[PATCH 1/3] tpm: update tpm hash algorithm according to tpm2.0 spec 1.59

[PATCH 1/3] tpm: update tpm hash algorithm according to tpm2.0 spec 1.59

[Benjamin BARATTE]

The hash algorithm structure shall reflect the TCG specification for
TPM2.0
With vesion 1.59, the SHA3 algorithm has been added and shall be
reflected in this structure.
The fact that U-Boot does or does not support SHA3 algo yet is not
relevant for this structure.
It's up to the end user to configure the active PCR bank to supported
hash algorithm by all boot chain component.
Also, by default, TPM2.0 shall support at least SHA256 and SHA384, in
practice dTPM support 2 actives banks with this 2 hash algorithms

Signed-off-by: Benjamin BARATTE mailto:benjamin.baratte@st.com
---

 include/tpm-v2.h | 35 ++++++++++++++++++++++++++++++-----
 1 file changed, 30 insertions(+), 5 deletions(-)

diff --git a/include/tpm-v2.h b/include/tpm-v2.h
index 4fd19c52fd..9848e1fd10 100644
--- a/include/tpm-v2.h
+++ b/include/tpm-v2.h
@@ -253,6 +253,9 @@ enum tpm2_algorithms {
        TPM2_ALG_SHA512         = 0x0D,
        TPM2_ALG_NULL           = 0x10,
        TPM2_ALG_SM3_256        = 0x12,
+       TPM2_ALG_SHA3_256       = 0x27,
+       TPM2_ALG_SHA3_384       = 0x28,
+       TPM2_ALG_SHA3_512       = 0x29,
 };

 /**
@@ -271,11 +274,15 @@ struct digest_info {
 };

 /* Algorithm Registry */
-#define TCG2_BOOT_HASH_ALG_SHA1    0x00000001
-#define TCG2_BOOT_HASH_ALG_SHA256  0x00000002
-#define TCG2_BOOT_HASH_ALG_SHA384  0x00000004
-#define TCG2_BOOT_HASH_ALG_SHA512  0x00000008
-#define TCG2_BOOT_HASH_ALG_SM3_256 0x00000010
+#define TCG2_BOOT_HASH_ALG_SHA1     0x00000001
+#define TCG2_BOOT_HASH_ALG_SHA256   0x00000002
+#define TCG2_BOOT_HASH_ALG_SHA384   0x00000004
+#define TCG2_BOOT_HASH_ALG_SHA512   0x00000008
+#define TCG2_BOOT_HASH_ALG_SM3_256  0x00000010
+#define TCG2_BOOT_HASH_ALG_SHA3_256 0x00000020
+#define TCG2_BOOT_HASH_ALG_SHA3_384 0x00000040
+#define TCG2_BOOT_HASH_ALG_SHA3_512 0x00000080
+

 static const struct digest_info hash_algo_list[] = {
 #if IS_ENABLED(CONFIG_SHA1)
@@ -310,6 +317,24 @@ static const struct digest_info hash_algo_list[] = {
                TPM2_SHA512_DIGEST_SIZE,
        },
 #endif
+       {
+               "sha3_256",
+               TPM2_ALG_SHA3_256,
+               TCG2_BOOT_HASH_ALG_SHA3_256,
+               TPM2_SHA256_DIGEST_SIZE,
+       },
+       {
+               "sha3_384",
+               TPM2_ALG_SHA3_384,
+               TCG2_BOOT_HASH_ALG_SHA3_384,
+               TPM2_SHA384_DIGEST_SIZE,
+       },
+       {
+               "sha3_512",
+               TPM2_ALG_SHA3_512,
+               TCG2_BOOT_HASH_ALG_SHA3_512,
+               TPM2_SHA512_DIGEST_SIZE,
+       },
 };

 /* NV index attributes */
--
2.34.1

ST Restricted

Re: [PATCH 1/3] tpm: update tpm hash algorithm according to tpm2.0 spec 1.59

[Ilias Apalodimas]

Hi Benjamin, 

Apologies for the late reply, but I wasn't cc'ed in the series. Did you use
get_maintainer.pl for the recipients?

On Mon, Jul 15, 2024 at 01:33:16PM +0000, Benjamin BARATTE wrote:
> The hash algorithm structure shall reflect the TCG specification for
> TPM2.0
> With vesion 1.59, the SHA3 algorithm has been added and shall be
> reflected in this structure.
> The fact that U-Boot does or does not support SHA3 algo yet is not
> relevant for this structure.

It's not, but I don't see why we should add more algorithms if we don't
plan to support them. Any plans of adding actual support for the SHA3
family?

Thanks
/Ilias
> It's up to the end user to configure the active PCR bank to supported
> hash algorithm by all boot chain component.
> Also, by default, TPM2.0 shall support at least SHA256 and SHA384, in
> practice dTPM support 2 actives banks with this 2 hash algorithms
> 
> Signed-off-by: Benjamin BARATTE mailto:benjamin.baratte@st.com
> ---
> 
>  include/tpm-v2.h | 35 ++++++++++++++++++++++++++++++-----
>  1 file changed, 30 insertions(+), 5 deletions(-)
> 
> diff --git a/include/tpm-v2.h b/include/tpm-v2.h
> index 4fd19c52fd..9848e1fd10 100644
> --- a/include/tpm-v2.h
> +++ b/include/tpm-v2.h
> @@ -253,6 +253,9 @@ enum tpm2_algorithms {
>         TPM2_ALG_SHA512         = 0x0D,
>         TPM2_ALG_NULL           = 0x10,
>         TPM2_ALG_SM3_256        = 0x12,
> +       TPM2_ALG_SHA3_256       = 0x27,
> +       TPM2_ALG_SHA3_384       = 0x28,
> +       TPM2_ALG_SHA3_512       = 0x29,
>  };
> 
>  /**
> @@ -271,11 +274,15 @@ struct digest_info {
>  };
> 
>  /* Algorithm Registry */
> -#define TCG2_BOOT_HASH_ALG_SHA1    0x00000001
> -#define TCG2_BOOT_HASH_ALG_SHA256  0x00000002
> -#define TCG2_BOOT_HASH_ALG_SHA384  0x00000004
> -#define TCG2_BOOT_HASH_ALG_SHA512  0x00000008
> -#define TCG2_BOOT_HASH_ALG_SM3_256 0x00000010
> +#define TCG2_BOOT_HASH_ALG_SHA1     0x00000001
> +#define TCG2_BOOT_HASH_ALG_SHA256   0x00000002
> +#define TCG2_BOOT_HASH_ALG_SHA384   0x00000004
> +#define TCG2_BOOT_HASH_ALG_SHA512   0x00000008
> +#define TCG2_BOOT_HASH_ALG_SM3_256  0x00000010
> +#define TCG2_BOOT_HASH_ALG_SHA3_256 0x00000020
> +#define TCG2_BOOT_HASH_ALG_SHA3_384 0x00000040
> +#define TCG2_BOOT_HASH_ALG_SHA3_512 0x00000080
> +
> 
>  static const struct digest_info hash_algo_list[] = {
>  #if IS_ENABLED(CONFIG_SHA1)
> @@ -310,6 +317,24 @@ static const struct digest_info hash_algo_list[] = {
>                 TPM2_SHA512_DIGEST_SIZE,
>         },
>  #endif
> +       {
> +               "sha3_256",
> +               TPM2_ALG_SHA3_256,
> +               TCG2_BOOT_HASH_ALG_SHA3_256,
> +               TPM2_SHA256_DIGEST_SIZE,
> +       },
> +       {
> +               "sha3_384",
> +               TPM2_ALG_SHA3_384,
> +               TCG2_BOOT_HASH_ALG_SHA3_384,
> +               TPM2_SHA384_DIGEST_SIZE,
> +       },
> +       {
> +               "sha3_512",
> +               TPM2_ALG_SHA3_512,
> +               TCG2_BOOT_HASH_ALG_SHA3_512,
> +               TPM2_SHA512_DIGEST_SIZE,
`> +       },
>  };
> 
>  /* NV index attributes */
> --
> 2.34.1
> 
> ST Restricted

RE: [PATCH 1/3] tpm: update tpm hash algorithm according to tpm2.0 spec 1.59

[Benjamin BARATTE]

Hi @Ilias Apalodimas,


ST Restricted
> -----Original Message-----
> From: Ilias Apalodimas <ilias.apalodimas@linaro.org>
> Sent: Monday, July 29, 2024 3:55 PM
> To: Benjamin BARATTE <benjamin.baratte@st.com>
> Cc: u-boot@lists.denx.de; eajames@linux.ibm.com; sjg@chromium.org;
> tharvey@gateworks.com; trini@konsulko.com
> Subject: Re: [PATCH 1/3] tpm: update tpm hash algorithm according to
> tpm2.0 spec 1.59
>
> Hi Benjamin,
>
> Apologies for the late reply, but I wasn't cc'ed in the series. Did you use
> get_maintainer.pl for the recipients?

I have tried but due to the corporate setup, I'm not able to use the script to format and send the message automatically...
>
> On Mon, Jul 15, 2024 at 01:33:16PM +0000, Benjamin BARATTE wrote:
> > The hash algorithm structure shall reflect the TCG specification for
> > TPM2.0
> > With vesion 1.59, the SHA3 algorithm has been added and shall be
> > reflected in this structure.
> > The fact that U-Boot does or does not support SHA3 algo yet is not
> > relevant for this structure.
>
> It's not, but I don't see why we should add more algorithms if we don't plan to
> support them. Any plans of adding actual support for the SHA3 family?
>

The main issue here is that the new version of hardware TPM are now using default PCR configuration with SHA256 and SHA384 as per the TCG specifications and U-boot can't support them and generate error at boot time.

For the SHA3 family support, they are supported in the Linux Kernel already, therefore, this should be supported in the U-boot to ensure consistency in the full boot chain.

Also, TPM API offer hash interface, therefore if the PCR is using SHA3, the hash calculation could be done by the TPM regardless of the software support in U-boot.

Best Regards,

Benjamin

> Thanks
> /Ilias
> > It's up to the end user to configure the active PCR bank to supported
> > hash algorithm by all boot chain component.
> > Also, by default, TPM2.0 shall support at least SHA256 and SHA384, in
> > practice dTPM support 2 actives banks with this 2 hash algorithms
> >
> > Signed-off-by: Benjamin BARATTE mailto:benjamin.baratte@st.com
> > ---
> >
> >  include/tpm-v2.h | 35 ++++++++++++++++++++++++++++++-----
> >  1 file changed, 30 insertions(+), 5 deletions(-)
> >
> > diff --git a/include/tpm-v2.h b/include/tpm-v2.h index
> > 4fd19c52fd..9848e1fd10 100644
> > --- a/include/tpm-v2.h
> > +++ b/include/tpm-v2.h
> > @@ -253,6 +253,9 @@ enum tpm2_algorithms {
> >         TPM2_ALG_SHA512         = 0x0D,
> >         TPM2_ALG_NULL           = 0x10,
> >         TPM2_ALG_SM3_256        = 0x12,
> > +       TPM2_ALG_SHA3_256       = 0x27,
> > +       TPM2_ALG_SHA3_384       = 0x28,
> > +       TPM2_ALG_SHA3_512       = 0x29,
> >  };
> >
> >  /**
> > @@ -271,11 +274,15 @@ struct digest_info {  };
> >
> >  /* Algorithm Registry */
> > -#define TCG2_BOOT_HASH_ALG_SHA1    0x00000001
> > -#define TCG2_BOOT_HASH_ALG_SHA256  0x00000002 -#define
> > TCG2_BOOT_HASH_ALG_SHA384  0x00000004 -#define
> > TCG2_BOOT_HASH_ALG_SHA512  0x00000008 -#define
> > TCG2_BOOT_HASH_ALG_SM3_256 0x00000010
> > +#define TCG2_BOOT_HASH_ALG_SHA1     0x00000001
> > +#define TCG2_BOOT_HASH_ALG_SHA256   0x00000002
> > +#define TCG2_BOOT_HASH_ALG_SHA384   0x00000004
> > +#define TCG2_BOOT_HASH_ALG_SHA512   0x00000008
> > +#define TCG2_BOOT_HASH_ALG_SM3_256  0x00000010 #define
> > +TCG2_BOOT_HASH_ALG_SHA3_256 0x00000020 #define
> > +TCG2_BOOT_HASH_ALG_SHA3_384 0x00000040 #define
> > +TCG2_BOOT_HASH_ALG_SHA3_512 0x00000080
> > +
> >
> >  static const struct digest_info hash_algo_list[] = {  #if
> > IS_ENABLED(CONFIG_SHA1) @@ -310,6 +317,24 @@ static const struct
> > digest_info hash_algo_list[] = {
> >                 TPM2_SHA512_DIGEST_SIZE,
> >         },
> >  #endif
> > +       {
> > +               "sha3_256",
> > +               TPM2_ALG_SHA3_256,
> > +               TCG2_BOOT_HASH_ALG_SHA3_256,
> > +               TPM2_SHA256_DIGEST_SIZE,
> > +       },
> > +       {
> > +               "sha3_384",
> > +               TPM2_ALG_SHA3_384,
> > +               TCG2_BOOT_HASH_ALG_SHA3_384,
> > +               TPM2_SHA384_DIGEST_SIZE,
> > +       },
> > +       {
> > +               "sha3_512",
> > +               TPM2_ALG_SHA3_512,
> > +               TCG2_BOOT_HASH_ALG_SHA3_512,
> > +               TPM2_SHA512_DIGEST_SIZE,
> `> +       },
> >  };
> >
> >  /* NV index attributes */
> > --
> > 2.34.1
> >
> > ST Restricted

RE: [PATCH 1/3] tpm: update tpm hash algorithm according to tpm2.0 spec 1.59

[Benjamin BARATTE]

Hi Ilas,

Could you comment my last mail on this topic ?

Thanks,

Benjamin

> -----Original Message-----
> From: Benjamin BARATTE
> Sent: Friday, August 23, 2024 2:25 PM
> To: 'Ilias Apalodimas' <ilias.apalodimas@linaro.org>
> Cc: u-boot@lists.denx.de; eajames@linux.ibm.com; sjg@chromium.org;
> tharvey@gateworks.com; trini@konsulko.com
> Subject: RE: [PATCH 1/3] tpm: update tpm hash algorithm according to
> tpm2.0 spec 1.59
> 
> Hi @Ilias Apalodimas,
> 
> > -----Original Message-----
> > From: Ilias Apalodimas <ilias.apalodimas@linaro.org>
> > Sent: Monday, July 29, 2024 3:55 PM
> > To: Benjamin BARATTE <benjamin.baratte@st.com>
> > Cc: u-boot@lists.denx.de; eajames@linux.ibm.com; sjg@chromium.org;
> > tharvey@gateworks.com; trini@konsulko.com
> > Subject: Re: [PATCH 1/3] tpm: update tpm hash algorithm according to
> > tpm2.0 spec 1.59
> >
> > Hi Benjamin,
> >
> > Apologies for the late reply, but I wasn't cc'ed in the series. Did
> > you use get_maintainer.pl for the recipients?
> 
> I have tried but due to the corporate setup, I'm not able to use the script to
> format and send the message automatically...
> >
> > On Mon, Jul 15, 2024 at 01:33:16PM +0000, Benjamin BARATTE wrote:
> > > The hash algorithm structure shall reflect the TCG specification for
> > > TPM2.0
> > > With vesion 1.59, the SHA3 algorithm has been added and shall be
> > > reflected in this structure.
> > > The fact that U-Boot does or does not support SHA3 algo yet is not
> > > relevant for this structure.
> >
> > It's not, but I don't see why we should add more algorithms if we
> > don't plan to support them. Any plans of adding actual support for the SHA3
> family?
> >
> 
> The main issue here is that the new version of hardware TPM are now using
> default PCR configuration with SHA256 and SHA384 as per the TCG
> specifications and U-boot can't support them and generate error at boot time.
> 
> For the SHA3 family support, they are supported in the Linux Kernel already,
> therefore, this should be supported in the U-boot to ensure consistency in the
> full boot chain.
> 
> Also, TPM API offer hash interface, therefore if the PCR is using SHA3, the hash
> calculation could be done by the TPM regardless of the software support in U-
> boot.
> 
> Best Regards,
> 
> Benjamin
> 
> > Thanks
> > /Ilias
> > > It's up to the end user to configure the active PCR bank to
> > > supported hash algorithm by all boot chain component.
> > > Also, by default, TPM2.0 shall support at least SHA256 and SHA384,
> > > in practice dTPM support 2 actives banks with this 2 hash algorithms
> > >
> > > Signed-off-by: Benjamin BARATTE mailto:benjamin.baratte@st.com
> > > ---
> > >
> > >  include/tpm-v2.h | 35 ++++++++++++++++++++++++++++++-----
> > >  1 file changed, 30 insertions(+), 5 deletions(-)
> > >
> > > diff --git a/include/tpm-v2.h b/include/tpm-v2.h index
> > > 4fd19c52fd..9848e1fd10 100644
> > > --- a/include/tpm-v2.h
> > > +++ b/include/tpm-v2.h
> > > @@ -253,6 +253,9 @@ enum tpm2_algorithms {
> > >         TPM2_ALG_SHA512         = 0x0D,
> > >         TPM2_ALG_NULL           = 0x10,
> > >         TPM2_ALG_SM3_256        = 0x12,
> > > +       TPM2_ALG_SHA3_256       = 0x27,
> > > +       TPM2_ALG_SHA3_384       = 0x28,
> > > +       TPM2_ALG_SHA3_512       = 0x29,
> > >  };
> > >
> > >  /**
> > > @@ -271,11 +274,15 @@ struct digest_info {  };
> > >
> > >  /* Algorithm Registry */
> > > -#define TCG2_BOOT_HASH_ALG_SHA1    0x00000001
> > > -#define TCG2_BOOT_HASH_ALG_SHA256  0x00000002 -#define
> > > TCG2_BOOT_HASH_ALG_SHA384  0x00000004 -#define
> > > TCG2_BOOT_HASH_ALG_SHA512  0x00000008 -#define
> > > TCG2_BOOT_HASH_ALG_SM3_256 0x00000010
> > > +#define TCG2_BOOT_HASH_ALG_SHA1     0x00000001
> > > +#define TCG2_BOOT_HASH_ALG_SHA256   0x00000002
> > > +#define TCG2_BOOT_HASH_ALG_SHA384   0x00000004
> > > +#define TCG2_BOOT_HASH_ALG_SHA512   0x00000008
> > > +#define TCG2_BOOT_HASH_ALG_SM3_256  0x00000010 #define
> > > +TCG2_BOOT_HASH_ALG_SHA3_256 0x00000020 #define
> > > +TCG2_BOOT_HASH_ALG_SHA3_384 0x00000040 #define
> > > +TCG2_BOOT_HASH_ALG_SHA3_512 0x00000080
> > > +
> > >
> > >  static const struct digest_info hash_algo_list[] = {  #if
> > > IS_ENABLED(CONFIG_SHA1) @@ -310,6 +317,24 @@ static const struct
> > > digest_info hash_algo_list[] = {
> > >                 TPM2_SHA512_DIGEST_SIZE,
> > >         },
> > >  #endif
> > > +       {
> > > +               "sha3_256",
> > > +               TPM2_ALG_SHA3_256,
> > > +               TCG2_BOOT_HASH_ALG_SHA3_256,
> > > +               TPM2_SHA256_DIGEST_SIZE,
> > > +       },
> > > +       {
> > > +               "sha3_384",
> > > +               TPM2_ALG_SHA3_384,
> > > +               TCG2_BOOT_HASH_ALG_SHA3_384,
> > > +               TPM2_SHA384_DIGEST_SIZE,
> > > +       },
> > > +       {
> > > +               "sha3_512",
> > > +               TPM2_ALG_SHA3_512,
> > > +               TCG2_BOOT_HASH_ALG_SHA3_512,
> > > +               TPM2_SHA512_DIGEST_SIZE,
> > `> +       },
> > >  };
> > >
> > >  /* NV index attributes */
> > > --
> > > 2.34.1
> > >
> > > ST Restricted

Re: [PATCH 1/3] tpm: update tpm hash algorithm according to tpm2.0 spec 1.59

[Ilias Apalodimas]

Hi Benjamin

On Fri, 23 Aug 2024 at 15:25, Benjamin BARATTE <benjamin.baratte@st.com> wrote:
>
> Hi @Ilias Apalodimas,
>
>
> ST Restricted
> > -----Original Message-----
> > From: Ilias Apalodimas <ilias.apalodimas@linaro.org>
> > Sent: Monday, July 29, 2024 3:55 PM
> > To: Benjamin BARATTE <benjamin.baratte@st.com>
> > Cc: u-boot@lists.denx.de; eajames@linux.ibm.com; sjg@chromium.org;
> > tharvey@gateworks.com; trini@konsulko.com
> > Subject: Re: [PATCH 1/3] tpm: update tpm hash algorithm according to
> > tpm2.0 spec 1.59
> >
> > Hi Benjamin,
> >
> > Apologies for the late reply, but I wasn't cc'ed in the series. Did you use
> > get_maintainer.pl for the recipients?
>
> I have tried but due to the corporate setup, I'm not able to use the script to format and send the message automatically...
> >
> > On Mon, Jul 15, 2024 at 01:33:16PM +0000, Benjamin BARATTE wrote:
> > > The hash algorithm structure shall reflect the TCG specification for
> > > TPM2.0
> > > With vesion 1.59, the SHA3 algorithm has been added and shall be
> > > reflected in this structure.
> > > The fact that U-Boot does or does not support SHA3 algo yet is not
> > > relevant for this structure.
> >
> > It's not, but I don't see why we should add more algorithms if we don't plan to
> > support them. Any plans of adding actual support for the SHA3 family?
> >
>
> The main issue here is that the new version of hardware TPM are now using default PCR configuration with SHA256 and SHA384 as per the TCG specifications and U-boot can't support them and generate error at boot time.

Why? e7505b3b8bcd1b introduced the errors but sha256,384 are already
supported. Unless you mean sha3-256?

>
> For the SHA3 family support, they are supported in the Linux Kernel already, therefore, this should be supported in the U-boot to ensure consistency in the full boot chain


You are just adding the defines here. The commit above has the
reasoning of why we block measurements, and just adding the defines to
bypass the check is not the right thing to do.
>
> Also, TPM API offer hash interface, therefore if the PCR is using SHA3, the hash calculation could be done by the TPM regardless of the software support in U-boot.

I am not exactly sure what you mean here. Is that part of the API in U-Boot?

Thanks
/Ilias
>
> Best Regards,
>
> Benjamin
>
> > Thanks
> > /Ilias
> > > It's up to the end user to configure the active PCR bank to supported
> > > hash algorithm by all boot chain component.
> > > Also, by default, TPM2.0 shall support at least SHA256 and SHA384, in
> > > practice dTPM support 2 actives banks with this 2 hash algorithms
> > >
> > > Signed-off-by: Benjamin BARATTE mailto:benjamin.baratte@st.com
> > > ---
> > >
> > >  include/tpm-v2.h | 35 ++++++++++++++++++++++++++++++-----
> > >  1 file changed, 30 insertions(+), 5 deletions(-)
> > >
> > > diff --git a/include/tpm-v2.h b/include/tpm-v2.h index
> > > 4fd19c52fd..9848e1fd10 100644
> > > --- a/include/tpm-v2.h
> > > +++ b/include/tpm-v2.h
> > > @@ -253,6 +253,9 @@ enum tpm2_algorithms {
> > >         TPM2_ALG_SHA512         = 0x0D,
> > >         TPM2_ALG_NULL           = 0x10,
> > >         TPM2_ALG_SM3_256        = 0x12,
> > > +       TPM2_ALG_SHA3_256       = 0x27,
> > > +       TPM2_ALG_SHA3_384       = 0x28,
> > > +       TPM2_ALG_SHA3_512       = 0x29,
> > >  };
> > >
> > >  /**
> > > @@ -271,11 +274,15 @@ struct digest_info {  };
> > >
> > >  /* Algorithm Registry */
> > > -#define TCG2_BOOT_HASH_ALG_SHA1    0x00000001
> > > -#define TCG2_BOOT_HASH_ALG_SHA256  0x00000002 -#define
> > > TCG2_BOOT_HASH_ALG_SHA384  0x00000004 -#define
> > > TCG2_BOOT_HASH_ALG_SHA512  0x00000008 -#define
> > > TCG2_BOOT_HASH_ALG_SM3_256 0x00000010
> > > +#define TCG2_BOOT_HASH_ALG_SHA1     0x00000001
> > > +#define TCG2_BOOT_HASH_ALG_SHA256   0x00000002
> > > +#define TCG2_BOOT_HASH_ALG_SHA384   0x00000004
> > > +#define TCG2_BOOT_HASH_ALG_SHA512   0x00000008
> > > +#define TCG2_BOOT_HASH_ALG_SM3_256  0x00000010 #define
> > > +TCG2_BOOT_HASH_ALG_SHA3_256 0x00000020 #define
> > > +TCG2_BOOT_HASH_ALG_SHA3_384 0x00000040 #define
> > > +TCG2_BOOT_HASH_ALG_SHA3_512 0x00000080
> > > +
> > >
> > >  static const struct digest_info hash_algo_list[] = {  #if
> > > IS_ENABLED(CONFIG_SHA1) @@ -310,6 +317,24 @@ static const struct
> > > digest_info hash_algo_list[] = {
> > >                 TPM2_SHA512_DIGEST_SIZE,
> > >         },
> > >  #endif
> > > +       {
> > > +               "sha3_256",
> > > +               TPM2_ALG_SHA3_256,
> > > +               TCG2_BOOT_HASH_ALG_SHA3_256,
> > > +               TPM2_SHA256_DIGEST_SIZE,
> > > +       },
> > > +       {
> > > +               "sha3_384",
> > > +               TPM2_ALG_SHA3_384,
> > > +               TCG2_BOOT_HASH_ALG_SHA3_384,
> > > +               TPM2_SHA384_DIGEST_SIZE,
> > > +       },
> > > +       {
> > > +               "sha3_512",
> > > +               TPM2_ALG_SHA3_512,
> > > +               TCG2_BOOT_HASH_ALG_SHA3_512,
> > > +               TPM2_SHA512_DIGEST_SIZE,
> > `> +       },
> > >  };
> > >
> > >  /* NV index attributes */
> > > --
> > > 2.34.1
> > >
> > > ST Restricted