The Only SPDM Implementation with Hardware TPM Support
A Different Category
wolfTPM’s SPDM implementation is not a standalone SPDM library. It is SPDM integrated directly with hardware TPMs, a category that no other open-source project occupies. wolfTPM works hand-in-hand with Nuvoton and NSING to deliver SPDM on real hardware, with full TCG SPDM binding, PSK mode support, and transparent encrypted bus transfers.
That said, the core SPDM protocol implementation remains compact. Even with multi-vendor TPM support, PSK mode, and TCG binding, the library stays small.
Size Comparison
| Library | Lang | Lines | Ratio | Stars | Status |
| wolfTPM/spdm | C | 4,020 | 1x | — | Active |
| NVIDIA/spdm | C++ | 10,287 | 2.6x | 12 | Active |
| openspdm | C | 18,640 | 4.6x | 21 | Archived |
| libspdm | C | 40,346 | 10.0x | 165 | Active |
| rust-spdm | Rust | 59,981 | 14.9x | 16 | Archived |
| spdm-rs | Rust | 69,076 | 17.2x | 50 | Active |
Lines of code (non-comment source lines):
Binary Footprint
Build: x86_64 macOS, Clang, default optimization, no LTO.
| Metric | wolfTPM/spdm | libspdm |
| .text – Nuvoton | 37 KB | ~150–300 KB |
| .text – NSING | ~38 KB | ~150–300 KB |
| Stripped static lib | ~45 KB | ~400–800 KB |
| RAM usage | ~31 KB | Heap-dependent |
wolfTPM’s SPDM uses fixed-size buffers (4 KB max) and zero heap allocation in critical paths. libspdm requires malloc-based dynamic allocation. wolfTPM also supports heap-allocated SPDM context via `–enable-smallstack` for platforms with limited stack space.
What Only wolfTPM Has
| Capability | wolfTPM/spdm | libspdm | NVIDIA | spdm-rs |
| Nuvoton NPCT75x TPM | Yes | No | No | No |
| NSING NS350 TPM | Yes | No | No | No |
| PSK Mode | Yes (NSING) | No | No | No |
| TCG SPDM Binding | Yes | No | No | No |
| FIPS 140-2/3 | Yes | Yes (via OpenSSL) | No | No |
| DO-178C path | Yes | No | No | No |
| Zero alloc | Yes | No | No | No |
| Encrypted TPM bus | Yes | No | No | No |
No other SPDM implementation integrates with hardware TPMs. wolfTPM is the only implementation with a natively FIPS-validated crypto stack; others require external FIPS-validated builds of OpenSSL or similar. wolfTPM is also the only implementation with PSK mode support and full TCG SPDM binding for transparent TPM command encryption.
Feature Comparison
| Feature | wolfTPM | libspdm | openspdm | NVIDIA | spdm-rs |
| SPDM Version | 1.3 | 1.0-1.4 | 1.0-1.1 | 1.0-1.2 | 1.0-1.2 |
| Requester | Yes | Yes | Yes | Yes | Yes |
| Responder | No | Yes | Yes | Yes | Yes |
| PSK Mode | Yes (NSING) | Yes | No | No | No |
| TCG SPDM | Yes | No | No | No | No |
| Crypto | wolfCrypt | OpenSSL | OpenSSL | mbedTLS | ring |
| TPM | Nuvoton + NSING | No | No | No | No |
| MCTP | No | Yes | Yes | Yes | Yes |
| PCI-DOE | No | Yes | Yes | No | Yes |
| Post-Quantum | No | Yes | No | No | No |
| FIPS Crypto | Yes | No | No | No | No |
Cryptographic Algorithm Support
wolfTPM’s SPDM implements Algorithm Set B exclusively, the recommended set for high-security deployments. Both Nuvoton and NSING TPMs use the same algorithm set for identity key mode. NSING PSK mode uses the same algorithms for data transport, with HKDF-based key derivation from the pre-shared key.
| Algorithm | wolfTPM/spdm | libspdm | NVIDIA |
| Hash | SHA-384 | SHA2/SHA3/SM3 | SHA-256/384/512 |
| Signature | ECDSA P-384 | RSA/ECDSA/EdDSA/SM2 | ECDSA P256/P384/P521 |
| Key Exchange | ECDHE P-384 / PSK | FFDHE/ECDHE/SM2 | ECDHE |
| AEAD | AES-256-GCM | AES-GCM/ChaCha20/SM4 | AES-128-GCM |
A Fair Comparison
wolfTPM’s SPDM occupies a unique position: it is a focused SPDM 1.3 requester implementing Algorithm Set B with native hardware TPM integration for two vendors (Nuvoton NPCT75x and NSING NS350). This includes PSK mode, full TCG SPDM binding, and transparent encrypted bus transfers, capabilities that no other implementation provides.
libspdm covers SPDM 1.0–1.4 with both requester and responder roles, multiple algorithm families, and post-quantum support, but has no TPM integration, no TCG binding, and no hardware key storage.
wolfTPM’s architecture has all the framework in place for standalone SPDM support as well. The spdm/ directory can be branched into its own repository for non-TPM SPDM use cases, and wolfSSL is ready to add responder role, additional algorithm sets, and broader transport coverage based on customer requirements and requests.
Summary
| Claim | Evidence |
| Smallest C SPDM with TPM | 4,020 lines vs 40,346 (libspdm) — 10x smaller |
| Smallest binary | 28 KB .text vs 150–300 KB+ |
| Only SPDM with hardware TPM | Nuvoton NPCT75x + NSING NS350 built-in |
| Only SPDM with PSK + TPM | NSING NS350 PSK support |
| Only SPDM with TCG binding | Transparent TPM command encryption |
| FIPS-validated crypto | wolfCrypt FIPS 140-2/3 |
| Embedded-optimized | Fixed buffers, no heap, ~31 KB static context |
| Multi-vendor | Developed in partnership with Nuvoton and NSING Technologies |
For more information, visit github.com/wolfSSL/wolfTPM
If you have questions about any of the above, please contact us at facts@wolfssl.com or call us at +1 425 245 8247.
Download wolfSSL Now