When looking to store your cryptographic secrets, it is important to have a good platform to store them on. Even more important is the ease of accessing and using those secrets.
With wolfTPM, we have support for all TPM 2.0 APIs. Additionally, we provide the following wrappers:
- Key Generation/Loading
- RSA encrypt/decrypt
- ECC sign/verify
- ECDH
- NV storage
- Hashing/HACM
- AES
- Sealing/Unsealing
- Attestation
- PCR Extend/Quote
- Secure Root of Trust
- TPM firmware update (STMicro ST33KTPM2X and Infineon SLB9672/SLB9673)
In wolfTPM we already added support for the following platforms:
- Raspberry Pi (Linux)
- MMIO (Memory mapped IO)
- STM32 with CubeMX
- Atmel ASF
- Xilinx (Ultrascale+ / Microblaze)
- QNX
- Infineon TriCore (TC2xx/TC3xx)
- Barebox
- Espressif ESP-IDF
- Zephyr RTOS
- Das U-Boot Bootloader
- Microchip I2C bit-bang HAL
- Yocto
- Linux TPM Resource Manager (/dev/tpmrmX)
These TPM (Trusted Platform Module) 2.0 modules are tested and running in the field:
- STM ST33TP* SPI/I2C
- Infineon OPTIGA SLB9670
- Infineon OPTIGA SLB9672
- Infineon OPTIGA SLB9673
- Microchip ATTPM20
- Nations Tech Z32H330TC
- Nations Tech NS350
- Nuvoton NPCT650/NPCT750
We have our own wolfPKCS11 with support for TPM 2.0 using wolfTPM. We also offer support for PKCS11 to interface to various HSMs like:
- Infineon TriCore Aurix
- Renesas RH850
- ST SPC58
- Analog Devices MAXQ10xx Secure Element
- STMicro STM32U5 DHUK (Derived Hardware Unique Key) for key wrapping operation
That said, it is important to note that PKCS11 is a standardized protocol. We support anything that supports it.
We have ports in wolfSSL via the PK Callbacks:
- ST-SAFE A100 A110 A120
- Microchip ATECC508/608
- Microchip TA100
- NXP SE050
- GSMA IoT-Safe applet on SIM/eSIM cards
- ARM PSA
- Analog Devices MAXQ10xx Secure Element
- Analog Devices MAX32666
- Renesas TSIP RX65N
- Renesas TSIP RX72N
- Renesas SCE RA2
- Renesas SCE RA4
- Renesas SCE RA6
- Renesas RSIP RA6
- Renesas RSIP RA8
- Renesas RSIP RZx
We have ports in wolfcrypt via the cryptocb callbacks:
- NXP CAAM (Cryptographic Acceleration and Assurance Module) on i.MX6 (QNX), i.MX8 (QNX/Linux), RT1170 (FreeRTOS)
- Intel QuickAssist DH8950
- Intel QuickAssist DH8970
- Intel SGX
- Cavium/Marvell Octeon III CN73XX
- ARM TrustZone CryptoCell 310
- MAXQ1065/1080
- MAX32665 and MAX32666 TPU (Trust Protection Unit)
- Renesas TSIP RX65N
- Renesas TSIP RX72N
- Renesas SCE RA2
- Renesas SCE RA4
- Renesas SCE RA6
- Renesas RSIP RA6
- Renesas RSIP RA8
- Renesas RSIP RZx
Wolfcrypt also can make use of PSA (Platform Security Architecture). This includes the following algorithms:
- hashes: SHA-1, SHA-224, SHA-256
- AES: AES-ECB, AES-CBC, AES-CTR, AES-GCM, AES-CCM
- ECDH PK callbacks (P-256)
- ECDSA PK callbacks (P-256)
- RNG
And finally, our newest product, wolfHSM, supports the following architectures:
- Infineon Aurix TC3xx
- Renesas RH850 F1KM
- ST SPC58NN
- ST Stellar G
- TI TDA4
- Infineon Aurix TC4x
- Infineon Traveo T2G
- Microchip PIC32CZ and PIC32CK
- NXP S32G and S32N
- Renesas RH850/U2A
- Renesas RL78
Another product of interest could be wolfBoot, which – as the name suggests – is a bootloader that can use an HSM (Hardware Security Module) for validation and verification. It also provides secure vaults accessible via PKCS#11 API and secured through the ARM TrustZone technology. WolfBoot also supports all of the TPMs and secure elements listed above, as it inherits all of wolfCrypt’s capabilities. WolfBoot can also be combined with wolfTPM to implement measured boot.
If you have questions about any of the above, please contact us at facts@wolfssl.com or call us at +1 425 245 8247.
Download wolfSSL Now