uncategorized wolftpm

wolfTPM Firmware TPM (fwTPM) Post-Quantum Release: Portable Software TPM 2.0 with ML-DSA and ML-KEM Support

shizuka

Post-Quantum Firmware TPM Is Here

wolfTPM’s firmware TPM (fwTPM) is available with post-quantum cryptography support added through the TCG TPM 2.0 Library Specification v1.85. fwTPM is wolfSSL’s portable software TPM 2.0 implementation, built on wolfCrypt and intended for products that need a TPM 2.0 interface without a discrete TPM chip. The post-quantum work merged in PR #445.

New v1.85 Commands in the fwTPM Server

The following post-quantum commands are now implemented in the fwTPM server:

Command Description

TPM2_Encapsulate ML-KEM key encapsulation

TPM2_Decapsulate ML-KEM key decapsulation

TPM2_SignSequenceStart ML-DSA signing of arbitrary-length messages

TPM2_SignSequenceComplete ML-DSA sign sequence completion

TPM2_VerifySequenceStart ML-DSA verification start

TPM2_VerifySequenceComplete ML-DSA verification completion

TPM2_SignDigest Hash-ML-DSA pre-hashed signing

TPM2_VerifyDigestSignature Hash-ML-DSA pre-hashed verification

Supported Parameter Sets

Algorithm FIPS Standard Parameter Sets

ML-DSA FIPS 204 ML-DSA-44 / 65 / 87

ML-KEM FIPS 203 ML-KEM-512 / 768 / 1024

Key Management and Persistence

Post-quantum primary keys are derived deterministically from the TPM hierarchy seed using KDFa, persist to non-volatile storage, survive TPM restart, and use the full TPM 2.0 authorization model. This preserves fwTPM’s existing cold-boot recovery model. PQC keys are managed through the same TPM 2.0 API as classical keys, with no special handling required from the application.

Embedded-First Design

The implementation preserves fwTPM’s existing operational profile:

**WOLFTPM_SMALL_STACK support**: Compatible with constrained stack environments

**No dynamic allocation in hot paths**: Ready for bare-metal, RTOS, and memory-constrained targets

**Portable transports**: mssim socket for local testing, TIS over shared memory or SPI/I2C, UART for serial-only devices

Target platforms include Linux, RTOS environments, and bare-metal Cortex-M class MCUs.

Target Platforms

Platform Notes

Linux User-space daemon with mssim or /dev/tpm0 interface

ARM Cortex-M33 Bare-metal (STM32L5, STM32U5, TrustZone-capable MCUs)

STM32 secure enclaves TrustZone-M partitions

RTOS FreeRTOS, Zephyr, ThreadX via wolfSSL’s RTOS abstraction

POSIX FreeBSD, QNX, VxWorks

When to Use a Firmware TPM

A firmware TPM is not a substitute for the physical tamper resistance of a discrete TPM in high-assurance roles. It is appropriate where discrete silicon is not available, not on the board, or has not yet shipped post-quantum support. With this release, products that fall into any of those cases can adopt ML-DSA and ML-KEM today through a software update.

Build Instructions

To enable post-quantum support, build wolfSSL with the following configuration:


# wolfSSL with PQC + keygen
./configure --enable-wolftpm --enable-pkcallbacks \
            --enable-keygen --enable-dilithium \
            --enable-mlkem --enable-experimental \
            --enable-harden CFLAGS="-DWC_RSA_NO_PADDING"
make && sudo make install

Then build wolfTPM with fwTPM and v1.85 support:


# wolfTPM with fwTPM + v1.85
./configure --enable-fwtpm --enable-pqc
make
make check

The end-to-end test exercises ML-DSA and ML-KEM round-trips against a running fwTPM server:


# Run fwTPM server
./examples/fwtpm/fwtpm_server &

# Run PQC end-to-end test
./examples/pqc/pqc_mssim_e2e

If you have questions about any of the above, please contact us at facts@wolfssl.com or call us at +1 425 245 8247.

Download wolfSSL Now