[PATCH v3 05/12] tpm: add wolfTPM build rules and Kconfig
Aidan Garske
aidan at wolfssl.com
Sat May 9 02:04:12 CEST 2026
From: Aidan <aidan at wolfssl.com>
Hook the wolfTPM source tree (imported as a subtree at lib/wolftpm/ in
the preceding commits) into the U-Boot build and add upstream-pull
support to tools/update-subtree.sh, matching how mbedtls, dts, and lwip
are maintained.
lib/Kconfig:
Adds CONFIG_TPM_WOLF under library routines, depending on DM,
implying DM_RNG, and selecting SHA1.
lib/Makefile:
When CONFIG_TPM_WOLF and CONFIG_TPM_V2 are both enabled, compiles
wolfTPM core source files (tpm2.c, tpm2_packet.c, tpm2_tis.c,
tpm2_wrap.c, tpm2_param_enc.c) and the HAL layer (tpm_io.c).
Sets -I include paths and -DWOLFTPM_USER_SETTINGS so wolfTPM picks
up include/configs/user_settings.h.
tools/update-subtree.sh:
Registers the wolftpm subtree (path lib/wolftpm, upstream
https://github.com/wolfssl/wolfTPM.git) so the existing pull/pick
workflow can be used for future wolfTPM updates.
Signed-off-by: Aidan Garske <aidan at wolfssl.com>
---
lib/Kconfig | 13 +++++++++++++
lib/Makefile | 17 +++++++++++++++++
tools/update-subtree.sh | 7 ++++++-
3 files changed, 36 insertions(+), 1 deletion(-)
diff --git a/lib/Kconfig b/lib/Kconfig
index 931d5206936..b7dc422e94c 100644
--- a/lib/Kconfig
+++ b/lib/Kconfig
@@ -500,6 +500,19 @@ config TPM
If you want a fully functional TPM enable all hashing algorithms.
If you enabled measured boot all hashing algorithms are selected.
+config TPM_WOLF
+ bool "Enable wolfTPM support"
+ depends on DM
+ imply DM_RNG
+ select SHA1
+ help
+ This option enables support for wolfTPM in U-Boot. wolfTPM is a
+ portable, open-source TPM 2.0 stack licensed under GPLv2. Enabling
+ this option allows U-Boot to interact with the TPM via wolfTPM,
+ including firmware updates, PCR extend, and other TPM 2.0
+ operations. The wolfTPM source tree lives under lib/wolftpm/ as
+ a subtree (see tools/update-subtree.sh).
+
config SPL_TPM
bool "Trusted Platform Module (TPM) Support in SPL"
depends on SPL_DM
diff --git a/lib/Makefile b/lib/Makefile
index 70667f3728c..0753e33d69e 100644
--- a/lib/Makefile
+++ b/lib/Makefile
@@ -64,6 +64,23 @@ obj-$(CONFIG_EFI_TCG2_PROTOCOL) += tpm_tcg2.o
obj-$(CONFIG_MEASURED_BOOT) += tpm_tcg2.o
endif
+# wolfTPM (TPM 2.0 stack, including firmware update support)
+ifeq ($(CONFIG_TPM_WOLF),y)
+ifeq ($(CONFIG_TPM_V2),y)
+ccflags-y += -I$(srctree)/lib/wolftpm \
+ -I$(srctree)/include/configs \
+ -DWOLFTPM_USER_SETTINGS
+obj-y += wolftpm/hal/tpm_io.o
+obj-$(CONFIG_WOLFTPM_LINUX_DEV) += wolftpm/src/tpm2_linux.o
+obj-y += wolftpm/src/tpm2.o
+obj-y += wolftpm/src/tpm2_packet.o
+obj-y += wolftpm/src/tpm2_tis.o
+obj-y += wolftpm/src/tpm2_wrap.o
+obj-y += wolftpm/src/tpm2_param_enc.o
+obj-y += wolftpm.o
+endif
+endif
+
obj-$(CONFIG_$(PHASE_)CRC8) += crc8.o
obj-$(CONFIG_$(PHASE_)CRC16) += crc16.o
obj-$(CONFIG_$(PHASE_)CRC16) += crc16-ccitt.o
diff --git a/tools/update-subtree.sh b/tools/update-subtree.sh
index 536b3318573..c5963e6a3ae 100755
--- a/tools/update-subtree.sh
+++ b/tools/update-subtree.sh
@@ -17,7 +17,7 @@ set -e
print_usage() {
echo "usage: $0 <op> <subtree-name> <ref>"
echo " <op> pull or pick"
- echo " <subtree-name> mbedtls or dts or lwip"
+ echo " <subtree-name> mbedtls or dts or lwip or wolftpm"
echo " <ref> release tag [pull] or commit id [pick]"
}
@@ -47,6 +47,11 @@ set_params() {
repo_url=https://git.savannah.gnu.org/git/lwip.git
remote_name="lwip_upstream"
;;
+ wolftpm)
+ path=lib/wolftpm
+ repo_url=https://github.com/wolfssl/wolfTPM.git
+ remote_name="wolftpm_upstream"
+ ;;
*)
echo "Invalid subtree name: $subtree_name"
print_usage
--
2.47.3
More information about the U-Boot
mailing list