On Fri, 9 May 2025 at 18:43, David Garske <da...@wolfssl.com> wrote: > > Hi Ilias, > > Thank you for the quick reply. I am happy that you will consider wolfTPM as a > submodule. We have 100’s of commercial customers and it is very actively > maintained. In fact we will continue to provide direct maintenance for any > u-boot issues that come up using wolfTPM. Also we’ve done safety critical > DO-178 certification on wolfTPM. > > 1) U-Boot subsystem maintainers. Can you point me to that list of maintainers?
it's in MAINTAINERS. I am responsible for TPM > 2) Size: I haven’t run any size comparisons but I expect to be inline with > existing code. I will make sure we run some comparisons. > 3) Releases: Yes we have stable releases done each quarter. I am about to do > a release v3.9.0 next week that includes the U-boot support, so I will update > the submodule to use the tagged release when it’s ready. > 4) CVE: Yes we track and create CVE’s if we find issues or any are reported. > We typically have a fix posted within 36 hours of a report. Vulnerabilities > are published in the release notes and for our premium support customers they > get early notification. > 5) Patch Size: I will work on reducing the changes and splitting them into > logical commits. > > Enjoy your time away. I’ll have updates to share soon. Thanks /Ilias > > Thanks, > David Garske > Software Engineer, wolfSSL > +1 (530) 409-2990 > https://www.wolfssl.com > https://github.com/wolfssl > > On May 9, 2025, at 5:22 AM, Ilias Apalodimas <ilias.apalodi...@linaro.org> > wrote: > > Hi David > > Hi Denx, > > We at wolfSSL have developed a port for wolfTPM in U-Boot. The patch allows > using the current built-in TPM 2.0 support or switching to wolfTPM via > CONFIG_TPM_WOLF=y. It also supports TPM 2.0 firmware update for the Infineon > SLB9672 and SLB9673. > > I think there is probably some more cleanup and testing needed, but I wanted > to submit this to start the discussion and see your thoughts. > > > It's easier if you CC the appropriate maintainers for each subsystem next > time! > > > The wolfTPM library is GPLv2 and added as a submodule. If the license or > submodule is an issue let’s discuss! I’m positive we can resolve anything. > > > We recently added a few external libraries. mbedTLS and lwIP. Both of these > are pulled as subtrees, so I'd like to stick to that. > > I briefly went through the patch and I don't disagree in pulling an > external library as long as it's reasonably stable and will continue > to be maintained. A few questions since I am not familiar with wolfTPM > > - Have you made any size comparisons wrt to the final binary size? > - Does wolfTPM have stable releases that we can use? > - Is there a CVE policy ? > > The current patch is quite big and I honestly don't have time to go > through all of it in detail. I'll be away next week, but I can give some > general feedback in ~10days. The easiest thing to do is try to split it > a reasonable amount of patches -- and only include the bare minimum of what's > required to work. > > Thanks > /Ilias > > > Attached is the patch based on latest master 3b6760ddeb4 to review. > >  > > Thanks, > David Garske > Software Engineer, wolfSSL > +1 (530) 409-2990 > https://www.wolfssl.com <https://www.wolfssl.com/> > https://github.com/wolfssl > > >
