Add fwtpm SPDM support#510
Merged
Merged
Conversation
aidangarske
added a commit
to aidangarske/wolfTPM
that referenced
this pull request
May 23, 2026
- fwtpm_main: identity-key gen zero+left-pads ECC export buffers (wc_ecc may trim leading zeros), use wc_ForceZero on tmp scratch. - spdm_responder: move static 4KB working buffers (plain/respPlain, payload/respPayload) into WOLFSPDM_RESP_CTX so concurrent contexts don't share working memory. - spdm_responder: hoist 'derivedAppKeys' out of mid-block declaration (C89 violation on stricter toolchains). - fwtpm_io: WOLFSPDM_E_FRAMING return now drops the TCP connection per the responder API contract, instead of swallowing it as TPM_RC_FAILURE. - fwtpm_io: trim SPDMONLY-lock comment to match actual allowlist (GetCapability only). - configure.ac: reject --enable-psk --disable-tcg (PSK uses TCG framing). - spdm-test.yml: drop spdm-psk-only build entry — now intentionally rejected by configure.
dgarske
requested changes
Jun 3, 2026
Member
dgarske
left a comment
dgarske
left a comment
There was a problem hiding this comment.
Very nice work!
- BLOCKER (ASCII rule): ~31 added lines across 15 files have Unicode em-dashes/arrows in comments (spdm_responder.c ×8, fwtpm_main.c ×5, …). Mechanical fix; violates your RULES.md.
- Doc: "SPDM 1.8.4" — the PR title and both READMEs say "SPDM 1.8.4 responder," but the code negotiates protocol 1.3 (SPDM_VERSION_13); 1.8.4 isn't a valid SPDM version. The exploration had repeated "1.8.4" uncritically.
- LOW (recommended): PSK_CLR auth compare at spdm_responder.c:957 uses XMEMCMP (plain memcmp) while the sibling HMAC paths use a constant-time XOR loop. The exploration claimed this line was constant-time — it isn't. Low severity (digest compare) but inconsistent with the project rule.
Plus two smaller doc items: README says "8" CI permutations but there are 7 (fwtpm/README.md:177), and the root README omits SPDM entirely despite it being a v4.0.0 headline alongside fwTPM/PQC.
dgarske
approved these changes
Jun 3, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
SPDM 1.8.4 responder in
fwtpm_server(TCG cert + DSP0274 PSK) so theSPDM stack can be tested end-to-end without real silicon. New CI
spdm-test.ymlto replaces the self-hosted-Pigate for simulator coverage; existing
hw-spdm-test.ymlstays for realhardware.
Configure:
--enable-fwtpm --enable-spdm --enable-tcg --enable-psk.Vendor flags optional (
--enable-nuvoton,--enable-nationsforvendor wire-format adapters). Spec code gated on spec flags, vendor
adapters on vendor flags.
Test plan