U-Boot support for wolfTPM and firmware update for SLB9672/SLB9673
David Garske
david at wolfssl.com
Fri May 9 17:43:37 CEST 2025
Hi Ilias,
Thank you for the quick reply. I am happy that you will consider wolfTPM as a submodule. We have 100’s of commercial customers and it is very actively maintained. In fact we will continue to provide direct maintenance for any u-boot issues that come up using wolfTPM. Also we’ve done safety critical DO-178 certification on wolfTPM.
1) U-Boot subsystem maintainers. Can you point me to that list of maintainers?
2) Size: I haven’t run any size comparisons but I expect to be inline with existing code. I will make sure we run some comparisons.
3) Releases: Yes we have stable releases done each quarter. I am about to do a release v3.9.0 next week that includes the U-boot support, so I will update the submodule to use the tagged release when it’s ready.
4) CVE: Yes we track and create CVE’s if we find issues or any are reported. We typically have a fix posted within 36 hours of a report. Vulnerabilities are published in the release notes and for our premium support customers they get early notification.
5) Patch Size: I will work on reducing the changes and splitting them into logical commits.
Enjoy your time away. I’ll have updates to share soon.
Thanks,
David Garske
Software Engineer, wolfSSL
+1 (530) 409-2990
https://www.wolfssl.com <https://www.wolfssl.com/>
https://github.com/wolfssl
> On May 9, 2025, at 5:22 AM, Ilias Apalodimas <ilias.apalodimas at linaro.org> wrote:
>
> Hi David
>
>> Hi Denx,
>>
>> We at wolfSSL have developed a port for wolfTPM in U-Boot. The patch allows using the current built-in TPM 2.0 support or switching to wolfTPM via CONFIG_TPM_WOLF=y. It also supports TPM 2.0 firmware update for the Infineon SLB9672 and SLB9673.
>>
>> I think there is probably some more cleanup and testing needed, but I wanted to submit this to start the discussion and see your thoughts.
>
> It's easier if you CC the appropriate maintainers for each subsystem next
> time!
>
>>
>> The wolfTPM library is GPLv2 and added as a submodule. If the license or submodule is an issue let’s discuss! I’m positive we can resolve anything.
>
> We recently added a few external libraries. mbedTLS and lwIP. Both of these
> are pulled as subtrees, so I'd like to stick to that.
>
> I briefly went through the patch and I don't disagree in pulling an
> external library as long as it's reasonably stable and will continue
> to be maintained. A few questions since I am not familiar with wolfTPM
>
> - Have you made any size comparisons wrt to the final binary size?
> - Does wolfTPM have stable releases that we can use?
> - Is there a CVE policy ?
>
> The current patch is quite big and I honestly don't have time to go
> through all of it in detail. I'll be away next week, but I can give some
> general feedback in ~10days. The easiest thing to do is try to split it
> a reasonable amount of patches -- and only include the bare minimum of what's
> required to work.
>
> Thanks
> /Ilias
>
>>
>> Attached is the patch based on latest master 3b6760ddeb4 to review.
>>
>> 
>>
>> Thanks,
>> David Garske
>> Software Engineer, wolfSSL
>> +1 (530) 409-2990
>> https://www.wolfssl.com <https://www.wolfssl.com/>
>> https://github.com/wolfssl
>
More information about the U-Boot
mailing list