TPM device support

[itsManjeet]

Hi Team,

We’re exploring how to integrate TPM (Trusted Platform Module) capabilities into libspdm.
The goal is to enable libspdm to perform signing, verification, measurement collection, and certificate retrieval directly through a TPM device node.

This work is still experimental — at this stage, we aim to understand how to structure and align TPM-related APIs within libspdm’s architecture.

---

Current Work

PR - #3285 and DMTF/spdm-emu#436

We’ve introduced a preliminary implementation under:

os_stub/spdm_device_secret_lib_tpm/

that can be enabled via CMake option -D DEVICE=tpm

and TPM specific implementation in

os_stub/spdm_device_secret_lib_tpm/crypto_stub.c

This is currently a sample TPM device stub, not a complete implementation.
It serves as a scaffold to evaluate how TPM-backed operations can integrate with libspdm’s existing cryptographic and platform layers.

We are currently assessing where these new APIs should live and how to interface with existing components:

• Should TPM API hooks at crypto_stub.c remain under os_stub/spdm_device_secret_lib_tpm only, or integrate into:

  • cryptlib_openssl/
  • openssl/
    or may be
  • platform_lib/

for following TPM APIs implementation

• void libspdm_tpm_device_init();
• bool libspdm_tpm_get_private_key(const char *handle, void **context);
• bool libspdm_tpm_get_public_key(const char* handle, void **context);
• bool libspdm_tpm_get_measurement(...);

and since openssl APIs for EC are provider aware we can use context directly with spdm crypto libraries eg libspdm_req_asym_sign_hash like one implemented in os_stub/spdm_device_secret_lib_tpm/sign.c

[steven-bellock]

As discussed in the meeting, it is fine to make it OpenSSL-specific for now. Later on we can make the code more generic if needed.

[itsManjeet]

Hi Team,

Following up on the earlier message, We now have a draft setup to test where:

• CHALLENGE_AUTH signatures are done directly by the TPM
• Keys and certificates live inside the TPM

Limitation for now...

• Only EC256 is supported for now
• No intermediate certs (just root_ca → device_cert)

How to try it out

1. Set up a TPM emulator

Either option works:

• QEMU + swtpm
  https://github.com/tompreston/qemu-ovmf-swtpm

• UTM with TPM enabled (this is what I used)
  https://docs.getutm.app/settings-qemu/qemu/#tpm-20-device

2. Build spdm-emu with TPM enabled

Need to have following packages installed

• tpm2-tss
• tpm2-tools
• tpm2-openssl

Use the updated spdm-emu PR and configure with:

-DDEVICE=tpm

Instead of running make copy_sample_key, run:

cd build/bin
../../scripts/setup-tpm.sh --cleanup

This script sets up TPM NV indices and handles:

• root CA: cert at 0x1500021, key at 0x81000001
• requester: cert at 0x1500022, key at 0x81000002
• responder: cert at 0x1500023, key at 0x81000003

and for now we need to copy tpm2.so from ${OSS_MODULESDIR} to build/bin/, not needed after 3367
OSS_MODULES_DIR for debian is /usr/lib/<arch>-linux-gnu/oss-modules/ and for arch /usr/lib/oss-modules

After that, just run the requester and responder emulators as usual.

Files to review

• os_stub/cryptlib_openssl/tpm/tpm.c
• os_stub/spdm_device_secret_lib_tpm/read_pub_cert.c
• os_stub/spdm_device_secret_lib_tpm/sign.c

[itsManjeet]

Steps to Test TPM support in libspdm using spdm-emu

TPM-backed support has been implemented and validated in libspdm for the following SPDM flows:

• GET_CERTIFICATE
• CHALLENGE_AUTH
• GET_MEASUREMENT
• KEY_EXCHANGE

The relevant TPM-specific changes are in:

• os_stub/spdm_device_secret_lib_tpm/read_pub_cert.c
• os_stub/spdm_device_secret_lib_tpm/chal.c
• os_stub/spdm_device_secret_lib_tpm/meas.c
• os_stub/spdm_device_secret_lib_tpm/sign.c

These changes follow the high-level SPDM + TPM interaction diagram.

Testing with spdm-emu

Testing is done using spdm-emu with TPM support enabled via
PR: DMTF/spdm-emu#444

Build configuration:

-DDEVICE=tpm -DLIBSPDM_TPM_SUPPORT=ON

The PR also provides scripts/setup-tpm.sh, which supports swtpm for safe testing without requiring access to a hardware TPM.

Setup steps

cd build/bin
../../scripts/setup-tpm.sh --cleanup --start-swtpm

This script provisions the following TPM persistent objects and NV indices:

Keys / Contexts

ROOT_CTX  = 0x81000000
ROOT_KEY  = 0x81000001
REQU_CTX  = 0x81000010
REQU_KEY  = 0x81000011
RESP_CTX  = 0x81000020
RESP_KEY  = 0x81000021

Certificates / NV Indices

ROOT_CERT         = 0x1500000
REQU_CERT         = 0x1500010
RESP_CERT         = 0x1500020
REQU_CERT_CHAIN   = 0x1500011
RESP_CERT_CHAIN   = 0x1500021

The script also exports the required environment variables for swtpm usage:

export TPM2TOOLS_TCTI="swtpm:port=2321"

Then start the responder:

./spdm_responder_emu

Additional requirements

• swtpm
• tpm2-tools
• OpenSSL TPM provider / modules

Depending on the system, OpenSSL TPM support may need:

export OPENSSL_MODULES=/usr/lib/aarch64-linux-gnu/ssl-modules

This setup allows end-to-end validation of TPM-backed SPDM flows entirely in software, without touching a physical TPM device.