Re: [PATCH 1/3] tpm: update tpm hash algorithm according to tpm2.0 spec 1.59

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Ilias Apalodimas <ilias.apalodimas@linaro.org>
To: Benjamin BARATTE <benjamin.baratte@st.com>
Cc: "u-boot@lists.denx.de" <u-boot@lists.denx.de>,
	"eajames@linux.ibm.com" <eajames@linux.ibm.com>,
	"sjg@chromium.org" <sjg@chromium.org>,
	"tharvey@gateworks.com" <tharvey@gateworks.com>,
	"trini@konsulko.com" <trini@konsulko.com>
Subject: Re: [PATCH 1/3] tpm: update tpm hash algorithm according to tpm2.0 spec 1.59
Date: Mon, 29 Jul 2024 16:55:13 +0300	[thread overview]
Message-ID: <ZqefQTOIwKSl1YzC@hades> (raw)
In-Reply-To: <DU0PR10MB52445073A01A8668C66ADAA0E1A12@DU0PR10MB5244.EURPRD10.PROD.OUTLOOK.COM>

Hi Benjamin, 

Apologies for the late reply, but I wasn't cc'ed in the series. Did you use
get_maintainer.pl for the recipients?

On Mon, Jul 15, 2024 at 01:33:16PM +0000, Benjamin BARATTE wrote:
> The hash algorithm structure shall reflect the TCG specification for
> TPM2.0
> With vesion 1.59, the SHA3 algorithm has been added and shall be
> reflected in this structure.
> The fact that U-Boot does or does not support SHA3 algo yet is not
> relevant for this structure.

It's not, but I don't see why we should add more algorithms if we don't
plan to support them. Any plans of adding actual support for the SHA3
family?

Thanks
/Ilias
> It's up to the end user to configure the active PCR bank to supported
> hash algorithm by all boot chain component.
> Also, by default, TPM2.0 shall support at least SHA256 and SHA384, in
> practice dTPM support 2 actives banks with this 2 hash algorithms
> 
> Signed-off-by: Benjamin BARATTE mailto:benjamin.baratte@st.com
> ---
> 
>  include/tpm-v2.h | 35 ++++++++++++++++++++++++++++++-----
>  1 file changed, 30 insertions(+), 5 deletions(-)
> 
> diff --git a/include/tpm-v2.h b/include/tpm-v2.h
> index 4fd19c52fd..9848e1fd10 100644
> --- a/include/tpm-v2.h
> +++ b/include/tpm-v2.h
> @@ -253,6 +253,9 @@ enum tpm2_algorithms {
>         TPM2_ALG_SHA512         = 0x0D,
>         TPM2_ALG_NULL           = 0x10,
>         TPM2_ALG_SM3_256        = 0x12,
> +       TPM2_ALG_SHA3_256       = 0x27,
> +       TPM2_ALG_SHA3_384       = 0x28,
> +       TPM2_ALG_SHA3_512       = 0x29,
>  };
> 
>  /**
> @@ -271,11 +274,15 @@ struct digest_info {
>  };
> 
>  /* Algorithm Registry */
> -#define TCG2_BOOT_HASH_ALG_SHA1    0x00000001
> -#define TCG2_BOOT_HASH_ALG_SHA256  0x00000002
> -#define TCG2_BOOT_HASH_ALG_SHA384  0x00000004
> -#define TCG2_BOOT_HASH_ALG_SHA512  0x00000008
> -#define TCG2_BOOT_HASH_ALG_SM3_256 0x00000010
> +#define TCG2_BOOT_HASH_ALG_SHA1     0x00000001
> +#define TCG2_BOOT_HASH_ALG_SHA256   0x00000002
> +#define TCG2_BOOT_HASH_ALG_SHA384   0x00000004
> +#define TCG2_BOOT_HASH_ALG_SHA512   0x00000008
> +#define TCG2_BOOT_HASH_ALG_SM3_256  0x00000010
> +#define TCG2_BOOT_HASH_ALG_SHA3_256 0x00000020
> +#define TCG2_BOOT_HASH_ALG_SHA3_384 0x00000040
> +#define TCG2_BOOT_HASH_ALG_SHA3_512 0x00000080
> +
> 
>  static const struct digest_info hash_algo_list[] = {
>  #if IS_ENABLED(CONFIG_SHA1)
> @@ -310,6 +317,24 @@ static const struct digest_info hash_algo_list[] = {
>                 TPM2_SHA512_DIGEST_SIZE,
>         },
>  #endif
> +       {
> +               "sha3_256",
> +               TPM2_ALG_SHA3_256,
> +               TCG2_BOOT_HASH_ALG_SHA3_256,
> +               TPM2_SHA256_DIGEST_SIZE,
> +       },
> +       {
> +               "sha3_384",
> +               TPM2_ALG_SHA3_384,
> +               TCG2_BOOT_HASH_ALG_SHA3_384,
> +               TPM2_SHA384_DIGEST_SIZE,
> +       },
> +       {
> +               "sha3_512",
> +               TPM2_ALG_SHA3_512,
> +               TCG2_BOOT_HASH_ALG_SHA3_512,
> +               TPM2_SHA512_DIGEST_SIZE,
`> +       },
>  };
> 
>  /* NV index attributes */
> --
> 2.34.1
> 
> ST Restricted

next prev parent reply	other threads:[~2024-07-29 13:55 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-07-15 13:33 [PATCH 1/3] tpm: update tpm hash algorithm according to tpm2.0 spec 1.59 Benjamin BARATTE
2024-07-29 13:55 ` Ilias Apalodimas [this message]
2024-08-23 12:25   ` Benjamin BARATTE
2024-09-09 11:24     ` Ilias Apalodimas
2024-09-06 14:22   ` Benjamin BARATTE

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=ZqefQTOIwKSl1YzC@hades \
    --to=ilias.apalodimas@linaro.org \
    --cc=benjamin.baratte@st.com \
    --cc=eajames@linux.ibm.com \
    --cc=sjg@chromium.org \
    --cc=tharvey@gateworks.com \
    --cc=trini@konsulko.com \
    --cc=u-boot@lists.denx.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.