[PATCH v2 4/5] tpm2: add sm3 256 hash support

Tue Nov 11 06:48:11 CET 2025

add sm3 256 hash support, so TPM2 chips which report
5 pcrs with sm3 hash do not fail with:

  u-boot=> tpm2 autostart
  tpm2_get_pcr_info: too many pcrs: 5
  Error: -90

Signed-off-by: Heiko Schocher <hs at nabladev.com>

---

Changes in v2:
add comments from Ilias
- use ARRAY_SIZE(hash_algo_list) instead of a fix number
  in tpm2_get_pcr_info() for the count of supported hashes
  in U-Boot.
- add SM3 hash in tpm_tcg2

 cmd/tpm-v2.c     |  1 +
 include/tpm-v2.h | 12 ++++++++++++
 lib/tpm-v2.c     |  4 ++--
 lib/tpm_tcg2.c   |  9 +++++++++
 4 files changed, 24 insertions(+), 2 deletions(-)

diff --git a/cmd/tpm-v2.c b/cmd/tpm-v2.c
index 346e21d27bb..847b2691581 100644
--- a/cmd/tpm-v2.c
+++ b/cmd/tpm-v2.c
@@ -589,6 +589,7 @@ U_BOOT_CMD(tpm2, CONFIG_SYS_MAXARGS, 1, do_tpm, "Issue a TPMv2.x command",
 "        * sha256\n"
 "        * sha384\n"
 "        * sha512\n"
+"        * sm3_256\n"
 "    <on|off> is one of:\n"
 "        * on  - Select all available PCRs associated with the specified\n"
 "                algorithm (bank)\n"
diff --git a/include/tpm-v2.h b/include/tpm-v2.h
index f3eb2ef5643..a776d24d71f 100644
--- a/include/tpm-v2.h
+++ b/include/tpm-v2.h
@@ -345,6 +345,18 @@ static const struct digest_info hash_algo_list[] = {
 		false,
 #endif
 	},
+	{
+		"sm3_256",
+		TPM2_ALG_SM3_256,
+		TCG2_BOOT_HASH_ALG_SM3_256,
+		TPM2_SM3_256_DIGEST_SIZE,
+#if IS_ENABLED(CONFIG_SM3)
+		true,
+#else
+		false,
+#endif
+	},
+
 };
 
 /* NV index attributes */
diff --git a/lib/tpm-v2.c b/lib/tpm-v2.c
index 5b21c57ae42..f443b738f82 100644
--- a/lib/tpm-v2.c
+++ b/lib/tpm-v2.c
@@ -686,10 +686,10 @@ int tpm2_get_pcr_info(struct udevice *dev, struct tpml_pcr_selection *pcrs)
 
 	pcrs->count = get_unaligned_be32(response);
 	/*
-	 * We only support 4 algorithms for now so check against that
+	 * check against the supported algorithms in hash_algo_list,
 	 * instead of TPM2_NUM_PCR_BANKS
 	 */
-	if (pcrs->count > 4 || pcrs->count < 1) {
+	if (pcrs->count > ARRAY_SIZE(hash_algo_list) || pcrs->count < 1) {
 		printf("%s: too many pcrs: %u\n", __func__, pcrs->count);
 		return -EMSGSIZE;
 	}
diff --git a/lib/tpm_tcg2.c b/lib/tpm_tcg2.c
index c314b401d0b..d41228f75a9 100644
--- a/lib/tpm_tcg2.c
+++ b/lib/tpm_tcg2.c
@@ -12,6 +12,7 @@
 #include <u-boot/sha1.h>
 #include <u-boot/sha256.h>
 #include <u-boot/sha512.h>
+#include <u-boot/sm3.h>
 #include <version_string.h>
 #include <asm/io.h>
 #include <linux/bitops.h>
@@ -143,6 +144,12 @@ int tcg2_create_digest(struct udevice *dev, const u8 *input, u32 length,
 			sha512_finish(&ctx_512, final);
 			len = TPM2_SHA512_DIGEST_SIZE;
 			break;
+#endif
+#if IS_ENABLED(CONFIG_SM3)
+		case TPM2_ALG_SM3_256:
+			sm3_hash(input, length, final);
+			len = TPM2_SM3_256_DIGEST_SIZE;
+			break;
 #endif
 		default:
 			printf("%s: unsupported algorithm %x\n", __func__,
@@ -319,6 +326,7 @@ static int tcg2_replay_eventlog(struct tcg2_event_log *elog,
 			case TPM2_ALG_SHA256:
 			case TPM2_ALG_SHA384:
 			case TPM2_ALG_SHA512:
+			case TPM2_ALG_SM3_256:
 				len = tpm2_algorithm_to_len(algo);
 				break;
 			default:
@@ -431,6 +439,7 @@ static int tcg2_log_parse(struct udevice *dev, struct tcg2_event_log *elog,
 		case TPM2_ALG_SHA256:
 		case TPM2_ALG_SHA384:
 		case TPM2_ALG_SHA512:
+		case TPM2_ALG_SM3_256:
 			len = get_unaligned_le16(&event->digest_sizes[i].digest_size);
 			if (tpm2_algorithm_to_len(algo) != len) {
 				log_err("EventLog invalid algorithm length\n");
-- 
2.20.1

