Hi Ilias, Thank you! It’s a pleasure to meet you! I’m the author and maintainer or wolfTPM.
Perhaps it would be useful to meet and chat for a bit? Are you free next week May 28th at 7:30 AM PT? I loved the feedback from Simon Glass and we will be implementing those and suggesting a new patch soon. Thanks, David Garske Software Engineer, wolfSSL +1 (530) 409-2990 https://www.wolfssl.com <https://www.wolfssl.com/> https://github.com/wolfssl > On May 19, 2025, at 1:52 AM, Ilias Apalodimas <ilias.apalodi...@linaro.org> > wrote: > > On Fri, 9 May 2025 at 18:43, David Garske <da...@wolfssl.com> wrote: >> >> Hi Ilias, >> >> Thank you for the quick reply. I am happy that you will consider wolfTPM as >> a submodule. We have 100’s of commercial customers and it is very actively >> maintained. In fact we will continue to provide direct maintenance for any >> u-boot issues that come up using wolfTPM. Also we’ve done safety critical >> DO-178 certification on wolfTPM. >> >> 1) U-Boot subsystem maintainers. Can you point me to that list of >> maintainers? > > it's in MAINTAINERS. I am responsible for TPM > >> 2) Size: I haven’t run any size comparisons but I expect to be inline with >> existing code. I will make sure we run some comparisons. >> 3) Releases: Yes we have stable releases done each quarter. I am about to do >> a release v3.9.0 next week that includes the U-boot support, so I will >> update the submodule to use the tagged release when it’s ready. >> 4) CVE: Yes we track and create CVE’s if we find issues or any are reported. >> We typically have a fix posted within 36 hours of a report. Vulnerabilities >> are published in the release notes and for our premium support customers >> they get early notification. >> 5) Patch Size: I will work on reducing the changes and splitting them into >> logical commits. >> >> Enjoy your time away. I’ll have updates to share soon. > > Thanks > /Ilias >> >> Thanks, >> David Garske >> Software Engineer, wolfSSL >> +1 (530) 409-2990 >> https://www.wolfssl.com >> https://github.com/wolfssl >> >> On May 9, 2025, at 5:22 AM, Ilias Apalodimas <ilias.apalodi...@linaro.org> >> wrote: >> >> Hi David >> >> Hi Denx, >> >> We at wolfSSL have developed a port for wolfTPM in U-Boot. The patch allows >> using the current built-in TPM 2.0 support or switching to wolfTPM via >> CONFIG_TPM_WOLF=y. It also supports TPM 2.0 firmware update for the Infineon >> SLB9672 and SLB9673. >> >> I think there is probably some more cleanup and testing needed, but I wanted >> to submit this to start the discussion and see your thoughts. >> >> >> It's easier if you CC the appropriate maintainers for each subsystem next >> time! >> >> >> The wolfTPM library is GPLv2 and added as a submodule. If the license or >> submodule is an issue let’s discuss! I’m positive we can resolve anything. >> >> >> We recently added a few external libraries. mbedTLS and lwIP. Both of these >> are pulled as subtrees, so I'd like to stick to that. >> >> I briefly went through the patch and I don't disagree in pulling an >> external library as long as it's reasonably stable and will continue >> to be maintained. A few questions since I am not familiar with wolfTPM >> >> - Have you made any size comparisons wrt to the final binary size? >> - Does wolfTPM have stable releases that we can use? >> - Is there a CVE policy ? >> >> The current patch is quite big and I honestly don't have time to go >> through all of it in detail. I'll be away next week, but I can give some >> general feedback in ~10days. The easiest thing to do is try to split it >> a reasonable amount of patches -- and only include the bare minimum of what's >> required to work. >> >> Thanks >> /Ilias >> >> >> Attached is the patch based on latest master 3b6760ddeb4 to review. >> >>  >> >> Thanks, >> David Garske >> Software Engineer, wolfSSL >> +1 (530) 409-2990 >> https://www.wolfssl.com <https://www.wolfssl.com/> >> https://github.com/wolfssl >> >> >>
