From: Aidan Garske <aidan@wolfssl.com>
To: u-boot@lists.denx.de
Cc: Peter Robinson <pbrobinson@gmail.com>,
Ilias Apalodimas <ilias.apalodimas@linaro.org>,
Tom Rini <trini@konsulko.com>, David Garske <david@wolfssl.com>,
Aidan <aidan@wolfssl.com>
Subject: [PATCH v4 09/14] tpm: add wolfTPM driver helpers and Kconfig options
Date: Tue, 12 May 2026 17:26:13 -0700 [thread overview]
Message-ID: <20260513002625.76915-9-aidan@wolfssl.com> (raw)
In-Reply-To: <cover.1778619453.git.aidan@wolfssl.com>
From: Aidan <aidan@wolfssl.com>
Add wolfTPM helper functions and configuration options to the TPM
driver subsystem.
drivers/tpm/wolftpm_common.c:
Shared helper functions used by the wolfTPM command backend:
- TPM2_IFX_FwData_Cb(): firmware data callback for Infineon
firmware update streaming
- TPM2_IFX_GetOpModeStr(): converts Infineon operational mode
codes to human-readable strings
- TPM2_IFX_PrintInfo(): prints manufacturer, vendor, firmware
version, and operational mode from WOLFTPM2_CAPS
- TPM2_PCRs_Print(): enumerates and prints assigned PCR banks
and their selected PCR indices
- TPM2_Init_Device(): initializes wolfTPM with the TPM2_IoCb
HAL callback
drivers/tpm/Kconfig:
Adds configuration options under TPM_V2:
- TPM2_SPI_SANDBOX: sandbox TPM SPI emulator for testing
- TPM_AUTODETECT: auto-detect TPM chip for swtpm/QEMU
- WOLFTPM_LINUX_DEV: use U-Boot driver model instead of
wolfTPM's native TIS layer
- WOLFTPM_SLB9672/SLB9673: Infineon chip-specific features
- WOLFTPM_FIRMWARE_UPGRADE: firmware update support
drivers/tpm/Makefile:
Compiles wolftpm_common.o and sets wolfTPM include paths and
-DWOLFTPM_USER_SETTINGS when CONFIG_TPM_WOLF is enabled.
Signed-off-by: Aidan Garske <aidan@wolfssl.com>
---
drivers/tpm/Kconfig | 44 +++++++++++
drivers/tpm/Makefile | 9 +++
drivers/tpm/wolftpm_common.c | 137 +++++++++++++++++++++++++++++++++++
3 files changed, 190 insertions(+)
create mode 100644 drivers/tpm/wolftpm_common.c
diff --git a/drivers/tpm/Kconfig b/drivers/tpm/Kconfig
index 219ea606b50..a2897a0e040 100644
--- a/drivers/tpm/Kconfig
+++ b/drivers/tpm/Kconfig
@@ -158,6 +158,14 @@ config TPM2_TIS_SANDBOX
such as basic configuration, PCR extension and PCR read. Extended
functionalities are not implemented.
+config TPM2_SPI_SANDBOX
+ bool "Enable sandbox TPM SPI emulator"
+ depends on TPM_V2 && SANDBOX && DM_SPI
+ help
+ This driver emulates a TPM connected via SPI for sandbox testing.
+ It implements the TPM TIS SPI protocol and can be used to test
+ wolfTPM SPI HAL code without physical hardware.
+
config TPM2_TIS_SPI
bool "Enable support for TPMv2.x SPI chips"
depends on TPM_V2 && DM_SPI
@@ -200,6 +208,42 @@ config TPM2_EVENT_LOG_SIZE
allocated twice. One for the eventlog it self and one for the
configuration table that is required from the TCG2 spec
+config TPM_AUTODETECT
+ bool "wolfTPM auto-detect TPM chip (for swtpm/QEMU)"
+ depends on TPM_V2 && TPM_WOLF
+ help
+ Enable wolfTPM chip auto-detection instead of using a specific
+ chip type (SLB9672/SLB9673). Use this for swtpm/QEMU testing
+ where no specific hardware chip is present.
+
+config WOLFTPM_LINUX_DEV
+ bool "Use device-level TPM interface (bypass wolfTPM TIS layer)"
+ depends on TPM_V2 && TPM_WOLF
+ default y
+ help
+ Enable wolfTPM to use the underlying TPM driver instead of its own
+ TIS (TPM Interface Specification) layer. On U-Boot, this uses the
+ U-Boot TPM driver model (tpm_xfer). On Linux, this uses /dev/tpm0.
+ This is the recommended setting for U-Boot.
+
+config WOLFTPM_SLB9672
+ bool "Enable support for Infineon SLB9672 TPM"
+ depends on TPM_V2 && TPM_WOLF
+ help
+ Enable support for Infineon SLB9672 TPM features in wolfTPM.
+
+config WOLFTPM_SLB9673
+ bool "Enable support for Infineon SLB9673 TPM"
+ depends on TPM_V2 && TPM_WOLF
+ help
+ Enable support for Infineon SLB9673 TPM features in wolfTPM.
+
+config WOLFTPM_FIRMWARE_UPGRADE
+ bool "Enable firmware upgrade support for wolfTPM"
+ depends on TPM_V2 && TPM_WOLF
+ help
+ Enable support for Infineon TPM firmware upgrade commands in wolfTPM.
+
endif # TPM_V2
endmenu
diff --git a/drivers/tpm/Makefile b/drivers/tpm/Makefile
index b83ce703ec0..bee4193e9fc 100644
--- a/drivers/tpm/Makefile
+++ b/drivers/tpm/Makefile
@@ -10,7 +10,16 @@ obj-$(CONFIG_TPM_TIS_SANDBOX) += tpm_tis_sandbox.o sandbox_common.o
obj-$(CONFIG_$(PHASE_)TPM2_CR50_I2C) += cr50_i2c.o
obj-$(CONFIG_TPM2_TIS_SANDBOX) += tpm2_tis_sandbox.o sandbox_common.o
+obj-$(CONFIG_TPM2_SPI_SANDBOX) += tpm_spi_sandbox.o
obj-$(CONFIG_TPM2_TIS_SPI) += tpm2_tis_core.o tpm2_tis_spi.o
obj-$(CONFIG_TPM2_TIS_I2C) += tpm2_tis_core.o tpm2_tis_i2c.o
obj-$(CONFIG_TPM2_FTPM_TEE) += tpm2_ftpm_tee.o
obj-$(CONFIG_TPM2_MMIO) += tpm2_tis_core.o tpm2_tis_mmio.o
+
+# wolfTPM helper functions
+ifeq ($(CONFIG_TPM_WOLF),y)
+ccflags-y += -I$(srctree)/lib/wolftpm \
+ -I$(srctree)/include/configs \
+ -DWOLFTPM_USER_SETTINGS
+obj-y += wolftpm_common.o
+endif
diff --git a/drivers/tpm/wolftpm_common.c b/drivers/tpm/wolftpm_common.c
new file mode 100644
index 00000000000..bea36cf0229
--- /dev/null
+++ b/drivers/tpm/wolftpm_common.c
@@ -0,0 +1,137 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * wolfTPM common helper functions for U-Boot
+ *
+ * Copyright (C) 2025 wolfSSL Inc.
+ * Author: Aidan Garske <aidan@wolfssl.com>
+ */
+
+#define LOG_CATEGORY UCLASS_BOOTSTD
+
+#include <wolftpm.h>
+#include <wolftpm/tpm2.h>
+#include <wolftpm/tpm2_wrap.h>
+#include <wolftpm/tpm2_packet.h>
+#include <hal/tpm_io.h>
+#include <stdio.h>
+#include <string.h>
+#include <log.h>
+#include <hash.h>
+#include <examples/wrap/wrap_test.h>
+
+#ifndef WOLFTPM2_NO_WRAPPER
+#ifdef WOLFTPM_FIRMWARE_UPGRADE
+
+/******************************************************************************/
+/* --- BEGIN helper functions -- */
+/******************************************************************************/
+
+struct fw_info {
+ byte *manifest_buf;
+ byte *firmware_buf;
+ size_t manifest_bufSz;
+ size_t firmware_bufSz;
+};
+
+int TPM2_IFX_FwData_Cb(uint8_t *data, uint32_t data_req_sz,
+ uint32_t offset, void *cb_ctx)
+{
+ struct fw_info *fwinfo = (struct fw_info *)cb_ctx;
+
+ if (offset > fwinfo->firmware_bufSz)
+ return BUFFER_E;
+ if (offset + data_req_sz > (uint32_t)fwinfo->firmware_bufSz)
+ data_req_sz = (uint32_t)fwinfo->firmware_bufSz - offset;
+ if (data_req_sz > 0)
+ memcpy(data, &fwinfo->firmware_buf[offset], data_req_sz);
+ return data_req_sz;
+}
+
+const char *TPM2_IFX_GetOpModeStr(int opMode)
+{
+ const char *opModeStr = "Unknown";
+
+ switch (opMode) {
+ case 0x00:
+ opModeStr = "Normal TPM operational mode";
+ break;
+ case 0x01:
+ opModeStr = "TPM firmware update mode (abandon possible)";
+ break;
+ case 0x02:
+ opModeStr = "TPM firmware update mode (abandon not possible)";
+ break;
+ case 0x03:
+ opModeStr = "After successful update, but before finalize";
+ break;
+ case 0x04:
+ opModeStr = "After finalize or abandon, reboot required";
+ break;
+ default:
+ break;
+ }
+ return opModeStr;
+}
+
+void TPM2_IFX_PrintInfo(WOLFTPM2_CAPS *caps)
+{
+ printf("Mfg %s (%d), Vendor %s, Fw %u.%u (0x%x)\n",
+ caps->mfgStr, caps->mfg, caps->vendorStr, caps->fwVerMajor,
+ caps->fwVerMinor, caps->fwVerVendor);
+ printf("Operational mode: %s (0x%x)\n",
+ TPM2_IFX_GetOpModeStr(caps->opMode), caps->opMode);
+ printf("KeyGroupId 0x%x, FwCounter %d (%d same)\n",
+ caps->keyGroupId, caps->fwCounter, caps->fwCounterSame);
+}
+#endif /* WOLFTPM_FIRMWARE_UPGRADE */
+
+int TPM2_PCRs_Print(void)
+{
+ int rc;
+ int pcrCount, pcrIndex;
+ GetCapability_In capIn;
+ GetCapability_Out capOut;
+ TPML_PCR_SELECTION *pcrSel;
+
+ memset(&capIn, 0, sizeof(capIn));
+ capIn.capability = TPM_CAP_PCRS;
+ capIn.property = 0;
+ capIn.propertyCount = 1;
+ rc = TPM2_GetCapability(&capIn, &capOut);
+ if (rc != TPM_RC_SUCCESS) {
+ log_debug("TPM2_GetCapability failed rc=%d (%s)\n",
+ rc, TPM2_GetRCString(rc));
+ return rc;
+ }
+ pcrSel = &capOut.capabilityData.data.assignedPCR;
+ printf("Assigned PCR's:\n");
+ for (pcrCount = 0; pcrCount < (int)pcrSel->count; pcrCount++) {
+ printf("\t%s: ",
+ TPM2_GetAlgName(pcrSel->pcrSelections[pcrCount].hash));
+ for (pcrIndex = 0;
+ pcrIndex < pcrSel->pcrSelections[pcrCount].sizeofSelect * 8;
+ pcrIndex++) {
+ if ((pcrSel->pcrSelections[pcrCount].pcrSelect[pcrIndex / 8] &
+ ((1 << (pcrIndex % 8)))) != 0)
+ printf(" %d", pcrIndex);
+ }
+ printf("\n");
+ }
+ return TPM_RC_SUCCESS;
+}
+
+int TPM2_Init_Device(WOLFTPM2_DEV *dev, void *userCtx)
+{
+ int rc;
+
+ /* Use TPM2_IoCb callback for packet-level access */
+ rc = wolfTPM2_Init(dev, TPM2_IoCb, userCtx);
+ log_debug("tpm2 init: rc = %d (%s)\n", rc, TPM2_GetRCString(rc));
+ return rc;
+}
+
+#endif /* WOLFTPM2_NO_WRAPPER */
+
+/******************************************************************************/
+/* --- END helper functions -- */
+/******************************************************************************/
--
2.49.0
next prev parent reply other threads:[~2026-05-13 0:28 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-13 0:26 [PATCH v4 00/14] tpm: Add wolfTPM library support for TPM 2.0 Aidan Garske
2026-05-13 0:26 ` [PATCH v4 01/14] tpm: export tpm_show_device, tpm_set_device, and get_tpm Aidan Garske
2026-05-15 13:06 ` Simon Glass
2026-05-13 0:26 ` [PATCH v4 02/14] include/hash: add SHA384 hash wrapper declaration for wolfTPM Aidan Garske
2026-05-13 0:26 ` [PATCH v4 03/14] spi: add BCM2835/BCM2711 hardware SPI controller driver Aidan Garske
2026-05-15 13:07 ` Simon Glass
2026-05-15 15:13 ` Peter Robinson
2026-05-13 0:26 ` [PATCH v4 04/14] arm: dts: bcm2711-rpi-4-b: add Infineon SLB9670/9672 TPM in U-Boot dtsi Aidan Garske
2026-05-15 13:08 ` Simon Glass
2026-05-13 0:26 ` [PATCH v4 05/14] arm: dts: qemu-arm64: add TPM TIS MMIO node Aidan Garske
2026-05-15 13:09 ` Simon Glass
2026-05-13 0:26 ` [PATCH v4 06/14] sandbox: dts: add TPM SPI emulator node Aidan Garske
2026-05-15 13:11 ` Simon Glass
2026-05-13 0:26 ` [PATCH v4 07/14] tpm: add wolfTPM build rules and Kconfig Aidan Garske
2026-05-13 0:26 ` [PATCH v4 08/14] tpm: add wolfTPM headers and SHA384 glue code Aidan Garske
2026-05-13 0:26 ` Aidan Garske [this message]
2026-05-13 0:26 ` [PATCH v4 10/14] cmd: refactor tpm2 command into frontend/backend architecture Aidan Garske
2026-05-15 14:11 ` Simon Glass
2026-05-15 14:15 ` Simon Glass
2026-05-13 0:26 ` [PATCH v4 11/14] tpm: add sandbox TPM SPI emulator Aidan Garske
2026-05-15 13:24 ` Simon Glass
2026-05-13 0:26 ` [PATCH v4 12/14] test: add wolfTPM C unit tests and Python integration tests Aidan Garske
2026-05-15 14:15 ` Simon Glass
2026-05-13 0:26 ` [PATCH v4 13/14] doc: add wolfTPM documentation Aidan Garske
2026-05-13 0:26 ` [PATCH v4 14/14] configs: add rpi_4_wolftpm_defconfig Aidan Garske
2026-05-15 11:31 ` Matthias Brugger
2026-05-13 6:35 ` [PATCH v4 00/14] tpm: Add wolfTPM library support for TPM 2.0 Ilias Apalodimas
2026-05-13 14:34 ` Tom Rini
2026-05-13 16:04 ` Aidan Garske
2026-05-13 16:36 ` Peter Robinson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260513002625.76915-9-aidan@wolfssl.com \
--to=aidan@wolfssl.com \
--cc=david@wolfssl.com \
--cc=ilias.apalodimas@linaro.org \
--cc=pbrobinson@gmail.com \
--cc=trini@konsulko.com \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.