Keystores and Secure Elements supported by wolfSSL

When looking to store your cryptographic secrets, it is important to have a good platform to store them on. Even more important is the ease of accessing and using those secrets.

With wolfTPM, we have support for all TPM 2.0 APIs. Additionally, we provide the following wrappers:

• Key Generation/Loading
• RSA encrypt/decrypt
• ECC sign/verify
• ECDH
• NV storage
• Hashing/HACM
• AES
• Sealing/Unsealing
• Attestation
• PCR Extend/Quote
• Secure Root of Trust

In wolfTPM we already added support for the following platforms:

• Raspberry Pi (Linux)
• MMIO (Memory mapped IO)
• STM32 with CubeMX
• Atmel ASF
• Xilinx (Ultrascale+ / Microblaze)
• QNX
• Infineon TriCore (TC2xx/TC3xx)
• Barebox

These TPM (Trusted Platform Module) 2.0 modules are tested and running in the field:

• STM ST33TP* SPI/I2C
• Infineon OPTIGA SLB9670/SLB9672
• Microchip ATTPM20
• Nations Tech Z32H330TC
• Nuvoton NPCT650/NPCT750

We have our own wolfPKCS11 with support for TPM 2.0 using wolfTPM. We also offer support for PKCS11 to interface to various HSMs like:

• Infineon TriCore Aurix
• Renesas RH850
• ST SPC58

For direct Secure Element access, we have ports in wolfSSL for:

• ST-SAFE
• Microchip ATECC508/608
• Microchip TA100
• NXP SE050

Wolfcrypt has support for the following:

• NXP CAAM (Cryptographic Acceleration and Assurance Module) on i.MX6 (QNX), i.MX8 (QNX/Linux), RT1170 FreeRTOS
• Intel SGX
• ARM TrustZone CryptoCell 310
• MAXQ1065/1080 RNG
• MAX32665 and MAX32666 TPU (Trust Protection Unit)

For more detailed information on our supported hardware take a look at our Hardware Support list.

Wolfcrypt also can make use of PSA (Platform Security Architecture). This includes the following algorithms:

• hashes: SHA-1, SHA-224, SHA-256
• AES: AES-ECB, AES-CBC, AES-CTR, AES-GCM, AES-CCM
• ECDH PK callbacks (P-256)
• ECDSA PK callbacks (P-256)
• RNG

Another product of interest could be wolfBoot, which – as the name suggests – is a bootloader that can use an HSM (Hardware Security Module) for validation and verification. It also provides secure vaults accessible via PKCS#11 API and secured through the ARM TrustZone technology. WolfBoot also supports all of the TPMs and secure elements listed above, as it inherits all of wolfCrypt’s capabilities. WolfBoot can also be combined with wolfTPM to implement measured boot.

If you have questions, please feel free to contact us at facts@wolfSSL.com or +1 425 245 8247, or view our FAQ page.

Download wolfSSL Now