[PATCH v3 00/12] tpm: Add wolfTPM library support for TPM 2.0

Peter Robinson pbrobinson at gmail.com
Mon May 11 12:09:28 CEST 2026 

On Mon, 11 May 2026 at 10:15, Peter Robinson <pbrobinson at gmail.com> wrote:
>
> Hi Aidan,
>
> > This is v3 of the wolfTPM TPM 2.0 stack integration for U-Boot.
> >
> > wolfTPM (https://github.com/wolfSSL/wolfTPM) is a portable, GPLv2 TPM 2.0
>
> I go to the github link and it says  GPL-3.0 license so which is it?
>
> IANAL but I'm not sure if the GPLv3 is compatible with GPLv2 in the
> context of U-Boot because it would make the whole output a GPLv3
> application

In fact the majority of U-Boot code, like Linux, is GPLv2 only, not
later which makes this directly incompatible with U-Boot.

> > library that provides a full TPM 2.0 command set, an SPI/MMIO HAL, and
> > firmware-update support for Infineon SLB9672/SLB9673 hardware.  This
> > series wires it into U-Boot as an optional backend behind the existing
> > 'tpm2' command, alongside support for QEMU+swtpm, sandbox emulation, and
> > real Raspberry Pi 4 + Infineon SLB9672 hardware.
>
> So that provides the technical detail, but what value does it provide
> to U-Boot? We already have a relatively complete TPM stack, do people
> do firmware updates in the early boot process, why else would someone
> choose to use this over the existing implementation?
>
> One part of what I want to know in a cover letter is what value this
> provides to the project, what are the pros/cons etc, like what
> maintenance looks like.
>
> Peter
>
> > Branch (full 14-commit history including the subtree squash + merge):
> >   https://github.com/aidangarske/u-boot wolftpm-v2-patches
> >
> > Note on the subtree commits omitted from this email thread:
> >   The branch above contains 14 commits; the email series is 12 patches.
> >   Two commits are deliberately not sent to the list:
> >
> >     * "Squashed 'lib/wolftpm/' content from commit 664db130d57"
> >         - the parentless squash commit produced by `git subtree add`.
> >           Its diff is ~3.4MB / ~90k lines and would be rejected by the
> >           mailing list on size.
> >     * "Merge commit 'd42fd7b146...' as 'lib/wolftpm'"
> >         - the corresponding subtree merge commit. Merges have no patch
> >           form and are routinely omitted by `git format-patch`.
> >
> >   Please pull from the branch above (or wolfssl/wolfTPM @ 664db130d57)
> >   to inspect the imported wolfTPM source. Subsequent updates will go
> >   via tools/update-subtree.sh, matching how mbedTLS, lwIP, and
> >   dts/upstream are maintained in tree.
> >
> > Changes since v2:
> >   - Replaced the lib/wolftpm git submodule with a git subtree import
> >     (squash + merge), matching the convention used for mbedTLS, lwIP,
> >     and dts/upstream.  tools/update-subtree.sh is updated to know
> >     about the wolftpm subtree (path lib/wolftpm, upstream
> >     https://github.com/wolfssl/wolfTPM.git).
> >     [feedback: Ilias Apalodimas]
> >   - Reverted the changes to include/linux/byteorder/generic.h.  The
> >     redefinition workaround for cpu_to_beXX / beXX_to_cpu now lives
> >     on the wolfTPM side: include/configs/user_settings.h pulls in
> >     <asm/byteorder.h> up front so U-Boot's macros are defined before
> >     wolfTPM's #ifndef-guarded fallbacks in tpm2_packet.h.
> >     [feedback: Ilias Apalodimas]
> >
> > Testing:
> >   - QEMU arm64 + swtpm Python test framework
> >     (./test/py/test.py --bd qemu_arm64 -k "test_wolftpm and not ut_cmd"):
> >     19 passed, 2 skipped (matching doc/usage/cmd/wolftpm.rst).
> >   - Manual QEMU arm64 + swtpm walkthrough per
> >     doc/usage/cmd/wolftpm.rst section "Building and Running wolfTPM
> >     with U-Boot using QEMU": tpm2 help/info/autostart/startup/
> >     get_capability/pcr_read/pcr_print/caps all return expected output.
> >   - Raspberry Pi 4 + Infineon SLB9672 (real hardware): all wolfTPM
> >     cmd tests pass, including firmware update path.
> >
> > v2 thread:
> >   https://lore.kernel.org/u-boot/?q=PATCH+v2+tpm+wolfTPM
> >
> > Aidan Garske (12):
> >   tpm: export tpm_show_device, tpm_set_device, and get_tpm
> >   include/hash: add SHA384 hash wrapper declaration for wolfTPM
> >   spi: add BCM2835/BCM2711 hardware SPI controller driver

While I understand why you would put the above patch in it should in
fact be sent on it's own as a standalone patch because it's really
nothing to with this series.

> >   dts: add TPM device tree nodes for RPi4, QEMU, and sandbox
> >   tpm: add wolfTPM build rules and Kconfig
> >   tpm: add wolfTPM headers and SHA384 glue code
> >   tpm: add wolfTPM driver helpers and Kconfig options
> >   cmd: refactor tpm2 command into frontend/backend architecture
> >   tpm: add sandbox TPM SPI emulator
> >   test: add wolfTPM C unit tests and Python integration tests
> >   doc: add wolfTPM documentation
> >   configs: enable wolfTPM in rpi_4_defconfig
> >
> > --
> > 2.47.3
> >

More information about the U-Boot mailing list