[PATCH v2 4/5] tpm2: add sm3 256 hash support
Ilias Apalodimas
ilias.apalodimas at linaro.org
Tue Nov 11 10:34:54 CET 2025
Hi Heiko,
This all looks reasonable.
There's one place I forgot to mention though. tcg2_hash_pe_image()
also needs SM3 support.
The easier way to test that SM3 is working is boot your device and
look at the PCR measurements
- 'tpm2_pcrread' -- The SM3 bank should be != 0
- tpm2_eventlog /sys/kernel/security/tpm0/binary_bios_measurements
should also include SM3
Thanks
/Ilias
On Tue, 11 Nov 2025 at 07:48, Heiko Schocher <hs at nabladev.com> wrote:
>
> add sm3 256 hash support, so TPM2 chips which report
> 5 pcrs with sm3 hash do not fail with:
>
> u-boot=> tpm2 autostart
> tpm2_get_pcr_info: too many pcrs: 5
> Error: -90
>
> Signed-off-by: Heiko Schocher <hs at nabladev.com>
>
> ---
>
> Changes in v2:
> add comments from Ilias
> - use ARRAY_SIZE(hash_algo_list) instead of a fix number
> in tpm2_get_pcr_info() for the count of supported hashes
> in U-Boot.
> - add SM3 hash in tpm_tcg2
>
> cmd/tpm-v2.c | 1 +
> include/tpm-v2.h | 12 ++++++++++++
> lib/tpm-v2.c | 4 ++--
> lib/tpm_tcg2.c | 9 +++++++++
> 4 files changed, 24 insertions(+), 2 deletions(-)
>
> diff --git a/cmd/tpm-v2.c b/cmd/tpm-v2.c
> index 346e21d27bb..847b2691581 100644
> --- a/cmd/tpm-v2.c
> +++ b/cmd/tpm-v2.c
> @@ -589,6 +589,7 @@ U_BOOT_CMD(tpm2, CONFIG_SYS_MAXARGS, 1, do_tpm, "Issue a TPMv2.x command",
> " * sha256\n"
> " * sha384\n"
> " * sha512\n"
> +" * sm3_256\n"
> " <on|off> is one of:\n"
> " * on - Select all available PCRs associated with the specified\n"
> " algorithm (bank)\n"
> diff --git a/include/tpm-v2.h b/include/tpm-v2.h
> index f3eb2ef5643..a776d24d71f 100644
> --- a/include/tpm-v2.h
> +++ b/include/tpm-v2.h
> @@ -345,6 +345,18 @@ static const struct digest_info hash_algo_list[] = {
> false,
> #endif
> },
> + {
> + "sm3_256",
> + TPM2_ALG_SM3_256,
> + TCG2_BOOT_HASH_ALG_SM3_256,
> + TPM2_SM3_256_DIGEST_SIZE,
> +#if IS_ENABLED(CONFIG_SM3)
> + true,
> +#else
> + false,
> +#endif
> + },
> +
> };
>
> /* NV index attributes */
> diff --git a/lib/tpm-v2.c b/lib/tpm-v2.c
> index 5b21c57ae42..f443b738f82 100644
> --- a/lib/tpm-v2.c
> +++ b/lib/tpm-v2.c
> @@ -686,10 +686,10 @@ int tpm2_get_pcr_info(struct udevice *dev, struct tpml_pcr_selection *pcrs)
>
> pcrs->count = get_unaligned_be32(response);
> /*
> - * We only support 4 algorithms for now so check against that
> + * check against the supported algorithms in hash_algo_list,
> * instead of TPM2_NUM_PCR_BANKS
> */
> - if (pcrs->count > 4 || pcrs->count < 1) {
> + if (pcrs->count > ARRAY_SIZE(hash_algo_list) || pcrs->count < 1) {
> printf("%s: too many pcrs: %u\n", __func__, pcrs->count);
> return -EMSGSIZE;
> }
> diff --git a/lib/tpm_tcg2.c b/lib/tpm_tcg2.c
> index c314b401d0b..d41228f75a9 100644
> --- a/lib/tpm_tcg2.c
> +++ b/lib/tpm_tcg2.c
> @@ -12,6 +12,7 @@
> #include <u-boot/sha1.h>
> #include <u-boot/sha256.h>
> #include <u-boot/sha512.h>
> +#include <u-boot/sm3.h>
> #include <version_string.h>
> #include <asm/io.h>
> #include <linux/bitops.h>
> @@ -143,6 +144,12 @@ int tcg2_create_digest(struct udevice *dev, const u8 *input, u32 length,
> sha512_finish(&ctx_512, final);
> len = TPM2_SHA512_DIGEST_SIZE;
> break;
> +#endif
> +#if IS_ENABLED(CONFIG_SM3)
> + case TPM2_ALG_SM3_256:
> + sm3_hash(input, length, final);
> + len = TPM2_SM3_256_DIGEST_SIZE;
> + break;
> #endif
> default:
> printf("%s: unsupported algorithm %x\n", __func__,
> @@ -319,6 +326,7 @@ static int tcg2_replay_eventlog(struct tcg2_event_log *elog,
> case TPM2_ALG_SHA256:
> case TPM2_ALG_SHA384:
> case TPM2_ALG_SHA512:
> + case TPM2_ALG_SM3_256:
> len = tpm2_algorithm_to_len(algo);
> break;
> default:
> @@ -431,6 +439,7 @@ static int tcg2_log_parse(struct udevice *dev, struct tcg2_event_log *elog,
> case TPM2_ALG_SHA256:
> case TPM2_ALG_SHA384:
> case TPM2_ALG_SHA512:
> + case TPM2_ALG_SM3_256:
> len = get_unaligned_le16(&event->digest_sizes[i].digest_size);
> if (tpm2_algorithm_to_len(algo) != len) {
> log_err("EventLog invalid algorithm length\n");
> --
> 2.20.1
>
More information about the U-Boot
mailing list