wolfTPM with even more TPM 2.0 examples

WolfSSL continues to extend and improve our TPM 2.0 portable library. wolfTPM is the only TPM 2.0 Stack designed for baremetal and embedded systems use.

In just two months we added six new wolfTPM examples. At the end of March, we released wolfTPM version 2.1.0 that added three new examples:

  • NVRAM examples
    • Using the TPM as a Secure Storage
    • We now have code samples to demonstrate storing asymmetric or symmetric keys in the TPM’s NVRAM.
    • Our examples use parameter encryption to protect from Man-in-the-middle attacks and the code is open-source.
  • Symmetric key operations
    • We expanded our open-source TPM key generation example
    • Supported are all symmetric key modes:
      • AES CFB
      • AES CTR
      • AES CBC
    • Also supported are the different symmetric key sizes:
      • 128
      • 196 (depends on the TPM vendor)
      • 256
    • For example, to create a TPM symmetric AES CFB key with 128 bits, it is necessary to just run the following command:

      ./examples/keygen/keygen -sym=aescfb128
  • STM32CubexMX I2C HAL:
    • Per customer request, we added new HAL IO Callback examples for the popular STM32CubeMX. We already had support for SPI, and now we also support I2C out-of-the-box for STM32CubeMX projects.


We did not stop here; we added three more examples in April and May, that are already available on our GitHub repository, of wolfTPM:

  • Seal and Unseal example
    • This is one of the unique capabilities of the TPM 2.0 in contrast with other Secure Elements and Hardware Security Modules. The ability to seal secrets. There are two variants:
      • Seal a secret inside a TPM key
      • Seal a secret against PCR values
    • We now have an example on how to seal and unseal a secret from a TPM key. 
    • This provides Secure Storage for sensitive data, because TPM keys can only be loaded by the TPM chip.
  • Extra GPIO Support
    • Per customer request, we added support for configuring the available TPM GPIO that the user can control. These GPIO are useful to signal security events, because the access to them is protected using TPM authorization.
  • Remote Attestation examples
    • Remote Attestation is another unique capability that is enabled when using a TPM. Often, this process is specific to the needs of the customer. However, there are common elements and we added examples for these parts of the Remote Attestation process.
    • We added code examples of how to perform Make and Activate Credential to establish the initial trust between systems for Remote Attestation.


This way wolfTPM now has over 20 examples on how to use TPM 2.0. The code of our examples is open-source and can be accessed directly on our GitHub repository of wolfTPM.


Additional information on wolfTPM can be found on the wolfTPM product page.

For more information on using TPM 2.0 or for questions regarding wolfTPM, contact us at facts@wolfssl.com

Love it? Star wolfSSL on GitHub.