|
1 | 1 | # Release Notes |
2 | 2 |
|
| 3 | +## wolfTPM Release 4.0.0 (Apr 22, 2026) |
| 4 | + |
| 5 | +**Summary** |
| 6 | + |
| 7 | +Major release with three new features: |
| 8 | + |
| 9 | +1. Firmware TPM 2.0 (fwTPM): a portable TPM 2.0 command processor built on wolfCrypt, usable as a replacement for a discrete TPM chip or as a CI/development replacement for external simulators. |
| 10 | +2. SPDM secured transport: secure vendor-defined TCG command communication with Nuvoton NPCT75x and Nations NS350 TPM modules. |
| 11 | +3. ST33KTPM2X firmware update: automatic format detection for both Generation 1 (non-LMS) and Generation 2 (LMS-signed) ST33KTPM firmware. |
| 12 | + |
| 13 | +Also includes new seal/unseal examples, additional platform/HAL support, extensive security hardening (Fenrir and Coverity), CI sanitizer coverage, and deprecation of OPENSTM32. |
| 14 | + |
| 15 | +**Detail** |
| 16 | + |
| 17 | +* Firmware TPM 2.0 (fwTPM) implementation (PR #474) |
| 18 | + - Portable TPM 2.0 server built on wolfCrypt (RSA, ECC, SHA, AES, HMAC) |
| 19 | + - 105/113 TPM 2.0 v1.38 commands implemented (93%) |
| 20 | + - Socket transport (Microsoft TPM simulator protocol) and TIS transport |
| 21 | + - File-based or HAL-callback NV storage; HAL abstraction for IO |
| 22 | + - New configure options: `--enable-fwtpm` and `--enable-fwtpm-only` |
| 23 | + - New feature macros: `FWTPM_NO_NV`, `FWTPM_NO_ATTESTATION`, `FWTPM_NO_POLICY`, `FWTPM_NO_DA` |
| 24 | + - Full CI coverage: `fwtpm-test.yml` (11 matrix entries), `fuzz.yml` (weekly + per-PR smoke) |
| 25 | + - macOS and Windows build support with network-namespace isolation for Linux CI |
| 26 | +* SPDM secured transport for Nuvoton NPCT75x and Nations NS350 (PR #458) |
| 27 | + - Generic `WOLFTPM_SPDM_TCG` guard replaces per-vendor conditionals |
| 28 | + - Vendor-defined TCG commands with VdCode validation |
| 29 | + - PSK mode and identity-key mode with auto-connect |
| 30 | + - Hardware test CI workflow split across self-hosted runners |
| 31 | + - Added `spdm_ctrl` utility (renamed from `spdm_demo`) |
| 32 | +* STMicro ST33KTPM2X firmware update with LMS support (PR #446) |
| 33 | + - New `st33_fw_update` example tool for ST33KTPM firmware updates |
| 34 | + - Automatic firmware format detection based on TPM firmware version from `fwVerMinor` |
| 35 | + - Generation 1 firmware (< 512, e.g. 9.257): Non-LMS format, 177-byte manifest, ECC-only |
| 36 | + - Generation 2 firmware (>= 512, e.g. 9.512): LMS format, 2697-byte manifest with embedded LMS signature (LMS mandatory) |
| 37 | + - No manual format selection required - manifest size chosen automatically |
| 38 | + - See `examples/firmware/README.md` "ST33 Firmware Update" for usage |
| 39 | +* Seal/unseal examples with PCR, PolicyAuthorize, and NV policies (PR #464) |
| 40 | + - Seal/unseal with PCR and policy authorization |
| 41 | + - NV-based seal example with real parameter encryption (XOR and AES-CFB) |
| 42 | + - New `seal-test.yml` CI workflow |
| 43 | +* Platform and HAL additions |
| 44 | + - Raspberry Pi 4 hardware SPI support (PR #451) |
| 45 | + - U-Boot HAL (`tpm_io_uboot.c`) |
| 46 | + - Espressif ESP-IDF HAL SPI |
| 47 | + - Linux auto-detection between `/dev/tpmX` and direct SPI at runtime |
| 48 | +* Crypto callback and signing |
| 49 | + - TPM support for `wc_SignCert_cb` callback API (PR #450) |
| 50 | + - Fix for `wolfTPM2_SignHash` to return padded r/s, improved ECDSA P521 handling, added ECDSA tests with crypto callbacks (ZD20777) |
| 51 | +* Security hardening |
| 52 | + - Fenrir findings addressed across tpm2_wrap, tpm2_packet, tpm2_asn, NV, session auth, SPDM, and fwtpm paths |
| 53 | + - `ForceZero` on sensitive stack buffers (auth passwords, keyBlob, ECC/RSA private material, symmetric seeds, derived identity digests, NV read/write buffers, PSS padded buffers, session auth) |
| 54 | + - Constant-time export for ECDH shared secret and ECC signature r/s |
| 55 | + - Removed short-circuit OR in auth paths (HMAC verification, policy digest checks, ticket HMAC, ticket cpHashA, policy NV, PolicyPassword, credential unwrap, RSA-PKCS1v1.5) |
| 56 | + - Bounds checks for `TPM2_Packet_AppendPCR` count/sizeofSelect, ASN.1 BIT STRING length, X.509 version, BER indefinite length, `wolfTPM2_UnloadHandles` handle-range overflow |
| 57 | + - NULL-deref guards in `wolfTPM2_LoadRsaPrivateKey_ex`, `wolfTPM2_LoadEccPrivateKey`, `wolfTPM2_NVCreateAuthPolicy`, `wolfTPM2_EncryptDecryptBlock` (reject NULL IV for non-ECB, oversized IV) |
| 58 | + - Scaled AES key size to RSA key strength in `wolfTPM2_ImportRsaPrivateKeySeed`; scaled session AES key size to match authHash in `wolfTPM2_StartSession` |
| 59 | + - Return `BUFFER_E` instead of silently truncating auth values in `wolfTPM2_SetAuth`, `wolfTPM2_CreateKey`, `wolfTPM2_ChangeAuthKey`, `wolfTPM2_SetAuthHandleName`, `wolfTPM2_CreatePrimaryKey_ex`, `wolfTPM2_CreateLoadedKey`, `wolfTPM2_PolicyPassword` |
| 60 | + - Removed sensitive auth and key material from debug output; added `WOLFTPM_DEBUG_SECRETS` opt-in macro for developer-only printing |
| 61 | + - Moved auth size mismatch check outside `DEBUG_WOLFTPM` guard so it executes in all builds |
| 62 | +* Coverity and static analysis |
| 63 | + - New Coverity CI workflow (PR #444) |
| 64 | + - Fixed H-35, M-74, M-75 (PR #465) |
| 65 | + - DEADCODE CID 900621 and related fixes |
| 66 | +* CI improvements |
| 67 | + - Added ASan and UBSan sanitizers (PR #454) |
| 68 | + - Pedantic gcc and pedantic clang build matrices |
| 69 | + - macOS CI for fwTPM |
| 70 | + - Windows build support for fwTPM |
| 71 | + - Split hardware SPDM CI across multiple self-hosted runners |
| 72 | + - Added unit tests for name/hash KATs, KDFa test vectors (ATH/SECRET/DUPLICATE labels), ParamEnc/Dec roundtrip, persistent-handle range checks, `ComputeName`, `HashNvPublic`, `PolicyHash` boundary, policy auth value offset |
| 73 | +* Marshaling and packet fixes |
| 74 | + - `TPM_ALG_NULL` handling for `inScheme` serialization in Certify, CertifyCreation, Quote, GetSessionAuditDigest, GetCommandAuditDigest, GetTime, NV_Certify |
| 75 | + - Added `TPM2_Packet_AppendSymmetric`/`ParseSymmetric` for SYMCIPHER case |
| 76 | + - Fixed ECC ECDAA scheme serialization missing count field, RSA RSAES spurious hashAlg, `TPM2_Sign` ECDAA count |
| 77 | + - Added SM3_256 and SHA3 digest sizes to `TPM2_GetHashDigestSize` |
| 78 | + - Added ECSCHNORR and SM2 signature serialization |
| 79 | + - Added `kdf` field to `TPMT_KEYEDHASH_SCHEME` XOR serialization |
| 80 | + - Added `TPM2_Packet_ParseSensitive` counterpart and roundtrip test |
| 81 | + - Documented `pub->size` mutation side effect in `TPM2_Packet_AppendPublic` |
| 82 | +* Bug fixes |
| 83 | + - Fixed TLS ECDH curve mismatch in CI (PR #473) |
| 84 | + - Added missing `unistd.h` include causing regressions in wolfBoot tpmtools (PR #471) |
| 85 | + - Avoid nanosleep on non-Linux builds (PR #472) |
| 86 | + - Fixed MAX_CONTEXT_SIZE stack buffer in CSR PEM using heap for small-stack builds (PR #460) |
| 87 | + - Fixed AddressSanitizer warning for overlapping memcpy (use memmove) in wolfTPM2_USE_SW_ECDHE path |
| 88 | + - Proper guarding for `LINUX_DEV`, `SWTPM`, and `WINAPI` (PR #466) |
| 89 | + - Added error returns in `TPM2_IoCb_Zephyr_I2C` |
| 90 | + - Improved error logging when `wolfTPM2_Init` fails |
| 91 | + - Used `mp_to_unsigned_bin_len` (not `_ct`) for portability across wolfSSL builds |
| 92 | +* Deprecated / removed |
| 93 | + - OPENSTM32 platform support removed (PR #479) |
| 94 | + |
| 95 | + |
3 | 96 | ## wolfTPM Release 3.10.0 (Dec 4, 2025) |
4 | 97 |
|
5 | 98 | **Summary** |
|
0 commit comments