U-Boot support for wolfTPM and firmware update for SLB9672/SLB9673

Wed Jan 28 01:03:30 CET 2026

Hi Ilias,

We have made the U-Boot changes requested and attached a patch for upstream. Let me know if you have any issues or questions.

Fork: https://github.com/aidangarske/u-boot/tree/rpi4-wolftpm-uboot
Instructions: https://github.com/aidangarske/rpi4-wolftpm-uboot/tree/master

Thanks,
David Garske
Software Engineer, wolfSSL
+1 (530) 409-2990
https://www.wolfssl.com <https://www.wolfssl.com/>
https://github.com/wolfssl

> On Aug 5, 2025, at 8:31 AM, Aidan Garske <aidan at wolfssl.com> wrote:
> 
> Hi Ilias, 
> 
> Sounds good, I will keep them in cmd/wolftpm.c. I guess Simon can probably answer the other question the best. 
> He had asked if I could "put the driver code into drivers/ with just the command code in cmd/" so I am just trying 
> to get clarity on what driver code he is specifically referring to. 
> 
> Thanks for the help, 
> Aidan
> -------------------------------------
> Aidan Garske
> Engineering Intern, wolfSSL
> +1 (916) 337-1246
> -------------------------------------
> 
> 
> On Tue, Aug 5, 2025 at 1:17 AM Ilias Apalodimas <ilias.apalodimas at linaro.org <mailto:ilias.apalodimas at linaro.org>> wrote:
>> Hi Aidan,
>> 
>> 
>> On Sat, 2 Aug 2025 at 01:59, Aidan Garske <aidan at wolfssl.com <mailto:aidan at wolfssl.com>> wrote:
>> >
>> > Hi Simon and Ilias,
>> >
>> > Thank you for the great feedback. Currently I am working in the refactor you suggested and I wanted to ask a question about some of your comments.
>> >
>> > 1. What exactly is the "driver code" you are referring to in this case?
>> > 2. Do you want me to separate out our helper functions into a `cmd/wolftpm-common.c` or should I keep them in `cmd/wolftpm.c`?
>> >
>> > Looking forward to your response,
>> > Aidan
>> > -------------------------------------
>> > Aidan Garske
>> > Engineering Intern, wolfSSL
>> > +1 (916) 337-1246
>> > -------------------------------------
>> >
>> >
>> > On Wed, Jul 30, 2025 at 8:40 AM Aidan Garske <aidan at wolfssl.com <mailto:aidan at wolfssl.com>> wrote:
>> >>
>> >> Hi Simon,
>> >>
>> >> Thank you for the great feedback. Currently I am working in the refactor you suggested and I wanted to ask a question about some of your comments.
>> >>
>> >> 1. What exactly is the "driver code" you are referring to in this case?
>> 
>> It's been a while and I am not sure I am following on that
>> 
>> >> 2. Do you want me to separate out our helper functions into a `cmd/wolftpm-common.c` or should I keep them in `cmd/wolftpm.c`?
>> 
>> Are you expecting it to be reusable by something else? If not just
>> keep it to cmd/wolftpm.c
>> 
>> Thanks
>> /Ilias
>> 
>> >>
>> >> Looking forward to your response,
>> >> Aidan
>> >> -------------------------------------
>> >> Aidan Garske
>> >> Engineering Intern, wolfSSL
>> >> +1 (916) 337-1246
>> >> -------------------------------------
>> >>
>> >>
>> >>
>> >> On Sat, May 10, 2025 at 4:25 AM Simon Glass <sjg at chromium.org <mailto:sjg at chromium.org>> wrote:
>> >>>
>> >>> Hi David,
>> >>>
>> >>> On Thu, 8 May 2025 at 00:41, David Garske <david at wolfssl.com <mailto:david at wolfssl.com>> wrote:
>> >>> >
>> >>> > Hi Denx,
>> >>> >
>> >>> > We at wolfSSL have developed a port for wolfTPM in U-Boot. The patch allows using the current built-in TPM 2.0 support or switching to wolfTPM via CONFIG_TPM_WOLF=y. It also supports TPM 2.0 firmware update for the Infineon SLB9672 and SLB9673.
>> >>> >
>> >>> > I think there is probably some more cleanup and testing needed, but I wanted to submit this to start the discussion and see your thoughts.
>> >>> >
>> >>> > The wolfTPM library is GPLv2 and added as a submodule. If the license or submodule is an issue let’s discuss! I’m positive we can resolve anything.
>> >>> >
>> >>> > Attached is the patch based on latest master 3b6760ddeb4 to review.
>> >>>
>> >>> Thank you for doing this!
>> >>>
>> >>> Here are a few thoughts:
>> >>>
>> >>> - Use lower case for function names
>> >>> - Avoid camel case
>> >>> - What is XMEMSET()? - Can you use memset() ?
>> >>> - Convert most prinf() functions to log_debug()
>> >>> - Can you use subcommands (from command.h) instead of parsing the
>> >>> subcommand yourself?
>> >>> - put the FIRMWARE_UPGRADE thing into Kconfig, as well as WOLFTPM_SLB9672/3
>> >>> - put the driver code into drivers/ with just the command code in cmd/
>> >>> - add config WOLFTPM, separate from CMD_WOLFTPM
>> >>> - can you add a test in test/ and docs in doc/usage/cmd/  ?
>> >>>
>> >>> Regards,
>> >>> Simon
>> >>>
>> >>>
>> >>> >
>> >>> > 
>> >>> >
>> >>> > Thanks,
>> >>> > David Garske
>> >>> > Software Engineer, wolfSSL
>> >>> > +1 (530) 409-2990
>> >>> > https://www.wolfssl.com <https://www.wolfssl.com/> <https://www.wolfssl.com/>
>> >>> > https://github.com/wolfssl
>> >>> >

-------------- next part --------------
A non-text attachment was scrubbed...
Name: wolftpm-uboot-rpi4.patch
Type: application/octet-stream
Size: 148943 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20260127/c5b44a53/attachment-0001.obj>