From: Aidan Garske <aidan@wolfssl.com>
To: u-boot@lists.denx.de
Cc: Peter Robinson <pbrobinson@gmail.com>,
Ilias Apalodimas <ilias.apalodimas@linaro.org>,
Tom Rini <trini@konsulko.com>, David Garske <david@wolfssl.com>,
Aidan <aidan@wolfssl.com>,
Heinrich Schuchardt <xypron.glpk@gmx.de>,
Heiko Schocher <hs@nabladev.com>,
Christoph Niedermaier <cniedermaier@dh-electronics.com>,
Stefan Roese <stefan.roese@mailbox.org>,
Simon Glass <sjg@chromium.org>,
Marek Vasut <marek.vasut+renesas@mailbox.org>,
Sean Edmond <seanedmond@microsoft.com>,
Jerome Forissier <jerome@forissier.org>
Subject: [PATCH v4 07/14] tpm: add wolfTPM build rules and Kconfig
Date: Tue, 12 May 2026 17:26:11 -0700 [thread overview]
Message-ID: <20260513002625.76915-7-aidan@wolfssl.com> (raw)
In-Reply-To: <cover.1778619453.git.aidan@wolfssl.com>
From: Aidan <aidan@wolfssl.com>
Hook the wolfTPM source tree (imported as a subtree at lib/wolftpm/ in
the preceding commits) into the U-Boot build and add upstream-pull
support to tools/update-subtree.sh, matching how mbedtls, dts, and lwip
are maintained.
lib/Kconfig:
Adds CONFIG_TPM_WOLF under library routines, depending on DM,
implying DM_RNG, and selecting SHA1.
lib/Makefile:
When CONFIG_TPM_WOLF and CONFIG_TPM_V2 are both enabled, compiles
wolfTPM core source files (tpm2.c, tpm2_packet.c, tpm2_tis.c,
tpm2_wrap.c, tpm2_param_enc.c) and the HAL layer (tpm_io.c).
Sets -I include paths and -DWOLFTPM_USER_SETTINGS so wolfTPM picks
up include/configs/user_settings.h.
tools/update-subtree.sh:
Registers the wolftpm subtree (path lib/wolftpm, upstream
https://github.com/wolfssl/wolfTPM.git) so the existing pull/pick
workflow can be used for future wolfTPM updates.
Signed-off-by: Aidan Garske <aidan@wolfssl.com>
---
lib/Kconfig | 13 +++++++++++++
lib/Makefile | 17 +++++++++++++++++
tools/update-subtree.sh | 7 ++++++-
3 files changed, 36 insertions(+), 1 deletion(-)
diff --git a/lib/Kconfig b/lib/Kconfig
index 931d5206936..b7dc422e94c 100644
--- a/lib/Kconfig
+++ b/lib/Kconfig
@@ -500,6 +500,19 @@ config TPM
If you want a fully functional TPM enable all hashing algorithms.
If you enabled measured boot all hashing algorithms are selected.
+config TPM_WOLF
+ bool "Enable wolfTPM support"
+ depends on DM
+ imply DM_RNG
+ select SHA1
+ help
+ This option enables support for wolfTPM in U-Boot. wolfTPM is a
+ portable, open-source TPM 2.0 stack licensed under GPLv2. Enabling
+ this option allows U-Boot to interact with the TPM via wolfTPM,
+ including firmware updates, PCR extend, and other TPM 2.0
+ operations. The wolfTPM source tree lives under lib/wolftpm/ as
+ a subtree (see tools/update-subtree.sh).
+
config SPL_TPM
bool "Trusted Platform Module (TPM) Support in SPL"
depends on SPL_DM
diff --git a/lib/Makefile b/lib/Makefile
index 70667f3728c..0753e33d69e 100644
--- a/lib/Makefile
+++ b/lib/Makefile
@@ -64,6 +64,23 @@ obj-$(CONFIG_EFI_TCG2_PROTOCOL) += tpm_tcg2.o
obj-$(CONFIG_MEASURED_BOOT) += tpm_tcg2.o
endif
+# wolfTPM (TPM 2.0 stack, including firmware update support)
+ifeq ($(CONFIG_TPM_WOLF),y)
+ifeq ($(CONFIG_TPM_V2),y)
+ccflags-y += -I$(srctree)/lib/wolftpm \
+ -I$(srctree)/include/configs \
+ -DWOLFTPM_USER_SETTINGS
+obj-y += wolftpm/hal/tpm_io.o
+obj-$(CONFIG_WOLFTPM_LINUX_DEV) += wolftpm/src/tpm2_linux.o
+obj-y += wolftpm/src/tpm2.o
+obj-y += wolftpm/src/tpm2_packet.o
+obj-y += wolftpm/src/tpm2_tis.o
+obj-y += wolftpm/src/tpm2_wrap.o
+obj-y += wolftpm/src/tpm2_param_enc.o
+obj-y += wolftpm.o
+endif
+endif
+
obj-$(CONFIG_$(PHASE_)CRC8) += crc8.o
obj-$(CONFIG_$(PHASE_)CRC16) += crc16.o
obj-$(CONFIG_$(PHASE_)CRC16) += crc16-ccitt.o
diff --git a/tools/update-subtree.sh b/tools/update-subtree.sh
index 536b3318573..c5963e6a3ae 100755
--- a/tools/update-subtree.sh
+++ b/tools/update-subtree.sh
@@ -17,7 +17,7 @@ set -e
print_usage() {
echo "usage: $0 <op> <subtree-name> <ref>"
echo " <op> pull or pick"
- echo " <subtree-name> mbedtls or dts or lwip"
+ echo " <subtree-name> mbedtls or dts or lwip or wolftpm"
echo " <ref> release tag [pull] or commit id [pick]"
}
@@ -47,6 +47,11 @@ set_params() {
repo_url=https://git.savannah.gnu.org/git/lwip.git
remote_name="lwip_upstream"
;;
+ wolftpm)
+ path=lib/wolftpm
+ repo_url=https://github.com/wolfssl/wolfTPM.git
+ remote_name="wolftpm_upstream"
+ ;;
*)
echo "Invalid subtree name: $subtree_name"
print_usage
--
2.49.0
next prev parent reply other threads:[~2026-05-13 0:27 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-13 0:26 [PATCH v4 00/14] tpm: Add wolfTPM library support for TPM 2.0 Aidan Garske
2026-05-13 0:26 ` [PATCH v4 01/14] tpm: export tpm_show_device, tpm_set_device, and get_tpm Aidan Garske
2026-05-15 13:06 ` Simon Glass
2026-05-13 0:26 ` [PATCH v4 02/14] include/hash: add SHA384 hash wrapper declaration for wolfTPM Aidan Garske
2026-05-13 0:26 ` [PATCH v4 03/14] spi: add BCM2835/BCM2711 hardware SPI controller driver Aidan Garske
2026-05-15 13:07 ` Simon Glass
2026-05-15 15:13 ` Peter Robinson
2026-05-13 0:26 ` [PATCH v4 04/14] arm: dts: bcm2711-rpi-4-b: add Infineon SLB9670/9672 TPM in U-Boot dtsi Aidan Garske
2026-05-15 13:08 ` Simon Glass
2026-05-13 0:26 ` [PATCH v4 05/14] arm: dts: qemu-arm64: add TPM TIS MMIO node Aidan Garske
2026-05-15 13:09 ` Simon Glass
2026-05-13 0:26 ` [PATCH v4 06/14] sandbox: dts: add TPM SPI emulator node Aidan Garske
2026-05-15 13:11 ` Simon Glass
2026-05-13 0:26 ` Aidan Garske [this message]
2026-05-13 0:26 ` [PATCH v4 08/14] tpm: add wolfTPM headers and SHA384 glue code Aidan Garske
2026-05-13 0:26 ` [PATCH v4 09/14] tpm: add wolfTPM driver helpers and Kconfig options Aidan Garske
2026-05-13 0:26 ` [PATCH v4 10/14] cmd: refactor tpm2 command into frontend/backend architecture Aidan Garske
2026-05-15 14:11 ` Simon Glass
2026-05-15 14:15 ` Simon Glass
2026-05-13 0:26 ` [PATCH v4 11/14] tpm: add sandbox TPM SPI emulator Aidan Garske
2026-05-15 13:24 ` Simon Glass
2026-05-13 0:26 ` [PATCH v4 12/14] test: add wolfTPM C unit tests and Python integration tests Aidan Garske
2026-05-15 14:15 ` Simon Glass
2026-05-13 0:26 ` [PATCH v4 13/14] doc: add wolfTPM documentation Aidan Garske
2026-05-13 0:26 ` [PATCH v4 14/14] configs: add rpi_4_wolftpm_defconfig Aidan Garske
2026-05-15 11:31 ` Matthias Brugger
2026-05-13 6:35 ` [PATCH v4 00/14] tpm: Add wolfTPM library support for TPM 2.0 Ilias Apalodimas
2026-05-13 14:34 ` Tom Rini
2026-05-13 16:04 ` Aidan Garske
2026-05-13 16:36 ` Peter Robinson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260513002625.76915-7-aidan@wolfssl.com \
--to=aidan@wolfssl.com \
--cc=cniedermaier@dh-electronics.com \
--cc=david@wolfssl.com \
--cc=hs@nabladev.com \
--cc=ilias.apalodimas@linaro.org \
--cc=jerome@forissier.org \
--cc=marek.vasut+renesas@mailbox.org \
--cc=pbrobinson@gmail.com \
--cc=seanedmond@microsoft.com \
--cc=sjg@chromium.org \
--cc=stefan.roese@mailbox.org \
--cc=trini@konsulko.com \
--cc=u-boot@lists.denx.de \
--cc=xypron.glpk@gmx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox