From: Heiko Schocher <hs@nabladev.com>
To: U-Boot Mailing List <u-boot@lists.denx.de>
Cc: Ilias Apalodimas <ilias.apalodimas@linaro.org>,
Heiko Schocher <hs@nabladev.com>,
Andrew Goodbody <andrew.goodbody@linaro.org>,
Heinrich Schuchardt <xypron.glpk@gmx.de>,
Miquel Raynal <miquel.raynal@bootlin.com>,
Raymond Mao <raymond.mao@linaro.org>,
Tom Rini <trini@konsulko.com>
Subject: [PATCH v2 4/5] tpm2: add sm3 256 hash support
Date: Tue, 11 Nov 2025 06:48:11 +0100 [thread overview]
Message-ID: <20251111054813.1966-5-hs@nabladev.com> (raw)
In-Reply-To: <20251111054813.1966-1-hs@nabladev.com>
add sm3 256 hash support, so TPM2 chips which report
5 pcrs with sm3 hash do not fail with:
u-boot=> tpm2 autostart
tpm2_get_pcr_info: too many pcrs: 5
Error: -90
Signed-off-by: Heiko Schocher <hs@nabladev.com>
---
Changes in v2:
add comments from Ilias
- use ARRAY_SIZE(hash_algo_list) instead of a fix number
in tpm2_get_pcr_info() for the count of supported hashes
in U-Boot.
- add SM3 hash in tpm_tcg2
cmd/tpm-v2.c | 1 +
include/tpm-v2.h | 12 ++++++++++++
lib/tpm-v2.c | 4 ++--
lib/tpm_tcg2.c | 9 +++++++++
4 files changed, 24 insertions(+), 2 deletions(-)
diff --git a/cmd/tpm-v2.c b/cmd/tpm-v2.c
index 346e21d27bb..847b2691581 100644
--- a/cmd/tpm-v2.c
+++ b/cmd/tpm-v2.c
@@ -589,6 +589,7 @@ U_BOOT_CMD(tpm2, CONFIG_SYS_MAXARGS, 1, do_tpm, "Issue a TPMv2.x command",
" * sha256\n"
" * sha384\n"
" * sha512\n"
+" * sm3_256\n"
" <on|off> is one of:\n"
" * on - Select all available PCRs associated with the specified\n"
" algorithm (bank)\n"
diff --git a/include/tpm-v2.h b/include/tpm-v2.h
index f3eb2ef5643..a776d24d71f 100644
--- a/include/tpm-v2.h
+++ b/include/tpm-v2.h
@@ -345,6 +345,18 @@ static const struct digest_info hash_algo_list[] = {
false,
#endif
},
+ {
+ "sm3_256",
+ TPM2_ALG_SM3_256,
+ TCG2_BOOT_HASH_ALG_SM3_256,
+ TPM2_SM3_256_DIGEST_SIZE,
+#if IS_ENABLED(CONFIG_SM3)
+ true,
+#else
+ false,
+#endif
+ },
+
};
/* NV index attributes */
diff --git a/lib/tpm-v2.c b/lib/tpm-v2.c
index 5b21c57ae42..f443b738f82 100644
--- a/lib/tpm-v2.c
+++ b/lib/tpm-v2.c
@@ -686,10 +686,10 @@ int tpm2_get_pcr_info(struct udevice *dev, struct tpml_pcr_selection *pcrs)
pcrs->count = get_unaligned_be32(response);
/*
- * We only support 4 algorithms for now so check against that
+ * check against the supported algorithms in hash_algo_list,
* instead of TPM2_NUM_PCR_BANKS
*/
- if (pcrs->count > 4 || pcrs->count < 1) {
+ if (pcrs->count > ARRAY_SIZE(hash_algo_list) || pcrs->count < 1) {
printf("%s: too many pcrs: %u\n", __func__, pcrs->count);
return -EMSGSIZE;
}
diff --git a/lib/tpm_tcg2.c b/lib/tpm_tcg2.c
index c314b401d0b..d41228f75a9 100644
--- a/lib/tpm_tcg2.c
+++ b/lib/tpm_tcg2.c
@@ -12,6 +12,7 @@
#include <u-boot/sha1.h>
#include <u-boot/sha256.h>
#include <u-boot/sha512.h>
+#include <u-boot/sm3.h>
#include <version_string.h>
#include <asm/io.h>
#include <linux/bitops.h>
@@ -143,6 +144,12 @@ int tcg2_create_digest(struct udevice *dev, const u8 *input, u32 length,
sha512_finish(&ctx_512, final);
len = TPM2_SHA512_DIGEST_SIZE;
break;
+#endif
+#if IS_ENABLED(CONFIG_SM3)
+ case TPM2_ALG_SM3_256:
+ sm3_hash(input, length, final);
+ len = TPM2_SM3_256_DIGEST_SIZE;
+ break;
#endif
default:
printf("%s: unsupported algorithm %x\n", __func__,
@@ -319,6 +326,7 @@ static int tcg2_replay_eventlog(struct tcg2_event_log *elog,
case TPM2_ALG_SHA256:
case TPM2_ALG_SHA384:
case TPM2_ALG_SHA512:
+ case TPM2_ALG_SM3_256:
len = tpm2_algorithm_to_len(algo);
break;
default:
@@ -431,6 +439,7 @@ static int tcg2_log_parse(struct udevice *dev, struct tcg2_event_log *elog,
case TPM2_ALG_SHA256:
case TPM2_ALG_SHA384:
case TPM2_ALG_SHA512:
+ case TPM2_ALG_SM3_256:
len = get_unaligned_le16(&event->digest_sizes[i].digest_size);
if (tpm2_algorithm_to_len(algo) != len) {
log_err("EventLog invalid algorithm length\n");
--
2.20.1
next prev parent reply other threads:[~2025-11-11 5:49 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-11-11 5:48 [PATCH v2 0/5] Add support for SM3 secure hash Heiko Schocher
2025-11-11 5:48 ` [PATCH v2 1/5] lib: Import rol32 function from Linux Heiko Schocher
2025-11-11 9:07 ` Ilias Apalodimas
2025-11-11 5:48 ` [PATCH v2 2/5] lib: implement sm3 256 hash Heiko Schocher
2025-11-11 9:47 ` Ilias Apalodimas
2025-11-12 5:05 ` Heiko Schocher
2025-11-11 5:48 ` [PATCH v2 3/5] test: cmd: hash: add unit test for sm3_256 Heiko Schocher
2025-11-11 6:39 ` Heinrich Schuchardt
2025-11-12 4:44 ` Heiko Schocher
2025-11-11 5:48 ` Heiko Schocher [this message]
2025-11-11 9:34 ` [PATCH v2 4/5] tpm2: add sm3 256 hash support Ilias Apalodimas
2025-11-11 9:38 ` Ilias Apalodimas
2025-11-12 4:46 ` Heiko Schocher
2025-11-11 5:48 ` [PATCH v2 5/5] test: cmd: fix a typo in md5 test Heiko Schocher
2025-11-11 8:57 ` Ilias Apalodimas
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251111054813.1966-5-hs@nabladev.com \
--to=hs@nabladev.com \
--cc=andrew.goodbody@linaro.org \
--cc=ilias.apalodimas@linaro.org \
--cc=miquel.raynal@bootlin.com \
--cc=raymond.mao@linaro.org \
--cc=trini@konsulko.com \
--cc=u-boot@lists.denx.de \
--cc=xypron.glpk@gmx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.