As part of wolfSSL’s Full Linux FIPS project, wolfProvider provides FIPS 140-3 validated cryptography for the Linux TPM2 software stack, covering both libtss2 (the core TSS2 libraries) and tpm2-tools.
Why This Matters
TPM 2.0 is the hardware root of trust on nearly every modern Linux system. It underpins LUKS disk encryption sealed to PCR values, measured boot, remote attestation, and hardware-bound key storage. If your deployment must meet FIPS requirements, the TPM is where the trust chain starts.
But the TPM2 software stack needs its own crypto on the host side By default, all of this runs through whatever OpenSSL is on the system.
wolfProvider Closes It
With wolfProvider configured as the OpenSSL 3.x provider, every host-side cryptographic operation in libtss2 and tpm2-tools runs through wolfCrypt FIPS. No code changes required. Configure openssl.cnf and you’re done.
This is one piece of the Full Linux FIPS stack: libwolfssl.ko handles kernel crypto (filesystem encryption, IPsec, WolfGuard, /dev/random), wolfProvider covers 35+ userspace projects (OpenSSH, systemd, gRPC, libcryptsetup, Kerberos, and now the TPM2 stack), and wolfTPM serves embedded/RTOS environments where the full TSS2 stack won’t fit.
From kernel through userspace to the TPM hardware anchor, every cryptographic operation on the system runs through FIPS 140-3 validated wolfCrypt.
Get Started
If you have questions about any of the above, please contact us at facts@wolfssl.com or call us at +1 425 245 8247.
Download wolfSSL Now