From: Aidan Garske <aidan@wolfssl.com>
To: u-boot@lists.denx.de
Cc: Peter Robinson <pbrobinson@gmail.com>,
Ilias Apalodimas <ilias.apalodimas@linaro.org>,
Tom Rini <trini@konsulko.com>, David Garske <david@wolfssl.com>,
Aidan <aidan@wolfssl.com>
Subject: [PATCH v4 09/14] tpm: add wolfTPM driver helpers and Kconfig options
Date: Tue, 12 May 2026 17:26:13 -0700 [thread overview]
Message-ID: <20260513002625.76915-9-aidan@wolfssl.com> (raw)
In-Reply-To: <cover.1778619453.git.aidan@wolfssl.com>
From: Aidan <aidan@wolfssl.com>
Add wolfTPM helper functions and configuration options to the TPM
driver subsystem.
drivers/tpm/wolftpm_common.c:
Shared helper functions used by the wolfTPM command backend:
- TPM2_IFX_FwData_Cb(): firmware data callback for Infineon
firmware update streaming
- TPM2_IFX_GetOpModeStr(): converts Infineon operational mode
codes to human-readable strings
- TPM2_IFX_PrintInfo(): prints manufacturer, vendor, firmware
version, and operational mode from WOLFTPM2_CAPS
- TPM2_PCRs_Print(): enumerates and prints assigned PCR banks
and their selected PCR indices
- TPM2_Init_Device(): initializes wolfTPM with the TPM2_IoCb
HAL callback
drivers/tpm/Kconfig:
Adds configuration options under TPM_V2:
- TPM2_SPI_SANDBOX: sandbox TPM SPI emulator for testing
- TPM_AUTODETECT: auto-detect TPM chip for swtpm/QEMU
- WOLFTPM_LINUX_DEV: use U-Boot driver model instead of
wolfTPM's native TIS layer
- WOLFTPM_SLB9672/SLB9673: Infineon chip-specific features
- WOLFTPM_FIRMWARE_UPGRADE: firmware update support
drivers/tpm/Makefile:
Compiles wolftpm_common.o and sets wolfTPM include paths and
-DWOLFTPM_USER_SETTINGS when CONFIG_TPM_WOLF is enabled.
Signed-off-by: Aidan Garske <aidan@wolfssl.com>
---
drivers/tpm/Kconfig | 44 +++++++++++
drivers/tpm/Makefile | 9 +++
drivers/tpm/wolftpm_common.c | 137 +++++++++++++++++++++++++++++++++++
3 files changed, 190 insertions(+)
create mode 100644 drivers/tpm/wolftpm_common.c
diff --git a/drivers/tpm/Kconfig b/drivers/tpm/Kconfig
index 219ea606b50..a2897a0e040 100644
--- a/drivers/tpm/Kconfig
+++ b/drivers/tpm/Kconfig
@@ -158,6 +158,14 @@ config TPM2_TIS_SANDBOX
such as basic configuration, PCR extension and PCR read. Extended
functionalities are not implemented.
+config TPM2_SPI_SANDBOX
+ bool "Enable sandbox TPM SPI emulator"
+ depends on TPM_V2 && SANDBOX && DM_SPI
+ help
+ This driver emulates a TPM connected via SPI for sandbox testing.
+ It implements the TPM TIS SPI protocol and can be used to test
+ wolfTPM SPI HAL code without physical hardware.
+
config TPM2_TIS_SPI
bool "Enable support for TPMv2.x SPI chips"
depends on TPM_V2 && DM_SPI
@@ -200,6 +208,42 @@ config TPM2_EVENT_LOG_SIZE
allocated twice. One for the eventlog it self and one for the
configuration table that is required from the TCG2 spec
+config TPM_AUTODETECT
+ bool "wolfTPM auto-detect TPM chip (for swtpm/QEMU)"
+ depends on TPM_V2 && TPM_WOLF
+ help
+ Enable wolfTPM chip auto-detection instead of using a specific
+ chip type (SLB9672/SLB9673). Use this for swtpm/QEMU testing
+ where no specific hardware chip is present.
+
+config WOLFTPM_LINUX_DEV
+ bool "Use device-level TPM interface (bypass wolfTPM TIS layer)"
+ depends on TPM_V2 && TPM_WOLF
+ default y
+ help
+ Enable wolfTPM to use the underlying TPM driver instead of its own
+ TIS (TPM Interface Specification) layer. On U-Boot, this uses the
+ U-Boot TPM driver model (tpm_xfer). On Linux, this uses /dev/tpm0.
+ This is the recommended setting for U-Boot.
+
+config WOLFTPM_SLB9672
+ bool "Enable support for Infineon SLB9672 TPM"
+ depends on TPM_V2 && TPM_WOLF
+ help
+ Enable support for Infineon SLB9672 TPM features in wolfTPM.
+
+config WOLFTPM_SLB9673
+ bool "Enable support for Infineon SLB9673 TPM"
+ depends on TPM_V2 && TPM_WOLF
+ help
+ Enable support for Infineon SLB9673 TPM features in wolfTPM.
+
+config WOLFTPM_FIRMWARE_UPGRADE
+ bool "Enable firmware upgrade support for wolfTPM"
+ depends on TPM_V2 && TPM_WOLF
+ help
+ Enable support for Infineon TPM firmware upgrade commands in wolfTPM.
+
endif # TPM_V2
endmenu
diff --git a/drivers/tpm/Makefile b/drivers/tpm/Makefile
index b83ce703ec0..bee4193e9fc 100644
--- a/drivers/tpm/Makefile
+++ b/drivers/tpm/Makefile
@@ -10,7 +10,16 @@ obj-$(CONFIG_TPM_TIS_SANDBOX) += tpm_tis_sandbox.o sandbox_common.o
obj-$(CONFIG_$(PHASE_)TPM2_CR50_I2C) += cr50_i2c.o
obj-$(CONFIG_TPM2_TIS_SANDBOX) += tpm2_tis_sandbox.o sandbox_common.o
+obj-$(CONFIG_TPM2_SPI_SANDBOX) += tpm_spi_sandbox.o
obj-$(CONFIG_TPM2_TIS_SPI) += tpm2_tis_core.o tpm2_tis_spi.o
obj-$(CONFIG_TPM2_TIS_I2C) += tpm2_tis_core.o tpm2_tis_i2c.o
obj-$(CONFIG_TPM2_FTPM_TEE) += tpm2_ftpm_tee.o
obj-$(CONFIG_TPM2_MMIO) += tpm2_tis_core.o tpm2_tis_mmio.o
+
+# wolfTPM helper functions
+ifeq ($(CONFIG_TPM_WOLF),y)
+ccflags-y += -I$(srctree)/lib/wolftpm \
+ -I$(srctree)/include/configs \
+ -DWOLFTPM_USER_SETTINGS
+obj-y += wolftpm_common.o
+endif
diff --git a/drivers/tpm/wolftpm_common.c b/drivers/tpm/wolftpm_common.c
new file mode 100644
index 00000000000..bea36cf0229
--- /dev/null
+++ b/drivers/tpm/wolftpm_common.c
@@ -0,0 +1,137 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * wolfTPM common helper functions for U-Boot
+ *
+ * Copyright (C) 2025 wolfSSL Inc.
+ * Author: Aidan Garske <aidan@wolfssl.com>
+ */
+
+#define LOG_CATEGORY UCLASS_BOOTSTD
+
+#include <wolftpm.h>
+#include <wolftpm/tpm2.h>
+#include <wolftpm/tpm2_wrap.h>
+#include <wolftpm/tpm2_packet.h>
+#include <hal/tpm_io.h>
+#include <stdio.h>
+#include <string.h>
+#include <log.h>
+#include <hash.h>
+#include <examples/wrap/wrap_test.h>
+
+#ifndef WOLFTPM2_NO_WRAPPER
+#ifdef WOLFTPM_FIRMWARE_UPGRADE
+
+/******************************************************************************/
+/* --- BEGIN helper functions -- */
+/******************************************************************************/
+
+struct fw_info {
+ byte *manifest_buf;
+ byte *firmware_buf;
+ size_t manifest_bufSz;
+ size_t firmware_bufSz;
+};
+
+int TPM2_IFX_FwData_Cb(uint8_t *data, uint32_t data_req_sz,
+ uint32_t offset, void *cb_ctx)
+{
+ struct fw_info *fwinfo = (struct fw_info *)cb_ctx;
+
+ if (offset > fwinfo->firmware_bufSz)
+ return BUFFER_E;
+ if (offset + data_req_sz > (uint32_t)fwinfo->firmware_bufSz)
+ data_req_sz = (uint32_t)fwinfo->firmware_bufSz - offset;
+ if (data_req_sz > 0)
+ memcpy(data, &fwinfo->firmware_buf[offset], data_req_sz);
+ return data_req_sz;
+}
+
+const char *TPM2_IFX_GetOpModeStr(int opMode)
+{
+ const char *opModeStr = "Unknown";
+
+ switch (opMode) {
+ case 0x00:
+ opModeStr = "Normal TPM operational mode";
+ break;
+ case 0x01:
+ opModeStr = "TPM firmware update mode (abandon possible)";
+ break;
+ case 0x02:
+ opModeStr = "TPM firmware update mode (abandon not possible)";
+ break;
+ case 0x03:
+ opModeStr = "After successful update, but before finalize";
+ break;
+ case 0x04:
+ opModeStr = "After finalize or abandon, reboot required";
+ break;
+ default:
+ break;
+ }
+ return opModeStr;
+}
+
+void TPM2_IFX_PrintInfo(WOLFTPM2_CAPS *caps)
+{
+ printf("Mfg %s (%d), Vendor %s, Fw %u.%u (0x%x)\n",
+ caps->mfgStr, caps->mfg, caps->vendorStr, caps->fwVerMajor,
+ caps->fwVerMinor, caps->fwVerVendor);
+ printf("Operational mode: %s (0x%x)\n",
+ TPM2_IFX_GetOpModeStr(caps->opMode), caps->opMode);
+ printf("KeyGroupId 0x%x, FwCounter %d (%d same)\n",
+ caps->keyGroupId, caps->fwCounter, caps->fwCounterSame);
+}
+#endif /* WOLFTPM_FIRMWARE_UPGRADE */
+
+int TPM2_PCRs_Print(void)
+{
+ int rc;
+ int pcrCount, pcrIndex;
+ GetCapability_In capIn;
+ GetCapability_Out capOut;
+ TPML_PCR_SELECTION *pcrSel;
+
+ memset(&capIn, 0, sizeof(capIn));
+ capIn.capability = TPM_CAP_PCRS;
+ capIn.property = 0;
+ capIn.propertyCount = 1;
+ rc = TPM2_GetCapability(&capIn, &capOut);
+ if (rc != TPM_RC_SUCCESS) {
+ log_debug("TPM2_GetCapability failed rc=%d (%s)\n",
+ rc, TPM2_GetRCString(rc));
+ return rc;
+ }
+ pcrSel = &capOut.capabilityData.data.assignedPCR;
+ printf("Assigned PCR's:\n");
+ for (pcrCount = 0; pcrCount < (int)pcrSel->count; pcrCount++) {
+ printf("\t%s: ",
+ TPM2_GetAlgName(pcrSel->pcrSelections[pcrCount].hash));
+ for (pcrIndex = 0;
+ pcrIndex < pcrSel->pcrSelections[pcrCount].sizeofSelect * 8;
+ pcrIndex++) {
+ if ((pcrSel->pcrSelections[pcrCount].pcrSelect[pcrIndex / 8] &
+ ((1 << (pcrIndex % 8)))) != 0)
+ printf(" %d", pcrIndex);
+ }
+ printf("\n");
+ }
+ return TPM_RC_SUCCESS;
+}
+
+int TPM2_Init_Device(WOLFTPM2_DEV *dev, void *userCtx)
+{
+ int rc;
+
+ /* Use TPM2_IoCb callback for packet-level access */
+ rc = wolfTPM2_Init(dev, TPM2_IoCb, userCtx);
+ log_debug("tpm2 init: rc = %d (%s)\n", rc, TPM2_GetRCString(rc));
+ return rc;
+}
+
+#endif /* WOLFTPM2_NO_WRAPPER */
+
+/******************************************************************************/
+/* --- END helper functions -- */
+/******************************************************************************/
--
2.49.0
next prev parent reply other threads:[~2026-05-13 0:28 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-13 0:26 [PATCH v4 00/14] tpm: Add wolfTPM library support for TPM 2.0 Aidan Garske
2026-05-13 0:26 ` [PATCH v4 01/14] tpm: export tpm_show_device, tpm_set_device, and get_tpm Aidan Garske
2026-05-15 13:06 ` Simon Glass
2026-05-13 0:26 ` [PATCH v4 02/14] include/hash: add SHA384 hash wrapper declaration for wolfTPM Aidan Garske
2026-05-13 0:26 ` [PATCH v4 03/14] spi: add BCM2835/BCM2711 hardware SPI controller driver Aidan Garske
2026-05-15 13:07 ` Simon Glass
2026-05-15 15:13 ` Peter Robinson
2026-05-13 0:26 ` [PATCH v4 04/14] arm: dts: bcm2711-rpi-4-b: add Infineon SLB9670/9672 TPM in U-Boot dtsi Aidan Garske
2026-05-15 13:08 ` Simon Glass
2026-05-13 0:26 ` [PATCH v4 05/14] arm: dts: qemu-arm64: add TPM TIS MMIO node Aidan Garske
2026-05-15 13:09 ` Simon Glass
2026-05-13 0:26 ` [PATCH v4 06/14] sandbox: dts: add TPM SPI emulator node Aidan Garske
2026-05-15 13:11 ` Simon Glass
2026-05-13 0:26 ` [PATCH v4 07/14] tpm: add wolfTPM build rules and Kconfig Aidan Garske
2026-05-13 0:26 ` [PATCH v4 08/14] tpm: add wolfTPM headers and SHA384 glue code Aidan Garske
2026-05-13 0:26 ` Aidan Garske [this message]
2026-05-13 0:26 ` [PATCH v4 10/14] cmd: refactor tpm2 command into frontend/backend architecture Aidan Garske
2026-05-15 14:11 ` Simon Glass
2026-05-15 14:15 ` Simon Glass
2026-05-13 0:26 ` [PATCH v4 11/14] tpm: add sandbox TPM SPI emulator Aidan Garske
2026-05-15 13:24 ` Simon Glass
2026-05-13 0:26 ` [PATCH v4 12/14] test: add wolfTPM C unit tests and Python integration tests Aidan Garske
2026-05-15 14:15 ` Simon Glass
2026-05-13 0:26 ` [PATCH v4 13/14] doc: add wolfTPM documentation Aidan Garske
2026-05-13 0:26 ` [PATCH v4 14/14] configs: add rpi_4_wolftpm_defconfig Aidan Garske
2026-05-15 11:31 ` Matthias Brugger
2026-05-13 6:35 ` [PATCH v4 00/14] tpm: Add wolfTPM library support for TPM 2.0 Ilias Apalodimas
2026-05-13 14:34 ` Tom Rini
2026-05-13 16:04 ` Aidan Garske
2026-05-13 16:36 ` Peter Robinson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260513002625.76915-9-aidan@wolfssl.com \
--to=aidan@wolfssl.com \
--cc=david@wolfssl.com \
--cc=ilias.apalodimas@linaro.org \
--cc=pbrobinson@gmail.com \
--cc=trini@konsulko.com \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox