Add new Firmware TPM (fwTPM)

[dgarske]

Summary

• Add firmware TPM 2.0 server (fwTPM) implementing TPM 2.0 spec v1.38 (105/113 commands, 93% coverage)
• Spec-compliant primary key derivation: deterministic RSA (iterative KDFa prime generation), ECC (KDFa scalar, Q=d*G), KEYEDHASH/SYMCIPHER keys — same seed + template always produces the same key
• ChangePPS / ChangeEPS hierarchy commands with seed regeneration and cache flush
• NV storage with TLV journal format (flash-friendly, append-only)
• Socket (mssim) and TIS/SHM transports for desktop, UART transport for embedded
• STM32 Cortex-M33 bare-metal port with TrustZone (CMSE) support
• Shared crypto refactoring: extract KDFa/KDFe, AES-CFB, HMAC/Hash to tpm2_crypto.c
• Bounds-checked TPM2_Packet_ParseU16Buf variant for safer response parsing
• Auth validation: reject oversized auth values instead of silent truncation
• SIGTERM/SIGINT signal handler for graceful NV save on server kill

fwTPM Server

Core TPM 2.0 command processing in src/fwtpm/:

• fwtpm_command.c — 105 command handlers with full auth, sessions, parameter encryption
• fwtpm_nv.c — TLV journal NV storage (file-based default, HAL-abstracted for flash)
• fwtpm_io.c — Socket transport (mssim + swtpm protocol auto-detection)
• fwtpm_tis.c / fwtpm_tis_shm.c — TIS register interface via POSIX shared memory
• fwtpm_crypto.c — Key generation, sign/verify, seed encrypt/decrypt helpers
• Clock HAL with NV-persisted clockOffset

Build: ./configure --enable-fwtpm && make

Example: wolfSSL/wolftpm-examples#1

Primary Key Derivation (TPM 2.0 Part 1 Section 26)

• RSA: iterative KDFa prime generation with labels "RSA p" / "RSA q"
• ECC: KDFa scalar derivation, public point Q = d*G
• KEYEDHASH/SYMCIPHER: KDFa with algorithm-specific labels
• hashUnique = H(sensitiveCreate.data || unique) per Section 26.1
• Primary cache retained as performance optimization, no longer required for correctness

UART Transport (--enable-swtpm=uart)

New transport option for wolfTPM client library to communicate with embedded fwTPM over serial:

• ./configure --enable-swtpm=uart — uses termios serial I/O instead of TCP sockets
• TPM2_SWTPM_HOST env var selects serial device at runtime
• Same mssim protocol as socket transport (compatible with all wolfTPM examples)

Testing

• 311 tpm2-tools compatibility tests (scripts/tpm2_tools_test.sh)
• Full wolfTPM example suite (examples/run_examples.sh)
• libFuzzer harness with corpus generator (tests/fuzz/)
• m33mu Cortex-M33 emulator CI test (scripts/fwtpm_emu_test.sh)
• ASan / UBSan clean
• 20 CI matrix configurations (pedantic gcc/clang -Werror, sanitizers, feature-disable variants)

[wolfSSL-Fenrir-bot]

Fenrir Automated Review — PR #474

Scan targets checked: wolftpm-bugs, wolftpm-src

No new issues found in the changed files. ✅