wolftpm-sys

Raw Rust FFI bindings to wolfTPM, auto-generated by bindgen at build time. All functions are unsafe.

Most users should depend on the higher-level wolftpm crate instead. Use wolftpm-sys directly only if you need a wolfTPM C API symbol that is not yet wrapped by wolftpm.

Why

wolftpm-sys separates the generated FFI from the safe wrapper so that:

• The bindgen output can be regenerated (by bumping wolftpm-src) without forcing a breaking-change version bump on wolftpm.
• Downstream crates with unusual requirements can use the raw bindings without pulling in the opinionated safe API.
• The links = "wolftpm_sys" key prevents multiple copies of the wolfTPM static archive from being linked into the same binary.

Usage

[dependencies]
wolftpm-sys = "0.2"

use wolftpm_sys::*;

unsafe {
    let mut dev: WOLFTPM2_DEV = core::mem::zeroed();
    let rc = wolfTPM2_Init(&mut dev, None, core::ptr::null_mut());
    assert_eq!(rc, 0);
    wolfTPM2_Cleanup(&mut dev);
}

All functions are unsafe. For a safe API see wolftpm.

Build prerequisites

• The wolftpm-src crate must be a direct [dependency] (not [build-dependency]) so that Cargo propagates its DEP_WOLFTPM_SRC_* metadata to this crate's build script. wolftpm-sys already declares this dependency; you do not add it yourself.
• wolfTPM source: set WOLFTPM_SRC or initialise the bundled submodule.
• wolfSSL headers: set WOLFSSL_DIR or WOLFSSL_INCLUDE_DIR.

See wolftpm-src for full configuration details.

How it works

build.rs performs three steps:

1. Read build metadata — reads DEP_WOLFCRYPT_SYS_* from wolfcrypt-sys (wolfSSL include paths, vendored flag, lib dirs) and DEP_WOLFTPM_SRC_* from wolftpm-src (wolfTPM include path and compiled library location).
2. Emit link directives — instructs rustc to search for libwolftpm.a in the wolftpm-src output directory and to link it, followed by the wolfSSL library.
3. Run bindgen — generates bindings.rs in OUT_DIR from wrapper.h, which includes <wolftpm/tpm2.h> and <wolftpm/tpm2_wrap.h>. The allowlist captures wolfTPM2_* functions and WOLFTPM2_* / TPM2_* / TPM* types and constants; wolfSSL internals are excluded via -DWOLFTPM2_NO_WOLFCRYPT.

lib.rs include!s the generated bindings.rs with the standard set of #[allow] attributes for bindgen output, exposes the tpm_rc helper module, and conditionally exposes swtpm (a shared init_swtpm helper used by both wolftpm::Device::open_swtpm and wolftpm-tss::WolfTpmSwtpm::connect).

The bindings cover:

• Core TPM2 structures — TPM2B_*, TPMA_*, TPMS_*, TPMT_*, TPML_*, TPMU_*, and the full set of TPM 2.0 algorithm and command constants from the TCG specification
• wolfTPM2 wrapper types — WOLFTPM2_DEV, WOLFTPM2_KEY, WOLFTPM2_HASH, WOLFTPM2_NV, WOLFTPM2_SESSION, WOLFTPM2_CAPS
• wolfTPM2 wrapper functions — the complete wolfTPM2_* high-level API (init, key generation, signing, ECDH, PCR, NV storage, sessions, attestation, sealing, firmware upgrade, and more)
• Low-level TPM2 command API — TPM2_* functions for direct command construction when the wrapper does not cover a use case

The wolfSSL key-import/export helpers (wolfTPM2_RsaKey_To_Device etc.) are excluded from the current bindings (WOLFTPM2_NO_WOLFCRYPT). They will be added in a future version once the safe Rust wrapper in wolftpm exposes them.

References

• wolftpm — safe Rust API; use this unless you have a specific reason not to
• wolftpm-src — vendored wolfTPM source build
• wolftpm-tss — tpm-rs TSS backend that consumes these bindings
• wolfTPM repository
• wolfTPM API documentation
• TCG TPM2 Part 3: Commands
• workspace README

Copyright

Copyright (C) 2006-2026 wolfSSL Inc.

wolfTPM is copyright wolfSSL Inc. and its contributors.

License

GPL-3.0-only OR LicenseRef-wolfSSL-commercial.

The underlying wolfTPM C library is also dual-licensed under GPL-3.0-or-later with a commercial option available from wolfSSL Inc.