS locking protection for concurrent process access. Enabled using WOLFTPM_TIS_LOCK.
- Added symmetric AES encrypt and decrypt wrappers and examples.
- Added HMAC wrappers and examples.
- Added wrappers and examples for loading external HMAC and AES keys.
- Added delete key wrapper and example.
- Added ECDH support for ephemeral key generation and shared secret.
- Added benchmark support for RNG, AES (CTR, CBC, CFB) 128/256 and SHA-1, SHA-256, SHA-384 and SHA-512.
- Added new wolfTPM2_GetCapabilities wrapper API for getting chip info.
- Added command and response logging using ./configure --enable-debug=verbose or #define WOLFTPM_DEBUG_VERBOSE.
- Added option to enable raw IO logging using WOLFTPM_DEBUG_IO.
- Added option to disable TPM Benchmark code using NO_TPM_BENCH.
- Added examples/README.md for setup instructions.
- Tuned max SPI clock and performance for supported TPM 2.0 chips.
- Cleanup to move common test parameters into examples/tpm_test.h.
- Updated benchmarks and console output for examples in README.md.
- Fixed cryptodev ECC callback to use R and S for the signature verify.
- Fixed printf type warnings with
- Fixed detection of correct hash algorithm in
- Fix bug with native example where TPM2_Shutdown failure would loop.
- Fix to decoupled the fixed TPM algorithms/sizes from wolfCrypt build options.
- Fix for building with different wolfCrypt options.
- Fix for byte swap build error.
- Fix CSR example CertName to use designated initializers to resolve use against different wolfSSL versions.
- Improved portability by eliminating the packed TPM2_HEADER.
- Improved stack reduction by eliminating the private section from WOLFTPM2_KEY struct.
- Added TLS server example for wolfTPM.
- Added more RSA and ECC key loading examples.
- Added support for loading an external private keys using new API's
- Added example for reading the firmware version using
- Added hashing wrappers and tests using new API's:
- Added PKCS7 7 sign/verify example demonstrating large data case using chunked buffer and new
- Added Key Generation to benchmark.
- Added ST33TP I2C TPM 2.0 support (
./configure --enable-st33 --enable-i2c).
- Added ST33TP SPI TPM 2.0 support (
- Added support for Atmel ASF SPI.
- Added example for IAR EWARM.
- Added ECC verify test using public key and NIST test vectors.
- Added new RNG wrapper API
- Added macro for hardware RNG max request as
- Added instructions for enabling SPI and I2C on the Raspberry Pi.
- Added support for symmetric AES encrypt/decrypt.
- Added wrapper to help with creation of symmetric keys.
- Added advanced IO callback support (enabled using
- Added overridable define
WOLFTPM_LOCALITY_DEFAULTfor the locality used.
XTPM_WAIT()macro to enable custom wait between polling.
- Added build option to disable wolfCrypt dependency using
- Removed unused SET, CLEAR, TRUE, FALSE macros.
- Cleanup DEBUG_WOLFTPM ifdef's around all printfs in library proper.
- Cleanup of line lengths.
- Cleanup of wrapper test to move test data into
- Cleanup of the packet code to handle determining of size (mark/place).
- Cleanup of the IO callback examples.
- Cleanup of TIS layer improve return code and timeout handling.
- Cleanup to move types and configuration/port specific items into new
- Fixed the TIS TPM_BASE_ADDRESS to conform to specification.
- Fixed static analysis warnings.
- Fixed minor build warnings with different compilers.
- Fixed TPM failure for RSA exponents less than 7 by using software based RSA.
- Added TPM bechmarking support.
- Added functions to import/export public keys as wolf format.
- Added PKCS7 example to show sign/verify with TPM.
- Added CSR example to generate certificate request based on TPM key.
- Added CSR signing script
./certs/certreq.shto create certificate using self-signed CA.
- Added TLS Client example that uses TPM based key for client certificate.
- Added support for wolfSSL
WOLF_CRYPT_DEVcallbacks to enable TPM based ECC and RSA private keys.
- Added ability to clear/reset TPM using
- Moved some of the example configuration into
- Added TPM2 wrapper layer to simplify key creation, RSA encrypt/decrypt, ECC sign/verify and ECDH.
- Added TPM2 wrapper example code.
- Added Linux SPI support for running on Raspberry Pi.
- Fixes for TPM2 command and response assembly and parsing.
- Fixes to support authentication for command and response.
- Progress on supporting parameter encryption/decryption.
- Refactor of TIS and Packet layers into new files.
- Fixes/improvements to
wolfTPM2_GetRCStringfor error code and string reporting.
- Added new
- New tests for TPM2 native API's (test coverage is about 75%).
- Support for all TPM2 native API's using TIS and SPI IO callback.
- Helper for getting TPM return code string
- TPM 2.0 demo code in
examples/tpm/tpm2_demo.cwith support for STM32 CubeMX SPI as reference.