Hi Ilias, Thank you for the quick reply. I am happy that you will consider wolfTPM as a submodule. We have 100’s of commercial customers and it is very actively maintained. In fact we will continue to provide direct maintenance for any u-boot issues that come up using wolfTPM. Also we’ve done safety critical DO-178 certification on wolfTPM.
1) U-Boot subsystem maintainers. Can you point me to that list of maintainers? 2) Size: I haven’t run any size comparisons but I expect to be inline with existing code. I will make sure we run some comparisons. 3) Releases: Yes we have stable releases done each quarter. I am about to do a release v3.9.0 next week that includes the U-boot support, so I will update the submodule to use the tagged release when it’s ready. 4) CVE: Yes we track and create CVE’s if we find issues or any are reported. We typically have a fix posted within 36 hours of a report. Vulnerabilities are published in the release notes and for our premium support customers they get early notification. 5) Patch Size: I will work on reducing the changes and splitting them into logical commits. Enjoy your time away. I’ll have updates to share soon. Thanks, David Garske Software Engineer, wolfSSL +1 (530) 409-2990 https://www.wolfssl.com <https://www.wolfssl.com/> https://github.com/wolfssl > On May 9, 2025, at 5:22 AM, Ilias Apalodimas <ilias.apalodi...@linaro.org> > wrote: > > Hi David > >> Hi Denx, >> >> We at wolfSSL have developed a port for wolfTPM in U-Boot. The patch allows >> using the current built-in TPM 2.0 support or switching to wolfTPM via >> CONFIG_TPM_WOLF=y. It also supports TPM 2.0 firmware update for the Infineon >> SLB9672 and SLB9673. >> >> I think there is probably some more cleanup and testing needed, but I wanted >> to submit this to start the discussion and see your thoughts. > > It's easier if you CC the appropriate maintainers for each subsystem next > time! > >> >> The wolfTPM library is GPLv2 and added as a submodule. If the license or >> submodule is an issue let’s discuss! I’m positive we can resolve anything. > > We recently added a few external libraries. mbedTLS and lwIP. Both of these > are pulled as subtrees, so I'd like to stick to that. > > I briefly went through the patch and I don't disagree in pulling an > external library as long as it's reasonably stable and will continue > to be maintained. A few questions since I am not familiar with wolfTPM > > - Have you made any size comparisons wrt to the final binary size? > - Does wolfTPM have stable releases that we can use? > - Is there a CVE policy ? > > The current patch is quite big and I honestly don't have time to go > through all of it in detail. I'll be away next week, but I can give some > general feedback in ~10days. The easiest thing to do is try to split it > a reasonable amount of patches -- and only include the bare minimum of what's > required to work. > > Thanks > /Ilias > >> >> Attached is the patch based on latest master 3b6760ddeb4 to review. >> >>  >> >> Thanks, >> David Garske >> Software Engineer, wolfSSL >> +1 (530) 409-2990 >> https://www.wolfssl.com <https://www.wolfssl.com/> >> https://github.com/wolfssl >
