Summary
Feature release centered on TPM locality control and expanded post-quantum support. Highlights: runtime locality selection (wolfTPM2_SetLocality) with a corrected fwTPM per-PCR locality enforcement table and an optional GPIO nRST reset HAL; TPM 2.0 v1.85 post-quantum (ML-DSA / ML-KEM) support brought into the firmware TPM with fine-grained build macros; fwTPM Dictionary Attack hardening, transparent TPM_RC_RETRY handling, and SPDM secured transport for the fwTPM; FIPS 140-3 capability reporting; freestanding (no-libc) build support; SBOM (CycloneDX / SPDX) generation for EU Cyber Resilience Act (CRA) compliance; and extensive security hardening (Fenrir, Coverity, CodeQL).
Detail
- Runtime TPM locality control (PR #546)
- New
wolfTPM2_SetLocality(dev, locality)selects locality 0-4 at runtime, andexamples/pcr/resettakes a-loc=nflag. Works on the built-in TIS/SPI driver (with release-and-retry for non-preempting chips) and the fwTPM over both socket and TIS/SHM; returnsNOT_COMPILED_INwhere locality is not selectable (I2C, Linux kernel driver, Windows TBS) - fwTPM per-PCR locality enforcement replaced with one source-of-truth table (TCG PC Client profile): corrects the reset map, adds the missing PCR-extend check, and reports proper
RESET_L*/EXTEND_L*/DRTM_RESETbitmaps. Behavior change: DRTM PCRs 17-22 can no longer be extended from locality 0 (nowTPM_RC_LOCALITY) - Fixed
TPM_CAP_ALGS/TPM_CAP_COMMANDSpaging to honor the property cursor so clients that followmoreDatamake progress - Optional hardware-reset HAL:
--enable-hal-reset[=LINE]addsTPM2_IoCb_Reset(), pulsing the nRST line via the Linux GPIO char device (default ST33 GPIO24, Nuvoton GPIO4)
- New
- TPM 2.0 v1.85 post-quantum (PQC) support in the fwTPM: ML-DSA sign/verify, ML-KEM encap/decap, and seed handling to TCG Phase B, with PQC CI and fuzz coverage (PR #445)
- Fine-grained build macros to trim the footprint:
WOLFTPM_PQC(the new lean--enable-pqc), per-algorithmWOLFTPM_MLDSA/WOLFTPM_MLKEM, and per-operation gates, plus--enable-mldsa[=...]/--enable-mlkem[=...]/--disable-hash-mldsa(PRs #527, #533) - wolfSSL v5.8.0+ PQC floor and upstream-drift CI; ML-DSA
TPM2_CreateLoadedprimary and PQC parameter encryption in the examples; new_exsession/OAEP/PQC-hash wrappers (PRs #501, #509, #531, #539, #520)
- Fine-grained build macros to trim the footprint:
- fwTPM Dictionary Attack (DA) hardening to the TCG spec (PR #541):
noDAhonored on objects,failedTriespersisted with the non-orderly-shutdown penalty,recoveryTime/lockoutRecoveryself-heal, and DA properties reported viaTPM2_GetCapability. AddswolfTPM2_DictionaryAttackLockReset/wolfTPM2_DictionaryAttackParameters, anexamples/management/da_checkexample, and thetests/fwtpm_da_retry.shharness - Optional transparent
TPM_RC_RETRYhandling for TPMs that momentarily report busy; opt in viaTPM2_SetCommandRetriesor-DWOLFTPM_MAX_RETRIES=N, or compile out withWOLFTPM_NO_RETRY(PR #537) - SPDM secured transport extended to the fwTPM (PR #510), and FIPS 140-3 capability reporting (PR #502)
- fwTPM session, policy, and NV fixes: transient state kept across command-port reconnects,
continueSessionset in the password-auth response, PolicyAuthorize zero-ticket handling, and an append-only NV journal for write-once flash ports (PRs #518, #530, #517, #540) - New examples and options: crypto-primitive examples (getrandom, hash, AES, ECDH), a
WOLFTPM2_ECC_DEFAULT_CURVEoption (ZD 21780), and native_test ECC P-384 coverage (PRs #532, #519, #492) - Nations NS350 example-suite fixes: RSA-4096 buffer sizing and SRK algorithm selection from the stored key type (PR #494)
- Freestanding build support:
WOLFTPM_NO_STD_HEADERSkeeps the standard C headers out oftpm2_types.hfor bare-metal integrators, with afreestanding-build.ymlCI job (PR #549) - Software Bill of Materials (SBOM) generation for EU Cyber Resilience Act (CRA) compliance: new
make sbom/install-sbomautotools targets and a CMakesbomtarget emit CycloneDX and SPDX documents for the built library, recording wolfSSL as a dependency (PR #536) - Security hardening: automated Fenrir review (bounds/OOB fixes in the TPM2 packet parsers and marshaling, secret zeroization, policy/ticket bypass fixes), Coverity fixes across the fwTPM PCR/seed/hash/seal paths, CodeQL/Semgrep/Copilot review gates, and a heap out-of-bounds read fix in
TPM2_ASN_RsaUnpadPkcsv15(PRs #496, #503, #511, #512, #518, #523, #535, #545, #547, #548, #543, #542, #544, #538, #513, #514, #524, #528, #507, #516) - CI and build improvements: expanded CMake test cases, a GHCR container image, nightly fuzzing, wolfSSL latest-stable auto-resolve, and preflight smoke tests (PRs #495, #534, #522, #525, #508, #526, #521)
- Bug fixes
- Fixed the wolfCrypt crypto callback to propagate
ALREADY_Efor wolfSSL PR 10604 (PR #546) - Ensured the wolfCrypt DRBG is used with crypto callbacks and made
TPM2_StirRandoma TCG-compliant no-op on HW-RNG-backed TPMs (PRs #498, #493) - Added a note on using the TPM RNG for the StartAuth session nonce (ZD 21476, PR #478)
- Fixed the wolfCrypt crypto callback to propagate