Skip to content

wolfTPM Release v4.0.0 Prep#490

Merged
aidangarske merged 5 commits intowolfSSL:masterfrom
dgarske:rel_v4.0.0_prep
Apr 22, 2026
Merged

wolfTPM Release v4.0.0 Prep#490
aidangarske merged 5 commits intowolfSSL:masterfrom
dgarske:rel_v4.0.0_prep

Conversation

@dgarske
Copy link
Copy Markdown
Member

@dgarske dgarske commented Apr 21, 2026
edited
Loading

Summary

Prep branch for the v4.0.0 release. Bumps the version everywhere,
updates ChangeLog.md with the themed release notes, adds release-gate
CI coverage, and fixes a small set of issues uncovered while running the
full release build matrix against the new fwTPM and SPDM subsystems.

Libtool soname: WOLFTPM_LIBRARY_VERSION=17:0:0 (interfaces removed or
changed since v3.10.0).

Version bumps

  • configure.ac AC_INIT 3.10.0 -> 4.0.0
  • WOLFTPM_LIBRARY_VERSION 16:x:x -> 17:0:0
  • CMakeLists.txt project(wolfTPM VERSION 4.0.0 ...)
  • wolftpm/version.h LIBWOLFTPM_VERSION_STRING "4.0.0",
    LIBWOLFTPM_VERSION_HEX 0x04000000
  • Copyright year bumps across headers/examples/IDE projects

ChangeLog.md

New v4.0.0 entry (Apr 22, 2026) highlighting the three v4 major
features: fwTPM, SPDM secured transport for Nuvoton/Nations, and
ST33KTPM2X firmware update (Gen 1 non-LMS + Gen 2 LMS, auto-detect).
Themed Detail sections cover platform/HAL, crypto callbacks, security
hardening, Coverity, CI, marshaling, bug fixes, and deprecations.
ASCII-only.

Build/portability fixes found by the release build matrix

  1. configure.ac: auto-disable fwTPM when --disable-wolfcrypt is
    passed (fwTPM requires wolfCrypt, so the default-on fwTPM previously
    made plain ./configure --disable-wolfcrypt fail).
  2. configure.ac: replace AC_CHECK_LIB([wolfssl],[wolfCrypt_Init])
    with AC_LINK_IFELSE that includes wolfSSL headers so the link
    probe works under both C and C++ (CC=g++). AC_CHECK_LIB
    synthesizes a bare declaration that C++ name-mangles and fails to
    link against libwolfssl's C symbols.
  3. wolftpm/fwtpm/fwtpm.h: move struct FWTPM_NV_HAL_S and
    struct FWTPM_CLOCK_HAL_S out of FWTPM_CTX to file scope. C
    merges nested struct tags into the outer scope; C++ treats them as
    nested types, which broke external uses of the FWTPM_NV_HAL
    typedef under C++.
  4. src/fwtpm/fwtpm_command.c, src/fwtpm/fwtpm_crypto.c: explicit
    casts for enum/non-enum ternaries and int -> enum wc_HashType
    conversions flagged by g++ -Werror=extra / -fpermissive.

scan-build cleanups (8 dead stores -> 0)

  • examples/endorsement/get_ek_certs.c - removed dead indexType
    fallback init
  • examples/endorsement/verify_ek_cert.c - restructured curveName
    init with #if / #else
  • examples/native/native_test.c - removed dead
    rc = TPM_RC_SUCCESS resets (rc reassigned downstream)
  • src/fwtpm/fwtpm_command.c - removed dead hashAlg initializer
  • src/tpm2_wrap.c - moved rc = TPM_RC_SUCCESS into #else of
    WOLFTPM_MICROCHIP/WOLFTPM_PERFORM_SELFTEST block
  • tests/fwtpm_unit_tests.c - use cmdSz in FWTPM_ProcessCommand
    call (was hardcoded 14)

CI additions

  • New .github/workflows/release-checks.yml - release-gate workflow
    run on every PR and push:
    • cxx_build - ./configure CC=g++ && make in default and
      --enable-fwtpm configs.
    • scan_build - scan-build --status-bugs ./configure
      • scan-build --status-bugs make in default and --enable-fwtpm
        configs. Uploads report artifacts on failure.
  • New matrix entries in make-test-swtpm.yml:
    • no-examples (--enable-swtpm --disable-examples --disable-fwtpm)
    • st33ktpm2-i2c (--enable-st33 --enable-i2c --disable-fwtpm)

README.md

Replaced two em-dashes (U+2014) with ASCII - for strict ASCII.

Verification performed locally

  • ./configure && make && make check - PASS (2/2)
  • ./configure CC=g++ && make - PASS
  • ./configure --disable-wolfcrypt && make - PASS (fwTPM auto-disabled)
  • ./configure --enable-fwtpm && make && make check - PASS
  • ./configure --enable-fwtpm-only && make - PASS
  • ./configure --enable-swtpm --disable-examples --disable-fwtpm && make - PASS
  • ./configure --enable-st33 --enable-i2c --disable-fwtpm && make - PASS
  • scan-build --status-bugs make - PASS (0 bugs)
  • CMake build - PASS
  • All vendor matrix variants - PASS
  • grep -P "[^\x00-\x7F]" ChangeLog.md - empty (ASCII)

@dgarske dgarske self-assigned this Apr 21, 2026
Copilot AI review requested due to automatic review settings April 21, 2026 17:58
Copilot AI reviewed Apr 21, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Note

Copilot was unable to run its full agentic suite in this review.

Prepares the wolfTPM v4.0.0 release by updating project/library version metadata, adding 4.0.0 release notes, and refreshing copyright headers across the codebase.

Changes:

  • Bump wolfTPM version references to 4.0.0 (headers, Autotools, CMake, libtool versioning).
  • Add v4.0.0 entry to ChangeLog.md.
  • Update copyright notices from 2006–2025 to 2006–2026 across many files.

Reviewed changes

Copilot reviewed 170 out of 170 changed files in this pull request and generated 1 comment.

Show a summary per file
File Description
zephyr/user_settings.h Update copyright year to 2006–2026.
wrapper/CSharp/wolfTPM.cs Update copyright year to 2006–2026.
wrapper/CSharp/wolfTPM-tests.cs Update copyright year to 2006–2026.
wolftpm/visibility.h Update copyright year to 2006–2026.
wolftpm/version.h.in Update copyright year to 2006–2026.
wolftpm/version.h Update copyright year and bump version macros to 4.0.0.
wolftpm/tpm2_wrap.h Update copyright year to 2006–2026.
wolftpm/tpm2_winapi.h Update copyright year to 2006–2026.
wolftpm/tpm2_types.h Update copyright year to 2006–2026.
wolftpm/tpm2_tis.h Update copyright year to 2006–2026.
wolftpm/tpm2_swtpm.h Update copyright year to 2006–2026.
wolftpm/tpm2_spdm.h Update copyright year to 2006–2026.
wolftpm/tpm2_socket.h Update copyright year to 2006–2026.
wolftpm/tpm2_param_enc.h Update copyright year to 2006–2026.
wolftpm/tpm2_packet.h Update copyright year to 2006–2026.
wolftpm/tpm2_linux.h Update copyright year to 2006–2026.
wolftpm/tpm2_crypto.h Update copyright year to 2006–2026.
wolftpm/tpm2_asn.h Update copyright year to 2006–2026.
wolftpm/tpm2.h Update copyright year to 2006–2026.
wolftpm/spdm/spdm_types.h Update copyright year to 2006–2026.
wolftpm/spdm/spdm_tcg.h Update copyright year to 2006–2026.
wolftpm/spdm/spdm_psk.h Update copyright year to 2006–2026.
wolftpm/spdm/spdm_nuvoton.h Update copyright year to 2006–2026.
wolftpm/spdm/spdm_nations.h Update copyright year to 2006–2026.
wolftpm/spdm/spdm.h Update copyright year to 2006–2026.
wolftpm/options.h.in Update copyright year to 2006–2026.
wolftpm/fwtpm/fwtpm_tis.h Update copyright year to 2006–2026.
wolftpm/fwtpm/fwtpm_nv.h Update copyright year to 2006–2026.
wolftpm/fwtpm/fwtpm_io.h Update copyright year to 2006–2026.
wolftpm/fwtpm/fwtpm_crypto.h Update copyright year to 2006–2026.
wolftpm/fwtpm/fwtpm_command.h Update copyright year to 2006–2026.
wolftpm/fwtpm/fwtpm.h Update copyright year to 2006–2026.
tests/unit_tests.c Update copyright year to 2006–2026.
tests/fwtpm_unit_tests.c Update copyright year to 2006–2026.
tests/fuzz/fwtpm_fuzz.c Update copyright year to 2006–2026.
src/tpm2_wrap.c Update copyright year to 2006–2026.
src/tpm2_winapi.c Update copyright year to 2006–2026.
src/tpm2_util.c Update copyright year to 2006–2026.
src/tpm2_tis.c Update copyright year to 2006–2026.
src/tpm2_swtpm.c Update copyright year to 2006–2026.
src/tpm2_spdm.c Update copyright year to 2006–2026.
src/tpm2_param_enc.c Update copyright year to 2006–2026.
src/tpm2_packet.c Update copyright year to 2006–2026.
src/tpm2_linux.c Update copyright year to 2006–2026.
src/tpm2_cryptocb.c Update copyright year to 2006–2026.
src/tpm2_crypto.c Update copyright year to 2006–2026.
src/tpm2_asn.c Update copyright year to 2006–2026.
src/tpm2.c Update copyright year to 2006–2026.
src/spdm/unit_test.c Update copyright year to 2006–2026.
src/spdm/spdm_transcript.c Update copyright year to 2006–2026.
src/spdm/spdm_tcg.c Update copyright year to 2006–2026.
src/spdm/spdm_session.c Update copyright year to 2006–2026.
src/spdm/spdm_secured.c Update copyright year to 2006–2026.
src/spdm/spdm_psk.c Update copyright year to 2006–2026.
src/spdm/spdm_nuvoton.c Update copyright year to 2006–2026.
src/spdm/spdm_nations.c Update copyright year to 2006–2026.
src/spdm/spdm_msg.c Update copyright year to 2006–2026.
src/spdm/spdm_kdf.c Update copyright year to 2006–2026.
src/spdm/spdm_internal.h Update copyright year to 2006–2026.
src/spdm/spdm_crypto.c Update copyright year to 2006–2026.
src/spdm/spdm_context.c Update copyright year to 2006–2026.
src/spdm/README.md Update copyright year in licensing text to 2006–2026.
src/fwtpm/fwtpm_tis_shm.c Update copyright year to 2006–2026.
src/fwtpm/fwtpm_tis.c Update copyright year to 2006–2026.
src/fwtpm/fwtpm_nv.c Update copyright year to 2006–2026.
src/fwtpm/fwtpm_main.c Update copyright year to 2006–2026.
src/fwtpm/fwtpm_io.c Update copyright year to 2006–2026.
src/fwtpm/fwtpm_crypto.c Update copyright year to 2006–2026.
src/fwtpm/fwtpm_command.c Update copyright year to 2006–2026.
src/fwtpm/fwtpm.c Update copyright year to 2006–2026.
hal/tpm_io_zephyr.c Update copyright year to 2006–2026.
hal/tpm_io_xilinx.c Update copyright year to 2006–2026.
hal/tpm_io_uboot.c Update copyright year to 2006–2026.
hal/tpm_io_st.c Update copyright year to 2006–2026.
hal/tpm_io_qnx.c Update copyright year to 2006–2026.
hal/tpm_io_mmio.c Update copyright year to 2006–2026.
hal/tpm_io_microchip.c Update copyright year to 2006–2026.
hal/tpm_io_linux.c Update copyright year to 2006–2026.
hal/tpm_io_infineon.c Update copyright year to 2006–2026.
hal/tpm_io_fwtpm.c Update copyright year to 2006–2026.
hal/tpm_io_espressif.c Update copyright year to 2006–2026.
hal/tpm_io_barebox.c Update copyright year to 2006–2026.
hal/tpm_io_atmel.c Update copyright year to 2006–2026.
hal/tpm_io.h Update copyright year to 2006–2026.
hal/tpm_io.c Update copyright year to 2006–2026.
examples/wrap/wrap_test.h Update copyright year to 2006–2026.
examples/wrap/wrap_test.c Update copyright year to 2006–2026.
examples/wrap/hmac.c Update copyright year to 2006–2026.
examples/wrap/caps.c Update copyright year to 2006–2026.
examples/tpm_test_keys.h Update copyright year to 2006–2026.
examples/tpm_test_keys.c Update copyright year to 2006–2026.
examples/tpm_test.h Update copyright year to 2006–2026.
examples/tls/tls_server.h Update copyright year to 2006–2026.
examples/tls/tls_server.c Update copyright year to 2006–2026.
examples/tls/tls_common.h Update copyright year to 2006–2026.
examples/tls/tls_client_notpm.c Update copyright year to 2006–2026.
examples/tls/tls_client.h Update copyright year to 2006–2026.
examples/tls/tls_client.c Update copyright year to 2006–2026.
examples/timestamp/signed_timestamp.h Update copyright year to 2006–2026.
examples/timestamp/signed_timestamp.c Update copyright year to 2006–2026.
examples/timestamp/clock_set.h Update copyright year to 2006–2026.
examples/timestamp/clock_set.c Update copyright year to 2006–2026.
examples/spdm/spdm_test.sh Update copyright year to 2006–2026.
examples/spdm/spdm_ctrl.c Update copyright year to 2006–2026.
examples/seal/unseal.c Update copyright year to 2006–2026.
examples/seal/seal_policy_auth.c Update copyright year to 2006–2026.
examples/seal/seal_pcr.c Update copyright year to 2006–2026.
examples/seal/seal.h Update copyright year to 2006–2026.
examples/seal/seal.c Update copyright year to 2006–2026.
examples/pkcs7/pkcs7.h Update copyright year to 2006–2026.
examples/pkcs7/pkcs7.c Update copyright year to 2006–2026.
examples/pcr/reset.c Update copyright year to 2006–2026.
examples/pcr/read_pcr.c Update copyright year to 2006–2026.
examples/pcr/quote.h Update copyright year to 2006–2026.
examples/pcr/quote.c Update copyright year to 2006–2026.
examples/pcr/policy_sign.c Update copyright year to 2006–2026.
examples/pcr/policy.c Update copyright year to 2006–2026.
examples/pcr/pcr.h Update copyright year to 2006–2026.
examples/pcr/extend.c Update copyright year to 2006–2026.
examples/nvram/store.c Update copyright year to 2006–2026.
examples/nvram/seal_nv.c Update copyright year to 2006–2026.
examples/nvram/read.c Update copyright year to 2006–2026.
examples/nvram/policy_nv.c Update copyright year to 2006–2026.
examples/nvram/nvram.h Update copyright year to 2006–2026.
examples/nvram/extend.c Update copyright year to 2006–2026.
examples/nvram/counter.c Update copyright year to 2006–2026.
examples/native/native_test.h Update copyright year to 2006–2026.
examples/native/native_test.c Update copyright year to 2006–2026.
examples/management/tpmclear.c Update copyright year to 2006–2026.
examples/management/management.h Update copyright year to 2006–2026.
examples/management/flush.c Update copyright year to 2006–2026.
examples/keygen/keyload.c Update copyright year to 2006–2026.
examples/keygen/keyimport.c Update copyright year to 2006–2026.
examples/keygen/keygen.h Update copyright year to 2006–2026.
examples/keygen/keygen.c Update copyright year to 2006–2026.
examples/keygen/external_import.c Update copyright year to 2006–2026.
examples/keygen/create_primary.c Update copyright year to 2006–2026.
examples/gpio/gpio_set.c Update copyright year to 2006–2026.
examples/gpio/gpio_read.c Update copyright year to 2006–2026.
examples/gpio/gpio_config.c Update copyright year to 2006–2026.
examples/gpio/gpio.h Update copyright year to 2006–2026.
examples/firmware/st33_fw_update.c Update copyright year to 2006–2026.
examples/firmware/ifx_fw_update.h Update copyright year to 2006–2026.
examples/firmware/ifx_fw_update.c Update copyright year to 2006–2026.
examples/firmware/ifx_fw_extract.c Update copyright year to 2006–2026.
examples/endorsement/verify_ek_cert.c Update copyright year to 2006–2026.
examples/endorsement/get_ek_certs.c Update copyright year to 2006–2026.
examples/endorsement/endorsement.h Update copyright year to 2006–2026.
examples/csr/csr.h Update copyright year to 2006–2026.
examples/csr/csr.c Update copyright year to 2006–2026.
examples/boot/secure_rot.c Update copyright year to 2006–2026.
examples/boot/secret_unseal.c Update copyright year to 2006–2026.
examples/boot/secret_seal.c Update copyright year to 2006–2026.
examples/boot/boot.h Update copyright year to 2006–2026.
examples/bench/bench.h Update copyright year to 2006–2026.
examples/bench/bench.c Update copyright year to 2006–2026.
examples/attestation/make_credential.c Update copyright year to 2006–2026.
examples/attestation/certify.c Update copyright year to 2006–2026.
examples/attestation/attestation.h Update copyright year to 2006–2026.
examples/attestation/activate_credential.c Update copyright year to 2006–2026.
configure.ac Bump package version to 4.0.0 and libtool versioning; update generated options header copyright.
README.md Replace em dashes with hyphen-minus in two bullet lines.
IDE/VisualStudio/user_settings.h Update copyright year to 2006–2026.
IDE/Espressif/main/main.c Update copyright year to 2006–2026.
IDE/Espressif/main/include/main.h Update copyright year to 2006–2026.
IDE/Espressif/components/wolftpm/CMakeLists.txt Update copyright year to 2006–2026.
IDE/Espressif/components/wolfssl/include/user_settings.h Update copyright year to 2006–2026.
IDE/Espressif/components/wolfssl/CMakeLists.txt Update copyright year to 2006–2026.
ChangeLog.md Add v4.0.0 release notes section (dated) above v3.10.0.
CMakeLists.txt Bump project version to 4.0.0 and update generated options header copyright.
Comments suppressed due to low confidence (1)

wolftpm/version.h:1

  • wolftpm/version.h.in was not updated in this PR (only the copyright line changed), but wolftpm/version.h now reports 4.0.0. If version.h is generated from version.h.in during configure/build, the generated header may revert to the old version. Update the version macros in wolftpm/version.h.in (or ensure generation uses a single source of truth) so build-time and source-controlled version headers stay consistent.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread configure.ac Outdated
dgarske added 3 commits April 22, 2026 09:24
@dgarske
Bump copyright year to 2026 and version to 4.0.0
579ec8c 
Release prep for v4.0.0:
- Copyright headers updated 2025 -> 2026 across sources, headers, and examples
- Library version 3.10.0 -> 4.0.0 (libtool 16:8:0 -> 17:0:0)
- configure.ac WOLFSSL_URL http -> https
@dgarske
Build, portability, and CI fixes for v4.0.0
0f87ce1 
- configure.ac: switch wolfCrypt link probe to AC_LINK_IFELSE with real
  headers so CC=g++ builds don't fail on name-mangling; gate fwTPM/swTPM
  autodetect on ENABLED_WOLFCRYPT=yes (fwTPM requires wolfCrypt)
- wolftpm/fwtpm/fwtpm.h: hoist FWTPM_NV_HAL_S and FWTPM_CLOCK_HAL_S out
  of the FWTPM_CTX nested scope so C++ consumers can reference them
- src/fwtpm/fwtpm_command.c, fwtpm_crypto.c: add explicit TPMI_ALG_HASH
  and enum wc_HashType casts to silence strict C++ warnings; drop stale
  KEYEDHASH hashAlg initializer
- src/tpm2_wrap.c: move rc = TPM_RC_SUCCESS into the correct #else branch
  so Linux/winapi paths propagate TPM2_Startup errors
- examples/endorsement/get_ek_certs.c: drop redundant indexType default
- examples/endorsement/verify_ek_cert.c: initialize curveName on the
  WOLFTPM2_NO_WOLFCRYPT/no-ECC path
- examples/native/native_test.c: stop masking TPM2_ZGen_2Phase and
  TPM2_EC_Ephemeral 'command unavailable' as success
- tests/fwtpm_unit_tests.c: use cmdSz (not hardcoded 14) on FlushContext
- CI: add no-examples and st33ktpm2-i2c compile-only matrix entries to
  make-test-swtpm; add release-checks workflow (CC=g++ + scan-build)
@dgarske
Update README and ChangeLog for v4.0.0
204cea9
@dgarske dgarske assigned wolfSSL-Bot and unassigned dgarske and wolfSSL-Bot Apr 22, 2026
@dgarske dgarske requested a review from Copilot April 22, 2026 16:44
@dgarske dgarske assigned aidangarske and unassigned dgarske Apr 22, 2026
@dgarske dgarske requested a review from aidangarske April 22, 2026 16:44
@dgarske dgarske self-assigned this Apr 22, 2026
Copilot AI reviewed Apr 22, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 172 out of 172 changed files in this pull request and generated 2 comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread tests/fwtpm_unit_tests.c Outdated
Comment thread tests/fwtpm_unit_tests.c Outdated
@dgarske dgarske requested a review from Copilot April 22, 2026 16:57
Copilot AI reviewed Apr 22, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 172 out of 172 changed files in this pull request and generated 1 comment.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread .github/workflows/release-checks.yml Outdated
aidangarske
aidangarske reviewed Apr 22, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@aidangarske aidangarske left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Skoll Code Review

Scan type: review-security
Overall recommendation: APPROVE
Findings: 0 total — 0 posted, 0 skipped

No issues found.

Review generated by Skoll

@aidangarske aidangarske merged commit 1a19f63 into wolfSSL:master Apr 22, 2026
126 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@aidangarske aidangarske aidangarske approved these changes

Assignees

@dgarske dgarske

@wolfSSL-Bot wolfSSL-Bot

@aidangarske aidangarske

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@dgarske @aidangarske @wolfSSL-Bot