Product of the Week: wolfTPM Portable TPM 2.0 Library

May 07, 2021

Blog

Product of the Week: wolfTPM Portable TPM 2.0 Library

The Trusted Computing Group’s (TCG’s) Trusted Platform Module 2.0 (TPM 2.0) specification provides the foundation for building hardware-based cryptographic processing functions into modern-day electronic systems. But where do you go from there?

wolfSSL’s Portable wolfTPM 2.0 Library, also known as the lightweight TPM library, is an open-source TPM 2.0 stack with backward-compatible, TCG-compliant APIs. According to the company, it uses 20x less code and 100x less memory than other TPM stacks, and is available in a “small stack option” that reduces stack use to minimum function buffer sizes and different levels of debugging support. In other words, it’s one of the lowest-footprint, most cost-effective options out there for implementing advanced security functions.

Designed for commercial use in safety-critical systems serving the aerospace, medical, rail, automotive, and other industries, the wolfTPM 2.0 library is used for measured boot and protected key services on x86 devices and also supports the following devices:

  • ST ST33TP* SPI/I2C
  • Infineon Optiga SLB9670
  • Microchip ATTPM20
  • Nations Tech Z32H330
  • Nuvoton NPCT650 and NPCT75x
  • Hardware Abstraction Layer (HAL) support for Raspberry Pi, Windows TBS, STM32 CubeMX, Atmel ASF, Xilinx ZynqMP, Barebox, and more.

The library supports all standard algorithms defined in the TPM 2.0 specification, which includes custom vendor algorithms. It is written in C, and has no external dependencies to ensure module integrity.

The wolfTPM Portable TPM 2.0 Library in Action

The wolfTPM Portable TPM 2.0 Library natively supports Windows and Linux operating systems, and can be used with RTOS and bare metal environments. In action, it utilizes the TPM Interface Specification (TIS) to communicate over SPI, though it can also use the I2C or LPC bus. In Linux, for example, wolfTPM will use the /dev/spidev#.# SPI and the /dev/i2c-1 for I2C. In RTOS and bare metal environments, it uses a single IO callback over SPI.

One of the most significant usability features of the wolfTPM Portable TPM 2.0 Library is the presence of API wrappers that assist with the implementation of both common and complex use cases, ranging from key generation and encryption/decryption to signing and verification and attestation. The library also includes examples for more complex uses like attestation, certificate signing requests (CSRs), and generating signed timestamps to help simplify development and deployment.

Most of the complex commands are made easier with the wolfTPM wrappers as they offer complete control over user parameters. Meanwhile, the wrappers also streamline common commands like primary key generation, standard key generation, and HMAC generation to guard against incorrect parameters and TPM configurations. This requires only five lines of code, less coding than would be required using a native API.

A secure storage option is available via the TPM NV feature, which facilitates the housing of any private key, public key, symmetric key, or other data on the TPM chip’s NVRAM. TPM NV also  allows password-based access to these restricted memory regions to the owner(s) of NV indexes.

The TPM NV also allows the use of password authorization over the NV memory which would only allow access to the memory but only to the owner of that NV index. The use of parameter encryption to protect the authorization from MITM is also enabled, but only the application and the TPM can decrypt the password.

Getting Started with the wolfTPM Portable TPM 2.0 Library

Version 2.1.0 of the wolfTPM Portable TPM 2.0 Library is available for download under either a commercial or GPLv2 license. To get started, a detailed overview complete with examples, benchmarks, and API references can be accessed from the wolfTPM manual online. wolfSSL also offers support packages and consulting services to aid in integration and implementation of the wolfTPM 2.0 Library.

For more information, visit the wolfTPM Portable TPM 2.0 Library product page or check out the resources below.

Additional Resources:

Featured Companies

wolfSSL

10016 Edmonds Way
Edmonds, WA 98020