On Mon, 11 May 2026 at 10:15, Peter Robinson <[email protected]> wrote: > > Hi Aidan, > > > This is v3 of the wolfTPM TPM 2.0 stack integration for U-Boot. > > > > wolfTPM (https://github.com/wolfSSL/wolfTPM) is a portable, GPLv2 TPM 2.0 > > I go to the github link and it says GPL-3.0 license so which is it? > > IANAL but I'm not sure if the GPLv3 is compatible with GPLv2 in the > context of U-Boot because it would make the whole output a GPLv3 > application
In fact the majority of U-Boot code, like Linux, is GPLv2 only, not later which makes this directly incompatible with U-Boot. > > library that provides a full TPM 2.0 command set, an SPI/MMIO HAL, and > > firmware-update support for Infineon SLB9672/SLB9673 hardware. This > > series wires it into U-Boot as an optional backend behind the existing > > 'tpm2' command, alongside support for QEMU+swtpm, sandbox emulation, and > > real Raspberry Pi 4 + Infineon SLB9672 hardware. > > So that provides the technical detail, but what value does it provide > to U-Boot? We already have a relatively complete TPM stack, do people > do firmware updates in the early boot process, why else would someone > choose to use this over the existing implementation? > > One part of what I want to know in a cover letter is what value this > provides to the project, what are the pros/cons etc, like what > maintenance looks like. > > Peter > > > Branch (full 14-commit history including the subtree squash + merge): > > https://github.com/aidangarske/u-boot wolftpm-v2-patches > > > > Note on the subtree commits omitted from this email thread: > > The branch above contains 14 commits; the email series is 12 patches. > > Two commits are deliberately not sent to the list: > > > > * "Squashed 'lib/wolftpm/' content from commit 664db130d57" > > - the parentless squash commit produced by `git subtree add`. > > Its diff is ~3.4MB / ~90k lines and would be rejected by the > > mailing list on size. > > * "Merge commit 'd42fd7b146...' as 'lib/wolftpm'" > > - the corresponding subtree merge commit. Merges have no patch > > form and are routinely omitted by `git format-patch`. > > > > Please pull from the branch above (or wolfssl/wolfTPM @ 664db130d57) > > to inspect the imported wolfTPM source. Subsequent updates will go > > via tools/update-subtree.sh, matching how mbedTLS, lwIP, and > > dts/upstream are maintained in tree. > > > > Changes since v2: > > - Replaced the lib/wolftpm git submodule with a git subtree import > > (squash + merge), matching the convention used for mbedTLS, lwIP, > > and dts/upstream. tools/update-subtree.sh is updated to know > > about the wolftpm subtree (path lib/wolftpm, upstream > > https://github.com/wolfssl/wolfTPM.git). > > [feedback: Ilias Apalodimas] > > - Reverted the changes to include/linux/byteorder/generic.h. The > > redefinition workaround for cpu_to_beXX / beXX_to_cpu now lives > > on the wolfTPM side: include/configs/user_settings.h pulls in > > <asm/byteorder.h> up front so U-Boot's macros are defined before > > wolfTPM's #ifndef-guarded fallbacks in tpm2_packet.h. > > [feedback: Ilias Apalodimas] > > > > Testing: > > - QEMU arm64 + swtpm Python test framework > > (./test/py/test.py --bd qemu_arm64 -k "test_wolftpm and not ut_cmd"): > > 19 passed, 2 skipped (matching doc/usage/cmd/wolftpm.rst). > > - Manual QEMU arm64 + swtpm walkthrough per > > doc/usage/cmd/wolftpm.rst section "Building and Running wolfTPM > > with U-Boot using QEMU": tpm2 help/info/autostart/startup/ > > get_capability/pcr_read/pcr_print/caps all return expected output. > > - Raspberry Pi 4 + Infineon SLB9672 (real hardware): all wolfTPM > > cmd tests pass, including firmware update path. > > > > v2 thread: > > https://lore.kernel.org/u-boot/?q=PATCH+v2+tpm+wolfTPM > > > > Aidan Garske (12): > > tpm: export tpm_show_device, tpm_set_device, and get_tpm > > include/hash: add SHA384 hash wrapper declaration for wolfTPM > > spi: add BCM2835/BCM2711 hardware SPI controller driver While I understand why you would put the above patch in it should in fact be sent on it's own as a standalone patch because it's really nothing to with this series. > > dts: add TPM device tree nodes for RPi4, QEMU, and sandbox > > tpm: add wolfTPM build rules and Kconfig > > tpm: add wolfTPM headers and SHA384 glue code > > tpm: add wolfTPM driver helpers and Kconfig options > > cmd: refactor tpm2 command into frontend/backend architecture > > tpm: add sandbox TPM SPI emulator > > test: add wolfTPM C unit tests and Python integration tests > > doc: add wolfTPM documentation > > configs: enable wolfTPM in rpi_4_defconfig > > > > -- > > 2.47.3 > >
