Skip to content

wolfTPM Support For Das U-Boot Bootloader #398

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
night1rider merged 5 commits into from
May 7, 2025
Merged

wolfTPM Support For Das U-Boot Bootloader #398

night1rider merged 5 commits into from
May 7, 2025

Conversation

@aidangarske
Copy link
Contributor

@aidangarske aidangarske commented Jan 24, 2025
edited
Loading

Description

Support for u-boot with wolfTPM.

  • Recommended to use the SOFT SPI driver in U-boot
  • wolfTPM serves as a TPM 2.0 driver thanks to its internal TIS layer
  • wolfTPM provides native API with full access to all TPM 2.0 commands
  • wolfTPM offers wrappers API for complex and common TPM 2.0 operations
  • Two paths customers can take:
    __linux__ utilizes the existing tpm interface through tpm2_linux.c
    __UBOOT__ directly talks to TPM with SPI through tpm_io_uboot.c

U-Boot TPM commands to be added:

  • Get Capability (report device details including key group)
    Tested in QEMU with SWTPM
  • Start Firmware Update (not tested)
    manifest_addr manifest_sz firmware_addr firmware_sz
  • Cancel / Abandon (not tested)

Testing

Refer to readme - tested caps with qemu and swtpm simulator

Documentation

examples/u-boot/README.md

@aidangarske aidangarske self-assigned this Jan 24, 2025
@aidangarske aidangarske mentioned this pull request Jan 24, 2025
Closed
@dgarske dgarske self-requested a review January 24, 2025 21:15
dgarske
dgarske requested changes Jan 24, 2025
View reviewed changes
@aidangarske aidangarske requested a review from dgarske January 24, 2025 21:30
@dgarske dgarske removed their request for review January 28, 2025 17:08
@aidangarske aidangarske requested a review from dgarske January 31, 2025 16:57
dgarske
dgarske requested changes Feb 17, 2025
View reviewed changes
@dgarske dgarske marked this pull request as ready for review April 25, 2025 19:33
dgarske
dgarske requested changes Apr 25, 2025
View reviewed changes
@aidangarske aidangarske requested a review from dgarske April 25, 2025 20:16
dgarske
dgarske requested changes Apr 25, 2025
View reviewed changes
@aidangarske aidangarske requested a review from dgarske April 30, 2025 18:22
@dgarske dgarske assigned dgarske and wolfSSL-Bot and unassigned aidangarske May 6, 2025
@dgarske dgarske requested a review from Copilot May 6, 2025 23:30
Copilot AI reviewed May 6, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This pull request adds support for U-Boot in wolfTPM by implementing new IO callbacks and wrapper functions for TPM operations while also updating documentation for clarity. Key changes include:

  • Introducing new U-Boot–specific IO implementation (tpm_io_uboot.c) and corresponding header adjustments.
  • Refactoring TPM reset and shutdown functions, including renaming wolfTPM2_Shutdown to wolfTPM2_Reset and adding dedicated wrappers.
  • Enhancing documentation for TPM API wrappers to clarify functionality and usage.

Reviewed Changes

Copilot reviewed 13 out of 14 changed files in this pull request and generated 1 comment.

Show a summary per file
File Description
wolftpm/tpm2_wrap.h Added documentation for TPM reset and hierarchy auth change with minor spelling fixes.
wolftpm/tpm2_types.h Updated include conditionals and removed redundant includes.
wolftpm/tpm2_packet.h Added guard macros for endian helper definitions.
wolftpm/tpm2.h Introduced TPM2_GetAlgId and TPM2_GetHierarchyDesc functions.
src/tpm2_wrap.c Renamed and refactored TPM shutdown/reset functions and updated logging.
src/tpm2_linux.c Added U-Boot branch to support new IO callbacks.
src/tpm2.c Implemented TPM2_GetAlgId function.
hal/tpm_io_uboot.c Added U-Boot specific IO callback implementation.
hal/tpm_io.h and hal/tpm_io.c Updated IO callback header and source to include UBOOT branch.
examples/wrap/*.c and examples/u-boot/README.md Updated API calls to use the new reset function and added U-Boot documentation.
Files not reviewed (1)
  • hal/include.am: Language not supported
Comments suppressed due to low confidence (1)

src/tpm2_wrap.c:5793

  • The error message in wolfTPM2_ChangeHierarchyAuth prints the error string and hierarchy description in a confusing order. Swap the parameters so that the hierarchy description (desc) appears immediately after the error code and the error string from TPM2_GetRCString(rc) is shown last.
            printf("Error %d setting %s auth! %s\n", rc, wolfTPM2_GetRCString(rc), desc);

@dgarske dgarske requested a review from night1rider May 6, 2025 23:55
@night1rider night1rider merged commit 33a5f47 into wolfSSL:master May 7, 2025
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@dgarske dgarske dgarske approved these changes

@night1rider night1rider night1rider approved these changes

Assignees

@dgarske dgarske

@wolfSSL-Bot wolfSSL-Bot

@night1rider night1rider

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@aidangarske @dgarske @night1rider @wolfSSL-Bot