diff --git a/.gitmodules b/.gitmodules
index 055a50cb9..417eb0a20 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -3,4 +3,4 @@
url = https://github.com/openssl/openssl.git
[submodule "libtcgtpm/deps/tpm-20-ref"]
path = libtcgtpm/deps/tpm-20-ref
- url = https://github.com/microsoft/ms-tpm-20-ref.git
+ url = https://github.com/TrustedComputingGroup/TPM.git
diff --git a/libtcgtpm/Makefile b/libtcgtpm/Makefile
index 08c0af29b..2c25da918 100644
--- a/libtcgtpm/Makefile
+++ b/libtcgtpm/Makefile
@@ -106,7 +106,7 @@ $(LIBPLATFORM): $(TCGTPM_MAKEFILE) $(LIBCRYPTO)
$(MAKE) -j$$(nproc) -C $(TCGTPM_DIR) $(LIBPLATFORM_A)
TCGTPM_CFLAGS += -static -nostdinc -fno-stack-protector -fPIE -mno-sse -mno-red-zone
-TCGTPM_CFLAGS += -DSIMULATION=NO -DFILE_BACKED_NV=NO
+TCGTPM_CFLAGS += -DFILE_BACKED_NV=NO
TCGTPM_CFLAGS += -I$(LIBCRT_DIR)/include
TCGTPM_CFLAGS += -I$(OPENSSL_DIR)/include
# This is needed to workaround an issue with an unused variable when
@@ -115,6 +115,8 @@ TCGTPM_CFLAGS += -I$(OPENSSL_DIR)/include
# When that PR is merged, we can remove this line.
TCGTPM_CFLAGS += -Wno-error=unused-variable
+TCGTPM_EXTRA_CFLAGS = -I $(DEPS_DIR)/TpmConfiguration
+
# Configure the TPM 2.0 Reference Implementation and remove the pthread requirement.
# In fact, pthread is required only in the TPM simulator, but we
# are not building the simulator.
@@ -127,6 +129,7 @@ $(TCGTPM_MAKEFILE):
./bootstrap && \
sed -i 's/^ax_pthread_ok=no/ax_pthread_ok=yes/' configure && \
./configure \
+ EXTRA_CFLAGS="${TCGTPM_EXTRA_CFLAGS}" \
CFLAGS="${TCGTPM_CFLAGS}" \
LIBCRYPTO_LIBS="$(LIBCRT) $(LIBCRYPTO)" \
LIBCRYPTO_CFLAGS="${TCGTPM_CFLAGS}")
diff --git a/libtcgtpm/deps/TpmConfiguration/CMakeLists.txt b/libtcgtpm/deps/TpmConfiguration/CMakeLists.txt
new file mode 100644
index 000000000..fc537480f
--- /dev/null
+++ b/libtcgtpm/deps/TpmConfiguration/CMakeLists.txt
@@ -0,0 +1,50 @@
+# Microsoft Reference Implementation for TPM 2.0
+# Copyright (c) Microsoft Corporation
+# This software is being made available under certain license terms, as detailed at
+# https://github.com/microsoft/ms-tpm-20-ref/blob/main/LICENSE
+#
+##########################################################
+# DO NOT MODIFY - TPM Configuration Library
+##########################################################
+# The contents of the source files may be modified to specify any valid
+# desired configuraton. However, the CMake library name "TpmConfiguration"
+# is required by the CoreLib to reference this project. Recommend making
+# no changes in this file.
+cmake_minimum_required(VERSION 3.16.3)
+
+# set the project name and version
+# Must be TpmConfiguration
+project(TpmConfiguration VERSION 1.0)
+print_project_info()
+
+# use standard output directories. Expected by package_utilities
+include(GNUInstallDirs)
+
+add_library(TpmConfiguration INTERFACE)
+add_library(TpmConfiguration::TpmConfiguration ALIAS TpmConfiguration)
+
+target_include_directories(${PROJECT_NAME}
+ INTERFACE
+ "$"
+ "$"
+)
+
+# create install and export information for downstream projects to use
+install_and_export_config_targets(${PROJECT_NAME})
+
+##############################################################
+# BEGIN --- install the header files provided by this project.
+##############################################################
+
+install(FILES
+ ${CMAKE_CURRENT_SOURCE_DIR}/TpmConfiguration/TpmBuildSwitches.h
+ ${CMAKE_CURRENT_SOURCE_DIR}/TpmConfiguration/TpmProfile.h
+ ${CMAKE_CURRENT_SOURCE_DIR}/TpmConfiguration/TpmProfile_CommandList.h
+ ${CMAKE_CURRENT_SOURCE_DIR}/TpmConfiguration/TpmProfile_Common.h
+ ${CMAKE_CURRENT_SOURCE_DIR}/TpmConfiguration/TpmProfile_ErrorCodes.h
+ ${CMAKE_CURRENT_SOURCE_DIR}/TpmConfiguration/TpmProfile_Misc.h
+ ${CMAKE_CURRENT_SOURCE_DIR}/TpmConfiguration/VendorInfo.h
+ DESTINATION ${CMAKE_INSTALL_INCLUDEDIR}/TpmConfiguration)
+
+# LAST: create the targets.cmake file for this package
+export_targets_cmake_file(${PROJECT_NAME})
diff --git a/libtcgtpm/deps/TpmConfiguration/TpmConfiguration/TpmBuildSwitches.h b/libtcgtpm/deps/TpmConfiguration/TpmConfiguration/TpmBuildSwitches.h
new file mode 100644
index 000000000..47799ee2a
--- /dev/null
+++ b/libtcgtpm/deps/TpmConfiguration/TpmConfiguration/TpmBuildSwitches.h
@@ -0,0 +1,212 @@
+
+// This file contains the build switches. This contains switches for multiple
+// versions of the crypto-library so some may not apply to your environment.
+// Each switch has an accompanying description below.
+//
+// clang-format off
+#ifndef _TPM_BUILD_SWITCHES_H_
+#define _TPM_BUILD_SWITCHES_H_
+
+#if defined(YES) || defined(NO)
+# error YES and NO should be defined in TpmBuildSwitches.h
+#endif
+#if defined(SET) || defined(CLEAR)
+# error SET and CLEAR should be defined in TpmBuildSwitches.h
+#endif
+
+#define YES 1
+#define SET 1
+#define NO 0
+#define CLEAR 0
+
+// TRUE/FALSE may be coming from system headers, but if not, provide them.
+#ifndef TRUE
+# define TRUE 1
+#endif
+#ifndef FALSE
+# define FALSE 0
+#endif
+
+// Need an unambiguous definition for DEBUG. Do not change this
+#ifndef DEBUG
+# ifdef NDEBUG
+# define DEBUG NO
+# else
+# define DEBUG YES
+# endif
+#elif(DEBUG != NO) && (DEBUG != YES)
+# error DEBUG should be 0 or 1
+#endif
+
+////////////////////////////////////////////////////////////////
+// DEBUG OPTIONS
+////////////////////////////////////////////////////////////////
+
+// The SIMULATION switch allows certain other macros to be enabled. The things that
+// can be enabled in a simulation include key caching, reproducible "random"
+// sequences, instrumentation of the RSA key generation process, and certain other
+// debug code. SIMULATION Needs to be defined as either YES or NO. This grouping of
+// macros will make sure that it is set correctly. A simulated TPM would include a
+// Virtual TPM. The interfaces for a Virtual TPM should be modified from the standard
+// ones in the Simulator project.
+#define SIMULATION NO
+
+
+// The CRYPTO_LIB_REPORTING switch allows the TPM to report its
+// crypto library implementation, e.g., at simulation startup.
+#define CRYPTO_LIB_REPORTING NO
+
+// If doing debug, can set the DRBG to print out the intermediate test values.
+// Before enabling this, make sure that the dbgDumpMemBlock() function
+// has been added someplace (preferably, somewhere in CryptRand.c)
+#define DRBG_DEBUG_PRINT (NO * DEBUG)
+
+// This define is used to control the debug for the CertifyX509 command.
+#define CERTIFYX509_DEBUG (YES * DEBUG)
+
+// This provides fixed seeding of the RNG when doing debug on a simulator. This
+// should allow consistent results on test runs as long as the input parameters
+// to the functions remains the same.
+#define USE_DEBUG_RNG (NO * DEBUG)
+
+////////////////////////////////////////////////////////////////
+// RSA DEBUG OPTIONS
+////////////////////////////////////////////////////////////////
+
+// Enable the instrumentation of the sieve process. This is used to tune the sieve
+// variables.
+#define RSA_INSTRUMENT (NO * DEBUG)
+
+// Enables use of the key cache. Default is YES
+#define USE_RSA_KEY_CACHE (NO * DEBUG)
+
+// Enables use of a file to store the key cache values so that the TPM will start
+// faster during debug. Default for this is YES
+#define USE_KEY_CACHE_FILE (NO * DEBUG)
+
+////////////////////////////////////////////////////////////////
+// TEST OPTIONS
+////////////////////////////////////////////////////////////////
+// The SIMULATION flag can enable test crypto behaviors and caching that
+// significantly change the behavior of the code. This flag controls only the
+// g_forceFailureMode flag in the TPM library while leaving the rest of the TPM
+// behavior alone. Useful for testing when the full set of options controlled by
+// SIMULATION may not be desired.
+#define ALLOW_FORCE_FAILURE_MODE NO
+
+////////////////////////////////////////////////////////////////
+// Internal checks
+////////////////////////////////////////////////////////////////
+
+// Define this to run the function that checks the compatibility between the
+// chosen big number math library and the TPM code. Not all ports use this.
+#define LIBRARY_COMPATIBILITY_CHECK YES
+
+// In some cases, the relationship between two values may be dependent on things that
+// change based on various selections like the chosen cryptographic libraries. It is
+// possible that these selections will result in incompatible settings. These are often
+// detectable by the compiler but it is not always possible to do the check in the
+// preprocessor code. For example, when the check requires use of 'sizeof'() then the
+// preprocessor can't do the comparison. For these cases, we include a special macro
+// that, depending on the compiler will generate a warning to indicate if the check
+// always passes or always fails because it involves fixed constants.
+//
+// In modern compilers this is now commonly known as a static_assert, but the precise
+// implementation varies by compiler. CompilerDependencies.h defines MUST_BE as a macro
+// that abstracts out the differences, and COMPILER_CHECKS can remove the checks where
+// the current compiler doesn't support it. COMPILER_CHECKS should be enabled if the
+// compiler supports some form of static_assert.
+// See the CompilerDependencies_*.h files for specific implementations per compiler.
+#define COMPILER_CHECKS YES
+
+// Some of the values (such as sizes) are the result of different options set in
+// TpmProfile.h. The combination might not be consistent. A function is defined
+// (TpmSizeChecks()) that is used to verify the sizes at run time. To enable the
+// function, define this parameter.
+#define RUNTIME_SIZE_CHECKS YES
+
+////////////////////////////////////////////////////////////////
+// Compliance options
+////////////////////////////////////////////////////////////////
+
+// Enable extra behaviors to meet FIPS compliance requirements
+#define FIPS_COMPLIANT YES
+
+// Indicates if the implementation is to compute the sizes of the proof and primary
+// seed size values based on the implemented algorithms.
+#define USE_SPEC_COMPLIANT_PROOFS YES
+
+// Set this to allow compile to continue even though the chosen proof values
+// do not match the compliant values. This is written so that someone would
+// have to proactively ignore errors.
+#define SKIP_PROOF_ERRORS NO
+
+////////////////////////////////////////////////////////////////
+// Implementation alternatives - don't change external behavior
+////////////////////////////////////////////////////////////////
+
+// Define TABLE_DRIVEN_DISPATCH to use tables rather than case statements
+// for command dispatch and handle unmarshaling
+#define TABLE_DRIVEN_DISPATCH YES
+
+// This define is used to enable the new table-driven marshaling code.
+#define TABLE_DRIVEN_MARSHAL NO
+
+// This switch allows use of #defines in place of pass-through marshaling or
+// unmarshaling code. A pass-through function just calls another function to do
+// the required function and does no parameter checking of its own. The
+// table-driven dispatcher calls directly to the lowest level
+// marshaling/unmarshaling code and by-passes any pass-through functions.
+#define USE_MARSHALING_DEFINES YES
+
+// Switch added to support packed lists that leave out space associated with
+// unimplemented commands. Comment this out to use linear lists.
+// Note: if vendor specific commands are present, the associated list is always
+// in compressed form.
+#define COMPRESSED_LISTS YES
+
+// This define is used to eliminate the use of bit-fields. It can be enabled for big-
+// or little-endian machines. For big-endian architectures that numbers bits in
+// registers from left to right (MSb0) this must be enabled. Little-endian machines
+// number from right to left with the least significant bit having assigned a bit
+// number of 0. These are LSb0 machines (they are also little-endian so they are also
+// least-significant byte 0 (LSB0) machines. Big-endian (MSB0) machines may number in
+// either direction (MSb0 or LSb0). For an MSB0+MSb0 machine this value is required to
+// be 'NO'
+#define USE_BIT_FIELD_STRUCTURES NO
+
+// Enable the generation of RSA primes using a sieve.
+#define RSA_KEY_SIEVE YES
+
+////////////////////////////////////////////////////////////////
+// Implementation alternatives - changes external behavior
+////////////////////////////////////////////////////////////////
+
+// This switch enables the RNG state save and restore
+#define _DRBG_STATE_SAVE YES
+
+// Definition to allow alternate behavior for non-orderly startup. If there is a
+// chance that the TPM could not update 'failedTries'
+#define USE_DA_USED YES
+
+// This switch is used to enable the self-test capability in AlgorithmTests.c
+#define ENABLE_SELF_TESTS YES
+
+// This switch indicates where clock epoch value should be stored. If this value
+// defined, then it is assumed that the timer will change at any time so the
+// nonce should be a random number kept in RAM. When it is not defined, then the
+// timer only stops during power outages.
+#define CLOCK_STOPS NO
+
+// Indicate if the implementation is going to give lockout time credit for time up to
+// the last orderly shutdown.
+#define ACCUMULATE_SELF_HEAL_TIMER YES
+
+// If an assertion event is not going to produce any trace information (function and
+// line number) then make FAIL_TRACE == NO
+#define FAIL_TRACE YES
+
+// TODO_RENAME_INC_FOLDER: public refers to the TPM_CoreLib public headers
+#include
+
+#endif // _TPM_BUILD_SWITCHES_H_
diff --git a/libtcgtpm/deps/TpmConfiguration/TpmConfiguration/TpmProfile.h b/libtcgtpm/deps/TpmConfiguration/TpmConfiguration/TpmProfile.h
new file mode 100644
index 000000000..6cffcddb0
--- /dev/null
+++ b/libtcgtpm/deps/TpmConfiguration/TpmConfiguration/TpmProfile.h
@@ -0,0 +1,13 @@
+// The primary configuration file that collects all configuration options for a
+// TPM build.
+#ifndef _TPM_PROFILE_H_
+#define _TPM_PROFILE_H_
+
+#include
+#include
+#include
+#include
+#include
+#include
+
+#endif // _TPM_PROFILE_H_
diff --git a/libtcgtpm/deps/TpmConfiguration/TpmConfiguration/TpmProfile_CommandList.h b/libtcgtpm/deps/TpmConfiguration/TpmConfiguration/TpmProfile_CommandList.h
new file mode 100644
index 000000000..3d6eb16ab
--- /dev/null
+++ b/libtcgtpm/deps/TpmConfiguration/TpmConfiguration/TpmProfile_CommandList.h
@@ -0,0 +1,165 @@
+
+// this file defines the desired command list that should be built into the
+// Tpm Core Lib.
+
+#ifndef _TPM_PROFILE_COMMAND_LIST_H_
+#define _TPM_PROFILE_COMMAND_LIST_H_
+
+#if(YES != 1 || NO != 0)
+# error YES and NO must be correctly set before including TpmProfile_CommandList.h
+#endif
+#if defined(CC_YES) || defined(CC_NO)
+# error CC_YES and CC_NO should be defined by the command line file, not before
+#endif
+
+#define CC_YES YES
+#define CC_NO NO
+
+//
+// Defines for Implemented Commands
+//
+
+// Commands that are defined in the spec, but not implemented for various
+// reasons:
+
+// The TPM reference implementation does not implement attached-component
+// features, and the Compliance test suite has no test cases.
+#define CC_AC_GetCapability CC_NO
+#define CC_AC_Send CC_NO
+
+// The TPM reference implementation does not implement firmware upgrade.
+#define CC_FieldUpgradeData CC_NO
+#define CC_FieldUpgradeStart CC_NO
+#define CC_FirmwareRead CC_NO
+
+// A prototype of CertifyX509 is provided here for informative purposes only.
+// While all of the TPM reference implementation is provided "AS IS" without any
+// warranty, the current design and implementation of CertifyX509 are considered
+// to be especially unsuitable for product use.
+#define CC_CertifyX509 CC_NO
+
+// Normal commands:
+
+#define CC_ACT_SetTimeout (CC_YES && ACT_SUPPORT)
+#define CC_ActivateCredential CC_YES
+#define CC_Certify CC_YES
+#define CC_CertifyCreation CC_YES
+#define CC_ChangeEPS CC_YES
+#define CC_ChangePPS CC_YES
+#define CC_Clear CC_YES
+#define CC_ClearControl CC_YES
+#define CC_ClockRateAdjust CC_YES
+#define CC_ClockSet CC_YES
+#define CC_Commit (CC_YES && ALG_ECC)
+#define CC_ContextLoad CC_YES
+#define CC_ContextSave CC_YES
+#define CC_Create CC_YES
+#define CC_CreateLoaded CC_YES
+#define CC_CreatePrimary CC_YES
+#define CC_DictionaryAttackLockReset CC_YES
+#define CC_DictionaryAttackParameters CC_YES
+#define CC_Duplicate CC_YES
+#define CC_ECC_Decrypt (CC_YES && ALG_ECC)
+#define CC_ECC_Encrypt (CC_YES && ALG_ECC)
+#define CC_ECC_Parameters (CC_YES && ALG_ECC)
+#define CC_ECDH_KeyGen (CC_YES && ALG_ECC)
+#define CC_ECDH_ZGen (CC_YES && ALG_ECC)
+#define CC_EC_Ephemeral (CC_YES && ALG_ECC)
+#define CC_EncryptDecrypt CC_YES
+#define CC_EncryptDecrypt2 CC_YES
+#define CC_EventSequenceComplete CC_YES
+#define CC_EvictControl CC_YES
+#define CC_FlushContext CC_YES
+#define CC_GetCapability CC_YES
+#define CC_GetCommandAuditDigest CC_YES
+#define CC_GetRandom CC_YES
+#define CC_GetSessionAuditDigest CC_YES
+#define CC_GetTestResult CC_YES
+#define CC_GetTime CC_YES
+#define CC_HMAC (CC_YES && !ALG_CMAC)
+#define CC_HMAC_Start (CC_YES && !ALG_CMAC)
+#define CC_Hash CC_YES
+#define CC_HashSequenceStart CC_YES
+#define CC_HierarchyChangeAuth CC_YES
+#define CC_HierarchyControl CC_YES
+#define CC_Import CC_YES
+#define CC_IncrementalSelfTest CC_YES
+#define CC_Load CC_YES
+#define CC_LoadExternal CC_YES
+#define CC_MAC (CC_YES && ALG_CMAC)
+#define CC_MAC_Start (CC_YES && ALG_CMAC)
+#define CC_MakeCredential CC_YES
+#define CC_NV_Certify CC_YES
+#define CC_NV_ChangeAuth CC_YES
+#define CC_NV_DefineSpace CC_YES
+#define CC_NV_Extend CC_YES
+#define CC_NV_GlobalWriteLock CC_YES
+#define CC_NV_Increment CC_YES
+#define CC_NV_Read CC_YES
+#define CC_NV_ReadLock CC_YES
+#define CC_NV_ReadPublic CC_YES
+#define CC_NV_SetBits CC_YES
+#define CC_NV_UndefineSpace CC_YES
+#define CC_NV_UndefineSpaceSpecial CC_YES
+#define CC_NV_Write CC_YES
+#define CC_NV_WriteLock CC_YES
+#define CC_ObjectChangeAuth CC_YES
+#define CC_PCR_Allocate CC_YES
+#define CC_PCR_Event CC_YES
+#define CC_PCR_Extend CC_YES
+#define CC_PCR_Read CC_YES
+#define CC_PCR_Reset CC_YES
+#define CC_PCR_SetAuthPolicy CC_YES
+#define CC_PCR_SetAuthValue CC_YES
+#define CC_PP_Commands CC_YES
+#define CC_PolicyAuthValue CC_YES
+#define CC_PolicyAuthorize CC_YES
+#define CC_PolicyAuthorizeNV CC_YES
+#define CC_PolicyCapability CC_YES
+#define CC_PolicyCommandCode CC_YES
+#define CC_PolicyCounterTimer CC_YES
+#define CC_PolicyCpHash CC_YES
+#define CC_PolicyDuplicationSelect CC_YES
+#define CC_PolicyGetDigest CC_YES
+#define CC_PolicyLocality CC_YES
+#define CC_PolicyNV CC_YES
+#define CC_PolicyNameHash CC_YES
+#define CC_PolicyNvWritten CC_YES
+#define CC_PolicyOR CC_YES
+#define CC_PolicyPCR CC_YES
+#define CC_PolicyPassword CC_YES
+#define CC_PolicyParameters CC_YES
+#define CC_PolicyPhysicalPresence CC_YES
+#define CC_PolicyRestart CC_YES
+#define CC_PolicySecret CC_YES
+#define CC_PolicySigned CC_YES
+#define CC_PolicyTemplate CC_YES
+#define CC_PolicyTicket CC_YES
+#define CC_Policy_AC_SendSelect CC_YES
+#define CC_Quote CC_YES
+#define CC_RSA_Decrypt (CC_YES && ALG_RSA)
+#define CC_RSA_Encrypt (CC_YES && ALG_RSA)
+#define CC_ReadClock CC_YES
+#define CC_ReadPublic CC_YES
+#define CC_Rewrap CC_YES
+#define CC_SelfTest CC_YES
+#define CC_SequenceComplete CC_YES
+#define CC_SequenceUpdate CC_YES
+#define CC_SetAlgorithmSet CC_YES
+#define CC_SetCommandCodeAuditStatus CC_YES
+#define CC_SetPrimaryPolicy CC_YES
+#define CC_Shutdown CC_YES
+#define CC_Sign CC_YES
+#define CC_StartAuthSession CC_YES
+#define CC_Startup CC_YES
+#define CC_StirRandom CC_YES
+#define CC_TestParms CC_YES
+#define CC_Unseal CC_YES
+#define CC_Vendor_TCG_Test CC_YES
+#define CC_VerifySignature CC_YES
+#define CC_ZGen_2Phase (CC_YES && ALG_ECC)
+#define CC_NV_DefineSpace2 CC_YES
+#define CC_NV_ReadPublic2 CC_YES
+#define CC_SetCapability CC_NO
+
+#endif // _TPM_PROFILE_COMMAND_LIST_H_
diff --git a/libtcgtpm/deps/TpmConfiguration/TpmConfiguration/TpmProfile_Common.h b/libtcgtpm/deps/TpmConfiguration/TpmConfiguration/TpmProfile_Common.h
new file mode 100644
index 000000000..a8dc12905
--- /dev/null
+++ b/libtcgtpm/deps/TpmConfiguration/TpmConfiguration/TpmProfile_Common.h
@@ -0,0 +1,226 @@
+
+// clang-format off
+// clang-format off to preserve define alignment breaking sections.
+
+// this file defines the common optional selections for the TPM library build
+// Requires basic YES/NO defines are already set (by TpmBuildSwitches.h)
+// Less frequently changed items are in other TpmProfile Headers.
+
+#ifndef _TPM_PROFILE_COMMON_H_
+#define _TPM_PROFILE_COMMON_H_
+// YES & NO defined by TpmBuildSwitches.h
+#if (YES != 1 || NO != 0)
+# error YES or NO incorrectly set
+#endif
+#if defined(ALG_YES) || defined(ALG_NO)
+# error ALG_YES and ALG_NO should only be defined by the TpmProfile_Common.h file
+#endif
+
+// Change these definitions to turn all algorithms ON or OFF. That is, to turn
+// all algorithms on, set ALG_NO to YES. This is intended as a debug feature.
+#define ALG_YES YES
+#define ALG_NO NO
+
+// Defines according to the processor being built for.
+// Are building for a BIG_ENDIAN processor?
+#define BIG_ENDIAN_TPM NO
+#define LITTLE_ENDIAN_TPM !BIG_ENDIAN_TPM
+// Does the processor put the most-significant bit at bit position 0?
+#define MOST_SIGNIFICANT_BIT_0 NO
+#define LEAST_SIGNIFICANT_BIT_0 !MOST_SIGNIFICANT_BIT_0
+// Does processor support Auto align?
+#define AUTO_ALIGN NO
+
+//***********************************************
+// Defines for Symmetric Algorithms
+//***********************************************
+
+#define ALG_AES ALG_YES
+
+#define AES_128 (YES * ALG_AES)
+#define AES_192 (NO * ALG_AES)
+#define AES_256 (YES * ALG_AES)
+
+#define ALG_SM4 ALG_NO
+
+#define SM4_128 (NO * ALG_SM4)
+
+#define ALG_CAMELLIA ALG_YES
+
+#define CAMELLIA_128 (YES * ALG_CAMELLIA)
+#define CAMELLIA_192 (NO * ALG_CAMELLIA)
+#define CAMELLIA_256 (YES * ALG_CAMELLIA)
+
+// must be yes if any above are yes.
+#define ALG_SYMCIPHER (ALG_AES || ALG_SM4 || ALG_CAMELLIA)
+#define ALG_CMAC (YES * ALG_SYMCIPHER)
+
+// block cipher modes
+#define ALG_CTR ALG_YES
+#define ALG_OFB ALG_YES
+#define ALG_CBC ALG_YES
+#define ALG_CFB ALG_YES
+#define ALG_ECB ALG_YES
+
+//***********************************************
+// Defines for RSA Asymmetric Algorithms
+//***********************************************
+#define ALG_RSA ALG_YES
+#define RSA_1024 (YES * ALG_RSA)
+#define RSA_2048 (YES * ALG_RSA)
+#define RSA_3072 (YES * ALG_RSA)
+#define RSA_4096 (YES * ALG_RSA)
+#define RSA_16384 (NO * ALG_RSA)
+
+#define ALG_RSASSA (YES * ALG_RSA)
+#define ALG_RSAES (YES * ALG_RSA)
+#define ALG_RSAPSS (YES * ALG_RSA)
+#define ALG_OAEP (YES * ALG_RSA)
+
+// RSA Implementation Styles
+// use Chinese Remainder Theorem (5 prime) format for private key ?
+#define CRT_FORMAT_RSA YES
+#define RSA_DEFAULT_PUBLIC_EXPONENT 0x00010001
+
+//***********************************************
+// Defines for ECC Asymmetric Algorithms
+//***********************************************
+#define ALG_ECC ALG_YES
+#define ALG_ECDH (YES * ALG_ECC)
+#define ALG_ECDSA (YES * ALG_ECC)
+#define ALG_ECDAA (YES * ALG_ECC)
+#define ALG_SM2 (YES * ALG_ECC)
+#define ALG_ECSCHNORR (YES * ALG_ECC)
+#define ALG_ECMQV (YES * ALG_ECC)
+#define ALG_KDF1_SP800_56A (YES * ALG_ECC)
+#define ALG_EDDSA (NO * ALG_ECC)
+#define ALG_EDDSA_PH (NO * ALG_ECC)
+
+#define ECC_NIST_P192 (YES * ALG_ECC)
+#define ECC_NIST_P224 (YES * ALG_ECC)
+#define ECC_NIST_P256 (YES * ALG_ECC)
+#define ECC_NIST_P384 (YES * ALG_ECC)
+#define ECC_NIST_P521 (YES * ALG_ECC)
+#define ECC_BN_P256 (YES * ALG_ECC)
+#define ECC_BN_P638 (YES * ALG_ECC)
+#define ECC_SM2_P256 (YES * ALG_ECC)
+
+#define ECC_BP_P256_R1 (NO * ALG_ECC)
+#define ECC_BP_P384_R1 (NO * ALG_ECC)
+#define ECC_BP_P512_R1 (NO * ALG_ECC)
+#define ECC_CURVE_25519 (NO * ALG_ECC)
+#define ECC_CURVE_448 (NO * ALG_ECC)
+
+//***********************************************
+// Defines for Hash/XOF Algorithms
+//***********************************************
+#define ALG_MGF1 ALG_YES
+#define ALG_SHA1 ALG_YES
+#define ALG_SHA256 ALG_YES
+#define ALG_SHA256_192 ALG_NO
+#define ALG_SHA384 ALG_YES
+#define ALG_SHA512 ALG_NO
+
+#define ALG_SHA3_256 ALG_NO
+#define ALG_SHA3_384 ALG_NO
+#define ALG_SHA3_512 ALG_NO
+
+#define ALG_SM3_256 ALG_NO
+
+#define ALG_SHAKE256_192 ALG_NO
+#define ALG_SHAKE256_256 ALG_NO
+#define ALG_SHAKE256_512 ALG_NO
+
+//***********************************************
+// Defines for Stateful Signature Algorithms
+//***********************************************
+#define ALG_LMS ALG_NO
+#define ALG_XMSS ALG_NO
+
+//***********************************************
+// Defines for Keyed Hashes
+//***********************************************
+#define ALG_KEYEDHASH ALG_YES
+#define ALG_HMAC ALG_YES
+
+//***********************************************
+// Defines for KDFs
+//***********************************************
+#define ALG_KDF2 ALG_YES
+#define ALG_KDF1_SP800_108 ALG_YES
+
+//***********************************************
+// Defines for Obscuration/MISC/compatibility
+//***********************************************
+#define ALG_XOR ALG_YES
+
+//***********************************************
+// Defines controlling ACT
+//***********************************************
+#define ACT_SUPPORT YES
+#define RH_ACT_0 (YES * ACT_SUPPORT)
+#define RH_ACT_1 ( NO * ACT_SUPPORT)
+#define RH_ACT_2 ( NO * ACT_SUPPORT)
+#define RH_ACT_3 ( NO * ACT_SUPPORT)
+#define RH_ACT_4 ( NO * ACT_SUPPORT)
+#define RH_ACT_5 ( NO * ACT_SUPPORT)
+#define RH_ACT_6 ( NO * ACT_SUPPORT)
+#define RH_ACT_7 ( NO * ACT_SUPPORT)
+#define RH_ACT_8 ( NO * ACT_SUPPORT)
+#define RH_ACT_9 ( NO * ACT_SUPPORT)
+#define RH_ACT_A (YES * ACT_SUPPORT)
+#define RH_ACT_B ( NO * ACT_SUPPORT)
+#define RH_ACT_C ( NO * ACT_SUPPORT)
+#define RH_ACT_D ( NO * ACT_SUPPORT)
+#define RH_ACT_E ( NO * ACT_SUPPORT)
+#define RH_ACT_F ( NO * ACT_SUPPORT)
+
+
+//***********************************************
+// Enable VENDOR_PERMANENT_AUTH_HANDLE?
+//***********************************************
+#define VENDOR_PERMANENT_AUTH_ENABLED NO
+// if YES, this must be valid per Part2 (TPM_RH_AUTH_00 - TPM_RH_AUTH_FF)
+// if NO, this must be #undef
+#undef VENDOR_PERMANENT_AUTH_HANDLE
+
+//***********************************************
+// Defines controlling optional implementation
+//***********************************************
+#define FIELD_UPGRADE_IMPLEMENTED NO
+
+//***********************************************
+// Buffer Sizes based on implementation
+//***********************************************
+// When using PC CRB, the page size for both commands and
+// control registers is 4k. The command buffer starts at
+// offset 0x80, so the net size available is:
+#define MAX_COMMAND_SIZE (4096-0x80)
+#define MAX_RESPONSE_SIZE (4096-0x80)
+
+//***********************************************
+// Vendor Info
+//***********************************************
+// max buffer for vendor commands
+// Max data buffer leaving space for TPM2B size prefix
+#define VENDOR_COMMAND_COUNT 0
+#define MAX_VENDOR_BUFFER_SIZE (MAX_RESPONSE_SIZE-2)
+#define PRIVATE_VENDOR_SPECIFIC_BYTES RSA_PRIVATE_SIZE
+
+//***********************************************
+// Defines controlling Firmware- and SVN-limited objects
+//***********************************************
+#define FW_LIMITED_SUPPORT YES
+#define SVN_LIMITED_SUPPORT YES
+
+//***********************************************
+// Defines controlling External NV
+//***********************************************
+// This is a software reference implementation of the TPM: there is no
+// "external NV" as such. This #define configures the TPM to implement
+// "external NV" that is stored in the same place as "internal NV."
+// NOTE: enabling this doesn't necessarily mean that the expanded
+// (external-NV-specific) attributes are supported.
+#define EXTERNAL_NV YES
+
+#endif // _TPM_PROFILE_COMMON_H_
diff --git a/libtcgtpm/deps/TpmConfiguration/TpmConfiguration/TpmProfile_ErrorCodes.h b/libtcgtpm/deps/TpmConfiguration/TpmConfiguration/TpmProfile_ErrorCodes.h
new file mode 100644
index 000000000..63c434fc9
--- /dev/null
+++ b/libtcgtpm/deps/TpmConfiguration/TpmConfiguration/TpmProfile_ErrorCodes.h
@@ -0,0 +1,51 @@
+//** Introduction
+// This file defines error codes used in failure macros in the TPM Core Library.
+// This file is part of TpmConfiguration because the Platform library can add error
+// codes of it's own, and ultimately the specific error codes are a vendor decision
+// because TPM2_GetTestResult returns manufacturer-defined data in failure mode.
+// The only thing in this file that must be consistent with a vendor's implementation
+// are the _names_ of error codes used by the core library. Even the values can
+// change and are only a suggestion.
+
+#ifndef _TPMPROFILE_ERRORCODES_H
+#define _TPMPROFILE_ERRORCODES_H
+
+// turn off clang-format because alignment doesn't persist across comments
+// with current settings
+// clang-format off
+
+#define FATAL_ERROR_ALLOCATION (1)
+#define FATAL_ERROR_DIVIDE_ZERO (2)
+#define FATAL_ERROR_INTERNAL (3)
+#define FATAL_ERROR_PARAMETER (4)
+#define FATAL_ERROR_ENTROPY (5)
+#define FATAL_ERROR_SELF_TEST (6)
+#define FATAL_ERROR_CRYPTO (7)
+#define FATAL_ERROR_NV_UNRECOVERABLE (8)
+
+// indicates that the TPM has been re-manufactured after an
+// unrecoverable NV error
+#define FATAL_ERROR_REMANUFACTURED (9)
+#define FATAL_ERROR_DRBG (10)
+#define FATAL_ERROR_MOVE_SIZE (11)
+#define FATAL_ERROR_COUNTER_OVERFLOW (12)
+#define FATAL_ERROR_SUBTRACT (13)
+#define FATAL_ERROR_MATHLIBRARY (14)
+// end of codes defined through v1.52
+
+// leave space for numbers that may have been used by vendors or platforms.
+// Ultimately this file and these ranges are only a suggestion because
+// TPM2_GetTestResult returns manufacturer-defined data in failure mode.
+// Reserve 15-499
+#define FATAL_ERROR_RESERVED_START (15)
+#define FATAL_ERROR_RESERVED_END (499)
+
+// Additional error codes defined by TPM library:
+#define FATAL_ERROR_ASSERT (500)
+// Platform library violated interface contract.
+#define FATAL_ERROR_PLATFORM (600)
+
+// Test/Simulator errors 1000+
+#define FATAL_ERROR_FORCED (1000)
+
+#endif // _TPMPROFILE_ERRORCODES_H
diff --git a/libtcgtpm/deps/TpmConfiguration/TpmConfiguration/TpmProfile_Misc.h b/libtcgtpm/deps/TpmConfiguration/TpmConfiguration/TpmProfile_Misc.h
new file mode 100644
index 000000000..d4178aed1
--- /dev/null
+++ b/libtcgtpm/deps/TpmConfiguration/TpmConfiguration/TpmProfile_Misc.h
@@ -0,0 +1,70 @@
+// Misc profile settings that don't currently have a better home.
+// These are rarely changed, but available for vendor customization.
+
+#ifndef _TPM_PROFILE_MISC_H_
+#define _TPM_PROFILE_MISC_H_
+
+// YES & NO defined by TpmBuildSwitches.h
+#if(YES != 1 || NO != 0)
+# error YES or NO incorrectly set
+#endif
+
+// clang-format off
+// clang-format off to preserve horizontal spacing
+#define IMPLEMENTATION_PCR 24
+#define PLATFORM_PCR 24
+#define DRTM_PCR 17
+#define HCRTM_PCR 0
+#define NUM_LOCALITIES 5
+#define MAX_HANDLE_NUM 3
+#define MAX_ACTIVE_SESSIONS 64
+#define MAX_LOADED_SESSIONS 3
+#define MAX_SESSION_NUM 3
+#define MAX_LOADED_OBJECTS 3
+#define MIN_EVICT_OBJECTS 2
+#define NUM_POLICY_PCR_GROUP 1
+#define NUM_AUTHVALUE_PCR_GROUP 1
+#define MAX_CONTEXT_SIZE 2168
+#define MAX_DIGEST_BUFFER 1024
+#define MAX_NV_INDEX_SIZE 2048
+#define MAX_NV_BUFFER_SIZE 1024
+#define MAX_CAP_BUFFER 1024
+#define NV_MEMORY_SIZE 16384
+#define MIN_COUNTER_INDICES 8
+#define NUM_STATIC_PCR 16
+#define MAX_ALG_LIST_SIZE 64
+#define PRIMARY_SEED_SIZE 32
+#define CONTEXT_ENCRYPT_ALGORITHM AES
+#define NV_CLOCK_UPDATE_INTERVAL 22
+#define NUM_POLICY_PCR 1
+
+#define ORDERLY_BITS 8
+#define MAX_SYM_DATA 128
+#define MAX_RNG_ENTROPY_SIZE 64
+#define RAM_INDEX_SPACE 512
+#define ENABLE_PCR_NO_INCREMENT YES
+
+#define SIZE_OF_X509_SERIAL_NUMBER 20
+
+// amount of space the platform can provide in PERSISTENT_DATA during
+// manufacture
+#define PERSISTENT_DATA_PLATFORM_SPACE 16
+
+// structure padding space for these structures. Used if a
+// particular configuration needs them to be aligned to a
+// specific size
+#define ORDERLY_DATA_PADDING 0
+#define STATE_CLEAR_DATA_PADDING 0
+#define STATE_RESET_DATA_PADDING 0
+
+// configuration values that may vary by SIMULATION/DEBUG
+#if SIMULATION && DEBUG
+// This forces the use of a smaller context slot size. This reduction reduces the
+// range of the epoch allowing the tester to force the epoch to occur faster than
+// the normal production size
+# define CONTEXT_SLOT UINT8
+#else
+# define CONTEXT_SLOT UINT16
+#endif
+
+#endif // _TPM_PROFILE_MISC_H_
diff --git a/libtcgtpm/deps/TpmConfiguration/TpmConfiguration/VendorInfo.h b/libtcgtpm/deps/TpmConfiguration/TpmConfiguration/VendorInfo.h
new file mode 100644
index 000000000..a5c62cc66
--- /dev/null
+++ b/libtcgtpm/deps/TpmConfiguration/TpmConfiguration/VendorInfo.h
@@ -0,0 +1,20 @@
+
+#ifndef _VENDORINFO_H
+#define _VENDORINFO_H
+
+// Define the TPM specification-specific capability values.
+#define TPM_SPEC_FAMILY (0x322E3000)
+#define TPM_SPEC_LEVEL (00)
+#define TPM_SPEC_VERSION (183)
+#define TPM_SPEC_YEAR (2024)
+#define TPM_SPEC_DAY_OF_YEAR (25)
+#define MAX_VENDOR_PROPERTY (1)
+
+// Define the platform specification-specific capability values.
+#define PLATFORM_FAMILY (0)
+#define PLATFORM_LEVEL (0)
+#define PLATFORM_VERSION (0)
+#define PLATFORM_YEAR (0)
+#define PLATFORM_DAY_OF_YEAR (0)
+
+#endif
diff --git a/libtcgtpm/deps/tpm-20-ref b/libtcgtpm/deps/tpm-20-ref
index e9fc7b89d..97c2783f0 160000
--- a/libtcgtpm/deps/tpm-20-ref
+++ b/libtcgtpm/deps/tpm-20-ref
@@ -1 +1 @@
-Subproject commit e9fc7b89d865536c46deb63f9c7d0121a3ded49c
+Subproject commit 97c2783f0aeb9018f1e8d1ee5a74cd58536a8002