Hello,
Nudged by your comment about the wolftpm sources, I had myself a look into the GitHub repository [1]. After browsing the code I got the impression that the TPM hardware use case (--enable-devtpm) is completely independent of LibC if the backend is reimplemented for Genode. The SWTPM (--enable-swtpm) naturally requires LibC and a network stack to my understanding. Note, I did not check transitive dependencies resulting in wolfcrypt.
Thanks to you observations, we succeeded in making wolftpm run without the libc mostly by using code from the mini C demo and disabling some features of wolfssl we don't care about.
So our proof of concept is now able to get some random from the TPM using wolftpm running inside a VFS plugin.
Have a nice weekend Stefan