We decided a while back to use subtress for importing external trees. mbedTLS, dts and lwIP work as such, so please convert to a subtree.
tools/update-subtree.sh is what we use to merge the latest updates. Regards /Ilias On Mon Mar 16, 2026 at 8:14 PM EET, David Garske wrote: > From: Aidan <[email protected]> > > Add wolfTPM (https://github.com/wolfSSL/wolfTPM) as a git submodule > at lib/wolftpm. wolfTPM is a portable, open-source TPM 2.0 stack > licensed under GPLv2, providing native API access to all TPM 2.0 > commands and a wrapper API for common operations. > > The build system additions: > > .gitmodules: > Registers the wolfTPM submodule pointing to the upstream repo. > > lib/Kconfig: > Adds CONFIG_TPM_WOLF option under library routines, which selects > SHA1 and implies DM_RNG. > > lib/Makefile: > When CONFIG_TPM_WOLF and CONFIG_TPM_V2 are both enabled, compiles > wolfTPM core source files (tpm2.c, tpm2_packet.c, tpm2_tis.c, > tpm2_wrap.c, tpm2_param_enc.c) and the HAL layer (tpm_io.c). > Sets -I include paths and -DWOLFTPM_USER_SETTINGS. > > Signed-off-by: Aidan Garske <[email protected]> > --- > .gitmodules | 3 +++ > lib/Kconfig | 13 +++++++++++++ > lib/Makefile | 18 ++++++++++++++++++ > lib/wolftpm | 1 + > 4 files changed, 35 insertions(+) > create mode 100644 .gitmodules > create mode 160000 lib/wolftpm > > diff --git a/.gitmodules b/.gitmodules > new file mode 100644 > index 00000000000..3f95a7c3eb9 > --- /dev/null > +++ b/.gitmodules > @@ -0,0 +1,3 @@ > +[submodule "lib/wolftpm"] > + path = lib/wolftpm > + url = https://github.com/wolfssl/wolfTPM.git > diff --git a/lib/Kconfig b/lib/Kconfig > index 931d5206936..24477ea53c9 100644 > --- a/lib/Kconfig > +++ b/lib/Kconfig > @@ -500,6 +500,19 @@ config TPM > If you want a fully functional TPM enable all hashing algorithms. > If you enabled measured boot all hashing algorithms are selected. > > +config TPM_WOLF > + bool "Enable wolfTPM support" > + depends on DM > + imply DM_RNG > + select SHA1 > + help > + This option enables support for wolfTPM in U-Boot. WolfTPM can be > + used to update ARM specific platforms. Enabling this option > allows > + U-Boot to interact with the TPM using wolfTPM commands such as > + firmware updates, PCR extend, and more. It is especially useful > on > + platforms that require support for secure boot and other > TPM-related > + functionality. > + > config SPL_TPM > bool "Trusted Platform Module (TPM) Support in SPL" > depends on SPL_DM > diff --git a/lib/Makefile b/lib/Makefile > index 70667f3728c..76025cc77d8 100644 > --- a/lib/Makefile > +++ b/lib/Makefile > @@ -55,6 +55,7 @@ obj-$(CONFIG_BITREVERSE) += bitrev.o > obj-y += list_sort.o > endif > > +# U-boot TPM > obj-$(CONFIG_$(PHASE_)TPM) += tpm-common.o > ifeq ($(CONFIG_$(PHASE_)TPM),y) > obj-$(CONFIG_TPM) += tpm_api.o > @@ -64,6 +65,23 @@ obj-$(CONFIG_EFI_TCG2_PROTOCOL) += tpm_tcg2.o > obj-$(CONFIG_MEASURED_BOOT) += tpm_tcg2.o > endif > > +# wolfTPM with TPM 2.0 support (including TPM firmware update) > +ifeq ($(CONFIG_TPM_WOLF),y) > +ifeq ($(CONFIG_TPM_V2),y) > +ccflags-y += -I$(srctree)/lib/wolftpm \ > + -I$(srctree)/include/configs \ > + -DWOLFTPM_USER_SETTINGS > +obj-y += wolftpm/hal/tpm_io.o > +obj-$(CONFIG_WOLFTPM_LINUX_DEV) += wolftpm/src/tpm2_linux.o > +obj-y += wolftpm/src/tpm2.o > +obj-y += wolftpm/src/tpm2_packet.o > +obj-y += wolftpm/src/tpm2_tis.o > +obj-y += wolftpm/src/tpm2_wrap.o > +obj-y += wolftpm/src/tpm2_param_enc.o > +obj-y += wolftpm.o > +endif > +endif > + > obj-$(CONFIG_$(PHASE_)CRC8) += crc8.o > obj-$(CONFIG_$(PHASE_)CRC16) += crc16.o > obj-$(CONFIG_$(PHASE_)CRC16) += crc16-ccitt.o > diff --git a/lib/wolftpm b/lib/wolftpm > new file mode 160000 > index 00000000000..664db130d57 > --- /dev/null > +++ b/lib/wolftpm > @@ -0,0 +1 @@ > +Subproject commit 664db130d57bfa18a3254a0ddc126da1beeb9895
