[PATCH v4 07/14] tpm: add wolfTPM build rules and Kconfig

[Aidan Garske <aidan@wolfssl.com>]

From: Aidan <aidan@wolfssl.com>

Hook the wolfTPM source tree (imported as a subtree at lib/wolftpm/ in
the preceding commits) into the U-Boot build and add upstream-pull
support to tools/update-subtree.sh, matching how mbedtls, dts, and lwip
are maintained.

lib/Kconfig:
  Adds CONFIG_TPM_WOLF under library routines, depending on DM,
  implying DM_RNG, and selecting SHA1.

lib/Makefile:
  When CONFIG_TPM_WOLF and CONFIG_TPM_V2 are both enabled, compiles
  wolfTPM core source files (tpm2.c, tpm2_packet.c, tpm2_tis.c,
  tpm2_wrap.c, tpm2_param_enc.c) and the HAL layer (tpm_io.c).
  Sets -I include paths and -DWOLFTPM_USER_SETTINGS so wolfTPM picks
  up include/configs/user_settings.h.

tools/update-subtree.sh:
  Registers the wolftpm subtree (path lib/wolftpm, upstream
  https://github.com/wolfssl/wolfTPM.git) so the existing pull/pick
  workflow can be used for future wolfTPM updates.

Signed-off-by: Aidan Garske <aidan@wolfssl.com>
---
 lib/Kconfig             | 13 +++++++++++++
 lib/Makefile            | 17 +++++++++++++++++
 tools/update-subtree.sh |  7 ++++++-
 3 files changed, 36 insertions(+), 1 deletion(-)

diff --git a/lib/Kconfig b/lib/Kconfig
index 931d5206936..b7dc422e94c 100644
--- a/lib/Kconfig
+++ b/lib/Kconfig
@@ -500,6 +500,19 @@ config TPM
 	  If you want a fully functional TPM enable all hashing algorithms.
 	  If you enabled measured boot all hashing algorithms are selected.
 
+config TPM_WOLF
+	bool "Enable wolfTPM support"
+	depends on DM
+	imply DM_RNG
+	select SHA1
+	help
+	  This option enables support for wolfTPM in U-Boot. wolfTPM is a
+	  portable, open-source TPM 2.0 stack licensed under GPLv2. Enabling
+	  this option allows U-Boot to interact with the TPM via wolfTPM,
+	  including firmware updates, PCR extend, and other TPM 2.0
+	  operations. The wolfTPM source tree lives under lib/wolftpm/ as
+	  a subtree (see tools/update-subtree.sh).
+
 config SPL_TPM
 	bool "Trusted Platform Module (TPM) Support in SPL"
 	depends on SPL_DM
diff --git a/lib/Makefile b/lib/Makefile
index 70667f3728c..0753e33d69e 100644
--- a/lib/Makefile
+++ b/lib/Makefile
@@ -64,6 +64,23 @@ obj-$(CONFIG_EFI_TCG2_PROTOCOL) += tpm_tcg2.o
 obj-$(CONFIG_MEASURED_BOOT) += tpm_tcg2.o
 endif
 
+# wolfTPM (TPM 2.0 stack, including firmware update support)
+ifeq ($(CONFIG_TPM_WOLF),y)
+ifeq ($(CONFIG_TPM_V2),y)
+ccflags-y += -I$(srctree)/lib/wolftpm \
+	     -I$(srctree)/include/configs \
+	     -DWOLFTPM_USER_SETTINGS
+obj-y += wolftpm/hal/tpm_io.o
+obj-$(CONFIG_WOLFTPM_LINUX_DEV) += wolftpm/src/tpm2_linux.o
+obj-y += wolftpm/src/tpm2.o
+obj-y += wolftpm/src/tpm2_packet.o
+obj-y += wolftpm/src/tpm2_tis.o
+obj-y += wolftpm/src/tpm2_wrap.o
+obj-y += wolftpm/src/tpm2_param_enc.o
+obj-y += wolftpm.o
+endif
+endif
+
 obj-$(CONFIG_$(PHASE_)CRC8) += crc8.o
 obj-$(CONFIG_$(PHASE_)CRC16) += crc16.o
 obj-$(CONFIG_$(PHASE_)CRC16) += crc16-ccitt.o
diff --git a/tools/update-subtree.sh b/tools/update-subtree.sh
index 536b3318573..c5963e6a3ae 100755
--- a/tools/update-subtree.sh
+++ b/tools/update-subtree.sh
@@ -17,7 +17,7 @@ set -e
 print_usage() {
     echo "usage: $0 <op> <subtree-name> <ref>"
     echo "  <op>           pull or pick"
-    echo "  <subtree-name> mbedtls or dts or lwip"
+    echo "  <subtree-name> mbedtls or dts or lwip or wolftpm"
     echo "  <ref>          release tag [pull] or commit id [pick]"
 }
 
@@ -47,6 +47,11 @@ set_params() {
             repo_url=https://git.savannah.gnu.org/git/lwip.git
             remote_name="lwip_upstream"
             ;;
+        wolftpm)
+            path=lib/wolftpm
+            repo_url=https://github.com/wolfssl/wolfTPM.git
+            remote_name="wolftpm_upstream"
+            ;;
         *)
             echo "Invalid subtree name: $subtree_name"
             print_usage
-- 
2.49.0