wolfTPM Release 3.0.0 (Oct 30, 2023)

Summary

Refactor of command authentication. Support for ECC sessions and secrets. Support for policy sealing/unsealing. Examples for secure boot.

Detail

• Refactor of the command authentication. If command does not require auth do not supply it (PR #305)
• Refactor HAL and added Microchip Harmony SPI HAL support (PR #251)
• Relocate crypto callback code to its own code file (PR #304)
• Fixed using a custom wolfTPM CSR sigType (PR #307)
• Fixed support for ECC 384-bit only support (PR #307)
• Fixed issue with using struct assignment (switched to memcpy) (PR #303)
• Fixed various issues building with C++ compiler (PR #303)
• Fixed issues with STM32 I2C build and improved performance (PR #302)
• Fixed seal with RSA and PCR extend auth. (PR #296)
• Fixed issue including user_settings.h when --disable-wolfcrypt set (PR #285)
• Fixed TPM private key import with custom seed (PR #281)
• Fixed autogen.sh (autoconf) to generate without warnings (PR #279)
• Fixed TPM2 create with decrypt or restricted flag set (PR #275)
• Fixed and improved low resource build options (PR #269)
• Fixed the TPM_E_COMMAND_BLOCKED macro to have the correct value (PR #257)
• Fixed casting and unused variable problems on windows (PR #255)
• Fixed Linux usage of cs_change and added config overrides (PR #268)
• Fixed and improved the NV auth and session auth set/unset (PR #299)
• Fixed capability to handle unknown TPM2_GetCapability type and fix bad printf (PR #293)
• Fixed macros for file IO XFEOF and XREWIND to make sure they are available (PR #277)
• Fixed seal/unseal example (PR #306)
• Fixed TLS examples with param enc enabled (PR #306)
• Fixed signed_timestamp with ECC (PR #306)
• Added CI tests for CSharp wrappers (PR #307)
• Added support for sealing/unsealing based on a PCR that is signed externally (PR #294)
• Added examples for Secure Boot solution to store root of trust in NV (PR's #276, #289, #291 and #292)
• Added support for importing and loading public ECC/RSA keys formatted as PEM or DER (PR #290)
• Added new policy_nv example (PR #298)
• Added -nvhandle argument to nvram examples (PR #296)
• Added code to test external import between two TPM's (PR #288)
• Added support for STM32 Cube Expansion Pack (PR #287)
• Added support memory mapped (MMIO) TPM's (PR #271)
• Added wc_SetSeed_Cb call for FIPS ecc (PR #270)
• Added wrapper support for setting key usage (not just extended key usage) (PR #307)
• Added RSA key import methods to handle PEM and DER encoding directly (PR #252)
• Added thread local storage macro and make gActiveTPM local to the thread (PR #253)
• Added Microchip macro names and Support for bench with MPLABX Harmony (PR #256)
• Added support for encrypting secret using ECC key. Allows using ECC for parameter encryption and importing ECC keys with custom seed. (PR #276)
• Added wolfTPM2_ChangePlatformAuth wrapper to help set the platform auth. This is useful from the bootloader to make sure no one can use the platform hierarchy from application (PR #276)
• Improvements to cmake build (PR's #280, #283 and #284)

wolfTPM Release 2.7.0 (Dec 27, 2022)

Summary

Added Infineon TriCore HAL support and examples for Keyed Hash / NV counter increment. Minor fixes for NV auth and Keyed Hash.

Detail

• Support for Infineon TriCore (TC2XX/TC3XX) using macro WOLFTPM_INFINEON_TRICORE (PR #229)
• Added NV counter increment example (PR #243)
• Added Key Generation example for Keyed Hash. (PR #245)
• Fixed for Keyed Hash with HMAC (PR #243)
• Fixed for NV auth handling (PR #243)
• Fixed missing call to Close(), since Windows won't flush unless its called (PR #242)
• Fixed tpm2.c issue with variable declarations not being at top of function (PR #246)

wolfTPM Release 2.6 (09/01/2022)

Summary

Fix for CSharp wrapper when setting a custom OID for a CSR. Added CSharp wrapper documentation and improved a few others. Added CSharp function to set key password for blob.

Detail

• Fix for CSharp SetCustomExtension to use allocated byte buffer instead of passing string (PR #239)
• Fixed for CMake wolftpm/options.h generation to support disabled source tree changes (CMAKE_DISABLE_SOURCE_CHANGES) (PR #235)
• Fixed CMake / vcpkg issue with options.h output location (PR #235)
• Added CSharp KeyBlob.SetKeyAuthPassword and test case (PR #237)
• Added API documentation for the CSharp wrappers (PR #234)
• Fixed documentation error on wolfTPM2_GetKeyBlobAsBuffer (PR #234)
• Fixed documentation for encDecAlg with authenticated session (PR #236)
• Fixed software TPM (docs/SWTPM.md) example argument for -rm (PR #238)

wolfTPM Release 2.5 (07/22/2022)

Summary

Major expansion of the C# wrapper for key handling, CSR/Cert generation, RSA enc/dec and sign/verify.
Added Infineon SLB9672 support.
Enhancements to the CMake support.
Added new keygen example for creating a primary key.

Detail

• Fixed issue with sign signature buffer size checking (PR #232)
• Fixed support for using nonce from TPM (when using no wolfCrypt RNG WOLFTPM2_USE_HW_RNG) (PR #216)
• Fixed workaround for Windows TBS self test (PR #224)
• Fixed issue with CSharp handle unloading (PR #212)
• Fixed TPM support for using the public key with TLS (PR #210)
• Added crypto callback support for seeding RNG with TPM (PR #216)
• Added Infineon SLB9672 support (PR #214)
• Added support for using a unique template with create and create primary (PR #215)
• Added CSharp wrapper support for RSA encrypt/decrypt and Sign/Verify. (PR #232)
• Added CSharp wrapper documentation for CSR functions (PR #232)
• Added CSharp support for handling TPM errors with exception (PR #224)
• Added CSR wrappers and tests to assist with TPM based CSR/Self-Signed-Cert generation (including CSharp wrappers) (PR #219)
  • Support for subject, key usage, custom request extensions and output as PEM or DER
  • New structure WOLFTPM2_CSR, new API's wolfTPM2_CSR_* and new CSharp class Csr
• Added CSharp create primary key example (PR #215)
• Added CSharp wrapper and tests for wolfTPM2_CreatePrimaryKey() (PR #213)
• Added CSharp tests for authenticated sessions (PR #212)
• Added CSharp wrappers wolfTPM2_SetAuthSession and wolfTPM2_NVStoreKey (PR #209)
• Added CSharp IDisposable in classes for cleanup of unmanaged resources (PR #225)
• Added support for wolfTPM CMake to output the options.h (PR #211)
• Added CMake WOLFTPM_DEBUG option (PR #211)
• Improved the byte swapping logic for GCC (PR #231)

Full Changelog:
https://github.com/wolfSSL/wolfTPM/compare/v2.4.0..v2.5.0

wolfTPM Release 2.4.0 (05/09/2022)

Summary

Add CMake support. Add C# wrappers. Add ST33 GetRandom2. Improve TPM2_SetupPCRSel. Fixes for C++ compilers, example install and writing PEM.

Detail

• Fixes for c++ compiler (PR #206)
• Adding a C# wrappers (PR #203)
• CMake support (PR #202, #204, #205)
• Add support for ST33 vendor specific command TPM_CC_GetRandom2 (PR #200)
• Fix writing PEM in wolfTPM2_RsaKey_TpmToPemPub (PR #201)
• Improve TPM2_SetupPCRSel (multiple calls) (PR #198)
• Fix for a few spelling errors and whitespace cleanup (PR #199)
• v2.3.1 updates (PR #197)
• Fix make install by renaming pcr example read.c (PR #196)

Full Changelog: v2.3.1...v2.4.0

wolfTPM Release 2.3.1 (11/18/2021)

Summary

Fix for make install

Detail

• Fix for installing example code on linux builds (PR #196)

wolfTPM Release 2.3 (11/08/2021)

Summary

Fixes for minor build issues, refactor of GPIO configure to combine and new PCR Read example.

Detail

• Refactor GPIO support (single gpio_config) (PR #194)
• Fix for Linux HAL IO try again timeout logic (PR #194)
• Fix for big endian in TIS layer (PR #191)
• Fix for RSAES padding (RSA_Encrypt) (PR #187)
• Fix in tests to allow command code error for CreateLoaded (not supported on hardware) (PR #184)
• Fix for compiler warning for file read in make_credential.c (PR #182)
• Fixes for Windows builds (PR #181)
• Fixes for RSA RNG in edge case builds (fixes wolfBoot build error) (PR #180)
• Added PCR Read example (PR #185)

wolfTPM Release 2.2 (07/13/2021)

Summary

Added new examples for remote attestation, make credential and GPIO support. Added Endorsement hierarchy support to many examples. Refactored the reference HAL IO code into separate files.

Detail

• Fixed total auth area size when multiple auth sessions are used (PR #174)
• Fixed TPM2_SetupPCRSel to only allow valid pcrIndex values (PR #165 and PR #167)
• Fixed TPM2_MakeCredential to work without auth as TCG spec defines (PR #174)
• Fixed TPM2_MakeCredential to support using EK pub to encrypt challenge (PR #174)
• Fixed TPM2_ActivateCredential to work with EK pub to decrypt challenge (PR #174)
• Fix to only enable printf in library proper if DEBUG_WOLFTPM is set (PR #154)
• Added support for QNX with wolfTPM (PR #156)
• Added credential examples for remote attestation (PR #161)
• Added new example for sealing a secret using TPM key (PR #157)
• Added GPIO config, read and set examples (PR #155 and #172)
• Added GPIO support and examples for ST33 (PR #155)
• Added GPIO support and examples for Nuvoton NPCT75x (PR #172)
• Added Endorsement support for keygen and attestation examples using -eh (PR #174)
• Added missing TPM2_CreateLoaded command and added wrapper wolfTPM2_CreateLoadedKey (PR #174)
• Added new wrappers for public PEM support wolfTPM2_RsaKey_TpmToPemPub and wolfTPM2_RsaKey_PemPubToTpm (PR #174)
• Added keygen option to output PEM files for TPM public keys (PR #174)
• Added saving of EK's TPM2B_PUBLIC for attestation purposes (PR #174)
• Added new wrapper for satisfying EK policy (PR #174)
• Added unit test for TPM2_CertifyCreation (PR #169)
• Added support for --with-wolfcrypt=/dir/ (PR #166)
• Added documentation for using QEMU with --enable-devtpm for testing (PR #146)
• Modified keygen to use new wolfTPM2_CreateLoaded wrapper to acquire correct AK name (PR #174)
• Modified keyload to be able to load keys created under the EK/EH (PR #174)
• Cleanup the ECC point code to appease some coverity warnings (PR #168)
• Cleanup obsolete txBuf[4] = 0x00; because handled with SPI check wait state logic (PR #162)
• Improved API documentation using Doxygen for wolfTPM wrappers and proprietary API's (PR #164)
• Improved the Windows TBS documentation (PR #163)
• Refactor the assignment of structs to use memcpy (PR #176)
• Refactor of the TPM IO code to separate files (PR #171)

wolfTPM Release 2.1 (03/17/2021)

Summary

Added examples for symmetric key creating and NVRAM.

Detail

• Fixed possible KDFa buffer overrun (PR #147)
• Fixed typo on WOLFTPM_USER_SETTINGS (PR #140)
• Improved examples to use the key templates. (PR #136)
• Added symmetric key support for key generation examples (PR #143)
• Added NVRAM examples (PR #145)
• Added STM32 CubeMX I2C support (PR #142)
• Added details for TPM 2.0 with Windows TBS (PR #144)
• Added alternate subject name to example certificates for TLS (PR #141)
• Updated expired wolfSSL certs (PR #139)
• Removed EK from the attestation and signed timestamp examples (PR #152)

wolfTPM Release 2.0.0 (12/07/2020)

Summary

Added AES CFB parameter encryption, HMAC sessions, TPM simulator, Windows TPM (TBSI) support and more examples for time/keys.

Detail

• Refactor of the session authentication. New struct TPM2_AUTH_SESSION and wolfTPM2_SetAuth_* API's. (PR #129 and #133)
• Added Windows TPM TBSI support (PR #127)
• Added TPM simulator support using TPM TCP protocol (PR #121)
• Added minGW support (PR #127)
• Added AES CFB parameter encryption support (PR #129)
• Added XOR parameter encryption support (PR #122)
• Added "-aes" or "-xor" option to some examples to enable parameter encryption. (PR #129)
• Added HMAC session support (PR #129)
• Added support for encrypted RSA salt for salted-unbounded session (PR #129)
• Added innerWrap and outerWrap support for sensitive to private. (PR #129)
• Improvements to the KDFa (PR #129)
• Improved the param encryption to use buffers inline (PR #129)
• Added Key generation and loading examples using disk to store the key (PR #131)
• Added support for importing external private key to get a key blob for easy re-loading. (PR #132)
• Add TPM clock increment example (PR #117)
• Add test vectors for AES CFB and make it the default for tests (PR #125)
• Improved documentation and code comments (PR #126)
• Add script to run unit tests with software TPM (PR #124)