When looking to store your cryptographic secrets, it is important to have a good platform to store them on. Even more important is the ease of accessing and using those secrets. With wolfTPM, we have support for all TPM 2.0 APIs. Additionally, we provide the following wrappers:

Key Generation/Loading RSA encrypt/decrypt ECC sign/verify ECDH NV storage Hashing/HACM AES Sealing/Unsealing Attestation PCR Extend/Quote Secure Root of Trust TPM firmware update (STMicro ST33KTPM2X and Infineon SLB9672/SLB9673)

In wolfTPM we already added support for the following platforms:

Raspberry Pi (Linux) MMIO (Memory mapped IO) STM32 with CubeMX Atmel ASF Xilinx (Ultrascale+ / Microblaze) QNX Infineon TriCore (TC2xx/TC3xx) Barebox Espressif ESP-IDF Zephyr RTOS Das U-Boot Bootloader Microchip I2C bit-bang HAL Yocto Linux TPM Resource Manager (/dev/tpmrmX)

These TPM (Trusted Platform Module) 2.0 modules are tested and running in the field:

STM ST33TP* SPI/I2C Infineon OPTIGA SLB9670 Infineon OPTIGA SLB9672 Infineon OPTIGA SLB9673 Microchip ATTPM20 Nations Tech Z32H330TC Nations Tech NS350 Nuvoton NPCT650/NPCT750

We have our own wolfPKCS11 with support for TPM 2.0 using wolfTPM. We also offer support for PKCS11 to interface to various HSMs like:

Infineon TriCore Aurix Renesas RH850 ST SPC58 Analog Devices MAXQ10xx Secure Element STMicro STM32U5 DHUK (Derived Hardware Unique Key) for key wrapping operation

That said, it is important to note that PKCS11 is a standardized protocol. We support anything that supports it. We have ports in wolfSSL via the PK Callbacks:

ST-SAFE A100 A110 A120 Microchip ATECC508/608 Microchip TA100 NXP SE050 GSMA IoT-Safe applet on SIM/eSIM cards ARM PSA Analog Devices MAXQ10xx Secure Element Analog Devices MAX32666 Renesas TSIP RX65N Renesas TSIP RX72N Renesas SCE RA2 Renesas SCE RA4 Renesas SCE RA6 Renesas RSIP RA6 Renesas RSIP RA8 Renesas RSIP RZx

We have ports in wolfcrypt via the cryptocb callbacks:

NXP CAAM (Cryptographic Acceleration and Assurance Module) on i.MX6 (QNX), i.MX8 (QNX/Linux), RT1170 (FreeRTOS) Intel QuickAssist DH8950 Intel QuickAssist DH8970 Intel SGX Cavium/Marvell Octeon III CN73XX ARM TrustZone CryptoCell 310 MAXQ1065/1080 MAX32665 and MAX32666 TPU (Trust Protection Unit) Renesas TSIP RX65N Renesas TSIP RX72N Renesas SCE RA2 Renesas SCE RA4 Renesas SCE RA6 Renesas RSIP RA6 Renesas RSIP RA8 Renesas RSIP RZx Tropic Square TROPIC01

Wolfcrypt also can make use of PSA (Platform Security Architecture). This includes the following algorithms:

hashes: SHA-1, SHA-224, SHA-256 AES: AES-ECB, AES-CBC, AES-CTR, AES-GCM, AES-CCM ECDH PK callbacks (P-256) ECDSA PK callbacks (P-256) RNG

And finally, our newest product, wolfHSM, supports the following architectures:

Infineon Aurix TC3xx Renesas RH850 F1KM ST SPC58NN ST Stellar G TI TDA4 Infineon Aurix TC4x Infineon Traveo T2G Microchip PIC32CZ and PIC32CK NXP S32G and S32N Renesas RH850/U2A Renesas RL78

Another product of interest could be wolfBoot, which – as the name suggests – is a bootloader that can use an HSM (Hardware Security Module) for validation and verification. It also provides secure vaults accessible via PKCS#11 API and secured through the ARM TrustZone technology. WolfBoot also supports all of the TPMs and secure elements listed above, as it inherits all of wolfCrypt’s capabilities. WolfBoot can also be combined with wolfTPM to implement measured boot.

If you have questions about any of the above, please contact us at facts@wolfssl.com or call us at +1 425 245 8247.

Download wolfSSL Now