* Added new `WOLFBOOT_TPM_SEAL` and `WOLFBOOT_TPM_SEAL_NV_BASE` config options.
* Added new `tools/tpm/policy_create` tool for assisting with creation of a policy digest. The sign keytool `--policy=file` signs the policy.
* Added new `WOLFBOOT_TPM_VERIFY` option to enable offloading of the asymmetric verification to the TPM. By default wolfCrypt will be used.
* Added example seal/unseal to update_flash for ARCH_SIM.
* Renamed `WOLFBOOT_TPM_KEYSTORE_NV_INDEX` to `WOLFBOOT_TPM_KEYSTORE_NV_BASE` to support multiple public keys.
* Refactored most TPM code into tpm.c.
* Refactored the keystore ROT to use new `wolfBoot_check_rot` API.
* Refactored the sign keytool to have a sign_digest function to allow signing firmware and policy for sealing/unsealing.
* Fix for make distclean && make using the wrong key tools.
* Update documentation for signing with `--no-sign`, as the key argument should not be supplied.
* Recommend `make keysclean` instead of distclean on keys mismatch.
* Renesas headings/readme link and white-space.
* Added Aarch64 boot/startup support
* Added configuration templates for Raspberry Pi 3 and Xilinx ZynqMP UltraScale+
* Added Xilinx Zynq QSPI bare-metal Driver
* Added `NO_XIP` option for full `ext_flash_*` API on all partitions
* Added Xilinx SDK Project Template
* Added support for DTS image partitions
* Added wolfBoot signing tool in Native C (`tools/keytools/sign.c`).
* Added libwolfboot functions `int wolfBoot_fallback_is_possible(void);` and `int wolfBoot_dualboot_candidate(void);`
* Performance improvement to only hash application firmware image once
David Garske
Daniele Lacamera