From 5332caffb9dcd195e73229f17b3250845d0fe20c Mon Sep 17 00:00:00 2001 From: David Garske Date: Mon, 16 Dec 2024 16:13:27 -0800 Subject: [PATCH 1/3] Fix spelling and update list of supported TPM's. --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index d5abe468..39fc78bb 100644 --- a/README.md +++ b/README.md @@ -7,7 +7,7 @@ Portable TPM 2.0 project designed for embedded use. * This implementation provides all TPM 2.0 API's in compliance with the specification. * Wrappers provided to simplify Key Generation/Loading, RSA encrypt/decrypt, ECC sign/verify, ECDH, NV, Hashing/HACM, AES, Sealing/Unsealing, Attestation, PCR Extend/Quote and Secure Root of Trust. -* Testing done using TPM 2.0 modules from STMicro ST33 (SPI/I2C), Infineon OPTIGA SLB9670/SLB9672, Microchip ATTPM20, Nations Tech Z32H330TC/NS350 and Nuvoton NPCT650/NPCT750. +* Testing done using TPM 2.0 modules from STMicro ST33 (SPI/I2C), Infineon OPTIGA SLB9670/SLB9672/SLB9673, Microchip ATTPM20, Nations Tech Z32H330TC/NS350 and Nuvoton NPCT650/NPCT750. * wolfTPM uses the TPM Interface Specification (TIS) to communicate either over SPI, or using a memory mapped I/O range. * wolfTPM can also use the Linux TPM kernel interface (`/dev/tpmX`) to talk with any physical TPM on SPI, I2C and even LPC bus. * Platform support for Raspberry Pi (Linux), MMIO, STM32 with CubeMX, Atmel ASF, Xilinx, QNX Infineon TriCore and Barebox. @@ -31,7 +31,7 @@ Portable TPM 2.0 project designed for embedded use. * Time signed or set * PCR read/reset * GPIO configure, read and write. - * Endrosement Key/Cert retreival and validation. + * Endorsement Key/Cert retrieval and validation. * Parameter encryption support using AES-CFB or XOR. * Support for salted unbound authenticated sessions. * Support for HMAC Sessions. From 3c5c5123f846c124a7bf53b004de08ce2ee2bd7b Mon Sep 17 00:00:00 2001 From: David Garske Date: Fri, 20 Dec 2024 13:15:01 -0800 Subject: [PATCH 2/3] Improve TPM NV write debug logging (show before). --- src/tpm2_wrap.c | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/src/tpm2_wrap.c b/src/tpm2_wrap.c index 4ac57e02..686c0914 100644 --- a/src/tpm2_wrap.c +++ b/src/tpm2_wrap.c @@ -4564,13 +4564,6 @@ static int wolfTPM2_NVWriteData(WOLFTPM2_DEV* dev, WOLFTPM2_SESSION* tpmSession, XMEMCPY(in.write.data.buffer, &dataBuf[pos], towrite); if (!extend) { in.write.offset = offset+pos; - rc = TPM2_NV_Write(&in.write); - } - else { - rc = TPM2_NV_Extend(&in.extend); - } - if (rc != TPM_RC_SUCCESS) { - break; } #ifdef DEBUG_WOLFTPM @@ -4580,6 +4573,16 @@ static int wolfTPM2_NVWriteData(WOLFTPM2_DEV* dev, WOLFTPM2_SESSION* tpmSession, in.write.offset, in.write.data.size, extend); #endif + if (!extend) { + rc = TPM2_NV_Write(&in.write); + } + else { + rc = TPM2_NV_Extend(&in.extend); + } + if (rc != TPM_RC_SUCCESS) { + break; + } + pos += towrite; dataSz -= towrite; } From 4b80e9292b0f319cc1e24d865d60ff25a204bed1 Mon Sep 17 00:00:00 2001 From: David Garske Date: Thu, 2 Jan 2025 15:04:55 -0800 Subject: [PATCH 3/3] Fix for possible missing `wc_GetPkcs8TraditionalOffset`. --- src/tpm2_wrap.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/tpm2_wrap.c b/src/tpm2_wrap.c index 686c0914..e4d64026 100644 --- a/src/tpm2_wrap.c +++ b/src/tpm2_wrap.c @@ -2822,8 +2822,10 @@ int wolfTPM2_DecodeRsaDer(const byte* der, word32 derSz, rc = wc_InitRsaKey(key, NULL); if (rc == 0) { idx = 0; + #ifdef HAVE_PKCS8 /* skip PKCS8 header */ (void)wc_GetPkcs8TraditionalOffset((byte*)der, &idx, derSz); + #endif rc = wc_RsaPrivateKeyDecode(der, &idx, key, derSz); if (rc == 0) { isPrivateKey = 1;