[[PATCH v2] tpm: Add wolfTPM library support for TPM 2.0 05/12] tpm: add wolfTPM library as git submodule

[Ilias Apalodimas]

We decided a while back to use subtress for importing external trees.
mbedTLS, dts and lwIP work as such, so please convert to a subtree.

tools/update-subtree.sh is what we use to merge the latest updates.

Regards
/Ilias

On Mon Mar 16, 2026 at 8:14 PM EET, David Garske wrote:
> From: Aidan <aidan at wolfssl.com>
>
> Add wolfTPM (https://github.com/wolfSSL/wolfTPM) as a git submodule
> at lib/wolftpm. wolfTPM is a portable, open-source TPM 2.0 stack
> licensed under GPLv2, providing native API access to all TPM 2.0
> commands and a wrapper API for common operations.
>
> The build system additions:
>
> .gitmodules:
>   Registers the wolfTPM submodule pointing to the upstream repo.
>
> lib/Kconfig:
>   Adds CONFIG_TPM_WOLF option under library routines, which selects
>   SHA1 and implies DM_RNG.
>
> lib/Makefile:
>   When CONFIG_TPM_WOLF and CONFIG_TPM_V2 are both enabled, compiles
>   wolfTPM core source files (tpm2.c, tpm2_packet.c, tpm2_tis.c,
>   tpm2_wrap.c, tpm2_param_enc.c) and the HAL layer (tpm_io.c).
>   Sets -I include paths and -DWOLFTPM_USER_SETTINGS.
>
> Signed-off-by: Aidan Garske <aidan at wolfssl.com>
> ---
>  .gitmodules  |  3 +++
>  lib/Kconfig  | 13 +++++++++++++
>  lib/Makefile | 18 ++++++++++++++++++
>  lib/wolftpm  |  1 +
>  4 files changed, 35 insertions(+)
>  create mode 100644 .gitmodules
>  create mode 160000 lib/wolftpm
>
> diff --git a/.gitmodules b/.gitmodules
> new file mode 100644
> index 00000000000..3f95a7c3eb9
> --- /dev/null
> +++ b/.gitmodules
> @@ -0,0 +1,3 @@
> +[submodule "lib/wolftpm"]
> +	path = lib/wolftpm
> +	url = https://github.com/wolfssl/wolfTPM.git
> diff --git a/lib/Kconfig b/lib/Kconfig
> index 931d5206936..24477ea53c9 100644
> --- a/lib/Kconfig
> +++ b/lib/Kconfig
> @@ -500,6 +500,19 @@ config TPM
>  	  If you want a fully functional TPM enable all hashing algorithms.
>  	  If you enabled measured boot all hashing algorithms are selected.
>
> +config TPM_WOLF
> +    bool "Enable wolfTPM support"
> +	depends on DM
> +	imply DM_RNG
> +	select SHA1
> +    help
> +        This option enables support for wolfTPM in U-Boot. WolfTPM can be
> +		used to update ARM specific platforms. Enabling this option allows
> +		U-Boot to interact with the TPM using wolfTPM commands such as
> +		firmware updates, PCR extend, and more. It is especially useful on
> +		platforms that require support for secure boot and other TPM-related
> +		functionality.
> +
>  config SPL_TPM
>  	bool "Trusted Platform Module (TPM) Support in SPL"
>  	depends on SPL_DM
> diff --git a/lib/Makefile b/lib/Makefile
> index 70667f3728c..76025cc77d8 100644
> --- a/lib/Makefile
> +++ b/lib/Makefile
> @@ -55,6 +55,7 @@ obj-$(CONFIG_BITREVERSE) += bitrev.o
>  obj-y += list_sort.o
>  endif
>
> +# U-boot TPM
>  obj-$(CONFIG_$(PHASE_)TPM) += tpm-common.o
>  ifeq ($(CONFIG_$(PHASE_)TPM),y)
>  obj-$(CONFIG_TPM) += tpm_api.o
> @@ -64,6 +65,23 @@ obj-$(CONFIG_EFI_TCG2_PROTOCOL) += tpm_tcg2.o
>  obj-$(CONFIG_MEASURED_BOOT) += tpm_tcg2.o
>  endif
>
> +# wolfTPM with TPM 2.0 support (including TPM firmware update)
> +ifeq ($(CONFIG_TPM_WOLF),y)
> +ifeq ($(CONFIG_TPM_V2),y)
> +ccflags-y += -I$(srctree)/lib/wolftpm \
> +             -I$(srctree)/include/configs \
> +             -DWOLFTPM_USER_SETTINGS
> +obj-y += wolftpm/hal/tpm_io.o
> +obj-$(CONFIG_WOLFTPM_LINUX_DEV) += wolftpm/src/tpm2_linux.o
> +obj-y += wolftpm/src/tpm2.o
> +obj-y += wolftpm/src/tpm2_packet.o
> +obj-y += wolftpm/src/tpm2_tis.o
> +obj-y += wolftpm/src/tpm2_wrap.o
> +obj-y += wolftpm/src/tpm2_param_enc.o
> +obj-y += wolftpm.o
> +endif
> +endif
> +
>  obj-$(CONFIG_$(PHASE_)CRC8) += crc8.o
>  obj-$(CONFIG_$(PHASE_)CRC16) += crc16.o
>  obj-$(CONFIG_$(PHASE_)CRC16) += crc16-ccitt.o
> diff --git a/lib/wolftpm b/lib/wolftpm
> new file mode 160000
> index 00000000000..664db130d57
> --- /dev/null
> +++ b/lib/wolftpm
> @@ -0,0 +1 @@
> +Subproject commit 664db130d57bfa18a3254a0ddc126da1beeb9895