[[PATCH v2] tpm: Add wolfTPM library support for TPM 2.0 05/12] tpm: add wolfTPM library as git submodule

David Garske david at wolfssl.com
Mon Mar 16 19:14:34 CET 2026 

From: Aidan <aidan at wolfssl.com>

Add wolfTPM (https://github.com/wolfSSL/wolfTPM) as a git submodule
at lib/wolftpm. wolfTPM is a portable, open-source TPM 2.0 stack
licensed under GPLv2, providing native API access to all TPM 2.0
commands and a wrapper API for common operations.

The build system additions:

.gitmodules:
  Registers the wolfTPM submodule pointing to the upstream repo.

lib/Kconfig:
  Adds CONFIG_TPM_WOLF option under library routines, which selects
  SHA1 and implies DM_RNG.

lib/Makefile:
  When CONFIG_TPM_WOLF and CONFIG_TPM_V2 are both enabled, compiles
  wolfTPM core source files (tpm2.c, tpm2_packet.c, tpm2_tis.c,
  tpm2_wrap.c, tpm2_param_enc.c) and the HAL layer (tpm_io.c).
  Sets -I include paths and -DWOLFTPM_USER_SETTINGS.

Signed-off-by: Aidan Garske <aidan at wolfssl.com>
---
 .gitmodules  |  3 +++
 lib/Kconfig  | 13 +++++++++++++
 lib/Makefile | 18 ++++++++++++++++++
 lib/wolftpm  |  1 +
 4 files changed, 35 insertions(+)
 create mode 100644 .gitmodules
 create mode 160000 lib/wolftpm

diff --git a/.gitmodules b/.gitmodules
new file mode 100644
index 00000000000..3f95a7c3eb9
--- /dev/null
+++ b/.gitmodules
@@ -0,0 +1,3 @@
+[submodule "lib/wolftpm"]
+	path = lib/wolftpm
+	url = https://github.com/wolfssl/wolfTPM.git
diff --git a/lib/Kconfig b/lib/Kconfig
index 931d5206936..24477ea53c9 100644
--- a/lib/Kconfig
+++ b/lib/Kconfig
@@ -500,6 +500,19 @@ config TPM
 	  If you want a fully functional TPM enable all hashing algorithms.
 	  If you enabled measured boot all hashing algorithms are selected.
 
+config TPM_WOLF
+    bool "Enable wolfTPM support"
+	depends on DM
+	imply DM_RNG
+	select SHA1
+    help
+        This option enables support for wolfTPM in U-Boot. WolfTPM can be
+		used to update ARM specific platforms. Enabling this option allows
+		U-Boot to interact with the TPM using wolfTPM commands such as
+		firmware updates, PCR extend, and more. It is especially useful on
+		platforms that require support for secure boot and other TPM-related
+		functionality.
+
 config SPL_TPM
 	bool "Trusted Platform Module (TPM) Support in SPL"
 	depends on SPL_DM
diff --git a/lib/Makefile b/lib/Makefile
index 70667f3728c..76025cc77d8 100644
--- a/lib/Makefile
+++ b/lib/Makefile
@@ -55,6 +55,7 @@ obj-$(CONFIG_BITREVERSE) += bitrev.o
 obj-y += list_sort.o
 endif
 
+# U-boot TPM
 obj-$(CONFIG_$(PHASE_)TPM) += tpm-common.o
 ifeq ($(CONFIG_$(PHASE_)TPM),y)
 obj-$(CONFIG_TPM) += tpm_api.o
@@ -64,6 +65,23 @@ obj-$(CONFIG_EFI_TCG2_PROTOCOL) += tpm_tcg2.o
 obj-$(CONFIG_MEASURED_BOOT) += tpm_tcg2.o
 endif
 
+# wolfTPM with TPM 2.0 support (including TPM firmware update)
+ifeq ($(CONFIG_TPM_WOLF),y)
+ifeq ($(CONFIG_TPM_V2),y)
+ccflags-y += -I$(srctree)/lib/wolftpm \
+             -I$(srctree)/include/configs \
+             -DWOLFTPM_USER_SETTINGS
+obj-y += wolftpm/hal/tpm_io.o
+obj-$(CONFIG_WOLFTPM_LINUX_DEV) += wolftpm/src/tpm2_linux.o
+obj-y += wolftpm/src/tpm2.o
+obj-y += wolftpm/src/tpm2_packet.o
+obj-y += wolftpm/src/tpm2_tis.o
+obj-y += wolftpm/src/tpm2_wrap.o
+obj-y += wolftpm/src/tpm2_param_enc.o
+obj-y += wolftpm.o
+endif
+endif
+
 obj-$(CONFIG_$(PHASE_)CRC8) += crc8.o
 obj-$(CONFIG_$(PHASE_)CRC16) += crc16.o
 obj-$(CONFIG_$(PHASE_)CRC16) += crc16-ccitt.o
diff --git a/lib/wolftpm b/lib/wolftpm
new file mode 160000
index 00000000000..664db130d57
--- /dev/null
+++ b/lib/wolftpm
@@ -0,0 +1 @@
+Subproject commit 664db130d57bfa18a3254a0ddc126da1beeb9895
-- 
2.43.0

More information about the U-Boot mailing list