Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

wolfBoot TPM improvements #335

Merged
merged 8 commits into from
Aug 17, 2023
Merged

wolfBoot TPM improvements #335

merged 8 commits into from
Aug 17, 2023

Conversation

dgarske
Copy link
Contributor

@dgarske dgarske commented Aug 3, 2023
edited
Loading

  • Added TPM SPI wait state support and debug logging.
  • Added platform auth ownership (change platform password to random value before boot).
  • Added parameter encryption support.
  • Removed the TPM hashing feature (not practical).
  • Fixed RSA with wolfTPM build.
  • Fixed cleanup wolfTPM objects on make clean.
  • TPM based root of trust for public key. A hash of the public key is stored in NV with auth and lock in platform.

@dgarske dgarske self-assigned this Aug 3, 2023
danielinux
danielinux requested changes Aug 4, 2023
View reviewed changes
Copy link
Member

@danielinux danielinux left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice improvements to wolfTPM support!

Please adjust binary size at the bottom of tools/test.mk to pass size watermark tests

@dgarske dgarske force-pushed the secure_rot branch 6 times, most recently from a578a33 to 75930da Compare August 12, 2023 00:27
@dgarske
wolfBoot TPM improvements:
371834c 
* Added TPM SPI wait state support and debug logging.
* Added platform auth ownership (change platform password to random value before boot). Can be disabled using `WOLFBOOT_TPM_NO_CHG_PLAT_AUTH`.
* Added parameter encryption support.
* Added TPM based root of trust based on wolfSSL/wolfTPM#276
* Removed the TPM hashing feature (not practical).
* Fixed RSA with wolfTPM build.
* Fixed cleanup wolfTPM objects on make clean.
@dgarske
Fixes to get WOLFBOOT_TPM_KEYSTORE working with ECC SRK and Parameter…
e54015d 
… Encryption.
@dgarske
Fixes for measured boot.
f2012c3
@dgarske dgarske force-pushed the secure_rot branch 3 times, most recently from 94fd974 to 49fc4ec Compare August 15, 2023 23:08
@dgarske dgarske force-pushed the secure_rot branch 8 times, most recently from be28ee8 to 8d83f6e Compare August 16, 2023 22:59
@danielinux danielinux merged commit 0ee918f into wolfSSL:master Aug 17, 2023
52 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@danielinux danielinux danielinux approved these changes

Assignees

@danielinux danielinux

@dgarske dgarske

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@dgarske @danielinux