wolfSSL · dgarske · Feb 28, 2026 · Feb 27, 2026 · Feb 27, 2026 · Feb 27, 2026
diff --git a/.github/workflows/seal-test.yml b/.github/workflows/seal-test.yml
@@ -0,0 +1,71 @@
+name: Seal Test Suite
+
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+    paths:
+      - 'examples/seal/**'
+      - 'examples/nvram/seal_nv.c'
+      - 'examples/nvram/nvram.h'
+      - 'src/tpm2_wrap.c'
+      - 'wolftpm/tpm2_wrap.h'
+  pull_request:
+    branches: [ '*' ]
+    paths:
+      - 'examples/seal/**'
+      - 'examples/nvram/seal_nv.c'
+      - 'examples/nvram/nvram.h'
+      - 'src/tpm2_wrap.c'
+      - 'wolftpm/tpm2_wrap.h'
+
+jobs:
+  seal-test:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout wolfTPM
+        uses: actions/checkout@v4
+
+      - name: Checkout wolfSSL
+        uses: actions/checkout@v4
+        with:
+          repository: wolfssl/wolfssl
+          ref: master
+          path: wolfssl
+
+      - name: Build and install wolfSSL
+        working-directory: ./wolfssl
+        run: |
+          ./autogen.sh
+          ./configure --enable-wolftpm --enable-pkcallbacks
+          make -j
+          sudo make install
+          sudo ldconfig
+
+      - name: Checkout ibmswtpm2
+        uses: actions/checkout@v4
+        with:
+          repository: kgoldman/ibmswtpm2
+          path: ibmswtpm2
+
+      - name: Build and start SWTPM
+        working-directory: ./ibmswtpm2/src
+        run: |
+          make
+          ./tpm_server &
+
+      - name: Build wolfTPM
+        run: |
+          ./autogen.sh
+          ./configure --enable-swtpm --enable-debug
+          make -j
+
+      - name: Run seal tests
+        run: bash examples/seal/seal_test.sh
+
+      - name: Upload failure logs
+        if: failure()
+        uses: actions/upload-artifact@v4
+        with:
+          name: seal-test-logs
+          path: seal_test.log
+          retention-days: 5
diff --git a/.github/workflows/zephyr.yml b/.github/workflows/zephyr.yml
@@ -2,7 +2,7 @@ name: Zephyr wolfTPM Tests
 
 on:
   push:
-    branches: [ '*' ]
+    branches: [ 'master', 'main', 'release/**' ]
   pull_request:
     branches: [ '*' ]
 

diff --git a/.gitignore b/.gitignore
@@ -70,12 +70,15 @@ examples/nvram/store
 examples/nvram/read
 examples/nvram/counter
 examples/nvram/policy_nv
+examples/nvram/seal_nv
 examples/gpio/gpio_config
 examples/gpio/gpio_set
 examples/gpio/gpio_read
 examples/gpio/gpio_nuvoton
 examples/seal/seal
 examples/seal/unseal
+examples/seal/seal_pcr
+examples/seal/seal_policy_auth
 examples/attestation/make_credential
 examples/attestation/activate_credential
 examples/attestation/certify

diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -518,6 +518,7 @@ if (WOLFTPM_EXAMPLES)
     add_tpm_example(policy_nv nvram/policy_nv.c)
     add_tpm_example(read nvram/read.c)
     add_tpm_example(store nvram/store.c)
+    add_tpm_example(seal_nv nvram/seal_nv.c)
     add_tpm_example(extend pcr/extend.c)
     add_tpm_example(policy_sign pcr/policy_sign.c)
     add_tpm_example(policy pcr/policy.c)
@@ -527,6 +528,8 @@ if (WOLFTPM_EXAMPLES)
     add_tpm_example(pkcs7 pkcs7/pkcs7.c)
     add_tpm_example(seal seal/seal.c)
     add_tpm_example(unseal seal/unseal.c)
+    add_tpm_example(seal_pcr seal/seal_pcr.c)
+    add_tpm_example(seal_policy_auth seal/seal_policy_auth.c)
     add_tpm_example(clock_set timestamp/clock_set.c)
     add_tpm_example(signed_timestamp timestamp/signed_timestamp.c)
     add_tpm_example(tls_client_notpm tls/tls_client_notpm.c)

diff --git a/examples/nvram/include.am b/examples/nvram/include.am
@@ -33,6 +33,12 @@ examples_nvram_extend_SOURCES      = examples/nvram/extend.c \
                                      examples/tpm_test_keys.c
 examples_nvram_extend_LDADD        = src/libwolftpm.la $(LIB_STATIC_ADD)
 examples_nvram_extend_DEPENDENCIES = src/libwolftpm.la
+
+noinst_PROGRAMS += examples/nvram/seal_nv
+examples_nvram_seal_nv_SOURCES      = examples/nvram/seal_nv.c \
+                                      examples/tpm_test_keys.c
+examples_nvram_seal_nv_LDADD        = src/libwolftpm.la $(LIB_STATIC_ADD)
+examples_nvram_seal_nv_DEPENDENCIES = src/libwolftpm.la
 endif
 
 example_nvramdir = $(exampledir)/nvram
@@ -41,10 +47,12 @@ dist_example_nvram_DATA = \
   examples/nvram/read.c \
   examples/nvram/counter.c \
   examples/nvram/policy_nv.c \
-  examples/nvram/extend.c
+  examples/nvram/extend.c \
+  examples/nvram/seal_nv.c
 
 DISTCLEANFILES+= examples/nvram/.libs/store \
                  examples/nvram/.libs/read \
                  examples/nvram/.libs/counter \
                  examples/nvram/.libs/policy_nv \
-                 examples/nvram/.libs/extend
+                 examples/nvram/.libs/extend \
+                 examples/nvram/.libs/seal_nv
diff --git a/examples/nvram/nvram.h b/examples/nvram/nvram.h
@@ -29,9 +29,8 @@
 int TPM2_NVRAM_Store_Example(void* userCtx, int argc, char *argv[]);
 int TPM2_NVRAM_Read_Example(void* userCtx, int argc, char *argv[]);
 int TPM2_NVRAM_Counter_Example(void* userCtx, int argc, char *argv[]);
-int TPM2_PCR_Seal_With_Policy_Auth_NV_Test(void* userCtx, int argc, char *argv[]);
-int TPM2_PCR_Seal_With_Policy_Auth_NV_External_Test(void* userCtx, int argc, char *argv[]);
 int TPM2_NVRAM_PolicyNV_Example(void* userCtx, int argc, char *argv[]);
+int TPM2_NVRAM_SealNV_Example(void* userCtx, int argc, char *argv[]);
 int TPM2_NVRAM_Extend_Example(void* userCtx, int argc, char *argv[]);
 
 #ifdef __cplusplus