wolfTPM Release v4.0.0 Prep

[dgarske]

Summary

Prep branch for the v4.0.0 release. Bumps the version everywhere,
updates ChangeLog.md with the themed release notes, adds release-gate
CI coverage, and fixes a small set of issues uncovered while running the
full release build matrix against the new fwTPM and SPDM subsystems.

Libtool soname: WOLFTPM_LIBRARY_VERSION=17:0:0 (interfaces removed or
changed since v3.10.0).

Version bumps

• configure.ac AC_INIT 3.10.0 -> 4.0.0
• WOLFTPM_LIBRARY_VERSION 16:x:x -> 17:0:0
• CMakeLists.txt project(wolfTPM VERSION 4.0.0 ...)
• wolftpm/version.h LIBWOLFTPM_VERSION_STRING "4.0.0",
  LIBWOLFTPM_VERSION_HEX 0x04000000
• Copyright year bumps across headers/examples/IDE projects

ChangeLog.md

New v4.0.0 entry (Apr 22, 2026) highlighting the three v4 major
features: fwTPM, SPDM secured transport for Nuvoton/Nations, and
ST33KTPM2X firmware update (Gen 1 non-LMS + Gen 2 LMS, auto-detect).
Themed Detail sections cover platform/HAL, crypto callbacks, security
hardening, Coverity, CI, marshaling, bug fixes, and deprecations.
ASCII-only.

Build/portability fixes found by the release build matrix

1. configure.ac: auto-disable fwTPM when --disable-wolfcrypt is
   passed (fwTPM requires wolfCrypt, so the default-on fwTPM previously
   made plain ./configure --disable-wolfcrypt fail).
2. configure.ac: replace AC_CHECK_LIB([wolfssl],[wolfCrypt_Init])
   with AC_LINK_IFELSE that includes wolfSSL headers so the link
   probe works under both C and C++ (CC=g++). AC_CHECK_LIB
   synthesizes a bare declaration that C++ name-mangles and fails to
   link against libwolfssl's C symbols.
3. wolftpm/fwtpm/fwtpm.h: move struct FWTPM_NV_HAL_S and
   struct FWTPM_CLOCK_HAL_S out of FWTPM_CTX to file scope. C
   merges nested struct tags into the outer scope; C++ treats them as
   nested types, which broke external uses of the FWTPM_NV_HAL
   typedef under C++.
4. src/fwtpm/fwtpm_command.c, src/fwtpm/fwtpm_crypto.c: explicit
   casts for enum/non-enum ternaries and int -> enum wc_HashType
   conversions flagged by g++ -Werror=extra / -fpermissive.

scan-build cleanups (8 dead stores -> 0)

• examples/endorsement/get_ek_certs.c - removed dead indexType
  fallback init
• examples/endorsement/verify_ek_cert.c - restructured curveName
  init with #if / #else
• examples/native/native_test.c - removed dead
  rc = TPM_RC_SUCCESS resets (rc reassigned downstream)
• src/fwtpm/fwtpm_command.c - removed dead hashAlg initializer
• src/tpm2_wrap.c - moved rc = TPM_RC_SUCCESS into #else of
  WOLFTPM_MICROCHIP/WOLFTPM_PERFORM_SELFTEST block
• tests/fwtpm_unit_tests.c - use cmdSz in FWTPM_ProcessCommand
  call (was hardcoded 14)

CI additions

• New .github/workflows/release-checks.yml - release-gate workflow
  run on every PR and push:
  • cxx_build - ./configure CC=g++ && make in default and
    --enable-fwtpm configs.
  • scan_build - scan-build --status-bugs ./configure
    • scan-build --status-bugs make in default and --enable-fwtpm
      configs. Uploads report artifacts on failure.
• New matrix entries in make-test-swtpm.yml:
  • no-examples (--enable-swtpm --disable-examples --disable-fwtpm)
  • st33ktpm2-i2c (--enable-st33 --enable-i2c --disable-fwtpm)

README.md

Replaced two em-dashes (U+2014) with ASCII - for strict ASCII.

Verification performed locally

• ./configure && make && make check - PASS (2/2)
• ./configure CC=g++ && make - PASS
• ./configure --disable-wolfcrypt && make - PASS (fwTPM auto-disabled)
• ./configure --enable-fwtpm && make && make check - PASS
• ./configure --enable-fwtpm-only && make - PASS
• ./configure --enable-swtpm --disable-examples --disable-fwtpm && make - PASS
• ./configure --enable-st33 --enable-i2c --disable-fwtpm && make - PASS
• scan-build --status-bugs make - PASS (0 bugs)
• CMake build - PASS
• All vendor matrix variants - PASS
• grep -P "[^\x00-\x7F]" ChangeLog.md - empty (ASCII)

[Copilot]

Pull request overview

Note

Copilot was unable to run its full agentic suite in this review.

Prepares the wolfTPM v4.0.0 release by updating project/library version metadata, adding 4.0.0 release notes, and refreshing copyright headers across the codebase.

Changes:

• Bump wolfTPM version references to 4.0.0 (headers, Autotools, CMake, libtool versioning).
• Add v4.0.0 entry to ChangeLog.md.
• Update copyright notices from 2006–2025 to 2006–2026 across many files.

Reviewed changes

Copilot reviewed 170 out of 170 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
zephyr/user_settings.h	Update copyright year to 2006–2026.
wrapper/CSharp/wolfTPM.cs	Update copyright year to 2006–2026.
wrapper/CSharp/wolfTPM-tests.cs	Update copyright year to 2006–2026.
wolftpm/visibility.h	Update copyright year to 2006–2026.
wolftpm/version.h.in	Update copyright year to 2006–2026.
wolftpm/version.h	Update copyright year and bump version macros to 4.0.0.
wolftpm/tpm2_wrap.h	Update copyright year to 2006–2026.
wolftpm/tpm2_winapi.h	Update copyright year to 2006–2026.
wolftpm/tpm2_types.h	Update copyright year to 2006–2026.
wolftpm/tpm2_tis.h	Update copyright year to 2006–2026.
wolftpm/tpm2_swtpm.h	Update copyright year to 2006–2026.
wolftpm/tpm2_spdm.h	Update copyright year to 2006–2026.
wolftpm/tpm2_socket.h	Update copyright year to 2006–2026.
wolftpm/tpm2_param_enc.h	Update copyright year to 2006–2026.
wolftpm/tpm2_packet.h	Update copyright year to 2006–2026.
wolftpm/tpm2_linux.h	Update copyright year to 2006–2026.
wolftpm/tpm2_crypto.h	Update copyright year to 2006–2026.
wolftpm/tpm2_asn.h	Update copyright year to 2006–2026.
wolftpm/tpm2.h	Update copyright year to 2006–2026.
wolftpm/spdm/spdm_types.h	Update copyright year to 2006–2026.
wolftpm/spdm/spdm_tcg.h	Update copyright year to 2006–2026.
wolftpm/spdm/spdm_psk.h	Update copyright year to 2006–2026.
wolftpm/spdm/spdm_nuvoton.h	Update copyright year to 2006–2026.
wolftpm/spdm/spdm_nations.h	Update copyright year to 2006–2026.
wolftpm/spdm/spdm.h	Update copyright year to 2006–2026.
wolftpm/options.h.in	Update copyright year to 2006–2026.
wolftpm/fwtpm/fwtpm_tis.h	Update copyright year to 2006–2026.
wolftpm/fwtpm/fwtpm_nv.h	Update copyright year to 2006–2026.
wolftpm/fwtpm/fwtpm_io.h	Update copyright year to 2006–2026.
wolftpm/fwtpm/fwtpm_crypto.h	Update copyright year to 2006–2026.
wolftpm/fwtpm/fwtpm_command.h	Update copyright year to 2006–2026.
wolftpm/fwtpm/fwtpm.h	Update copyright year to 2006–2026.
tests/unit_tests.c	Update copyright year to 2006–2026.
tests/fwtpm_unit_tests.c	Update copyright year to 2006–2026.
tests/fuzz/fwtpm_fuzz.c	Update copyright year to 2006–2026.
src/tpm2_wrap.c	Update copyright year to 2006–2026.
src/tpm2_winapi.c	Update copyright year to 2006–2026.
src/tpm2_util.c	Update copyright year to 2006–2026.
src/tpm2_tis.c	Update copyright year to 2006–2026.
src/tpm2_swtpm.c	Update copyright year to 2006–2026.
src/tpm2_spdm.c	Update copyright year to 2006–2026.
src/tpm2_param_enc.c	Update copyright year to 2006–2026.
src/tpm2_packet.c	Update copyright year to 2006–2026.
src/tpm2_linux.c	Update copyright year to 2006–2026.
src/tpm2_cryptocb.c	Update copyright year to 2006–2026.
src/tpm2_crypto.c	Update copyright year to 2006–2026.
src/tpm2_asn.c	Update copyright year to 2006–2026.
src/tpm2.c	Update copyright year to 2006–2026.
src/spdm/unit_test.c	Update copyright year to 2006–2026.
src/spdm/spdm_transcript.c	Update copyright year to 2006–2026.
src/spdm/spdm_tcg.c	Update copyright year to 2006–2026.
src/spdm/spdm_session.c	Update copyright year to 2006–2026.
src/spdm/spdm_secured.c	Update copyright year to 2006–2026.
src/spdm/spdm_psk.c	Update copyright year to 2006–2026.
src/spdm/spdm_nuvoton.c	Update copyright year to 2006–2026.
src/spdm/spdm_nations.c	Update copyright year to 2006–2026.
src/spdm/spdm_msg.c	Update copyright year to 2006–2026.
src/spdm/spdm_kdf.c	Update copyright year to 2006–2026.
src/spdm/spdm_internal.h	Update copyright year to 2006–2026.
src/spdm/spdm_crypto.c	Update copyright year to 2006–2026.
src/spdm/spdm_context.c	Update copyright year to 2006–2026.
src/spdm/README.md	Update copyright year in licensing text to 2006–2026.
src/fwtpm/fwtpm_tis_shm.c	Update copyright year to 2006–2026.
src/fwtpm/fwtpm_tis.c	Update copyright year to 2006–2026.
src/fwtpm/fwtpm_nv.c	Update copyright year to 2006–2026.
src/fwtpm/fwtpm_main.c	Update copyright year to 2006–2026.
src/fwtpm/fwtpm_io.c	Update copyright year to 2006–2026.
src/fwtpm/fwtpm_crypto.c	Update copyright year to 2006–2026.
src/fwtpm/fwtpm_command.c	Update copyright year to 2006–2026.
src/fwtpm/fwtpm.c	Update copyright year to 2006–2026.
hal/tpm_io_zephyr.c	Update copyright year to 2006–2026.
hal/tpm_io_xilinx.c	Update copyright year to 2006–2026.
hal/tpm_io_uboot.c	Update copyright year to 2006–2026.
hal/tpm_io_st.c	Update copyright year to 2006–2026.
hal/tpm_io_qnx.c	Update copyright year to 2006–2026.
hal/tpm_io_mmio.c	Update copyright year to 2006–2026.
hal/tpm_io_microchip.c	Update copyright year to 2006–2026.
hal/tpm_io_linux.c	Update copyright year to 2006–2026.
hal/tpm_io_infineon.c	Update copyright year to 2006–2026.
hal/tpm_io_fwtpm.c	Update copyright year to 2006–2026.
hal/tpm_io_espressif.c	Update copyright year to 2006–2026.
hal/tpm_io_barebox.c	Update copyright year to 2006–2026.
hal/tpm_io_atmel.c	Update copyright year to 2006–2026.
hal/tpm_io.h	Update copyright year to 2006–2026.
hal/tpm_io.c	Update copyright year to 2006–2026.
examples/wrap/wrap_test.h	Update copyright year to 2006–2026.
examples/wrap/wrap_test.c	Update copyright year to 2006–2026.
examples/wrap/hmac.c	Update copyright year to 2006–2026.
examples/wrap/caps.c	Update copyright year to 2006–2026.
examples/tpm_test_keys.h	Update copyright year to 2006–2026.
examples/tpm_test_keys.c	Update copyright year to 2006–2026.
examples/tpm_test.h	Update copyright year to 2006–2026.
examples/tls/tls_server.h	Update copyright year to 2006–2026.
examples/tls/tls_server.c	Update copyright year to 2006–2026.
examples/tls/tls_common.h	Update copyright year to 2006–2026.
examples/tls/tls_client_notpm.c	Update copyright year to 2006–2026.
examples/tls/tls_client.h	Update copyright year to 2006–2026.
examples/tls/tls_client.c	Update copyright year to 2006–2026.
examples/timestamp/signed_timestamp.h	Update copyright year to 2006–2026.
examples/timestamp/signed_timestamp.c	Update copyright year to 2006–2026.
examples/timestamp/clock_set.h	Update copyright year to 2006–2026.
examples/timestamp/clock_set.c	Update copyright year to 2006–2026.
examples/spdm/spdm_test.sh	Update copyright year to 2006–2026.
examples/spdm/spdm_ctrl.c	Update copyright year to 2006–2026.
examples/seal/unseal.c	Update copyright year to 2006–2026.
examples/seal/seal_policy_auth.c	Update copyright year to 2006–2026.
examples/seal/seal_pcr.c	Update copyright year to 2006–2026.
examples/seal/seal.h	Update copyright year to 2006–2026.
examples/seal/seal.c	Update copyright year to 2006–2026.
examples/pkcs7/pkcs7.h	Update copyright year to 2006–2026.
examples/pkcs7/pkcs7.c	Update copyright year to 2006–2026.
examples/pcr/reset.c	Update copyright year to 2006–2026.
examples/pcr/read_pcr.c	Update copyright year to 2006–2026.
examples/pcr/quote.h	Update copyright year to 2006–2026.
examples/pcr/quote.c	Update copyright year to 2006–2026.
examples/pcr/policy_sign.c	Update copyright year to 2006–2026.
examples/pcr/policy.c	Update copyright year to 2006–2026.
examples/pcr/pcr.h	Update copyright year to 2006–2026.
examples/pcr/extend.c	Update copyright year to 2006–2026.
examples/nvram/store.c	Update copyright year to 2006–2026.
examples/nvram/seal_nv.c	Update copyright year to 2006–2026.
examples/nvram/read.c	Update copyright year to 2006–2026.
examples/nvram/policy_nv.c	Update copyright year to 2006–2026.
examples/nvram/nvram.h	Update copyright year to 2006–2026.
examples/nvram/extend.c	Update copyright year to 2006–2026.
examples/nvram/counter.c	Update copyright year to 2006–2026.
examples/native/native_test.h	Update copyright year to 2006–2026.
examples/native/native_test.c	Update copyright year to 2006–2026.
examples/management/tpmclear.c	Update copyright year to 2006–2026.
examples/management/management.h	Update copyright year to 2006–2026.
examples/management/flush.c	Update copyright year to 2006–2026.
examples/keygen/keyload.c	Update copyright year to 2006–2026.
examples/keygen/keyimport.c	Update copyright year to 2006–2026.
examples/keygen/keygen.h	Update copyright year to 2006–2026.
examples/keygen/keygen.c	Update copyright year to 2006–2026.
examples/keygen/external_import.c	Update copyright year to 2006–2026.
examples/keygen/create_primary.c	Update copyright year to 2006–2026.
examples/gpio/gpio_set.c	Update copyright year to 2006–2026.
examples/gpio/gpio_read.c	Update copyright year to 2006–2026.
examples/gpio/gpio_config.c	Update copyright year to 2006–2026.
examples/gpio/gpio.h	Update copyright year to 2006–2026.
examples/firmware/st33_fw_update.c	Update copyright year to 2006–2026.
examples/firmware/ifx_fw_update.h	Update copyright year to 2006–2026.
examples/firmware/ifx_fw_update.c	Update copyright year to 2006–2026.
examples/firmware/ifx_fw_extract.c	Update copyright year to 2006–2026.
examples/endorsement/verify_ek_cert.c	Update copyright year to 2006–2026.
examples/endorsement/get_ek_certs.c	Update copyright year to 2006–2026.
examples/endorsement/endorsement.h	Update copyright year to 2006–2026.
examples/csr/csr.h	Update copyright year to 2006–2026.
examples/csr/csr.c	Update copyright year to 2006–2026.
examples/boot/secure_rot.c	Update copyright year to 2006–2026.
examples/boot/secret_unseal.c	Update copyright year to 2006–2026.
examples/boot/secret_seal.c	Update copyright year to 2006–2026.
examples/boot/boot.h	Update copyright year to 2006–2026.
examples/bench/bench.h	Update copyright year to 2006–2026.
examples/bench/bench.c	Update copyright year to 2006–2026.
examples/attestation/make_credential.c	Update copyright year to 2006–2026.
examples/attestation/certify.c	Update copyright year to 2006–2026.
examples/attestation/attestation.h	Update copyright year to 2006–2026.
examples/attestation/activate_credential.c	Update copyright year to 2006–2026.
configure.ac	Bump package version to 4.0.0 and libtool versioning; update generated options header copyright.
README.md	Replace em dashes with hyphen-minus in two bullet lines.
IDE/VisualStudio/user_settings.h	Update copyright year to 2006–2026.
IDE/Espressif/main/main.c	Update copyright year to 2006–2026.
IDE/Espressif/main/include/main.h	Update copyright year to 2006–2026.
IDE/Espressif/components/wolftpm/CMakeLists.txt	Update copyright year to 2006–2026.
IDE/Espressif/components/wolfssl/include/user_settings.h	Update copyright year to 2006–2026.
IDE/Espressif/components/wolfssl/CMakeLists.txt	Update copyright year to 2006–2026.
ChangeLog.md	Add v4.0.0 release notes section (dated) above v3.10.0.
CMakeLists.txt	Bump project version to 4.0.0 and update generated options header copyright.

Comments suppressed due to low confidence (1)

wolftpm/version.h:1

• wolftpm/version.h.in was not updated in this PR (only the copyright line changed), but wolftpm/version.h now reports 4.0.0. If version.h is generated from version.h.in during configure/build, the generated header may revert to the old version. Update the version macros in wolftpm/version.h.in (or ensure generation uses a single source of truth) so build-time and source-controlled version headers stay consistent.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.