Release v3.2.0 prep.

2024-04-14 09:33:14 +02:00 · 2024-04-14 09:33:14 +02:00 · 4157ed5689
parent 1126c2ebfc
commit 4157ed5689
5 changed files with 74 additions and 12 deletions
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@ -21,7 +21,7 @@

 cmake_minimum_required(VERSION 3.16)

-project(wolfTPM VERSION 3.1.0 LANGUAGES C)
+project(wolfTPM VERSION 3.2.0 LANGUAGES C)

 set(CMAKE_RUNTIME_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/bin)
 set(WOLFTPM_DEFINITIONS)
--- a/ChangeLog.md
+++ b/ChangeLog.md
@ -1,5 +1,68 @@
 # Release Notes

+## wolfTPM Release 3.2.0 (Apr 24, 2024)
+
+**Summary**
+
+Added TPM Firmware update support (Infineon SLB9672/SLB9673). Added support for pre-provisioned device identity keys/certificates (STMicro ST33). Fixed issue with sealing secret to prevent `userWithAuth` by default. Expanded the TPM get capabilities support.
+
+**Detail**
+
+* Added new API `wolfTPM2_NVCreateAuthPolicy` for allowing NV creation with policy (PR #344)
+* Added Infineon firmware update recovery support (PR #342)
+* Added support for Infineon Firmware upgrade (PR #339)
+  - Added support for Infineon SLB9672/SLB9673 Firmware upgrade (see examples/firmware/README.md)
+  - Added Infineon Modus Toolbox support. See `wolfssl/IDE/Infineon/README.md` for setup instructions.
+  - Added support for Infineon CyHal I2C support.
+  - Added Firmware extraction tool
+  - Added Firmware update example application `examples/firmware/ifx_fw_update`.
+  - Added support for vendor capabilities `TPM_CAP_VENDOR_PROPERTY`.
+  - Added `XSLEEP_MS` macro for firmware update delay.
+  - Added support for getting key group id, operational mode and update counts.
+  - Added support for abandoning an update.
+  - Added support for firmware update done, but not finalized
+  - Added Infineon CyHal SPI support.
+  - Fixed auto-detect to not define SLB9672/SLB9673.
+* Fixed TLS examples to not use openssl compatibility macros (PR #341)
+* Added ST33 support for pre-provisioned device identity key and certificate (PR #336)
+  - Added support for pre-provisioned TPM using the "TPM 2.0 Keys for Device Identity and Attestation" specification. See build macro: `WOLFTPM_MFG_IDENTITY`.
+  - Added example for using TPM pre-provisioned device identity to TLS client example.
+  - Fixed ST33 vendor command to enable command codes (TPM2_SetCommandSet) (it requires platform auth to be set).
+  - Added benchmarks for new ST33KTPM2XI2C.
+  - Fixed 0x1XX error code parsing.
+  - Fixed ST33 part descriptions.
+  - Updated example certificates.
+* Fixes for building wolfTPM examples with `NO_FILESYSTEM` (PR #338)
+* Fixed crypto callback hashing return code initialization (PR #334)
+* Updated documentation for Infineon SLB9673 (I2C) (PR #337)
+* Fixed Documentation references for generated user manual (PR #335)
+* Fixed netdb.h include (PR #333)
+* Fixes for building with "-Wpedantic" (PR #332)
+* Added new API `wolfTPM2_GetHandles` to get list of handles from the TPM capabilities. (PR #328)
+* Fixed config.h, which should only be included from .c files, not headers. (PR #330/#331)
+* Fixed CMake tests (PR #329)
+* Fixed and improved secret sealing/unsealing (PR #327)
+  - Do not set userWithAuth by default when creating sealed objects. That flag allows password auth for the sealed object. Without the flag it only allows policy auth.
+  - Allow setting policy auth with flags.
+  - Fix secret_unseal to use policy session and valid sealed name.
+  - Added expected failure test cases for seal/unseal with policy.
+  - Improve the run_examples.sh script
+* Improved types for htons and byte swap (PR #326)
+  - Match byte swap logic with wolfSSL (use WOLF_ALLOW_BUILTIN).
+  - Remove unused `XHTONS` and `arpa/inet.h`.
+* Improved STMicro product naming (PR #325)
+* Improved the STM32Cube template (PR #324)
+  - Setup so next pack can add small stack and transport options: `WOLFTPM_CONF_SMALL_STACK` and `WOLFTPM_CONF_TRANSPORT` (0=SPI, 1=I2C).
+* Fixed build error with missing `wc_RsaKeyToPublicDer_ex` (PR #323)
+* Improved the ECC macro checks for `wc_EccPublicKeyToDer` (PR #323)
+* Added PKCS7 ECC support to example (PR #322)
+  - Added wrapper function to export TPM public key as DER/ASN.1 or PEM.
+  - Fixed for crypto callback ECC sign to handle getting keySz for unknown cases (like PKCS7 without privateKey set).
+* Added expanded key template and cleanups (PR #321)
+  - Fixed mixed variable declaration.
+  - Added _ex version for GetKeyTemplate RSA/ECC to allow setting all template parameters.
+
+
 ## wolfTPM Release 3.1.0 (Dec 29, 2023)

 **Summary**
--- a/configure.ac
+++ b/configure.ac
@ -3,7 +3,7 @@
 # All right reserved.

 AC_COPYRIGHT([Copyright (C) 2014-2021 wolfSSL Inc.])
-AC_INIT([wolftpm],[3.1.0],[https://github.com/wolfssl/wolfTPM/issues],[wolftpm],[http://www.wolfssl.com])
+AC_INIT([wolftpm],[3.2.0],[https://github.com/wolfssl/wolfTPM/issues],[wolftpm],[http://www.wolfssl.com])

 AC_PREREQ([2.63])
 AC_CONFIG_AUX_DIR([build-aux])
@ -28,18 +28,17 @@ AC_ARG_PROGRAM

 AC_CONFIG_HEADERS([src/config.h])

-WOLFTPM_LIBRARY_VERSION=16:1:0
+WOLFTPM_LIBRARY_VERSION=16:2:0
 #                        | | |
 #                 +------+ | +---+
 #                 |        |     |
 #                current:revision:age
 #                 |        |     |
-#                 |        |     +- increment if interfaces have been added
-#                 |        |        set to zero if interfaces have been removed
-#                 |        |        or changed
-#                 |        +- increment if source code has changed
-#                 |           set to zero if current is incremented
-#                 +- increment if interfaces have been added, removed or changed
+#                 |        |     +- increment if source code has changed
+#                 |        |        set to zero if [current] or [revision] is incremented
+#                 |        +- increment if interfaces have been added
+#                 |           set to zero if [current] is incremented
+#                 +- increment if interfaces have been removed or changed
 AC_SUBST([WOLFTPM_LIBRARY_VERSION])


--- a/examples/tls/tls_server.c
+++ b/examples/tls/tls_server.c
@ -57,7 +57,7 @@ static int mStop = 0;
 * This example server listens on port 11111 by default, but can be set at
 * build-time using `TLS_PORT`.
 *
- * By default this example will loads RSA keys unless RSA is disabled (NO_RSA)
+ * By default this example will load RSA keys unless RSA is disabled (NO_RSA)
 * or the TLS_USE_ECC build option is used.
 *
 * You can validate using the wolfSSL example client this like:
--- a/wolftpm/version.h
+++ b/wolftpm/version.h
@ -34,8 +34,8 @@
 extern "C" {
 #endif

-#define LIBWOLFTPM_VERSION_STRING "3.1.0"
-#define LIBWOLFTPM_VERSION_HEX 0x03001000
+#define LIBWOLFTPM_VERSION_STRING "3.2.0"
+#define LIBWOLFTPM_VERSION_HEX 0x03002000

 #ifdef __cplusplus
 }