Skip to content

Code size reduction options #447

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
dgarske wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Code size reduction options #447

dgarske wants to merge 2 commits into from

Conversation

@dgarske
Copy link
Contributor

@dgarske dgarske commented Jan 5, 2026

Add Command Group Options for Code Size Reduction

Adds compile-time options to exclude groups of TPM2 commands, reducing code size for bare-metal and safety-critical applications.

New Build Options

Option Configure Flag Description
WOLFTPM_NO_NV --disable-nv Exclude NV storage commands
WOLFTPM_NO_PCR_POLICY --disable-pcr-policy Exclude PCR and Policy commands
WOLFTPM_NO_ATTESTATION --disable-attestation Exclude Quote/Certify/GetTime commands

All options default to enabled for backward compatibility.

@dgarske dgarske self-assigned this Jan 5, 2026
@dgarske dgarske assigned wolfSSL-Bot and embhorn and unassigned dgarske Jan 7, 2026
@dgarske dgarske requested a review from embhorn January 7, 2026 00:09
embhorn
embhorn reviewed Jan 7, 2026
View reviewed changes
Copy link
Member

@embhorn embhorn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just a few minor questions...

examples/keygen/keygen.c
}

#ifndef WOLFTPM_NO_PCR_POLICY
if (endorseKey) {
Copy link
Member

@embhorn embhorn Jan 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

if endorseKey is set, should this be an error?

Copy link
Member

@embhorn embhorn Jan 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

With ./configure --enable-devtpm --enable-debug --disable-pcr-policy

./examples/keygen/keygen -eh
TPM2.0 Key generation example
	Key Blob: keyblob.bin
	Algorithm: RSA
	Template: AIK
	SRK: RSA
	Use Parameter Encryption: NULL
TPM2: Caps 0x00000000, Did 0x0000, Vid 0x0000, Rid 0x 0 
TPM2_CreatePrimary: 0x80000000 (314 bytes)
RSA AIK template
Creating new RSA key...
TPM2_Create key failed 303: TPM_RC_AUTH_UNAVAILABLE: The authValue or authPolicy is not available for selected entity
wolfTPM2_CreateKey failed

Failure 0x12f: TPM_RC_AUTH_UNAVAILABLE: The authValue or authPolicy is not available for selected entity

TPM2_FlushContext: Closed handle 0x80000000

CMakeLists.txt
list(APPEND WOLFTPM_DEFINITIONS
"-DWOLFTPM_NO_ATTESTATION")
endif()

Copy link
Member

@embhorn embhorn Jan 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does it make sense to add conditions to the examples build section, as is done with the include.am instructions?

@dgarske dgarske self-assigned this Jan 7, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@embhorn embhorn embhorn left review comments

At least 1 approving review is required to merge this pull request.

Assignees

@dgarske dgarske

@wolfSSL-Bot wolfSSL-Bot

@embhorn embhorn

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@dgarske @embhorn @wolfSSL-Bot