At wolfSSL, we have been developing a TPM stack with customers for many years called wolfTPM, a portable, open-source TPM stack with backward API compatibility, designed for embedded use. It is highly portable, and has native support for Linux and Windows. RTOS and bare metal environments can take advantage of a single IO callback for SPI hardware interface, no external dependencies, and compact code size with low resource usage.
wolfTPM offers API wrappers to help with complex TPM operations like attestation and examples to help with complex cryptographic processes like the generation of Certificate Signing Request (CSR) using a TPM.
Due to wolfTPM’s portability, it is generally very easy to compile on new platforms.
Here are a few reasons to use wolfTPM over other secure elements:
1) It is based on a widely accepted standard TCG TPM 2.0.
2) There are many chip vendors options and they are pin compatible.
3) Support for RSA. All TPM’s support at least RSA 2048 (the STSAFE and ATECC do not).
4) More NV storage
5) Measured Boot (PCR’s)
6) Advanced Policy management
7) Seal/unseal data based on private key or PCR state.
Contact us at firstname.lastname@example.org with any TPM, crypto questions!
Love it? Star wolfSSL on GitHub.