[PATCH v3 0/6] Add support for SM3 secure hash

Heiko Schocher hs at nabladev.com
Tue Nov 18 05:30:36 CET 2025 

Add SM3 secure hash, as specified by OSCCA GM/T 0004-2012 SM3 and described
at https://datatracker.ietf.org/doc/html/draft-sca-cfrg-sm3-02

TPMv2 defines hash algo sm3_256, which is currently
not supported and prevented TPMv2 chip with newer
firmware to work with U-Boot. Seen this on a ST33TPHF2XI2C

    u-boot=> tpm2 init
    u-boot=> tpm2 autostart
    tpm2_get_pcr_info: too many pcrs: 5
    Error: -90
    u-boot=>

Implement sm3 hash, so we can fix this problem.

Azure build:
https://dev.azure.com/hs0298/hs/_build/results?buildId=194&view=results

Changes in v3:
Added Reviewed-by from Ilias
rebased series to
commit: 69cc92d6869 ("Merge tag 'efi-2026-01-rc3' of https://source.denx.de/u-boot/custodians/u-boot-efi")
add comments from Ilias
- use sizeof(*sctx) instead of sizeof(struct sm3_context)
- use output[] instead of output[SM3_DIGEST_SIZE] comment from Ilias
  This leaded to CI error:
  +lib/sm3.c:241:50: error: argument 2 of type ‘uint8_t[]’ {aka ‘unsigned char[]’} with mismatched bound [-Werror=array-parameter=]
  +  241 | void sm3_final(struct sm3_context *sctx, uint8_t output[])
  +      |                                          ~~~~~~~~^~~~~~~~
  see:
  https://dev.azure.com/hs0298/hs/_build/results?buildId=192&view=logs&j=182673a4-17b9-5c0c-69ad-98f742450579&t=34b689f8-3e29-5ffe-50ea-32bfe99f47c7&l=334
  so made this change back to v2 state of the series, to have the same
  arguments as the other hashes in lib/
- seperate linux and U-Boot parts into 2 commits
New in version 3 as Ilias recommended to split linux
and U-boot changes.
use CMD_TEST instead of DM_TEST, as Heinrich confirmed
add comment from Ilias
- add SM3 support in tcg2_hash_pe_image()
Added Reviewed-by from Ilias

Changes in v2:
rebase to
6b27b688694: ("Merge branch 'master' of https://source.denx.de/u-boot/custodians/u-boot-sh")
add Ilias to Series-cc
add sm3_hash to header file, so we can use it.
add comments from Ilias
- use ARRAY_SIZE(hash_algo_list) instead of a fix number
  in tpm2_get_pcr_info() for the count of supported hashes
  in U-Boot.
- add SM3 hash in tpm_tcg2
Added Reviewed-by tag from Heinrich

Heiko Schocher (6):
  lib: Import rol32 function from Linux
  lib: import sm3 256 hash parts from linux
  lib: sm3: implement U-Boot parts
  test: cmd: hash: add unit test for sm3_256
  tpm2: add sm3 256 hash support
  test: cmd: fix a typo in md5 test

 MAINTAINERS               |   7 +
 boot/Kconfig              |   1 +
 cmd/Kconfig               |  15 ++
 cmd/Makefile              |   1 +
 cmd/sm3sum.c              |  48 ++++++
 cmd/tpm-v2.c              |   1 +
 common/hash.c             |  42 ++++-
 include/linux/bitops.h    |  11 ++
 include/tpm-v2.h          |  12 ++
 include/u-boot/sm3.h      |  35 +++++
 lib/Kconfig               |   7 +
 lib/Makefile              |   1 +
 lib/efi_loader/efi_tcg2.c |   3 +
 lib/sm3.c                 | 312 ++++++++++++++++++++++++++++++++++++++
 lib/tpm-v2.c              |   4 +-
 lib/tpm_tcg2.c            |   9 ++
 test/cmd/hash.c           |  49 +++++-
 17 files changed, 554 insertions(+), 4 deletions(-)
 create mode 100644 cmd/sm3sum.c
 create mode 100644 include/u-boot/sm3.h
 create mode 100644 lib/sm3.c

-- 
2.20.1

base-commit: 69cc92d6869b8ff4591e5b8850872da34934bab9

More information about the U-Boot mailing list