PRODUCTS

wolfTPM Portable TPM 2.0 Library

wolfTPM is a portable, open-source TPM 2.0 stack with backward API compatibility, designed for embedded use. It is highly portable, and has native support for Linux and Windows. RTOS and bare metal environments can take advantage of a single IO callback for SPI hardware interface, no external dependencies, and compact code size with low resource usage.

wolfTPM offers API wrappers to help with complex TPM operations like attestation and examples to help with complex cryptographic processes like the generation of Certificate Signing Request (CSR) using a TPM.

Due to wolfTPM's portability, it is generally very easy to compile on new platforms.  If your desired platform is not listed as supported or you would like assistance porting wolfTPM, please contact wolfSSL at facts@wolfssl.com.

Download Now
Get the latest open source GPLv2 version now!

Version:  3.1.0
Release Date: 12/29/2023
View ChangeLog

Highlights

  • Provides all TPM 2.0 API’s in compliance with the specification.
  • Backward API compatibility.
  • Includes wrappers for the most common use cases, like Key Generation, NV memory, RSA encrypt/decrypt, ECC sign/verify, ECDH, and others.
  • Provides examples for the advanced use cases, like Attestation (TPM 2.0 Quote), Certificate Signing Request (CSR), generation of signed timestamp (TPM 2.0 GetTime), and others.
  • Native support for Microsoft Windows and Linux, and can work as part of an RTOS application or firmware.

Portable

  • Native C code designed for embedded use.
  • Single IO callback for hardware SPI interface.
  • No external dependencies.
  • Compact code size and minimal memory use.

What is a Trusted Platform Module (TPM)?

Trusted Platform Module (TPM, also known as ISO/IEC 11889) is a standardized secure processor that lives as a dedicated microcontroller alongside the main processor(MCU, CPU or SoC). TPM can be found in almost any modern computer systems. Computer programs can use a TPM to authenticate hardware devices, since each TPM chip has a unique and secret RSA key burned in as it is produced. Applications can protect their keys and secrets using the TPM as a vault.

Platform and Language Support

wolfTPM is built for maximum portability and is generally very easy to compile on new platforms.  If your desired platform is not listed under the supported operating environments, please contact us.

wolfTPM supports the C programming language as a primary interface. If you have interest in using wolfTPM in another programming language that it does not currently supported, please contact us.

Commercial Support

Support packages for wolfTPM are available on an annual basis directly from wolfSSL.  With three different package options, you can compare them side-by-side and choose the package that best fits your specific needs.  Please see our Support Packages page for more details or contact us with any questions.

wolfSSL Training Course

Interested in getting trained by security experts on subjects related to wolfSSL and SSL/TLS?  Learn more.

Features

  • Provides all TPM 2.0 API’s in compliance with the specification.
  • Wrappers provided to simplify Key Generation/Loading, RSA encrypt/decrypt, ECC sign/verify, ECDH, NV, Hashing/HACM, AES, Sealing/Unsealing, Attestation, PCR Extend/Quote and Secure Root of Trust.
  • Uses the TPM Interface Specification (TIS) to communicate over SPI.
  • Can also use the Linux TPM kernel interface (/dev/tpmX) to talk with any physical TPM on SPI, I2C and even LPC bus.
  • Platform support for Raspberry Pi, STM32 with CubeMX, Atmel ASF, Xilinx, Infineon TriCore and Barebox.
  • Design allows for easy portability to different platforms:
  • Native C code designed for embedded use.
  • Single IO callback for hardware SPI interface.
  • No external dependencies.
  • Compact code size and minimal memory use.
  • Includes example code for:
    • Most TPM2 native API’s
    • All TPM2 wrapper API's
    • PKCS 7
    • Certificate Signing Request (CSR)
    • TLS Client
    • TLS Server
    • Use of the TPM's Non-volatile memory
    • Attestation (activate and make credential)
    • Benchmarking TPM algorithms and TLS
    • Key Generation (primary, RSA/ECC and symmetric), loading and storing to flash (NV memory)
    • Sealing and Unsealing data with an RSA key
    • Time signed or set
    • PCR read/reset
    • GPIO configure, read and write.
    • Secure boot, root of trust
  • Parameter encryption support using AES-CFB or XOR.
  • Support for salted unbound authenticated sessions.
  • Support for HMAC Sessions.
  • Testing done using the following TPM 2.0 modules:
    • Infineon OPTIGA (TM) SLB9670 and SLB9672.
    • STMicro STSAFE-TPM ST33TPHF2XSPI/2XI2C and ST33KTPM2X
    • Microchip ATTPM20
    • Nuvoton NPCT65X and NPCT75x
    • Nations Tech Z32H330TC

Supported Chipmakers

Supported Operating Environments

  • Platform support for Raspberry Pi (Linux), MMIO, STM32 with CubeMX, Atmel ASF, Xilinx, QNX Infineon TriCore and Barebox.
  • Native support for Microsoft Windows and Linux
  • If you would like to test wolfTPM on another environment, let us know and we’ll be happy to support you.

Device Identification

Device identification details for supported platforms:

Infineon SLB9670: TPM2: Caps 0x30000697, Did 0x001b, Vid 0x15d1, Rid 0x10 Mfg IFX (1), Vendor SLB9670, Fw 7.85 (4555), FIPS 140-2 1, CC-EAL4 1

Infineon SLB9672: TPM2: Caps 0x30000697, Did 0x001d, Vid 0x15d1, Rid 0x36 Mfg IFX (1), Vendor SLB9672, Fw 16.10 (0x4068), FIPS 140-2 1, CC-EAL4 1

ST ST33TP SPI TPM2: Caps 0x1a7e2882, Did 0x0000, Vid 0x104a, Rid 0x4e Mfg STM (2), Vendor , Fw 74.8 (1151341959), FIPS 140-2 1, CC-EAL4 0

ST ST33TP I2C TPM2: Caps 0x1a7e2882, Did 0x0000, Vid 0x104a, Rid 0x4e Mfg STM (2), Vendor , Fw 74.9 (1151341959), FIPS 140-2 1, CC-EAL4 0

Microchip ATTPM20 TPM2: Caps 0x30000695, Did 0x3205, Vid 0x1114, Rid 0x 1 Mfg MCHP (3), Vendor , Fw 512.20481 (0), FIPS 140-2 0, CC-EAL4 0

Nations Technologies Inc. TPM 2.0 module Mfg NTZ (0), Vendor Z32H330, Fw 7.51 (419631892), FIPS 140-2 0, CC-EAL4 0

Nuvoton NPCT650 TPM2.0 Mfg NTC (0), Vendor rlsNPCT , Fw 1.3 (65536), FIPS 140-2 0, CC-EAL4 0

Nuvoton NPCT750 TPM2.0 TPM2: Caps 0x30000697, Did 0x00fc, Vid 0x1050, Rid 0x 1 Mfg NTC (0), Vendor NPCT75x"!!4rls, Fw 7.2 (131072), FIPS 140-2 1, CC-EAL4 0

Licensing and Ordering:

wolfTPM is dual licensed under both the GPLv2 and commercial licensing.  For more information, please see the following links.