Add ms-tpm external component
Add external component for ms-tpm-20-ref repo [1]. The commit contains
patch files for ms-tpm to add MbedTLS backend support, Trusted Services
platform support, and a minimal CMake build system so ms-tpm can be
easily integrated using LazyFetch.
[1] https://github.com/microsoft/ms-tpm-20-ref.git
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>
Change-Id: I6d7bff614f4239f97791100508506325d1727580
diff --git a/external/MbedTLS/config/ms_tpm_config.h b/external/MbedTLS/config/ms_tpm_config.h
new file mode 100644
index 0000000..b40a8e4
--- /dev/null
+++ b/external/MbedTLS/config/ms_tpm_config.h
@@ -0,0 +1,42 @@
+/*
+ * Copyright (c) 2024, Arm Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef MBEDTLS_CONFIG_H
+#define MBEDTLS_CONFIG_H
+
+/*
+ * Enable using crypto_config.h, but do not define custom crypto header with
+ * MBEDTLS_PSA_CRYPTO_CONFIG_FILE to enable all the supported algorithms.
+ */
+#define MBEDTLS_PSA_CRYPTO_CONFIG
+
+#define MBEDTLS_BASE64_C
+#define MBEDTLS_BIGNUM_C
+#define MBEDTLS_ECP_NIST_OPTIM
+#define MBEDTLS_ENTROPY_C
+#define MBEDTLS_ENTROPY_HARDWARE_ALT
+#define MBEDTLS_GENPRIME
+#define MBEDTLS_HAVE_ASM
+#define MBEDTLS_LMS_C
+#define MBEDTLS_NIST_KW_C
+#define MBEDTLS_NO_PLATFORM_ENTROPY
+#define MBEDTLS_NO_UDBL_DIVISION
+#define MBEDTLS_OID_C
+#define MBEDTLS_ASN1_PARSE_C
+#define MBEDTLS_PEM_PARSE_C
+#define MBEDTLS_PEM_WRITE_C
+#define MBEDTLS_PKCS12_C
+#define MBEDTLS_PKCS5_C
+#define MBEDTLS_PKCS7_C
+#define MBEDTLS_PK_C
+#define MBEDTLS_PK_PARSE_C
+#define MBEDTLS_PK_WRITE_C
+#define MBEDTLS_PSA_CRYPTO_C
+#define MBEDTLS_X509_CRL_PARSE_C
+#define MBEDTLS_X509_CRT_PARSE_C
+#define MBEDTLS_X509_USE_C
+
+#endif /* MBEDTLS_CONFIG_H */
diff --git a/external/ms_tpm/0001-Add-MbedTLS-crypto-port.patch b/external/ms_tpm/0001-Add-MbedTLS-crypto-port.patch
new file mode 100644
index 0000000..422664e
--- /dev/null
+++ b/external/ms_tpm/0001-Add-MbedTLS-crypto-port.patch
@@ -0,0 +1,1287 @@
+From 3e974d38472520577aead8f861e71ac48d2acd5e Mon Sep 17 00:00:00 2001
+From: Balint Dobszay <balint.dobszay@arm.com>
+Date: Wed, 25 Sep 2024 17:41:43 +0200
+Subject: [PATCH 1/3] Add MbedTLS crypto port
+
+Add a new crypto port that uses MbedTLS. The code is based on the crypto
+port code for OpenSSL and WolfSSL found in this repo.
+
+The autotools build system is changed to use MbedTLS by default. This
+makes it possible to simply build the TPM and the simulator for the
+host system, and run e.g. tpm2_tools commands against it. Make sure that
+MbedTLS can be found by pkg-config, i.e. it's either installed to some
+system default location, or pkg-config is configured to find the custom
+installation. Tested with MbedTLS v3.6.0, the older v2.x that comes with
+Ubuntu 22.04 and 24.04 is not compatible.
+
+The build on the host system is done by these commands:
+cd TPMCmd
+./bootstrap
+./configure
+make
+
+To start the simulator, run:
+./TPMCmd/Simulator/src/tpm2-simulator -m
+
+This creates an NVChip file, which is the non-volatile memory of the
+TPM. If something goes wrong and the TPM ends up in a bad state, just
+delete this file and restart the simulator.
+
+To run tpm2_tools commands against the sim, in a separate terminal run:
+export TPM2TOOLS_TCTI=mssim:host=localhost,port=2321
+tpm2_startup -c
+tpm2_getrandom --hex 4
+...
+
+Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>
+Change-Id: I0abfab17918f0b1917e9ca30d30f7fe781cceca2
+---
+ TPMCmd/configure.ac | 8 +-
+ TPMCmd/tpm/include/Mbed/TpmToMbedHash.h | 158 +++++++
+ TPMCmd/tpm/include/Mbed/TpmToMbedMath.h | 87 ++++
+ TPMCmd/tpm/include/Mbed/TpmToMbedSym.h | 98 +++++
+ .../tpm/include/prototypes/TpmToMbedMath_fp.h | 160 +++++++
+ .../include/prototypes/TpmToMbedSupport_fp.h | 44 ++
+ .../tpm/include/prototypes/TpmToMbedSym_fp.h | 51 +++
+ TPMCmd/tpm/src/crypt/mbed/TpmToMbedMath.c | 407 ++++++++++++++++++
+ TPMCmd/tpm/src/crypt/mbed/TpmToMbedSupport.c | 46 ++
+ TPMCmd/tpm/src/crypt/mbed/TpmToMbedSym.c | 94 ++++
+ 10 files changed, 1149 insertions(+), 4 deletions(-)
+ create mode 100644 TPMCmd/tpm/include/Mbed/TpmToMbedHash.h
+ create mode 100644 TPMCmd/tpm/include/Mbed/TpmToMbedMath.h
+ create mode 100644 TPMCmd/tpm/include/Mbed/TpmToMbedSym.h
+ create mode 100644 TPMCmd/tpm/include/prototypes/TpmToMbedMath_fp.h
+ create mode 100644 TPMCmd/tpm/include/prototypes/TpmToMbedSupport_fp.h
+ create mode 100644 TPMCmd/tpm/include/prototypes/TpmToMbedSym_fp.h
+ create mode 100644 TPMCmd/tpm/src/crypt/mbed/TpmToMbedMath.c
+ create mode 100644 TPMCmd/tpm/src/crypt/mbed/TpmToMbedSupport.c
+ create mode 100644 TPMCmd/tpm/src/crypt/mbed/TpmToMbedSym.c
+
+diff --git a/TPMCmd/configure.ac b/TPMCmd/configure.ac
+index 58a74b4..d3ebfba 100644
+--- a/TPMCmd/configure.ac
++++ b/TPMCmd/configure.ac
+@@ -51,16 +51,16 @@ AC_ARG_ENABLE(usedeviceid,
+ AS_HELP_STRING([--enable-usedeviceid],
+ [tpm simulator get seeds derived from hardware parameters. Seeds are not derived from secure hardware source.]))
+
+-PKG_CHECK_MODULES([LIBCRYPTO], [libcrypto])
++PKG_CHECK_MODULES([LIBCRYPTO], [mbedcrypto])
+ AS_IF([test "x$enable_usedeviceid" = "xyes"], [
+ PKG_CHECK_MODULES([LIBUDEV], [libudev])
+ [ADDITIONAL_LIBS="-ludev"]
+ ])
+ AX_PTHREAD([], [AC_MSG_ERROR([requires pthread])])
+
+-AC_DEFINE([HASH_LIB], [Ossl], [Crypto lib for hash algorithms])
+-AC_DEFINE([SYM_LIB], [Ossl], [Crypto lib for symmetric encryption algorithms])
+-AC_DEFINE([MATH_LIB], [Ossl], [Crypto lib for bignum operations])
++AC_DEFINE([HASH_LIB], [Mbed], [Crypto lib for hash algorithms])
++AC_DEFINE([SYM_LIB], [Mbed], [Crypto lib for symmetric encryption algorithms])
++AC_DEFINE([MATH_LIB], [Mbed], [Crypto lib for bignum operations])
+
+ ADD_COMPILER_FLAG([-std=gnu11])
+ ADD_COMPILER_FLAG([-Werror])
+diff --git a/TPMCmd/tpm/include/Mbed/TpmToMbedHash.h b/TPMCmd/tpm/include/Mbed/TpmToMbedHash.h
+new file mode 100644
+index 0000000..2fec472
+--- /dev/null
++++ b/TPMCmd/tpm/include/Mbed/TpmToMbedHash.h
+@@ -0,0 +1,158 @@
++/* Microsoft Reference Implementation for TPM 2.0
++ *
++ * The copyright in this software is being made available under the BSD License,
++ * included below. This software may be subject to other third party and
++ * contributor rights, including patent rights, and no such rights are granted
++ * under this license.
++ *
++ * Copyright (c) Microsoft Corporation
++ * Copyright (c) 2024, Arm Limited
++ *
++ * All rights reserved.
++ *
++ * BSD License
++ *
++ * Redistribution and use in source and binary forms, with or without modification,
++ * are permitted provided that the following conditions are met:
++ *
++ * Redistributions of source code must retain the above copyright notice, this list
++ * of conditions and the following disclaimer.
++ *
++ * Redistributions in binary form must reproduce the above copyright notice, this
++ * list of conditions and the following disclaimer in the documentation and/or
++ * other materials provided with the distribution.
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS""
++ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
++ * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
++ * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
++ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
++ * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
++ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
++ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
++ */
++
++#ifndef HASH_LIB_DEFINED
++#define HASH_LIB_DEFINED
++
++#define HASH_LIB_MBED
++
++#define HASH_ALIGNMENT RADIX_BYTES
++
++#if ALG_SM3_256
++# undef ALG_SM3_256
++# define ALG_SM3_256 ALG_NO
++# error "SM3 is not available"
++#endif
++
++#include <mbedtls/sha1.h>
++#include <mbedtls/sha256.h>
++#include <mbedtls/sha512.h>
++
++#define tpmHashStateSHA1_t mbedtls_sha1_context
++#define tpmHashStateSHA256_t mbedtls_sha256_context
++#define tpmHashStateSHA384_t mbedtls_sha512_context
++#define tpmHashStateSHA512_t mbedtls_sha512_context
++
++#ifdef _CRYPT_HASH_C_
++
++typedef BYTE* PBYTE;
++typedef const BYTE* PCBYTE;
++
++// Initialize the hash context
++# define HASH_START_METHOD_DEF void(HASH_START_METHOD)(PANY_HASH_STATE state)
++# define HASH_START(hashState) ((hashState)->def->method.start)(&(hashState)->state);
++
++// Add data to the hash
++# define HASH_DATA_METHOD_DEF \
++ void(HASH_DATA_METHOD)(PANY_HASH_STATE state, PCBYTE buffer, size_t size)
++# define HASH_DATA(hashState, dInSize, dIn) \
++ ((hashState)->def->method.data)(&(hashState)->state, dIn, dInSize)
++
++// Finalize the hash and get the digest
++# define HASH_END_METHOD_DEF \
++ void(HASH_END_METHOD)(PANY_HASH_STATE state, BYTE * buffer)
++# define HASH_END(hashState, buffer) \
++ ((hashState)->def->method.end)(&(hashState)->state, buffer)
++
++// Copy the hash context
++// Note: For import, export, and copy, memcpy() is used since there is no
++// reformatting necessary between the internal and external forms.
++# define HASH_STATE_COPY_METHOD_DEF \
++ void(HASH_STATE_COPY_METHOD)( \
++ PANY_HASH_STATE to, PCANY_HASH_STATE from, size_t size)
++# define HASH_STATE_COPY(hashStateOut, hashStateIn) \
++ ((hashStateIn)->def->method.copy)(&(hashStateOut)->state, \
++ &(hashStateIn)->state, \
++ (hashStateIn)->def->contextSize)
++
++// Copy (with reformatting when necessary) an internal hash structure to an
++// external blob
++# define HASH_STATE_EXPORT_METHOD_DEF \
++ void(HASH_STATE_EXPORT_METHOD)(BYTE * to, PCANY_HASH_STATE from, size_t size)
++# define HASH_STATE_EXPORT(to, hashStateFrom) \
++ ((hashStateFrom)->def->method.copyOut)( \
++ &(((BYTE*)(to))[offsetof(HASH_STATE, state)]), \
++ &(hashStateFrom)->state, \
++ (hashStateFrom)->def->contextSize)
++
++// Copy from an external blob to an internal formate (with reformatting when
++// necessary
++# define HASH_STATE_IMPORT_METHOD_DEF \
++ void(HASH_STATE_IMPORT_METHOD)(PANY_HASH_STATE to, const BYTE* from, size_t size)
++# define HASH_STATE_IMPORT(hashStateTo, from) \
++ ((hashStateTo)->def->method.copyIn)( \
++ &(hashStateTo)->state, \
++ &(((const BYTE*)(from))[offsetof(HASH_STATE, state)]), \
++ (hashStateTo)->def->contextSize)
++
++static inline int sha256_start(void *hash_state)
++{
++ return mbedtls_sha256_starts(hash_state, 0);
++}
++
++static inline int sha384_start(void *hash_state)
++{
++ return mbedtls_sha512_starts(hash_state, 1);
++}
++
++static inline int sha512_start(void *hash_state)
++{
++ return mbedtls_sha512_starts(hash_state, 0);
++}
++
++// Function aliases. The code in CryptHash.c uses the internal designation for the
++// functions. These need to be translated to the function names of the library.
++# define tpmHashStart_SHA1 mbedtls_sha1_starts
++# define tpmHashData_SHA1 mbedtls_sha1_update
++# define tpmHashEnd_SHA1 mbedtls_sha1_finish
++# define tpmHashStateCopy_SHA1 memcpy
++# define tpmHashStateExport_SHA1 memcpy
++# define tpmHashStateImport_SHA1 memcpy
++# define tpmHashStart_SHA256 sha256_start
++# define tpmHashData_SHA256 mbedtls_sha256_update
++# define tpmHashEnd_SHA256 mbedtls_sha256_finish
++# define tpmHashStateCopy_SHA256 memcpy
++# define tpmHashStateExport_SHA256 memcpy
++# define tpmHashStateImport_SHA256 memcpy
++# define tpmHashStart_SHA384 sha384_start
++# define tpmHashData_SHA384 mbedtls_sha512_update
++# define tpmHashEnd_SHA384 mbedtls_sha512_finish
++# define tpmHashStateCopy_SHA384 memcpy
++# define tpmHashStateExport_SHA384 memcpy
++# define tpmHashStateImport_SHA384 memcpy
++# define tpmHashStart_SHA512 sha512_start
++# define tpmHashData_SHA512 mbedtls_sha512_update
++# define tpmHashEnd_SHA512 mbedtls_sha512_finish
++# define tpmHashStateCopy_SHA512 memcpy
++# define tpmHashStateExport_SHA512 memcpy
++# define tpmHashStateImport_SHA512 memcpy
++
++#endif // _CRYPT_HASH_C_
++
++#define LibHashInit()
++#define HashLibSimulationEnd()
++
++#endif // HASH_LIB_DEFINED
+diff --git a/TPMCmd/tpm/include/Mbed/TpmToMbedMath.h b/TPMCmd/tpm/include/Mbed/TpmToMbedMath.h
+new file mode 100644
+index 0000000..59edef8
+--- /dev/null
++++ b/TPMCmd/tpm/include/Mbed/TpmToMbedMath.h
+@@ -0,0 +1,87 @@
++/* Microsoft Reference Implementation for TPM 2.0
++ *
++ * The copyright in this software is being made available under the BSD License,
++ * included below. This software may be subject to other third party and
++ * contributor rights, including patent rights, and no such rights are granted
++ * under this license.
++ *
++ * Copyright (c) Microsoft Corporation
++ * Copyright (c) 2024, Arm Limited
++ *
++ * All rights reserved.
++ *
++ * BSD License
++ *
++ * Redistribution and use in source and binary forms, with or without modification,
++ * are permitted provided that the following conditions are met:
++ *
++ * Redistributions of source code must retain the above copyright notice, this list
++ * of conditions and the following disclaimer.
++ *
++ * Redistributions in binary form must reproduce the above copyright notice, this
++ * list of conditions and the following disclaimer in the documentation and/or
++ * other materials provided with the distribution.
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS""
++ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
++ * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
++ * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
++ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
++ * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
++ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
++ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
++ */
++
++#ifndef MATH_LIB_DEFINED
++#define MATH_LIB_DEFINED
++
++#define MATH_LIB_MBED
++
++#include <mbedtls/bignum.h>
++#include <mbedtls/ecp.h>
++#include <mbedtls/psa_util.h>
++
++// Make sure that the library is using the correct size for a crypt word
++#if (defined MBEDTLS_HAVE_INT32 && (RADIX_BITS != 32)) || \
++ (defined MBEDTLS_HAVE_INT64 && (RADIX_BITS != 64))
++# error MbedTLS library is using different radix
++#endif
++
++#define MBEDTLS_OK 0
++
++#define MPI_INITIALIZED(name, initializer) \
++ mbedtls_mpi _##name; \
++ mbedtls_mpi* name = MpiInitialize(&_##name); \
++ BnToMbed(name, initializer);
++
++#define MPI_DELETE(name) \
++ mbedtls_mpi_free(&_##name);
++
++#define POINT_CREATE(name) \
++ mbedtls_ecp_point name; \
++ mbedtls_ecp_point_init(&name);
++
++#define POINT_DELETE(name) \
++ mbedtls_ecp_point_free(&name);
++
++typedef struct
++{
++ const ECC_CURVE_DATA *C; // the TPM curve values
++ mbedtls_ecp_group G; // group parameters
++} MBED_CURVE_DATA;
++
++typedef MBED_CURVE_DATA *bigCurve;
++
++#define AccessCurveData(E) ((E)->C)
++
++#define CURVE_INITIALIZED(name, initializer) \
++ MBED_CURVE_DATA _##name; \
++ bigCurve name = BnCurveInitialize(&_##name, initializer)
++
++#define CURVE_FREE(name) BnCurveFree(name)
++
++#define MathLibSimulationEnd()
++
++#endif // MATH_LIB_DEFINED
+diff --git a/TPMCmd/tpm/include/Mbed/TpmToMbedSym.h b/TPMCmd/tpm/include/Mbed/TpmToMbedSym.h
+new file mode 100644
+index 0000000..db697d0
+--- /dev/null
++++ b/TPMCmd/tpm/include/Mbed/TpmToMbedSym.h
+@@ -0,0 +1,98 @@
++/* Microsoft Reference Implementation for TPM 2.0
++ *
++ * The copyright in this software is being made available under the BSD License,
++ * included below. This software may be subject to other third party and
++ * contributor rights, including patent rights, and no such rights are granted
++ * under this license.
++ *
++ * Copyright (c) Microsoft Corporation
++ * Copyright (c) 2024, Arm Limited
++ *
++ * All rights reserved.
++ *
++ * BSD License
++ *
++ * Redistribution and use in source and binary forms, with or without modification,
++ * are permitted provided that the following conditions are met:
++ *
++ * Redistributions of source code must retain the above copyright notice, this list
++ * of conditions and the following disclaimer.
++ *
++ * Redistributions in binary form must reproduce the above copyright notice, this
++ * list of conditions and the following disclaimer in the documentation and/or
++ * other materials provided with the distribution.
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS""
++ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
++ * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
++ * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
++ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
++ * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
++ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
++ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
++ */
++
++#ifndef SYM_LIB_DEFINED
++#define SYM_LIB_DEFINED
++
++#define SYM_LIB_MBED
++
++#include <mbedtls/aes.h>
++
++#if ALG_TDES
++# include <mbedtls/des.h>
++#endif
++
++#if ALG_SM4
++# undef ALG_SM4
++# define ALG_SM4 ALG_NO
++# error "SM4 is not available"
++#endif
++
++#if ALG_CAMELLIA
++# include <mbedtls/camellia.h>
++#endif
++
++#include "TpmToMbedSym_fp.h"
++
++#define SWIZZLE(keySchedule, in, out) \
++ (const BYTE*)(in), (BYTE*)(out), (void*)(keySchedule)
++
++typedef void (*TpmCryptSetSymKeyCall_t)(const BYTE* in, BYTE* out, void* keySchedule);
++
++#define SYM_ALIGNMENT RADIX_BYTES
++
++#define TpmCryptSetEncryptKeyAES(key, keySizeInBits, schedule) \
++ mbedtls_aes_setkey_enc((tpmKeyScheduleAES*)(schedule), key, keySizeInBits)
++#define TpmCryptSetDecryptKeyAES(key, keySizeInBits, schedule) \
++ mbedtls_aes_setkey_dec((tpmKeyScheduleAES*)(schedule), key, keySizeInBits)
++
++#define TpmCryptEncryptAES AES_encrypt
++#define TpmCryptDecryptAES AES_decrypt
++#define tpmKeyScheduleAES mbedtls_aes_context
++
++#define TpmCryptSetEncryptKeyTDES(key, keySizeInBits, schedule) \
++ TDES_set_encrypt_key((key), (keySizeInBits), (tpmKeyScheduleTDES*)(schedule))
++#define TpmCryptSetDecryptKeyTDES(key, keySizeInBits, schedule) \
++ TDES_set_decrypt_key((key), (keySizeInBits), (tpmKeyScheduleTDES*)(schedule))
++
++#define TpmCryptEncryptTDES(in, out, keySchedule) mbedtls_des3_crypt_ecb((keySchedule), (in), (out))
++#define TpmCryptDecryptTDES(in, out, keySchedule) mbedtls_des3_crypt_ecb((keySchedule), (in), (out))
++#define tpmKeyScheduleTDES mbedtls_des3_context
++
++#define TpmCryptSetEncryptKeyCAMELLIA(key, keySizeInBits, schedule) \
++ mbedtls_camellia_setkey_enc((tpmKeyScheduleCAMELLIA*)(schedule), (key), (keySizeInBits))
++#define TpmCryptSetDecryptKeyCAMELLIA(key, keySizeInBits, schedule) \
++ mbedtls_camellia_setkey_dec((tpmKeyScheduleCAMELLIA*)(schedule), (key), (keySizeInBits))
++
++#define TpmCryptEncryptCAMELLIA CAMELLIA_encrypt
++#define TpmCryptDecryptCAMELLIA CAMELLIA_decrypt
++#define tpmKeyScheduleCAMELLIA mbedtls_camellia_context
++
++typedef union tpmCryptKeySchedule_t tpmCryptKeySchedule_t;
++
++#define SymLibSimulationEnd()
++
++#endif // SYM_LIB_DEFINED
+diff --git a/TPMCmd/tpm/include/prototypes/TpmToMbedMath_fp.h b/TPMCmd/tpm/include/prototypes/TpmToMbedMath_fp.h
+new file mode 100644
+index 0000000..ac03575
+--- /dev/null
++++ b/TPMCmd/tpm/include/prototypes/TpmToMbedMath_fp.h
+@@ -0,0 +1,160 @@
++/* Microsoft Reference Implementation for TPM 2.0
++ *
++ * The copyright in this software is being made available under the BSD License,
++ * included below. This software may be subject to other third party and
++ * contributor rights, including patent rights, and no such rights are granted
++ * under this license.
++ *
++ * Copyright (c) Microsoft Corporation
++ * Copyright (c) 2024, Arm Limited
++ *
++ * All rights reserved.
++ *
++ * BSD License
++ *
++ * Redistribution and use in source and binary forms, with or without modification,
++ * are permitted provided that the following conditions are met:
++ *
++ * Redistributions of source code must retain the above copyright notice, this list
++ * of conditions and the following disclaimer.
++ *
++ * Redistributions in binary form must reproduce the above copyright notice, this
++ * list of conditions and the following disclaimer in the documentation and/or
++ * other materials provided with the distribution.
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS""
++ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
++ * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
++ * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
++ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
++ * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
++ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
++ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
++ */
++
++#ifndef _TPM_TO_MBED_MATH_FP_H_
++#define _TPM_TO_MBED_MATH_FP_H_
++
++#ifdef MATH_LIB_MBED
++
++void BnFromMbed(bigNum bn, mbedtls_mpi *mbedBn);
++void BnToMbed(mbedtls_mpi *toInit, bigConst initializer);
++mbedtls_mpi *MpiInitialize(mbedtls_mpi *toInit);
++
++# if LIBRARY_COMPATIBILITY_CHECK
++BOOL MathLibraryCompatibilityCheck(void);
++# endif
++
++//*** BnModMult()
++// This function does a modular multiply. It first does a multiply and then a divide
++// and returns the remainder of the divide.
++// Return Type: BOOL
++// TRUE(1) success
++// FALSE(0) failure in operation
++LIB_EXPORT BOOL BnModMult(bigNum result, bigConst op1, bigConst op2, bigConst modulus);
++
++//*** BnMult()
++// Multiplies two numbers
++// Return Type: BOOL
++// TRUE(1) success
++// FALSE(0) failure in operation
++LIB_EXPORT BOOL BnMult(bigNum result, bigConst multiplicand, bigConst multiplier);
++
++//*** BnDiv()
++// This function divides two bigNum values. The function returns FALSE if
++// there is an error in the operation.
++// Return Type: BOOL
++// TRUE(1) success
++// FALSE(0) failure in operation
++LIB_EXPORT BOOL BnDiv(
++ bigNum quotient, bigNum remainder, bigConst dividend, bigConst divisor);
++
++# if ALG_RSA
++//*** BnGcd()
++// Get the greatest common divisor of two numbers
++// Return Type: BOOL
++// TRUE(1) success
++// FALSE(0) failure in operation
++LIB_EXPORT BOOL BnGcd(bigNum gcd, // OUT: the common divisor
++ bigConst number1, // IN:
++ bigConst number2 // IN:
++);
++
++//***BnModExp()
++// Do modular exponentiation using bigNum values. The conversion from a bignum_t to
++// a bigNum is trivial as they are based on the same structure
++// Return Type: BOOL
++// TRUE(1) success
++// FALSE(0) failure in operation
++LIB_EXPORT BOOL BnModExp(bigNum result, // OUT: the result
++ bigConst number, // IN: number to exponentiate
++ bigConst exponent, // IN:
++ bigConst modulus // IN:
++);
++
++//*** BnModInverse()
++// Modular multiplicative inverse
++// Return Type: BOOL
++// TRUE(1) success
++// FALSE(0) failure in operation
++LIB_EXPORT BOOL BnModInverse(bigNum result, bigConst number, bigConst modulus);
++# endif // ALG_RSA
++# if ALG_ECC
++
++//*** BnCurveInitialize()
++// This function initializes the curve information structure. This
++// structure points to the TPM-defined values for the curve, to the context for the
++// number values in the frame, and to the defined group values.
++// Return Type: bigCurve *
++// NULL the TPM_ECC_CURVE is not valid or there was a problem in
++// in initializing the curve data
++// non-NULL points to 'E'
++LIB_EXPORT bigCurve BnCurveInitialize(
++ bigCurve E, // IN: curve structure to initialize
++ TPM_ECC_CURVE curveId // IN: curve identifier
++);
++
++//*** BnCurveFree()
++// This function will free the allocated components of the curve and end the
++// frame in which the curve data exists
++LIB_EXPORT void BnCurveFree(bigCurve E);
++
++//*** BnEccModMult()
++// This function does a point multiply of the form R = [d]S
++// Return Type: BOOL
++// TRUE(1) success
++// FALSE(0) failure in operation; treat as result being point at infinity
++LIB_EXPORT BOOL BnEccModMult(bigPoint R, // OUT: computed point
++ pointConst S, // IN: point to multiply by 'd' (optional)
++ bigConst d, // IN: scalar for [d]S
++ bigCurve E);
++
++//*** BnEccModMult2()
++// This function does a point multiply of the form R = [d]G + [u]Q
++// Return Type: BOOL
++// TRUE(1) success
++// FALSE(0) failure in operation; treat as result being point at infinity
++LIB_EXPORT BOOL BnEccModMult2(bigPoint R, // OUT: computed point
++ pointConst S, // IN: optional point
++ bigConst d, // IN: scalar for [d]S or [d]G
++ pointConst Q, // IN: second point
++ bigConst u, // IN: second scalar
++ bigCurve E // IN: curve
++);
++
++//** BnEccAdd()
++// This function does addition of two points.
++// Return Type: BOOL
++// TRUE(1) success
++// FALSE(0) failure in operation; treat as result being point at infinity
++LIB_EXPORT BOOL BnEccAdd(bigPoint R, // OUT: computed point
++ pointConst S, // IN: point to multiply by 'd'
++ pointConst Q, // IN: second point
++ bigCurve E // IN: curve
++);
++# endif // ALG_ECC
++#endif // MATHLIB_MBED
++
++#endif // _TPM_TO_MBED_MATH_FP_H_
+diff --git a/TPMCmd/tpm/include/prototypes/TpmToMbedSupport_fp.h b/TPMCmd/tpm/include/prototypes/TpmToMbedSupport_fp.h
+new file mode 100644
+index 0000000..72e666e
+--- /dev/null
++++ b/TPMCmd/tpm/include/prototypes/TpmToMbedSupport_fp.h
+@@ -0,0 +1,44 @@
++/* Microsoft Reference Implementation for TPM 2.0
++ *
++ * The copyright in this software is being made available under the BSD License,
++ * included below. This software may be subject to other third party and
++ * contributor rights, including patent rights, and no such rights are granted
++ * under this license.
++ *
++ * Copyright (c) Microsoft Corporation
++ * Copyright (c) 2024, Arm Limited
++ *
++ * All rights reserved.
++ *
++ * BSD License
++ *
++ * Redistribution and use in source and binary forms, with or without modification,
++ * are permitted provided that the following conditions are met:
++ *
++ * Redistributions of source code must retain the above copyright notice, this list
++ * of conditions and the following disclaimer.
++ *
++ * Redistributions in binary form must reproduce the above copyright notice, this
++ * list of conditions and the following disclaimer in the documentation and/or
++ * other materials provided with the distribution.
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS""
++ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
++ * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
++ * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
++ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
++ * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
++ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
++ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
++ */
++
++#ifndef _TPM_TO_MBED_SUPPORT_FP_H_
++#define _TPM_TO_MBED_SUPPORT_FP_H_
++
++#if defined(HASH_LIB_MBED) || defined(MATH_LIB_MBED) || defined(SYM_LIB_MBED)
++LIB_EXPORT int SupportLibInit(void);
++#endif // HASH_LIB_MBED || MATH_LIB_MBED || SYM_LIB_MBED
++
++#endif // _TPM_TO_MBED_SUPPORT_FP_H_
+diff --git a/TPMCmd/tpm/include/prototypes/TpmToMbedSym_fp.h b/TPMCmd/tpm/include/prototypes/TpmToMbedSym_fp.h
+new file mode 100644
+index 0000000..7aad912
+--- /dev/null
++++ b/TPMCmd/tpm/include/prototypes/TpmToMbedSym_fp.h
+@@ -0,0 +1,51 @@
++/* Microsoft Reference Implementation for TPM 2.0
++ *
++ * The copyright in this software is being made available under the BSD License,
++ * included below. This software may be subject to other third party and
++ * contributor rights, including patent rights, and no such rights are granted
++ * under this license.
++ *
++ * Copyright (c) Microsoft Corporation
++ * Copyright (c) 2024, Arm Limited
++ *
++ * All rights reserved.
++ *
++ * BSD License
++ *
++ * Redistribution and use in source and binary forms, with or without modification,
++ * are permitted provided that the following conditions are met:
++ *
++ * Redistributions of source code must retain the above copyright notice, this list
++ * of conditions and the following disclaimer.
++ *
++ * Redistributions in binary form must reproduce the above copyright notice, this
++ * list of conditions and the following disclaimer in the documentation and/or
++ * other materials provided with the distribution.
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS""
++ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
++ * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
++ * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
++ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
++ * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
++ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
++ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
++ */
++
++#ifndef _TPM_TO_MBED_SYM_FP_H_
++#define _TPM_TO_MBED_SYM_FP_H_
++
++#ifdef SYM_LIB_MBED
++
++int TDES_set_encrypt_key(const BYTE *key, UINT16 keySizeInBits, void *keySchedule);
++int TDES_set_decrypt_key(const BYTE *key, UINT16 keySizeInBits, void *keySchedule);
++int AES_encrypt(const BYTE *in, BYTE *out, void *keySchedule);
++int AES_decrypt(const BYTE *in, BYTE *out, void *keySchedule);
++int CAMELLIA_encrypt(const BYTE *in, BYTE *out, void *keySchedule);
++int CAMELLIA_decrypt(const BYTE *in, BYTE *out, void *keySchedule);
++
++#endif // SYM_LIB_MBED
++
++#endif // _TPM_TO_MBED_SYM_FP_H_
+diff --git a/TPMCmd/tpm/src/crypt/mbed/TpmToMbedMath.c b/TPMCmd/tpm/src/crypt/mbed/TpmToMbedMath.c
+new file mode 100644
+index 0000000..bad931b
+--- /dev/null
++++ b/TPMCmd/tpm/src/crypt/mbed/TpmToMbedMath.c
+@@ -0,0 +1,407 @@
++/* Microsoft Reference Implementation for TPM 2.0
++ *
++ * The copyright in this software is being made available under the BSD License,
++ * included below. This software may be subject to other third party and
++ * contributor rights, including patent rights, and no such rights are granted
++ * under this license.
++ *
++ * Copyright (c) Microsoft Corporation
++ * Copyright (c) 2024, Arm Limited
++ *
++ * All rights reserved.
++ *
++ * BSD License
++ *
++ * Redistribution and use in source and binary forms, with or without modification,
++ * are permitted provided that the following conditions are met:
++ *
++ * Redistributions of source code must retain the above copyright notice, this list
++ * of conditions and the following disclaimer.
++ *
++ * Redistributions in binary form must reproduce the above copyright notice, this
++ * list of conditions and the following disclaimer in the documentation and/or
++ * other materials provided with the distribution.
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS""
++ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
++ * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
++ * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
++ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
++ * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
++ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
++ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
++ */
++
++#include "Tpm.h"
++
++#ifdef MATH_LIB_MBED
++# include "BnConvert_fp.h"
++# include "TpmToMbedMath_fp.h"
++
++// This function converts a mbedtls_mpi to a TPM bignum. In this implementation
++// it is assumed that MbedTLS uses the same format for a big number as does the
++// TPM -- an array of native-endian words in little-endian order.
++void BnFromMbed(bigNum bn, mbedtls_mpi *mbedBn)
++{
++ uint32_t i;
++
++ if(bn != NULL) {
++ pAssert((unsigned)mbedBn->private_n <= BnGetAllocated(bn));
++
++ for(i = 0; i < mbedBn->private_n; i++)
++ bn->d[i] = mbedBn->private_p[i];
++
++ BnSetTop(bn, mbedBn->private_n);
++ }
++}
++
++// This function converts a TPM bignum to a mbedtls_mpi, and has the same
++// assumptions as made by BnFromMbed()
++void BnToMbed(mbedtls_mpi *toInit, bigConst initializer)
++{
++ uint32_t i;
++
++ if(toInit != NULL && initializer != NULL) {
++ mbedtls_mpi_grow(toInit, initializer->size);
++
++ for(i = 0; i < initializer->size; i++)
++ toInit->private_p[i] = initializer->d[i];
++
++ toInit->private_n = initializer->size;
++ /* TPM bignums are never negative, we can fix the sign to 1 */
++ toInit->private_s = 1;
++ }
++}
++
++mbedtls_mpi *MpiInitialize(mbedtls_mpi *toInit)
++{
++ mbedtls_mpi_init(toInit);
++ return toInit;
++}
++
++# if LIBRARY_COMPATIBILITY_CHECK
++BOOL MathLibraryCompatibilityCheck(void)
++{
++ BN_VAR(tpmTemp, 64 * 8);
++ crypt_uword_t i;
++ TPM2B_TYPE(TEST, 16);
++ TPM2B_TEST test = {{16,
++ {0x0F,
++ 0x0E,
++ 0x0D,
++ 0x0C,
++ 0x0B,
++ 0x0A,
++ 0x09,
++ 0x08,
++ 0x07,
++ 0x06,
++ 0x05,
++ 0x04,
++ 0x03,
++ 0x02,
++ 0x01,
++ 0x00}}};
++ // Convert the test TPM2B to a bigNum
++ BnFrom2B(tpmTemp, &test.b);
++ MPI_INITIALIZED(mbedTemp, tpmTemp);
++ // Make sure the values are consistent
++ VERIFY(mbedTemp->private_n * sizeof(mbedtls_mpi_uint)
++ == (int)tpmTemp->size * sizeof(crypt_uword_t));
++ for(i = 0; i < tpmTemp->size; i++)
++ VERIFY(((crypt_uword_t*)mbedTemp->private_p)[i] == tpmTemp->d[i]);
++
++ MPI_DELETE(mbedTemp);
++ return 1;
++Error:
++ return 0;
++}
++# endif
++
++LIB_EXPORT BOOL BnModMult(bigNum result, bigConst op1, bigConst op2, bigConst modulus)
++{
++ BOOL OK;
++ MPI_INITIALIZED(bnOp1, op1);
++ MPI_INITIALIZED(bnOp2, op2);
++ MPI_INITIALIZED(bnTemp, NULL);
++ BN_VAR(temp, LARGEST_NUMBER_BITS * 2);
++
++ pAssert(BnGetAllocated(result) >= BnGetSize(modulus));
++
++ OK = (mbedtls_mpi_mul_mpi(bnTemp, bnOp1, bnOp2) == MBEDTLS_OK);
++ if(OK) {
++ BnFromMbed(temp, bnTemp);
++ OK = BnDiv(NULL, result, temp, modulus);
++ }
++
++ MPI_DELETE(bnOp1);
++ MPI_DELETE(bnOp2);
++ MPI_DELETE(bnTemp);
++
++ return OK;
++}
++
++LIB_EXPORT BOOL BnMult(bigNum result, bigConst multiplicand, bigConst multiplier)
++{
++ BOOL OK;
++ MPI_INITIALIZED(bnTemp, NULL);
++ MPI_INITIALIZED(bnA, multiplicand);
++ MPI_INITIALIZED(bnB, multiplier);
++
++ pAssert(result->allocated >= (BITS_TO_CRYPT_WORDS(
++ BnSizeInBits(multiplicand) + BnSizeInBits(multiplier))));
++
++ OK = (mbedtls_mpi_mul_mpi(bnTemp, bnA, bnB) == MBEDTLS_OK);
++ if(OK) {
++ BnFromMbed(result, bnTemp);
++ }
++
++ MPI_DELETE(bnTemp);
++ MPI_DELETE(bnA);
++ MPI_DELETE(bnB);
++
++ return OK;
++}
++
++LIB_EXPORT BOOL BnDiv(bigNum quotient, bigNum remainder, bigConst dividend, bigConst divisor)
++{
++ BOOL OK;
++ MPI_INITIALIZED(bnQ, quotient);
++ MPI_INITIALIZED(bnR, remainder);
++ MPI_INITIALIZED(bnDend, dividend);
++ MPI_INITIALIZED(bnSor, divisor);
++
++ pAssert(!BnEqualZero(divisor));
++ if(BnGetSize(dividend) < BnGetSize(divisor)) {
++ if(quotient)
++ BnSetWord(quotient, 0);
++ if(remainder)
++ BnCopy(remainder, dividend);
++ OK = TRUE;
++ } else {
++ pAssert((quotient == NULL) ||
++ (quotient->allocated >= (unsigned)(dividend->size - divisor->size)));
++ pAssert((remainder == NULL) || (remainder->allocated >= divisor->size));
++ OK = (mbedtls_mpi_div_mpi(bnQ, bnR, bnDend, bnSor) == MBEDTLS_OK);
++ if(OK) {
++ BnFromMbed(quotient, bnQ);
++ BnFromMbed(remainder, bnR);
++ }
++ }
++
++ MPI_DELETE(bnQ);
++ MPI_DELETE(bnR);
++ MPI_DELETE(bnDend);
++ MPI_DELETE(bnSor);
++
++ return OK;
++}
++
++# if ALG_RSA
++LIB_EXPORT BOOL BnGcd(bigNum gcd,bigConst number1, bigConst number2)
++{
++ BOOL OK;
++ MPI_INITIALIZED(bnGcd, gcd);
++ MPI_INITIALIZED(bn1, number1);
++ MPI_INITIALIZED(bn2, number2);
++
++ pAssert(gcd != NULL);
++ OK = (mbedtls_mpi_gcd(bnGcd, bn1, bn2) == MBEDTLS_OK);
++ if(OK) {
++ BnFromMbed(gcd, bnGcd);
++ }
++
++ MPI_DELETE(bnGcd);
++ MPI_DELETE(bn1);
++ MPI_DELETE(bn2);
++
++ return OK;
++}
++
++LIB_EXPORT BOOL BnModExp(bigNum result, bigConst number, bigConst exponent, bigConst modulus)
++{
++ BOOL OK;
++ MPI_INITIALIZED(bnResult, result);
++ MPI_INITIALIZED(bnN, number);
++ MPI_INITIALIZED(bnE, exponent);
++ MPI_INITIALIZED(bnM, modulus);
++
++ OK = (mbedtls_mpi_exp_mod(bnResult, bnN, bnE, bnM, NULL) == MBEDTLS_OK);
++ if(OK) {
++ BnFromMbed(result, bnResult);
++ }
++
++ MPI_DELETE(bnResult);
++ MPI_DELETE(bnN);
++ MPI_DELETE(bnE);
++ MPI_DELETE(bnM);
++
++ return OK;
++}
++
++LIB_EXPORT BOOL BnModInverse(bigNum result, bigConst number, bigConst modulus)
++{
++ BOOL OK;
++ MPI_INITIALIZED(bnResult, result);
++ MPI_INITIALIZED(bnN, number);
++ MPI_INITIALIZED(bnM, modulus);
++
++ OK = (mbedtls_mpi_inv_mod(bnResult, bnN, bnM) == MBEDTLS_OK);
++ if(OK) {
++ BnFromMbed(result, bnResult);
++ }
++
++ MPI_DELETE(bnResult);
++ MPI_DELETE(bnN);
++ MPI_DELETE(bnM);
++
++ return OK;
++}
++# endif // TPM_ALG_RSA
++
++# if ALG_ECC
++
++void PointFromMbed(bigPoint pOut, mbedtls_ecp_point* pIn)
++{
++ BnFromMbed(pOut->x, &pIn->private_X);
++ BnFromMbed(pOut->y, &pIn->private_Y);
++ BnFromMbed(pOut->z, &pIn->private_Z);
++}
++
++void PointToMbed(mbedtls_ecp_point* pOut, pointConst pIn)
++{
++ BnToMbed(&pOut->private_X, pIn->x);
++ BnToMbed(&pOut->private_Y, pIn->y);
++ BnToMbed(&pOut->private_Z, pIn->z);
++}
++
++LIB_EXPORT bigCurve BnCurveInitialize(bigCurve E, TPM_ECC_CURVE curveId)
++{
++ const ECC_CURVE_DATA* C = GetCurveData(curveId);
++
++ if(C == NULL)
++ E = NULL;
++
++ if(E != NULL) {
++ E->C = C;
++
++ mbedtls_ecp_group_init(&E->G);
++ BnToMbed(&E->G.P, C->prime);
++ BnToMbed(&E->G.A, C->a);
++ BnToMbed(&E->G.B, C->b);
++ BnToMbed(&E->G.N, C->order);
++
++ BnToMbed(&E->G.G.private_X, C->base.x);
++ BnToMbed(&E->G.G.private_Y, C->base.y);
++
++ E->G.pbits = mbedtls_mpi_bitlen(&E->G.P);
++ E->G.nbits = mbedtls_mpi_bitlen(&E->G.N);
++
++ E->G.private_h = 1;
++ }
++
++ return E;
++}
++
++LIB_EXPORT void BnCurveFree(bigCurve E)
++{
++ if(E)
++ mbedtls_ecp_group_free(&E->G);
++}
++
++LIB_EXPORT BOOL BnEccModMult(bigPoint R, pointConst S, bigConst d, bigCurve E)
++{
++ BOOL OK;
++ POINT_CREATE(pR);
++ POINT_CREATE(pS);
++ MPI_INITIALIZED(bnD, d);
++
++ if(S == NULL)
++ S = CurveGetG(AccessCurveData(E));
++
++ PointToMbed(&pS, S);
++
++ OK = (mbedtls_ecp_mul(&E->G, &pR, bnD, &pS, mbedtls_psa_get_random, MBEDTLS_PSA_RANDOM_STATE)
++ == MBEDTLS_OK);
++ if(OK) {
++ PointFromMbed(R, &pR);
++ }
++
++ POINT_DELETE(pS);
++ POINT_DELETE(pR);
++ MPI_DELETE(bnD);
++
++ return !BnEqualZero(R->z);
++}
++
++LIB_EXPORT BOOL BnEccModMult2(bigPoint R, pointConst S, bigConst d, pointConst Q,
++ bigConst u, bigCurve E)
++{
++ BOOL OK;
++ POINT_CREATE(pR);
++ POINT_CREATE(pS);
++ POINT_CREATE(pQ);
++ MPI_INITIALIZED(bnD, d);
++ MPI_INITIALIZED(bnU, u);
++ MPI_INITIALIZED(bnPrime, CurveGetPrime(AccessCurveData(E)));
++ MPI_INITIALIZED(bnA, CurveGet_a(AccessCurveData(E)));
++
++ PointToMbed(&pQ, Q);
++
++ if(S == NULL)
++ S = CurveGetG(AccessCurveData(E));
++
++ PointToMbed(&pS, S);
++
++ OK = (mbedtls_ecp_muladd(&E->G, &pR, bnD, &pS, bnU, &pQ) == MBEDTLS_OK);
++ if(OK) {
++ PointFromMbed(R, &pR);
++ }
++
++ POINT_DELETE(pS);
++ POINT_DELETE(pQ);
++ POINT_DELETE(pR);
++
++ MPI_DELETE(bnD);
++ MPI_DELETE(bnU);
++ MPI_DELETE(bnPrime);
++ MPI_DELETE(bnA);
++
++ return !BnEqualZero(R->z);
++}
++
++LIB_EXPORT BOOL BnEccAdd(bigPoint R, pointConst S, pointConst Q, bigCurve E)
++{
++ BOOL OK;
++ mbedtls_mpi_uint mp;
++ POINT_CREATE(pR);
++ POINT_CREATE(pS);
++ POINT_CREATE(pQ);
++ MPI_INITIALIZED(bnA, CurveGet_a(AccessCurveData(E)));
++ MPI_INITIALIZED(bnMod, CurveGetPrime(AccessCurveData(E)));
++
++ (void)mp;
++ PointToMbed(&pS, S);
++ PointToMbed(&pQ, Q);
++
++ pAssert(1 == 0); // cannot implement with mbedtls
++
++ if(OK) {
++ PointFromMbed(R, &pR);
++ }
++
++ POINT_DELETE(pS);
++ POINT_DELETE(pQ);
++ POINT_DELETE(pR);
++
++ MPI_DELETE(bnA);
++ MPI_DELETE(bnMod);
++
++ return !BnEqualZero(R->z);
++}
++
++# endif // TPM_ALG_ECC
++
++#endif // MATH_LIB_MBED
+\ No newline at end of file
+diff --git a/TPMCmd/tpm/src/crypt/mbed/TpmToMbedSupport.c b/TPMCmd/tpm/src/crypt/mbed/TpmToMbedSupport.c
+new file mode 100644
+index 0000000..c1bdcf1
+--- /dev/null
++++ b/TPMCmd/tpm/src/crypt/mbed/TpmToMbedSupport.c
+@@ -0,0 +1,46 @@
++/* Microsoft Reference Implementation for TPM 2.0
++ *
++ * The copyright in this software is being made available under the BSD License,
++ * included below. This software may be subject to other third party and
++ * contributor rights, including patent rights, and no such rights are granted
++ * under this license.
++ *
++ * Copyright (c) Microsoft Corporation
++ * Copyright (c) 2024, Arm Limited
++ *
++ * All rights reserved.
++ *
++ * BSD License
++ *
++ * Redistribution and use in source and binary forms, with or without modification,
++ * are permitted provided that the following conditions are met:
++ *
++ * Redistributions of source code must retain the above copyright notice, this list
++ * of conditions and the following disclaimer.
++ *
++ * Redistributions in binary form must reproduce the above copyright notice, this
++ * list of conditions and the following disclaimer in the documentation and/or
++ * other materials provided with the distribution.
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS""
++ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
++ * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
++ * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
++ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
++ * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
++ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
++ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
++ */
++#include "Tpm.h"
++#include <psa/crypto.h>
++
++#if defined(HASH_LIB_MBED) || defined(MATH_LIB_MBED) || defined(SYM_LIB_MBED)
++
++LIB_EXPORT int SupportLibInit(void)
++{
++ return psa_crypto_init() == PSA_SUCCESS;
++}
++
++#endif // HASH_LIB_MBED || MATH_LIB_MBED || SYM_LIB_MBED
+diff --git a/TPMCmd/tpm/src/crypt/mbed/TpmToMbedSym.c b/TPMCmd/tpm/src/crypt/mbed/TpmToMbedSym.c
+new file mode 100644
+index 0000000..9f846f9
+--- /dev/null
++++ b/TPMCmd/tpm/src/crypt/mbed/TpmToMbedSym.c
+@@ -0,0 +1,94 @@
++/* Microsoft Reference Implementation for TPM 2.0
++ *
++ * The copyright in this software is being made available under the BSD License,
++ * included below. This software may be subject to other third party and
++ * contributor rights, including patent rights, and no such rights are granted
++ * under this license.
++ *
++ * Copyright (c) Microsoft Corporation
++ * Copyright (c) 2024, Arm Limited
++ *
++ * All rights reserved.
++ *
++ * BSD License
++ *
++ * Redistribution and use in source and binary forms, with or without modification,
++ * are permitted provided that the following conditions are met:
++ *
++ * Redistributions of source code must retain the above copyright notice, this list
++ * of conditions and the following disclaimer.
++ *
++ * Redistributions in binary form must reproduce the above copyright notice, this
++ * list of conditions and the following disclaimer in the documentation and/or
++ * other materials provided with the distribution.
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS""
++ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
++ * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
++ * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
++ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
++ * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
++ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
++ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
++ */
++
++#include "Tpm.h"
++
++#ifdef SYM_LIB_MBED
++# include "TpmToMbedSym_fp.h"
++
++#if ALG_TDES
++#include <mbedtls/des.h>
++
++int TDES_set_encrypt_key(const BYTE *key, UINT16 keySizeInBits, void *keySchedule)
++{
++ BYTE key2[MBEDTLS_DES_KEY_SIZE * 2] = {};
++ BYTE key3[MBEDTLS_DES_KEY_SIZE * 3] = {};
++
++ if(keySizeInBits == 128) {
++ memcpy(key2, key, MBEDTLS_DES_KEY_SIZE * 2);
++ return mbedtls_des3_set2key_enc(keySchedule, key2);
++ } else {
++ memcpy(key3, key, MBEDTLS_DES_KEY_SIZE * 3);
++ return mbedtls_des3_set3key_enc(keySchedule, key3);
++ }
++}
++
++int TDES_set_decrypt_key(const BYTE *key, UINT16 keySizeInBits, void *keySchedule)
++{
++ BYTE key2[MBEDTLS_DES_KEY_SIZE * 2] = {};
++ BYTE key3[MBEDTLS_DES_KEY_SIZE * 3] = {};
++
++ if(keySizeInBits == 128) {
++ memcpy(key2, key, MBEDTLS_DES_KEY_SIZE * 2);
++ return mbedtls_des3_set2key_dec(keySchedule, key2);
++ } else {
++ memcpy(key3, key, MBEDTLS_DES_KEY_SIZE * 3);
++ return mbedtls_des3_set3key_dec(keySchedule, key3);
++ }
++}
++#endif
++
++int AES_encrypt(const BYTE *in, BYTE *out, void *keySchedule)
++{
++ return mbedtls_aes_crypt_ecb(keySchedule, MBEDTLS_AES_ENCRYPT, in, out);
++}
++
++int AES_decrypt(const BYTE *in, BYTE *out, void *keySchedule)
++{
++ return mbedtls_aes_crypt_ecb(keySchedule, MBEDTLS_AES_DECRYPT, in, out);
++}
++
++int CAMELLIA_encrypt(const BYTE *in, BYTE *out, void *keySchedule)
++{
++ return mbedtls_camellia_crypt_ecb(keySchedule, MBEDTLS_CAMELLIA_ENCRYPT, in, out);
++}
++
++int CAMELLIA_decrypt(const BYTE *in, BYTE *out, void *keySchedule)
++{
++ return mbedtls_camellia_crypt_ecb(keySchedule, MBEDTLS_CAMELLIA_DECRYPT, in, out);
++}
++
++#endif // SYM_LIB_MBED
+--
+2.34.1
+
diff --git a/external/ms_tpm/0002-Add-PSA-platform-port.patch b/external/ms_tpm/0002-Add-PSA-platform-port.patch
new file mode 100644
index 0000000..8a6661f
--- /dev/null
+++ b/external/ms_tpm/0002-Add-PSA-platform-port.patch
@@ -0,0 +1,460 @@
+From 0e4b2fe3e03d0c5e7e64592d853fb7aa2df74759 Mon Sep 17 00:00:00 2001
+From: Balint Dobszay <balint.dobszay@arm.com>
+Date: Wed, 13 Nov 2024 17:17:00 +0100
+Subject: [PATCH 2/3] Add PSA platform port
+
+Modify the default platform port to use PSA Storage API for non-volatile
+storage operations and PSA Crypto API for random number generation.
+
+Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>
+Change-Id: I219f5ec47825f863a50c7f806cc3ab6aa1ca3e85
+---
+ TPMCmd/Platform/src/Clock.c | 28 ++---
+ TPMCmd/Platform/src/Entropy.c | 55 ++--------
+ TPMCmd/Platform/src/NVMem.c | 178 +++++--------------------------
+ TPMCmd/Platform/src/RunCommand.c | 13 ++-
+ 4 files changed, 57 insertions(+), 217 deletions(-)
+
+diff --git a/TPMCmd/Platform/src/Clock.c b/TPMCmd/Platform/src/Clock.c
+index 89260f1..142f4a3 100644
+--- a/TPMCmd/Platform/src/Clock.c
++++ b/TPMCmd/Platform/src/Clock.c
+@@ -6,6 +6,7 @@
+ * under this license.
+ *
+ * Copyright (c) Microsoft Corporation
++ * Copyright (c) 2024, Arm Limited
+ *
+ * All rights reserved.
+ *
+@@ -79,30 +80,18 @@ LIB_EXPORT void _plat__TimerRestart(void)
+ // appropriated hardware functions.
+
+ #include <time.h>
+-clock_t debugTime;
++// TODO
++// clock_t debugTime;
++
++// TODO: add timer implementation
++static uint64_t fake_timer = 1;
+
+ //*** _plat__RealTime()
+ // This is another, probably futile, attempt to define a portable function
+ // that will return a 64-bit clock value that has mSec resolution.
+ LIB_EXPORT uint64_t _plat__RealTime(void)
+ {
+- clock64_t time;
+-#ifdef _MSC_VER
+- struct _timeb sysTime;
+- //
+- _ftime_s(&sysTime);
+- time = (clock64_t)(sysTime.time) * 1000 + sysTime.millitm;
+- // set the time back by one hour if daylight savings
+- if(sysTime.dstflag)
+- time -= 1000 * 60 * 60; // mSec/sec * sec/min * min/hour = ms/hour
+-#else
+- // hopefully, this will work with most UNIX systems
+- struct timespec systime;
+- //
+- clock_gettime(CLOCK_MONOTONIC, &systime);
+- time = (clock64_t)systime.tv_sec * 1000 + (systime.tv_nsec / 1000000);
+-#endif
+- return time;
++ return fake_timer++;
+ }
+
+ //***_plat__TimerRead()
+@@ -136,7 +125,8 @@ LIB_EXPORT uint64_t _plat__TimerRead(void)
+ if(s_lastSystemTime == 0)
+ {
+ s_lastSystemTime = timeNow;
+- debugTime = clock();
++ // TODO
++ // debugTime = clock();
+ s_lastReportedTime = 0;
+ s_realTimePrevious = 0;
+ }
+diff --git a/TPMCmd/Platform/src/Entropy.c b/TPMCmd/Platform/src/Entropy.c
+index af7a0c4..98e9a46 100644
+--- a/TPMCmd/Platform/src/Entropy.c
++++ b/TPMCmd/Platform/src/Entropy.c
+@@ -6,6 +6,7 @@
+ * under this license.
+ *
+ * Copyright (c) Microsoft Corporation
++ * Copyright (c) 2024, Arm Limited
+ *
+ * All rights reserved.
+ *
+@@ -35,17 +36,9 @@
+ //** Includes and Local Values
+
+ #define _CRT_RAND_S
+-#include <stdlib.h>
+-#include <memory.h>
+-#include <time.h>
++#include <string.h>
+ #include "Platform.h"
+-
+-#ifdef _MSC_VER
+-# include <process.h>
+-#else
+-# include <unistd.h>
+-#endif
+-
++#include "psa/crypto.h"
+ // This is the last 32-bits of hardware entropy produced. We have to check to
+ // see that two consecutive 32-bit values are not the same because
+ // according to FIPS 140-2, annex C:
+@@ -64,21 +57,14 @@ extern uint32_t lastEntropy;
+ // Local function to get a 32-bit random number
+ static uint32_t rand32(void)
+ {
+- uint32_t rndNum = rand();
+-#if RAND_MAX < UINT16_MAX
+- // If the maximum value of the random number is a 15-bit number, then shift it up
+- // 15 bits, get 15 more bits, shift that up 2 and then XOR in another value to get
+- // a full 32 bits.
+- rndNum = (rndNum << 15) ^ rand();
+- rndNum = (rndNum << 2) ^ rand();
+-#elif RAND_MAX == UINT16_MAX
+- // If the maximum size is 16-bits, shift it and add another 16 bits
+- rndNum = (rndNum << 16) ^ rand();
+-#elif RAND_MAX < UINT32_MAX
+- // If 31 bits, then shift 1 and include another random value to get the extra bit
+- rndNum = (rndNum << 1) ^ rand();
+-#endif
+- return rndNum;
++ uint32_t num = 0;
++ psa_status_t status = PSA_ERROR_GENERIC_ERROR;
++
++ status = psa_generate_random((uint8_t *)&num, sizeof(num));
++ if (status != PSA_SUCCESS)
++ return 0;
++
++ return num;
+ }
+
+ //*** _plat__GetEntropy()
+@@ -98,25 +84,6 @@ LIB_EXPORT int32_t _plat__GetEntropy(unsigned char* entropy, // output buffer
+ //
+ if(amount == 0)
+ {
+- // Seed the platform entropy source if the entropy source is software. There
+- // is no reason to put a guard macro (#if or #ifdef) around this code because
+- // this code would not be here if someone was changing it for a system with
+- // actual hardware.
+- //
+- // NOTE 1: The following command does not provide proper cryptographic
+- // entropy. Its primary purpose to make sure that different instances of the
+- // simulator, possibly started by a script on the same machine, are seeded
+- // differently. Vendors of the actual TPMs need to ensure availability of
+- // proper entropy using their platform-specific means.
+- //
+- // NOTE 2: In debug builds by default the reference implementation will seed
+- // its RNG deterministically (without using any platform provided randomness).
+- // See the USE_DEBUG_RNG macro and DRBG_GetEntropy() function.
+-#ifdef _MSC_VER
+- srand((unsigned)_plat__RealTime() ^ _getpid());
+-#else
+- srand((unsigned)_plat__RealTime() ^ getpid());
+-#endif
+ lastEntropy = rand32();
+ ret = 0;
+ }
+diff --git a/TPMCmd/Platform/src/NVMem.c b/TPMCmd/Platform/src/NVMem.c
+index 29d9213..b4f2dc0 100644
+--- a/TPMCmd/Platform/src/NVMem.c
++++ b/TPMCmd/Platform/src/NVMem.c
+@@ -6,6 +6,7 @@
+ * under this license.
+ *
+ * Copyright (c) Microsoft Corporation
++ * Copyright (c) 2024, Arm Limited
+ *
+ * All rights reserved.
+ *
+@@ -40,99 +41,18 @@
+ //
+
+ //** Includes and Local
+-#include <memory.h>
+ #include <string.h>
+ #include <assert.h>
+ #include "Platform.h"
+-#if FILE_BACKED_NV
+-# include <stdio.h>
+-static FILE* s_NvFile = NULL;
+-static int s_NeedsManufacture = FALSE;
++#include "psa/protected_storage.h"
++
++#ifndef TPM_NV_UID
++#define TPM_NV_UID 0x123
+ #endif
+
++static const psa_storage_uid_t tpm_nv_uid = TPM_NV_UID;
+ //**Functions
+
+-#if FILE_BACKED_NV
+-
+-//*** NvFileOpen()
+-// This function opens the file used to hold the NV image.
+-// Return Type: int
+-// >= 0 success
+-// -1 error
+-static int NvFileOpen(const char* mode)
+-{
+-# if defined(NV_FILE_PATH)
+-# define TO_STRING(s) TO_STRING_IMPL(s)
+-# define TO_STRING_IMPL(s) #s
+- const char* s_NvFilePath = TO_STRING(NV_FILE_PATH);
+-# undef TO_STRING
+-# undef TO_STRING_IMPL
+-# else
+- const char* s_NvFilePath = "NVChip";
+-# endif
+-
+- // Try to open an exist NVChip file for read/write
+-# if defined _MSC_VER && 1
+- if(fopen_s(&s_NvFile, s_NvFilePath, mode) != 0)
+- s_NvFile = NULL;
+-# else
+- s_NvFile = fopen(s_NvFilePath, mode);
+-# endif
+- return (s_NvFile == NULL) ? -1 : 0;
+-}
+-
+-//*** NvFileCommit()
+-// Write all of the contents of the NV image to a file.
+-// Return Type: int
+-// TRUE(1) success
+-// FALSE(0) failure
+-static int NvFileCommit(void)
+-{
+- int OK;
+- // If NV file is not available, return failure
+- if(s_NvFile == NULL)
+- return 1;
+- // Write RAM data to NV
+- fseek(s_NvFile, 0, SEEK_SET);
+- OK = (NV_MEMORY_SIZE == fwrite(s_NV, 1, NV_MEMORY_SIZE, s_NvFile));
+- OK = OK && (0 == fflush(s_NvFile));
+- assert(OK);
+- return OK;
+-}
+-
+-//*** NvFileSize()
+-// This function gets the size of the NV file and puts the file pointer where desired
+-// using the seek method values. SEEK_SET => beginning; SEEK_CUR => current position
+-// and SEEK_END => to the end of the file.
+-static long NvFileSize(int leaveAt)
+-{
+- long fileSize;
+- long filePos = ftell(s_NvFile);
+- //
+- assert(NULL != s_NvFile);
+-
+- int fseek_result = fseek(s_NvFile, 0, SEEK_END);
+- NOT_REFERENCED(fseek_result); // Fix compiler warning for NDEBUG
+- assert(fseek_result == 0);
+- fileSize = ftell(s_NvFile);
+- assert(fileSize >= 0);
+- switch(leaveAt)
+- {
+- case SEEK_SET:
+- filePos = 0;
+- case SEEK_CUR:
+- fseek(s_NvFile, filePos, SEEK_SET);
+- break;
+- case SEEK_END:
+- break;
+- default:
+- assert(FALSE);
+- break;
+- }
+- return fileSize;
+-}
+-#endif
+-
+ //*** _plat__NvErrors()
+ // This function is used by the simulator to set the error flags in the NV
+ // subsystem to simulate an error in the NV loading process
+@@ -161,48 +81,33 @@ LIB_EXPORT int _plat__NVEnable(
+ void* platParameter // IN: platform specific parameters
+ )
+ {
++ psa_status_t status = PSA_ERROR_GENERIC_ERROR;
++ size_t data_length = 0;
++
+ NOT_REFERENCED(platParameter); // to keep compiler quiet
+- //
+ // Start assuming everything is OK
+ s_NV_unrecoverable = FALSE;
+ s_NV_recoverable = FALSE;
+-#if FILE_BACKED_NV
+- if(s_NvFile != NULL)
+- return 0;
++
+ // Initialize all the bytes in the ram copy of the NV
+ _plat__NvMemoryClear(0, NV_MEMORY_SIZE);
+
+- // If the file exists
+- if(NvFileOpen("r+b") >= 0)
+- {
+- long fileSize = NvFileSize(SEEK_SET); // get the file size and leave the
+- // file pointer at the start
+- //
+- // If the size is right, read the data
+- if(NV_MEMORY_SIZE == fileSize)
+- {
+- s_NeedsManufacture = fread(s_NV, 1, NV_MEMORY_SIZE, s_NvFile)
+- != NV_MEMORY_SIZE;
+- }
+- else
+- {
+- NvFileCommit(); // for any other size, initialize it
+- s_NeedsManufacture = TRUE;
+- }
+- }
+- // If NVChip file does not exist, try to create it for read/write.
+- else if(NvFileOpen("w+b") >= 0)
+- {
+- NvFileCommit(); // Initialize the file
+- s_NeedsManufacture = TRUE;
++ status = psa_ps_get(tpm_nv_uid, 0, NV_MEMORY_SIZE, s_NV, &data_length);
++ if (status == PSA_ERROR_DOES_NOT_EXIST) {
++ /* Add entry if it doesn't exist */
++ status = psa_ps_create(tpm_nv_uid, NV_MEMORY_SIZE, 0);
++ if (status != PSA_SUCCESS)
++ s_NV_unrecoverable = TRUE;
++ } else if (status != PSA_SUCCESS || data_length != NV_MEMORY_SIZE) {
++ s_NV_unrecoverable = TRUE;
+ }
+- assert(NULL != s_NvFile); // Just in case we are broken for some reason.
+-#endif
++
+ // NV contents have been initialized and the error checks have been performed. For
+ // simulation purposes, use the signaling interface to indicate if an error is
+ // to be simulated and the type of the error.
+ if(s_NV_unrecoverable)
+ return -1;
++
+ return s_NV_recoverable;
+ }
+
+@@ -211,24 +116,9 @@ LIB_EXPORT int _plat__NVEnable(
+ LIB_EXPORT void _plat__NVDisable(int delete // IN: If TRUE, delete the NV contents.
+ )
+ {
+-#if FILE_BACKED_NV
+- if(NULL != s_NvFile)
+- {
+- fclose(s_NvFile); // Close NV file
+- // Alternative to deleting the file is to set its size to 0. This will not
+- // match the NV size so the TPM will need to be remanufactured.
+- if(delete)
+- {
+- // Open for writing at the start. Sets the size to zero.
+- if(NvFileOpen("w") >= 0)
+- {
+- fflush(s_NvFile);
+- fclose(s_NvFile);
+- }
+- }
+- }
+- s_NvFile = NULL; // Set file handle to NULL
+-#endif
++ if (delete)
++ psa_ps_remove(tpm_nv_uid);
++
+ return;
+ }
+
+@@ -240,15 +130,7 @@ LIB_EXPORT void _plat__NVDisable(int delete // IN: If TRUE, delete the NV conte
+ // 2 NV is not available due to rate limit
+ LIB_EXPORT int _plat__IsNvAvailable(void)
+ {
+- int retVal = 0;
+- // NV is not available if the TPM is in failure mode
+- if(!s_NvIsAvailable)
+- retVal = 1;
+-#if FILE_BACKED_NV
+- else
+- retVal = (s_NvFile == NULL);
+-#endif
+- return retVal;
++ return !s_NvIsAvailable;
+ }
+
+ //***_plat__NvMemoryRead()
+@@ -334,11 +216,7 @@ LIB_EXPORT void _plat__NvMemoryMove(
+ // non-0 NV write fail
+ LIB_EXPORT int _plat__NvCommit(void)
+ {
+-#if FILE_BACKED_NV
+- return (NvFileCommit() ? 0 : 1);
+-#else
+- return 0;
+-#endif
++ return (psa_ps_set(tpm_nv_uid, NV_MEMORY_SIZE, s_NV, 0) != PSA_SUCCESS);
+ }
+
+ //***_plat__SetNvAvail()
+@@ -364,9 +242,5 @@ LIB_EXPORT void _plat__ClearNvAvail(void)
+ // needs to be manufactured.
+ LIB_EXPORT int _plat__NVNeedsManufacture(void)
+ {
+-#if FILE_BACKED_NV
+- return s_NeedsManufacture;
+-#else
+- return FALSE;
+-#endif
++ return 0;
+ }
+diff --git a/TPMCmd/Platform/src/RunCommand.c b/TPMCmd/Platform/src/RunCommand.c
+index 114421e..749a9f0 100644
+--- a/TPMCmd/Platform/src/RunCommand.c
++++ b/TPMCmd/Platform/src/RunCommand.c
+@@ -6,6 +6,7 @@
+ * under this license.
+ *
+ * Copyright (c) Microsoft Corporation
++ * Copyright (c) 2024, Arm Limited
+ *
+ * All rights reserved.
+ *
+@@ -50,6 +51,7 @@
+ #include "Platform.h"
+ #include <setjmp.h>
+ #include "ExecCommand_fp.h"
++#include "trace.h"
+
+ jmp_buf s_jumpBuffer;
+
+@@ -69,13 +71,20 @@ LIB_EXPORT void _plat__RunCommand(
+ unsigned char** response // IN/OUT: response buffer
+ )
+ {
+- setjmp(s_jumpBuffer);
++ // TODO: add setjmp to libc
++ // setjmp(s_jumpBuffer);
+ ExecuteCommand(requestSize, request, responseSize, response);
+ }
+
++EXTERN UINT32 s_failFunction;
++EXTERN UINT32 s_failLine;
++
+ //***_plat__Fail()
+ // This is the platform depended failure exit for the TPM.
+ LIB_EXPORT NORETURN void _plat__Fail(void)
+ {
+- longjmp(&s_jumpBuffer[0], 1);
++ // TODO: add longjmp to libc
++ // longjmp(&s_jumpBuffer[0], 1);
++ EMSG("TPM fail: %s:%d", (const char *)(uintptr_t)s_failFunction, s_failLine);
++ for (;;) {}
+ }
+\ No newline at end of file
+--
+2.34.1
+
diff --git a/external/ms_tpm/0003-Add-CMake-support.patch b/external/ms_tpm/0003-Add-CMake-support.patch
new file mode 100644
index 0000000..8576f7b
--- /dev/null
+++ b/external/ms_tpm/0003-Add-CMake-support.patch
@@ -0,0 +1,596 @@
+From c2a8aedf66eb2a7dfb208d378adae98680931536 Mon Sep 17 00:00:00 2001
+From: Balint Dobszay <balint.dobszay@arm.com>
+Date: Thu, 14 Nov 2024 17:11:04 +0100
+Subject: [PATCH 3/3] Add CMake support
+
+Add a minimal CMake build system that can build the TPM code as a
+library and export the CMake config files so it's more convenient to use
+it from another CMake project.
+
+Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>
+Change-Id: I56985c0042776a2759de12bb373017a21e1aab0e
+---
+ CMakeLists.txt | 553 ++++++++++++++++++++++++++++++++++++++++++
+ ms_tpmConfig.cmake.in | 10 +
+ 2 files changed, 563 insertions(+)
+ create mode 100644 CMakeLists.txt
+ create mode 100644 ms_tpmConfig.cmake.in
+
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+new file mode 100644
+index 0000000..faaefb5
+--- /dev/null
++++ b/CMakeLists.txt
+@@ -0,0 +1,553 @@
++#-------------------------------------------------------------------------------
++# Copyright (c) 2024, Arm Limited. All rights reserved.
++#
++# SPDX-License-Identifier: BSD-3-Clause
++#
++#-------------------------------------------------------------------------------
++
++cmake_minimum_required(VERSION 3.18 FATAL_ERROR)
++project(ms-tpm-20-ref LANGUAGES C ASM)
++
++add_library(tpm STATIC)
++
++set(TPM_EXTRA_DEFINITIONS "" CACHE STRING "Defines coming from Trusted Services")
++target_compile_definitions(tpm PUBLIC "${TPM_EXTRA_DEFINITIONS}")
++
++set(TPM_EXTRA_INCLUDES "" CACHE STRING "Include paths coming from Trusted Services")
++target_include_directories(tpm PUBLIC "${TPM_EXTRA_INCLUDES}")
++
++target_sources(tpm PRIVATE
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/Asymmetric/ECC_Decrypt.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/Asymmetric/ECC_Encrypt.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/Asymmetric/ECC_Parameters.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/Asymmetric/ECDH_KeyGen.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/Asymmetric/ECDH_ZGen.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/Asymmetric/EC_Ephemeral.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/Asymmetric/RSA_Decrypt.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/Asymmetric/RSA_Encrypt.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/Asymmetric/ZGen_2Phase.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/AttachedComponent/AC_GetCapability.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/AttachedComponent/AC_Send.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/AttachedComponent/AC_spt.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/AttachedComponent/Policy_AC_SendSelect.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/Attestation/Attest_spt.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/Attestation/Certify.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/Attestation/CertifyCreation.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/Attestation/CertifyX509.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/Attestation/GetCommandAuditDigest.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/Attestation/GetSessionAuditDigest.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/Attestation/GetTime.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/Attestation/Quote.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/Capability/GetCapability.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/Capability/TestParms.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/ClockTimer/ACT_SetTimeout.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/ClockTimer/ACT_spt.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/ClockTimer/ClockRateAdjust.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/ClockTimer/ClockSet.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/ClockTimer/ReadClock.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/CommandAudit/SetCommandCodeAuditStatus.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/Context/ContextLoad.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/Context/ContextSave.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/Context/Context_spt.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/Context/EvictControl.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/Context/FlushContext.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/DA/DictionaryAttackLockReset.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/DA/DictionaryAttackParameters.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/Duplication/Duplicate.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/Duplication/Import.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/Duplication/Rewrap.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/EA/PolicyAuthorize.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/EA/PolicyAuthorizeNV.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/EA/PolicyAuthValue.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/EA/PolicyCommandCode.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/EA/PolicyCounterTimer.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/EA/PolicyCpHash.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/EA/PolicyDuplicationSelect.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/EA/PolicyGetDigest.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/EA/PolicyLocality.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/EA/PolicyNameHash.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/EA/PolicyNV.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/EA/PolicyNvWritten.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/EA/PolicyOR.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/EA/PolicyPassword.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/EA/PolicyPCR.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/EA/PolicyPhysicalPresence.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/EA/PolicySecret.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/EA/PolicySigned.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/EA/Policy_spt.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/EA/PolicyTemplate.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/EA/PolicyTicket.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/Ecdaa/Commit.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/FieldUpgrade/FieldUpgradeData.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/FieldUpgrade/FieldUpgradeStart.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/FieldUpgrade/FirmwareRead.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/HashHMAC/EventSequenceComplete.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/HashHMAC/HashSequenceStart.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/HashHMAC/HMAC_Start.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/HashHMAC/MAC_Start.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/HashHMAC/SequenceComplete.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/HashHMAC/SequenceUpdate.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/Hierarchy/ChangeEPS.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/Hierarchy/ChangePPS.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/Hierarchy/Clear.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/Hierarchy/ClearControl.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/Hierarchy/CreatePrimary.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/Hierarchy/HierarchyChangeAuth.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/Hierarchy/HierarchyControl.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/Hierarchy/SetPrimaryPolicy.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/Misc/PP_Commands.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/Misc/SetAlgorithmSet.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/NVStorage/NV_Certify.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/NVStorage/NV_ChangeAuth.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/NVStorage/NV_DefineSpace.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/NVStorage/NV_Extend.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/NVStorage/NV_GlobalWriteLock.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/NVStorage/NV_Increment.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/NVStorage/NV_Read.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/NVStorage/NV_ReadLock.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/NVStorage/NV_ReadPublic.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/NVStorage/NV_SetBits.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/NVStorage/NV_spt.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/NVStorage/NV_UndefineSpace.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/NVStorage/NV_UndefineSpaceSpecial.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/NVStorage/NV_Write.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/NVStorage/NV_WriteLock.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/Object/ActivateCredential.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/Object/Create.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/Object/CreateLoaded.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/Object/Load.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/Object/LoadExternal.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/Object/MakeCredential.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/Object/ObjectChangeAuth.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/Object/Object_spt.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/Object/ReadPublic.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/Object/Unseal.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/PCR/PCR_Allocate.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/PCR/PCR_Event.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/PCR/PCR_Extend.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/PCR/PCR_Read.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/PCR/PCR_Reset.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/PCR/PCR_SetAuthPolicy.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/PCR/PCR_SetAuthValue.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/Random/GetRandom.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/Random/StirRandom.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/Session/PolicyRestart.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/Session/StartAuthSession.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/Signature/Sign.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/Signature/VerifySignature.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/Startup/Shutdown.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/Startup/Startup.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/Symmetric/EncryptDecrypt2.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/Symmetric/EncryptDecrypt.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/Symmetric/EncryptDecrypt_spt.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/Symmetric/Hash.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/Symmetric/HMAC.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/Symmetric/MAC.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/Testing/GetTestResult.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/Testing/IncrementalSelfTest.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/Testing/SelfTest.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/command/Vendor/Vendor_TCG_Test.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/crypt/AlgorithmTests.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/crypt/BnConvert.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/crypt/BnMath.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/crypt/BnMemory.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/crypt/CryptCmac.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/crypt/CryptDes.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/crypt/CryptEccCrypt.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/crypt/CryptEccData.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/crypt/CryptEccKeyExchange.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/crypt/CryptEccMain.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/crypt/CryptEccSignature.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/crypt/CryptHash.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/crypt/CryptPrime.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/crypt/CryptPrimeSieve.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/crypt/CryptRand.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/crypt/CryptRsa.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/crypt/CryptSelfTest.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/crypt/CryptSmac.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/crypt/CryptSym.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/crypt/CryptUtil.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/crypt/PrimeData.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/crypt/RsaKeyCache.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/crypt/Ticket.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/crypt/mbed/TpmToMbedSym.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/crypt/mbed/TpmToMbedMath.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/crypt/mbed/TpmToMbedSupport.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/events/_TPM_Hash_Data.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/events/_TPM_Hash_End.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/events/_TPM_Hash_Start.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/events/_TPM_Init.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/main/CommandDispatcher.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/main/ExecCommand.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/main/SessionProcess.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/subsystem/CommandAudit.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/subsystem/DA.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/subsystem/Hierarchy.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/subsystem/NvDynamic.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/subsystem/NvReserved.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/subsystem/Object.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/subsystem/PCR.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/subsystem/PP.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/subsystem/Session.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/subsystem/Time.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/support/AlgorithmCap.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/support/Bits.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/support/CommandCodeAttributes.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/support/Entity.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/support/Global.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/support/Handle.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/support/IoBuffers.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/support/Locality.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/support/Manufacture.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/support/Marshal.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/support/MathOnByteBuffers.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/support/Memory.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/support/Power.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/support/PropertyCap.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/support/Response.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/support/ResponseCodeProcessing.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/support/TableDrivenMarshal.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/support/TableMarshalData.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/support/TpmFail.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/support/TpmSizeChecks.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/X509/TpmASN1.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/X509/X509_ECC.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/X509/X509_RSA.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/src/X509/X509_spt.c
++)
++
++target_include_directories(tpm PUBLIC
++ $<BUILD_INTERFACE:${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include>
++ $<BUILD_INTERFACE:${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes>
++ $<INSTALL_INTERFACE:include>
++)
++
++set_property(TARGET tpm APPEND PROPERTY PUBLIC_HEADER
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/ACT.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/BaseTypes.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/BnValues.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/Capabilities.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/CommandAttributeData.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/CommandAttributes.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/CommandDispatchData.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/CommandDispatcher.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/Commands.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/CompilerDependencies.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/CryptEcc.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/CryptHash.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/CryptRand.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/CryptRsa.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/CryptSym.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/CryptTest.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/EccTestData.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/Global.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/GpMacros.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/HandleProcess.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/HashTestData.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/InternalRoutines.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/KdfTestData.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/LibSupport.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/Marshal.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/Mbed/TpmToMbedHash.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/Mbed/TpmToMbedMath.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/Mbed/TpmToMbedSym.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/MinMax.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/NV.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/OIDs.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/PRNG_TestVectors.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/AC_GetCapability_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/AC_Send_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/AC_spt_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/ActivateCredential_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/ACT_SetTimeout_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/ACT_spt_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/AlgorithmCap_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/AlgorithmTests_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/Attest_spt_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/Bits_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/BnConvert_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/BnMath_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/BnMemory_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/CertifyCreation_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/Certify_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/CertifyX509_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/ChangeEPS_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/ChangePPS_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/ClearControl_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/Clear_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/ClockRateAdjust_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/ClockSet_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/CommandAudit_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/CommandCodeAttributes_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/CommandDispatcher_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/Commit_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/ContextLoad_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/ContextSave_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/Context_spt_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/Create_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/CreateLoaded_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/CreatePrimary_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/CryptCmac_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/CryptDes_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/CryptEccCrypt_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/CryptEccKeyExchange_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/CryptEccMain_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/CryptEccSignature_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/CryptHash_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/CryptPrime_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/CryptPrimeSieve_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/CryptRand_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/CryptRsa_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/CryptSelfTest_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/CryptSmac_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/CryptSym_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/CryptUtil_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/DA_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/DictionaryAttackLockReset_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/DictionaryAttackParameters_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/Duplicate_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/ECC_Decrypt_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/ECC_Encrypt_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/ECC_Parameters_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/ECDH_KeyGen_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/ECDH_ZGen_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/EC_Ephemeral_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/EncryptDecrypt2_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/EncryptDecrypt_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/EncryptDecrypt_spt_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/Entity_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/EventSequenceComplete_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/EvictControl_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/ExecCommand_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/FieldUpgradeData_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/FieldUpgradeStart_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/FirmwareRead_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/FlushContext_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/GetCapability_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/GetCommandAuditDigest_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/GetRandom_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/GetSessionAuditDigest_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/GetTestResult_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/GetTime_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/Handle_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/Hash_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/HashSequenceStart_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/HierarchyChangeAuth_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/HierarchyControl_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/Hierarchy_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/HMAC_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/HMAC_Start_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/Import_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/IncrementalSelfTest_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/IoBuffers_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/LoadExternal_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/Load_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/Locality_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/MAC_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/MAC_Start_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/MakeCredential_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/Manufacture_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/Marshal_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/MathOnByteBuffers_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/Memory_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/NV_Certify_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/NV_ChangeAuth_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/NV_DefineSpace_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/NvDynamic_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/NV_Extend_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/NV_GlobalWriteLock_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/NV_Increment_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/NV_Read_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/NV_ReadLock_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/NV_ReadPublic_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/NvReserved_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/NV_SetBits_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/NV_spt_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/NV_UndefineSpace_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/NV_UndefineSpaceSpecial_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/NV_Write_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/NV_WriteLock_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/ObjectChangeAuth_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/Object_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/Object_spt_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/PCR_Allocate_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/PCR_Event_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/PCR_Extend_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/PCR_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/PCR_Read_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/PCR_Reset_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/PCR_SetAuthPolicy_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/PCR_SetAuthValue_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/Policy_AC_SendSelect_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/PolicyAuthorize_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/PolicyAuthorizeNV_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/PolicyAuthValue_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/PolicyCommandCode_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/PolicyCounterTimer_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/PolicyCpHash_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/PolicyDuplicationSelect_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/PolicyGetDigest_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/PolicyLocality_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/PolicyNameHash_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/PolicyNV_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/PolicyNvWritten_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/PolicyOR_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/PolicyPassword_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/PolicyPCR_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/PolicyPhysicalPresence_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/PolicyRestart_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/PolicySecret_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/PolicySigned_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/Policy_spt_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/PolicyTemplate_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/PolicyTicket_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/Power_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/PP_Commands_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/PP_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/PropertyCap_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/Quote_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/ReadClock_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/ReadPublic_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/ResponseCodeProcessing_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/Response_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/Rewrap_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/RSA_Decrypt_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/RSA_Encrypt_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/RsaKeyCache_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/SelfTest_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/SequenceComplete_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/SequenceUpdate_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/Session_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/SessionProcess_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/SetAlgorithmSet_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/SetCommandCodeAuditStatus_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/SetPrimaryPolicy_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/Shutdown_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/Sign_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/StartAuthSession_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/Startup_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/StirRandom_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/TableDrivenMarshal_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/TestParms_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/Ticket_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/Time_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/TpmASN1_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/TpmFail_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/_TPM_Hash_Data_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/_TPM_Hash_End_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/_TPM_Hash_Start_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/_TPM_Init_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/TpmSizeChecks_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/TpmToMbedMath_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/TpmToMbedSupport_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/TpmToMbedSym_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/Unseal_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/Vendor_TCG_Test_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/VerifySignature_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/X509_ECC_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/X509_RSA_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/X509_spt_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/prototypes/ZGen_2Phase_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/RsaTestData.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/SelfTest.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/SupportLibraryFunctionPrototypes_fp.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/swap.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/SymmetricTestData.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/SymmetricTest.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/TableMarshalDefines.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/TableMarshal.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/TableMarshalTypes.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/TpmAlgorithmDefines.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/TpmASN1.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/TPMB.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/TpmBuildSwitches.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/TpmError.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/Tpm.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/TpmProfile.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/TpmTypes.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/VendorString.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/tpm/include/X509.h
++)
++
++target_sources(tpm PRIVATE
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/Platform/src/Cancel.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/Platform/src/Clock.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/Platform/src/DebugHelpers.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/Platform/src/Entropy.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/Platform/src/LocalityPlat.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/Platform/src/NVMem.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/Platform/src/PlatformACT.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/Platform/src/PlatformData.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/Platform/src/PowerPlat.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/Platform/src/PPPlat.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/Platform/src/RunCommand.c
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/Platform/src/Unique.c
++)
++
++target_include_directories(tpm PUBLIC
++ $<BUILD_INTERFACE:${CMAKE_CURRENT_LIST_DIR}/TPMCmd/Platform/include>
++ $<BUILD_INTERFACE:${CMAKE_CURRENT_LIST_DIR}/TPMCmd/Platform/include/prototypes>
++ $<INSTALL_INTERFACE:include>
++)
++
++set_property(TARGET tpm APPEND PROPERTY PUBLIC_HEADER
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/Platform/include/Platform.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/Platform/include/PlatformACT.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/Platform/include/PlatformClock.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/Platform/include/PlatformData.h
++ ${CMAKE_CURRENT_LIST_DIR}/TPMCmd/Platform/include/prototypes/Platform_fp.h
++)
++
++set(LIB_NAME ms_tpm)
++set(PKG_CONFIG_FILE "${CMAKE_CURRENT_LIST_DIR}/ms_tpmConfig.cmake.in")
++
++# Set default install location if none specified
++if (CMAKE_INSTALL_PREFIX_INITIALIZED_TO_DEFAULT)
++ set(CMAKE_INSTALL_PREFIX ${CMAKE_BINARY_DIR}/install CACHE PATH "" FORCE)
++endif()
++
++# Specify export name and destinations for install
++install(TARGETS tpm
++ EXPORT ${LIB_NAME}_targets
++ ARCHIVE DESTINATION lib
++ LIBRARY DESTINATION lib
++ PUBLIC_HEADER DESTINATION include
++)
++
++# Create targets file.
++export(EXPORT ${LIB_NAME}_targets
++ FILE "${CMAKE_CURRENT_BINARY_DIR}/${LIB_NAME}Targets.cmake"
++ NAMESPACE ${LIB_NAME}::
++)
++
++# Create a config file package.
++include(CMakePackageConfigHelpers)
++write_basic_package_version_file(
++ "${CMAKE_CURRENT_BINARY_DIR}/${LIB_NAME}ConfigVersion.cmake"
++ VERSION 1
++ COMPATIBILITY SameMajorVersion
++)
++
++# Finalize config file.
++# Config package location relative to install root.
++set(ConfigPackageLocation ${CMAKE_INSTALL_PREFIX}/lib/cmake/${LIB_NAME})
++
++get_filename_component(_configured_pkgcfg_name "${PKG_CONFIG_FILE}" NAME_WLE)
++set(_configured_pkgcfg_name "${CMAKE_CURRENT_BINARY_DIR}/${_configured_pkgcfg_name}")
++configure_package_config_file("${PKG_CONFIG_FILE}" "${_configured_pkgcfg_name}"
++ INSTALL_DESTINATION ${ConfigPackageLocation}
++)
++
++# Install the export details
++install(EXPORT ${LIB_NAME}_targets
++ FILE ${LIB_NAME}Targets.cmake
++ NAMESPACE ${LIB_NAME}::
++ DESTINATION ${ConfigPackageLocation}
++ COMPONENT ${LIB_NAME}
++)
++
++# install config and version files
++install(FILES "${_configured_pkgcfg_name}" "${CMAKE_CURRENT_BINARY_DIR}/${LIB_NAME}ConfigVersion.cmake"
++ DESTINATION ${ConfigPackageLocation}
++ COMPONENT ${LIB_NAME}
++)
+diff --git a/ms_tpmConfig.cmake.in b/ms_tpmConfig.cmake.in
+new file mode 100644
+index 0000000..da70f71
+--- /dev/null
++++ b/ms_tpmConfig.cmake.in
+@@ -0,0 +1,10 @@
++#-------------------------------------------------------------------------------
++# Copyright (c) 2024, Arm Limited. All rights reserved.
++#
++# SPDX-License-Identifier: BSD-3-Clause
++#
++#-------------------------------------------------------------------------------
++
++@PACKAGE_INIT@
++
++include("${CMAKE_CURRENT_LIST_DIR}/ms_tpmTargets.cmake")
+--
+2.34.1
+
diff --git a/external/ms_tpm/ms_tpm-init-cache.cmake.in b/external/ms_tpm/ms_tpm-init-cache.cmake.in
new file mode 100644
index 0000000..ca17282
--- /dev/null
+++ b/external/ms_tpm/ms_tpm-init-cache.cmake.in
@@ -0,0 +1,19 @@
+#-------------------------------------------------------------------------------
+# Copyright (c) 2025, Arm Limited and Contributors. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+#-------------------------------------------------------------------------------
+
+set(CMAKE_INSTALL_PREFIX @BUILD_INSTALL_DIR@ CACHE STRING "")
+set(CMAKE_TOOLCHAIN_FILE @TS_EXTERNAL_LIB_TOOLCHAIN_FILE@ CACHE STRING "")
+
+set(TPM_EXTRA_DEFINITIONS @TPM_EXTRA_DEFINITIONS@ CACHE STRING "Defines coming from Trusted Services")
+set(TPM_EXTRA_INCLUDES @TPM_EXTRA_INCLUDES@ CACHE STRING "Include paths coming from Trusted Services")
+
+string(TOUPPER @CMAKE_CROSSCOMPILING@ CMAKE_CROSSCOMPILING) # CMake expects TRUE
+if (CMAKE_CROSSCOMPILING)
+ set(CMAKE_TRY_COMPILE_TARGET_TYPE STATIC_LIBRARY CACHE STRING "")
+endif()
+
+@_cmake_fragment@
diff --git a/external/ms_tpm/ms_tpm.cmake b/external/ms_tpm/ms_tpm.cmake
new file mode 100644
index 0000000..de8e615
--- /dev/null
+++ b/external/ms_tpm/ms_tpm.cmake
@@ -0,0 +1,89 @@
+#-------------------------------------------------------------------------------
+# Copyright (c) 2024, Arm Limited and Contributors. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+#-------------------------------------------------------------------------------
+
+set(MS_TPM_URL "https://github.com/microsoft/ms-tpm-20-ref.git" CACHE STRING "MS TPM repository URL")
+set(MS_TPM_REFSPEC "e9fc7b89d865536c46deb63f9c7d0121a3ded49c" CACHE STRING "MS TPM git refspec")
+set(MS_TPM_SOURCE_DIR "${CMAKE_CURRENT_BINARY_DIR}/_deps/ms_tpm-src" CACHE PATH "MS TPM source directory")
+set(MS_TPM_INSTALL_DIR "${CMAKE_CURRENT_BINARY_DIR}/ms_tpm-install" CACHE PATH "MS TPM install directory")
+set(MS_TPM_BUILD_TYPE "Debug" CACHE STRING "MS TPM build type")
+
+# Add Mbed TLS
+set(MBEDTLS_CONFIG_FILE "${TS_ROOT}/external/MbedTLS/config/ms_tpm_config.h" CACHE STRING "" FORCE)
+include(${TS_ROOT}/external/MbedTLS/MbedTLS.cmake)
+
+# Pass include paths to ms_tpm
+get_target_property(_mbedcrypto_includes MbedTLS::mbedcrypto INTERFACE_INCLUDE_DIRECTORIES)
+get_target_property(_mbedx509_includes MbedTLS::mbedx509 INTERFACE_INCLUDE_DIRECTORIES)
+set(TPM_EXTRA_INCLUDES
+ # MbedTLS includes
+ "${_mbedcrypto_includes}"
+ "${_mbedx509_includes}"
+ # TS utilities
+ "${TS_ROOT}/components/common/trace/include"
+ "${TS_ROOT}/components/common/utils/include"
+ # PSA headers
+ "${TS_ROOT}/components/service/common/include"
+ "${TS_ROOT}/components/service/secure_storage/include"
+ CACHE STRING "" FORCE)
+
+set(TPM_EXTRA_DEFINITIONS
+ # TPM config
+ _ARM_
+ GCC
+ HASH_LIB=Mbed
+ SYM_LIB=Mbed
+ MATH_LIB=Mbed
+ SIMULATION=NO
+ VTPM=NO
+ ECC_NIST_P521=YES # if not defined, the TPM internal bignum allocation won't be large enough
+ CERTIFYX509_DEBUG=NO
+
+ # Pass MbedTLS config
+ MBEDTLS_CONFIG_FILE="${MBEDTLS_CONFIG_FILE}"
+
+ # Pass TS trace config
+ TRACE_LEVEL=${TRACE_LEVEL}
+ TRACE_PREFIX="${TRACE_PREFIX}"
+ CACHE STRING "" FORCE)
+
+# Only pass libc settings to ms_tpm if needed. For environments where the standard library is not
+# overridden, this is not needed.
+if(TARGET stdlib::c)
+ include(${TS_ROOT}/tools/cmake/common/PropertyCopy.cmake)
+ # Save libc settings
+ save_interface_target_properties(TGT stdlib::c PREFIX LIBC)
+ # Translate libc settings to CMake code fragment. Will be inserted into
+ # mbedtls-init-cache.cmake.in when LazyFetch configures the file.
+ translate_interface_target_properties(PREFIX LIBC RES _cmake_fragment)
+ unset_saved_properties(LIBC)
+endif()
+
+set(GIT_OPTIONS
+ GIT_REPOSITORY ${MS_TPM_URL}
+ GIT_TAG ${MS_TPM_REFSPEC}
+ GIT_SHALLOW TRUE
+ PATCH_COMMAND
+ git stash
+ COMMAND git branch -f bf-am
+ COMMAND git am ${CMAKE_CURRENT_LIST_DIR}/0001-Add-MbedTLS-crypto-port.patch
+ COMMAND git am ${CMAKE_CURRENT_LIST_DIR}/0002-Add-PSA-platform-port.patch
+ COMMAND git am ${CMAKE_CURRENT_LIST_DIR}/0003-Add-CMake-support.patch
+ COMMAND git reset bf-am
+)
+
+include(${TS_ROOT}/tools/cmake/common/LazyFetch.cmake REQUIRED)
+LazyFetch_MakeAvailable(DEP_NAME ms_tpm
+ FETCH_OPTIONS ${GIT_OPTIONS}
+ INSTALL_DIR ${MS_TPM_INSTALL_DIR}
+ PACKAGE_DIR ${MS_TPM_INSTALL_DIR}
+ CACHE_FILE "${TS_ROOT}/external/ms_tpm/ms_tpm-init-cache.cmake.in"
+ SOURCE_DIR "${MS_TPM_SOURCE_DIR}"
+)
+unset(_cmake_fragment)
+
+target_link_libraries(ms_tpm::tpm INTERFACE MbedTLS::mbedcrypto)
+target_link_libraries(ms_tpm::tpm INTERFACE MbedTLS::mbedx509)