[PATCH 1/3] tpm: update tpm hash algorithm according to tpm2.0 spec 1.59
Ilias Apalodimas
ilias.apalodimas at linaro.org
Mon Jul 29 15:55:13 CEST 2024
Hi Benjamin,
Apologies for the late reply, but I wasn't cc'ed in the series. Did you use
get_maintainer.pl for the recipients?
On Mon, Jul 15, 2024 at 01:33:16PM +0000, Benjamin BARATTE wrote:
> The hash algorithm structure shall reflect the TCG specification for
> TPM2.0
> With vesion 1.59, the SHA3 algorithm has been added and shall be
> reflected in this structure.
> The fact that U-Boot does or does not support SHA3 algo yet is not
> relevant for this structure.
It's not, but I don't see why we should add more algorithms if we don't
plan to support them. Any plans of adding actual support for the SHA3
family?
Thanks
/Ilias
> It's up to the end user to configure the active PCR bank to supported
> hash algorithm by all boot chain component.
> Also, by default, TPM2.0 shall support at least SHA256 and SHA384, in
> practice dTPM support 2 actives banks with this 2 hash algorithms
>
> Signed-off-by: Benjamin BARATTE mailto:benjamin.baratte at st.com
> ---
>
> include/tpm-v2.h | 35 ++++++++++++++++++++++++++++++-----
> 1 file changed, 30 insertions(+), 5 deletions(-)
>
> diff --git a/include/tpm-v2.h b/include/tpm-v2.h
> index 4fd19c52fd..9848e1fd10 100644
> --- a/include/tpm-v2.h
> +++ b/include/tpm-v2.h
> @@ -253,6 +253,9 @@ enum tpm2_algorithms {
> TPM2_ALG_SHA512 = 0x0D,
> TPM2_ALG_NULL = 0x10,
> TPM2_ALG_SM3_256 = 0x12,
> + TPM2_ALG_SHA3_256 = 0x27,
> + TPM2_ALG_SHA3_384 = 0x28,
> + TPM2_ALG_SHA3_512 = 0x29,
> };
>
> /**
> @@ -271,11 +274,15 @@ struct digest_info {
> };
>
> /* Algorithm Registry */
> -#define TCG2_BOOT_HASH_ALG_SHA1 0x00000001
> -#define TCG2_BOOT_HASH_ALG_SHA256 0x00000002
> -#define TCG2_BOOT_HASH_ALG_SHA384 0x00000004
> -#define TCG2_BOOT_HASH_ALG_SHA512 0x00000008
> -#define TCG2_BOOT_HASH_ALG_SM3_256 0x00000010
> +#define TCG2_BOOT_HASH_ALG_SHA1 0x00000001
> +#define TCG2_BOOT_HASH_ALG_SHA256 0x00000002
> +#define TCG2_BOOT_HASH_ALG_SHA384 0x00000004
> +#define TCG2_BOOT_HASH_ALG_SHA512 0x00000008
> +#define TCG2_BOOT_HASH_ALG_SM3_256 0x00000010
> +#define TCG2_BOOT_HASH_ALG_SHA3_256 0x00000020
> +#define TCG2_BOOT_HASH_ALG_SHA3_384 0x00000040
> +#define TCG2_BOOT_HASH_ALG_SHA3_512 0x00000080
> +
>
> static const struct digest_info hash_algo_list[] = {
> #if IS_ENABLED(CONFIG_SHA1)
> @@ -310,6 +317,24 @@ static const struct digest_info hash_algo_list[] = {
> TPM2_SHA512_DIGEST_SIZE,
> },
> #endif
> + {
> + "sha3_256",
> + TPM2_ALG_SHA3_256,
> + TCG2_BOOT_HASH_ALG_SHA3_256,
> + TPM2_SHA256_DIGEST_SIZE,
> + },
> + {
> + "sha3_384",
> + TPM2_ALG_SHA3_384,
> + TCG2_BOOT_HASH_ALG_SHA3_384,
> + TPM2_SHA384_DIGEST_SIZE,
> + },
> + {
> + "sha3_512",
> + TPM2_ALG_SHA3_512,
> + TCG2_BOOT_HASH_ALG_SHA3_512,
> + TPM2_SHA512_DIGEST_SIZE,
`> + },
> };
>
> /* NV index attributes */
> --
> 2.34.1
>
> ST Restricted
More information about the U-Boot
mailing list