wolfTPM’s firmware TPM (fTPM) is a pure-software, TPM 2.0-compliant module that runs on any 32-bit or larger MCU or co-processor. No discrete TPM chip required. No I2C/SPI bus to manage. Same TPM2_* API on the application side as a hardware TPM, but the TPM logic is yours to place, isolate, and certify alongside the rest of your firmware.
That makes it a particularly good fit for safety-critical and space designs on the AMD/Xilinx UltraScale+ MPSoC, where the Cortex-R5F RPU can run in lock-step mode: both cores execute the same instruction stream and the hardware compares results every cycle, raising a fault on the first single-event upset (SEU) divergence. Put wolfTPM fTPM on that lock-step core and you get SEU-detection on the TPM for free, with the rest of the SoC — Linux on the A53 APU, application logic in PL fabric — architecturally walled off from the TPM’s state.
We just landed a complete, reproducible example: wolftpm-examples#3 — wolfTPM fTPM on a stock AMD/Xilinx ZCU102 dev board (Zynq UltraScale+ MPSoC), with Linux on the A53 driving it over OpenAMP RPMsg.
fTPM differentiators
- TPM 2.0 compliant — same library that ships in wolftpm on Linux desktops and discrete-TPM platforms; same TSS-style API for the application
- Post-quantum support — ML-KEM and ML-DSA integrate from wolfCrypt, ready for the eventual TPM 2.0 PQC profile (TCG TPM 2.0 v1.85 spec)
- FIPS 140-3 certified wolfCrypt drops in for regulated deployments
- DO-178C safety-critical wolfCrypt drops in for avionics / space deployments
- Small footprint — tunable down to MCU-class targets via user_settings.h
- No bus, no extra silicon — TPM logic and storage live on a core you already have on the die
Verified end-to-end on hardware
$ sudo /usr/bin/fwtpm_rpmsg_test Startup tag=0x8001 size=10 rc=0x00000000 OK SelfTest tag=0x8001 size=10 rc=0x00000000 OK GetRandom(32) tag=0x8001 size=44 rc=0x00000000 OK GetCapability tag=0x8001 size=27 rc=0x00000000 OK all 4 tests passed
Four TPM2 commands round-trip from Linux user-space through /dev/rpmsg
Where to find it
wolftpm-examples/Xilinx/fwtpm-zcu102-r5/ — complete reproducible PetaLinux 2025.2 project, bare-metal R5 firmware, Linux smoke client, and an SD card deploy script. The README walks the whole flow. PR: wolftpm-examples#3.
What’s next
Persistent NV in QSPI, IRQ-driven rpmsg, and PQC enablement (ML-KEM / ML-DSA) are the immediate follow-ons. The wolfCrypt source already ships them; flipping them on for this port is a user_settings.h change once persistent NV is stable.
Companion ports across the AMD/Xilinx line-up are the broader roadmap:
- AMD/Xilinx Versal — Cortex-R5F + Cortex-A72 + AI Engine + PL fabric; same fTPM 2.0 deployment shape with even richer hardware-isolated boundaries available
- AMD/Xilinx Zynq 7000 — dual Cortex-A9 PS for legacy designs that still want a TPM 2.0 in-die
- FPGA SoftCore deployments — wolfTPM fTPM on a MicroBlaze (or other soft processor) inside the PL fabric for designs that want the TPM entirely inside the FPGA boundary
If you’re building safety- or security-critical systems on AMD/Xilinx UltraScale+ MPSoC — or anywhere lock-step or triple-modular-redundant cores exist — and you want a TPM 2.0 that fits next to your safety code, give it a try and let us know on GitHub. For feature requests, FIPS 140-3 / DO-178C builds, PQC roadmap, or anything else, email facts@wolfssl.com.
If you have questions about any of the above, please contact us at facts@wolfssl.com or call us at +1 425 245 8247.
Download wolfSSL Now