wolfTPM

Introduction

wolfTPM is a lightweight, portable TPM 2.0 library optimized for embedded systems, RTOS environments, and resource-constrained devices. It provides a full TPM 2.0 implementation including support for cryptographic operations, key generation, secure storage, and attestation.

wolfTPM has been integrated as a Zephyr module with CMake and Kconfig support, making it simple to include TPM functionality in any Zephyr-based project. The module supports device tree integration for I2C communication with TPM devices - you can configure the I2C bus by setting WOLFTPM_ZEPHYR_I2C_BUS in user_settings.h to the node describing the I2C bus on your device. I2C speed can be configured with WOLFTPM_ZEPHYR_I2C_SPEED.

wolfTPM is dual licensed under GPLv3 and commercial licenses.

GitHub Repository: wolfTPM Repository [1]

Requirements

• wolfSSL for cryptographic operations

Usage with Zephyr

Add wolfTPM as a project to your west.yml:

manifest:
  remotes:
  # <your other remotes>
  - name: wolftpm
    url-base: https://github.com/wolfssl
projects:
  # <your other projects>
  - name: wolftpm
    path: modules/crypto/wolftpm
    revision: v3.10.0
    remote: wolftpm

Note

The revision shown above is an example. Check the wolfTPM Repository [1] releases page for the latest release tag to ensure you are using the desired version.

Update west’s modules:

west update

Now west recognizes wolftpm as a module, and will include its Kconfig and CMakeLists.txt in the build system.

Sample Applications

wolfTPM includes two sample applications for Zephyr:

• wolftpm_wrap_test - tests core TPM wrapper functionality

• wolftpm_wrap_caps - displays TPM capabilities

Both examples build and run successfully on qemu_x86, providing a solid foundation for development.

Configuration

The module uses a user_settings.h configuration file that can be customized to match project-specific requirements. For I2C communication with TPM devices, configure:

• WOLFTPM_ZEPHYR_I2C_BUS - set to the device tree node describing your I2C bus

• WOLFTPM_ZEPHYR_I2C_SPEED - set the I2C line speed

Additional Resources

For more regarding the usage of wolfTPM with Zephyr, please refer to the wolfTPM Zephyr Example Usage [2] and the wolfTPM Zephyr Announcement [5].

For application code examples in Zephyr, please refer to the wolfSSL NXP AppCodeHub [3].

For wolfTPM API documentation, please refer to the wolfTPM Documentation [4].

Reference

[1] (1,2)

https://github.com/wolfSSL/wolfTPM

[2]

https://github.com/wolfSSL/wolfTPM/blob/master/zephyr/README.md

[3]

https://github.com/wolfSSL/nxp-appcodehub

[4]

https://www.wolfssl.com/documentation/manuals/wolftpm/

[5]

https://www.wolfssl.com/wolftpm-support-for-zephyr-rtos/