WolfSSL
/
wolfTPM
mirror of https://github.com/wolfSSL/wolfTPM.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Added NPCT75x Nuvoton support.

pull/102/head
David Garske 2020-07-13 09:54:00 -07:00
parent e1af7a3044
commit 30f2e644aa
6 changed files with 94 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
README.md
View File

@ -72,8 +72,8 @@ Tested with:
* Infineon OPTIGA (TM) Trusted Platform Module 2.0 SLB 9670.
* LetsTrust: http://letstrust.de (https://buyzero.de/collections/andere-platinen/products/letstrust-hardware-tpm-trusted-platform-module). Compact Raspberry Pi TPM 2.0 board based on Infineon SLB 9670.
* ST ST33TP* TPM 2.0 module (SPI and I2C)
* Microchip ATTPM20
* Nuvoton NPCT650 TPM2.0
* Microchip ATTPM20 module
* Nuvoton NPCT65X or NPCT75x TPM2.0 module
#### Device Identification
@ -95,6 +95,9 @@ Mfg NTZ (0), Vendor Z32H330, Fw 7.51 (419631892), FIPS 140-2 0, CC-EAL4 0
Nuvoton NPCT650 TPM2.0
Mfg NTC (0), Vendor rlsNPCT , Fw 1.3 (65536), FIPS 140-2 0, CC-EAL4 0
Nuvoton NPCT750 TPM2.0
TPM2: Caps 0x30000697, Did 0x00fc, Vid 0x1050, Rid 0x 1
Mfg NTC (0), Vendor NPCT75x"!!4rls, Fw 7.2 (131072), FIPS 140-2 1, CC-EAL4 0
## Building
@ -124,6 +127,7 @@ autogen.sh requires: automake and libtool: `sudo apt-get install automake libtoo
--enable-i2c Enable I2C TPM Support (default: disabled, requires advio) - WOLFTPM_I2C
--enable-mchp Enable Microchip TPM Support (default: disabled) - WOLFTPM_MCHP
WOLFTPM_TIS_LOCK Enable Linux Named Semaphore for locking access to SPI device for concurrent access between processes.
--enable-nuvoton Enable Nuvoton NPCT65x/NPCT75x Support (default: disabled) - WOLFTPM_NUVOTON
WOLFTPM_USE_SYMMETRIC Enables symmetric AES/Hashing/HMAC support for TLS examples.
WOLFTPM2_USE_SW_ECDHE Disables use of TPM for ECC ephemeral key generation and shared secret.
TLS_BENCH_MODE Enables TLS benchmarking mode.
@ -165,6 +169,13 @@ Build wolfTPM:
```
./autogen.sh
./configure --enable-mchp
### Building Nuvoton
Build wolfTPM:
```
./autogen.sh
./configure --enable-nuvoton
make
```
@ -369,6 +380,28 @@ ECDSA 256 verify 4 ops took 1.061 sec, avg 265.216 ms, 3.771 ops/sec
ECDHE 256 agree 6 ops took 1.055 sec, avg 175.915 ms, 5.685 ops/sec
```
Run on Nuvoton NPCT750 at 43MHz:
```
RNG 16 KB took 1.114 seconds, 14.368 KB/s
Benchmark symmetric AES-128-CBC-enc not supported!
Benchmark symmetric AES-128-CBC-dec not supported!
Benchmark symmetric AES-256-CBC-enc not supported!
Benchmark symmetric AES-256-CBC-dec not supported!
SHA1 120 KB took 1.012 seconds, 118.618 KB/s
SHA256 122 KB took 1.012 seconds, 120.551 KB/s
SHA384 120 KB took 1.003 seconds, 119.608 KB/s
RSA 2048 key gen 5 ops took 17.043 sec, avg 3408.678 ms, 0.293 ops/sec
RSA 2048 Public 134 ops took 1.004 sec, avg 7.490 ms, 133.517 ops/sec
RSA 2048 Private 15 ops took 1.054 sec, avg 70.261 ms, 14.233 ops/sec
RSA 2048 Pub OAEP 116 ops took 1.002 sec, avg 8.636 ms, 115.797 ops/sec
RSA 2048 Priv OAEP 15 ops took 1.061 sec, avg 70.716 ms, 14.141 ops/sec
ECC 256 key gen 12 ops took 1.008 sec, avg 84.020 ms, 11.902 ops/sec
ECDSA 256 sign 18 ops took 1.015 sec, avg 56.399 ms, 17.731 ops/sec
ECDSA 256 verify 26 ops took 1.018 sec, avg 39.164 ms, 25.533 ops/sec
ECDHE 256 agree 35 ops took 1.029 sec, avg 29.402 ms, 34.011 ops/sec
```
### TPM2 Native Tests
```

12
configure.ac
View File

@ -199,6 +199,16 @@ then
AM_CFLAGS="$AM_CFLAGS -DWOLFTPM_MCHP"
fi
# Nuvoton NPCT65x/NPCT75x
AC_ARG_ENABLE([nuvoton],
[AS_HELP_STRING([--enable-nuvoton],[Enable Nuvoton NPCT65x/NPCT75x TPM Support (default: disabled)])],
[ ENABLED_NUVOTON=$enableval ],
[ ENABLED_NUVOTON=no ]
)
if test "x$ENABLED_NUVOTON" = "xyes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFTPM_NUVOTON"
fi
# Infineon SLB9670
ENABLED_INFINEON=no
@ -243,6 +253,7 @@ AM_CONDITIONAL([BUILD_ST33], [test "x$ENABLED_ST33" = "xyes"])
AM_CONDITIONAL([BUILD_MCHP], [test "x$ENABLED_MCHP" = "xyes"])
AM_CONDITIONAL([BUILD_INFINEON], [test "x$ENABLED_INFINEON" = "xyes"])
AM_CONDITIONAL([BUILD_DEVTPM], [test "x$ENABLED_DEVTPM" = "xyes"])
AM_CONDITIONAL([BUILD_NUVOTON], [test "x$ENABLED_NUVOTON" = "xyes"])
@ -361,3 +372,4 @@ echo " * STM ST33: $ENABLED_ST33"
echo " * Microchip ATTPM20: $ENABLED_MCHP"
echo " * I2C: $ENABLED_I2C"
echo " * Linux kernel TPM device: $ENABLED_DEVTPM"
echo " * Nuvoton NPCT75x: $ENABLED_NUVOTON"

4
examples/tpm_io.c
View File

@ -68,9 +68,13 @@
#elif defined(WOLFTPM_ST33)
/* STM ST33HTPH SPI uses CE0 */
#define TPM2_SPI_DEV "/dev/spidev0.0"
#elif defined(WOLFTPM_NUVOTON)
/* Nuvoton NPCT75x uses CE0 */
#define TPM2_SPI_DEV_CS "0"
#else
/* OPTIGA SLB9670 and LetsTrust TPM use CE1 */
#define TPM2_SPI_DEV "/dev/spidev0.1"
#define TPM2_SPI_DEV "/dev/spidev0."TPM2_SPI_DEV_CS
#endif
#endif

12
src/tpm2_wrap.c
View File

@ -278,9 +278,19 @@ static int wolfTPM2_ParseCapabilities(WOLFTPM2_CAPS* caps,
}
else if (XMEMCMP(&caps->mfgStr, "STM", 3) == 0) {
caps->mfg = TPM_MFG_STM;
caps->req_wait_state = 1;
}
else if (XMEMCMP(&caps->mfgStr, "MCHP", 4) == 0) {
caps->mfg = TPM_MFG_MCHP;
caps->req_wait_state = 1;
}
else if (XMEMCMP(&caps->mfgStr, "NTC", 4) == 0) {
caps->mfg = TPM_MFG_NUVOTON;
caps->req_wait_state = 1;
}
else if (XMEMCMP(&caps->mfgStr, "NTZ", 4) == 0) {
caps->mfg = TPM_MFG_NATIONTECH;
caps->req_wait_state = 1;
}
break;
case TPM_PT_VENDOR_STRING_1:
@ -304,7 +314,7 @@ static int wolfTPM2_ParseCapabilities(WOLFTPM2_CAPS* caps,
caps->fwVerMinor = val & 0xFFFF;
break;
case TPM_PT_FIRMWARE_VERSION_2:
if (caps->mfg == TPM_MFG_INFINEON) {
if (caps->mfg == TPM_MFG_INFINEON || caps->mfg == TPM_MFG_NUVOTON) {
caps->fwVerVendor = val >> 8;
caps->cc_eal4 = (val & 0x00000002) ? 0 : 1;
}

38
wolftpm/tpm2_types.h
View File

@ -155,13 +155,19 @@ typedef int64_t INT64;
/* Microchip ATTPM20 */
/* #define WOLFTPM_MCHP */
/* Nuvoton NPCT75x TPM 2.0 module */
/* #define WOLFTPM_NUVOTON */
/* Infineon SLB9670 TPM 2.0 (default) */
/* #define WOLFTPM_SLB9670 */
#if !defined(WOLFTPM_ST33) && !defined(WOLFTPM_MCHP) && !defined(WOLFTPM_SLB9670)
/* Define a default chip */
#if !defined(WOLFTPM_ST33) && !defined(WOLFTPM_MCHP) && \
!defined(WOLFTPM_NUVOTON) && !defined(WOLFTPM_SLB9670)
#define WOLFTPM_SLB9670
#endif
/* Chip Specific Settings */
#ifdef WOLFTPM_MCHP
/* Microchip ATTPM20 */
@ -169,25 +175,39 @@ typedef int64_t INT64;
#ifndef WOLFTPM_CHECK_WAIT_STATE
#define WOLFTPM_CHECK_WAIT_STATE
#endif
/* Max: 36MHz (has issues so using 33MHz) */
#define TPM2_SPI_MAX_HZ_MICROCHIP 33000000
#ifndef TPM2_SPI_MAX_HZ
/* Max: 36MHz (has issues so using 33MHz) */
#define TPM2_SPI_MAX_HZ 33000000
#define TPM2_SPI_MAX_HZ TPM2_SPI_MAX_HZ_MICROCHIP
#endif
#elif defined(WOLFTPM_ST33)
/* ST33TPM20 modules */
/* ST ST33TPM20 modules */
/* Requires wait state support */
#ifndef WOLFTPM_CHECK_WAIT_STATE
#define WOLFTPM_CHECK_WAIT_STATE
#endif
/* Max: 33MHz */
#define TPM2_SPI_MAX_HZ_ST 33000000
#ifndef TPM2_SPI_MAX_HZ
/* Max: 33MHz */
#define TPM2_SPI_MAX_HZ 33000000
#define TPM2_SPI_MAX_HZ TPM2_SPI_MAX_HZ_ST
#endif
#else
/* OPTIGA SLB9670 */
#elif defined(WOLFTPM_NUVOTON)
/* Nuvoton NPCT75x module */
/* Requires wait state support */
#ifndef WOLFTPM_CHECK_WAIT_STATE
#define WOLFTPM_CHECK_WAIT_STATE
#endif
#define TPM2_SPI_MAX_HZ_NUVOTON 43000000
#ifndef TPM2_SPI_MAX_HZ
/* Max: 43MHz */
#define TPM2_SPI_MAX_HZ 43000000
#define TPM2_SPI_MAX_HZ TPM2_SPI_MAX_HZ_NUVOTON
#endif
#else
/* Infineon OPTIGA SLB9670 */
/* Max: 43MHz */
#define TPM2_SPI_MAX_HZ_INFINEON 43000000
#ifndef TPM2_SPI_MAX_HZ
#define TPM2_SPI_MAX_HZ TPM2_SPI_MAX_HZ_INFINEON
#endif
#endif

3
wolftpm/tpm2_wrap.h
View File

@ -81,6 +81,8 @@ typedef enum WOLFTPM2_MFG {
TPM_MFG_INFINEON,
TPM_MFG_STM,
TPM_MFG_MCHP,
TPM_MFG_NUVOTON,
TPM_MFG_NATIONTECH,
} WOLFTPM2_MFG;
typedef struct WOLFTPM2_CAPS {
WOLFTPM2_MFG mfg;
@ -94,6 +96,7 @@ typedef struct WOLFTPM2_CAPS {
/* bits */
word16 fips140_2 : 1; /* using FIPS mode */
word16 cc_eal4 : 1; /* Common Criteria EAL4+ */
word16 req_wait_state : 1; /* requires SPI wait state */
} WOLFTPM2_CAPS;
/* NV Handles */