[PATCH 1/3] tpm: update tpm hash algorithm according to tpm2.0 spec 1.59

Ilias Apalodimas ilias.apalodimas at linaro.org
Mon Jul 29 15:55:13 CEST 2024


Hi Benjamin, 

Apologies for the late reply, but I wasn't cc'ed in the series. Did you use
get_maintainer.pl for the recipients?

On Mon, Jul 15, 2024 at 01:33:16PM +0000, Benjamin BARATTE wrote:
> The hash algorithm structure shall reflect the TCG specification for
> TPM2.0
> With vesion 1.59, the SHA3 algorithm has been added and shall be
> reflected in this structure.
> The fact that U-Boot does or does not support SHA3 algo yet is not
> relevant for this structure.

It's not, but I don't see why we should add more algorithms if we don't
plan to support them. Any plans of adding actual support for the SHA3
family?

Thanks
/Ilias
> It's up to the end user to configure the active PCR bank to supported
> hash algorithm by all boot chain component.
> Also, by default, TPM2.0 shall support at least SHA256 and SHA384, in
> practice dTPM support 2 actives banks with this 2 hash algorithms
> 
> Signed-off-by: Benjamin BARATTE mailto:benjamin.baratte at st.com
> ---
> 
>  include/tpm-v2.h | 35 ++++++++++++++++++++++++++++++-----
>  1 file changed, 30 insertions(+), 5 deletions(-)
> 
> diff --git a/include/tpm-v2.h b/include/tpm-v2.h
> index 4fd19c52fd..9848e1fd10 100644
> --- a/include/tpm-v2.h
> +++ b/include/tpm-v2.h
> @@ -253,6 +253,9 @@ enum tpm2_algorithms {
>         TPM2_ALG_SHA512         = 0x0D,
>         TPM2_ALG_NULL           = 0x10,
>         TPM2_ALG_SM3_256        = 0x12,
> +       TPM2_ALG_SHA3_256       = 0x27,
> +       TPM2_ALG_SHA3_384       = 0x28,
> +       TPM2_ALG_SHA3_512       = 0x29,
>  };
> 
>  /**
> @@ -271,11 +274,15 @@ struct digest_info {
>  };
> 
>  /* Algorithm Registry */
> -#define TCG2_BOOT_HASH_ALG_SHA1    0x00000001
> -#define TCG2_BOOT_HASH_ALG_SHA256  0x00000002
> -#define TCG2_BOOT_HASH_ALG_SHA384  0x00000004
> -#define TCG2_BOOT_HASH_ALG_SHA512  0x00000008
> -#define TCG2_BOOT_HASH_ALG_SM3_256 0x00000010
> +#define TCG2_BOOT_HASH_ALG_SHA1     0x00000001
> +#define TCG2_BOOT_HASH_ALG_SHA256   0x00000002
> +#define TCG2_BOOT_HASH_ALG_SHA384   0x00000004
> +#define TCG2_BOOT_HASH_ALG_SHA512   0x00000008
> +#define TCG2_BOOT_HASH_ALG_SM3_256  0x00000010
> +#define TCG2_BOOT_HASH_ALG_SHA3_256 0x00000020
> +#define TCG2_BOOT_HASH_ALG_SHA3_384 0x00000040
> +#define TCG2_BOOT_HASH_ALG_SHA3_512 0x00000080
> +
> 
>  static const struct digest_info hash_algo_list[] = {
>  #if IS_ENABLED(CONFIG_SHA1)
> @@ -310,6 +317,24 @@ static const struct digest_info hash_algo_list[] = {
>                 TPM2_SHA512_DIGEST_SIZE,
>         },
>  #endif
> +       {
> +               "sha3_256",
> +               TPM2_ALG_SHA3_256,
> +               TCG2_BOOT_HASH_ALG_SHA3_256,
> +               TPM2_SHA256_DIGEST_SIZE,
> +       },
> +       {
> +               "sha3_384",
> +               TPM2_ALG_SHA3_384,
> +               TCG2_BOOT_HASH_ALG_SHA3_384,
> +               TPM2_SHA384_DIGEST_SIZE,
> +       },
> +       {
> +               "sha3_512",
> +               TPM2_ALG_SHA3_512,
> +               TCG2_BOOT_HASH_ALG_SHA3_512,
> +               TPM2_SHA512_DIGEST_SIZE,
`> +       },
>  };
> 
>  /* NV index attributes */
> --
> 2.34.1
> 
> ST Restricted


More information about the U-Boot mailing list