Hi Raymond, Ilias,
On 18.11.25 16:11, Raymond Mao wrote:
Hi Heiko,
On Mon, Nov 17, 2025 at 11:30 PM Heiko Schocher <[email protected]
<mailto:[email protected]>> wrote:
Add SM3 secure hash, as specified by OSCCA GM/T 0004-2012 SM3 and described
at https://datatracker.ietf.org/doc/html/draft-sca-cfrg-sm3-02
<https://datatracker.ietf.org/doc/html/draft-sca-cfrg-sm3-02>
TPMv2 defines hash algo sm3_256, which is currently
not supported and prevented TPMv2 chip with newer
firmware to work with U-Boot. Seen this on a ST33TPHF2XI2C
u-boot=> tpm2 init
u-boot=> tpm2 autostart
tpm2_get_pcr_info: too many pcrs: 5
Error: -90
u-boot=>
Implement sm3 hash, so we can fix this problem.
Did you add a Measured Boot CI test for SM3 on any boards? The QEMU test with swtpm I added might
not work since it does not support SM3 (Currently it is configured to SHA256 only) .
Not yet, I have to look how I can setup this, as Ilias also mentioned
that. Any chance to setup this with QEMU and swptm ? Ah, if I see it
correct no SM3 support yet in swtpm ?
bye,
Heiko
Raymond
Azure build:
https://dev.azure.com/hs0298/hs/_build/results?buildId=194&view=results
<https://dev.azure.com/hs0298/hs/_build/results?buildId=194&view=results>
Changes in v3:
Added Reviewed-by from Ilias
rebased series to
commit: 69cc92d6869 ("Merge tag 'efi-2026-01-rc3' of
https://source.denx.de/u-boot/custodians/u-boot-efi
<https://source.denx.de/u-boot/custodians/u-boot-efi>")
add comments from Ilias
- use sizeof(*sctx) instead of sizeof(struct sm3_context)
- use output[] instead of output[SM3_DIGEST_SIZE] comment from Ilias
This leaded to CI error:
+lib/sm3.c:241:50: error: argument 2 of type ‘uint8_t[]’ {aka ‘unsigned
char[]’} with
mismatched bound [-Werror=array-parameter=]
+ 241 | void sm3_final(struct sm3_context *sctx, uint8_t output[])
+ | ~~~~~~~~^~~~~~~~
see:
https://dev.azure.com/hs0298/hs/_build/results?buildId=192&view=logs&j=182673a4-17b9-5c0c-69ad-98f742450579&t=34b689f8-3e29-5ffe-50ea-32bfe99f47c7&l=334
<https://dev.azure.com/hs0298/hs/_build/results?buildId=192&view=logs&j=182673a4-17b9-5c0c-69ad-98f742450579&t=34b689f8-3e29-5ffe-50ea-32bfe99f47c7&l=334>
so made this change back to v2 state of the series, to have the same
arguments as the other hashes in lib/
- seperate linux and U-Boot parts into 2 commits
New in version 3 as Ilias recommended to split linux
and U-boot changes.
use CMD_TEST instead of DM_TEST, as Heinrich confirmed
add comment from Ilias
- add SM3 support in tcg2_hash_pe_image()
Added Reviewed-by from Ilias
Changes in v2:
rebase to
6b27b688694: ("Merge branch 'master' of
https://source.denx.de/u-boot/custodians/u-boot-sh
<https://source.denx.de/u-boot/custodians/u-boot-sh>")
add Ilias to Series-cc
add sm3_hash to header file, so we can use it.
add comments from Ilias
- use ARRAY_SIZE(hash_algo_list) instead of a fix number
in tpm2_get_pcr_info() for the count of supported hashes
in U-Boot.
- add SM3 hash in tpm_tcg2
Added Reviewed-by tag from Heinrich
Heiko Schocher (6):
lib: Import rol32 function from Linux
lib: import sm3 256 hash parts from linux
lib: sm3: implement U-Boot parts
test: cmd: hash: add unit test for sm3_256
tpm2: add sm3 256 hash support
test: cmd: fix a typo in md5 test
MAINTAINERS | 7 +
boot/Kconfig | 1 +
cmd/Kconfig | 15 ++
cmd/Makefile | 1 +
cmd/sm3sum.c | 48 ++++++
cmd/tpm-v2.c | 1 +
common/hash.c | 42 ++++-
include/linux/bitops.h | 11 ++
include/tpm-v2.h | 12 ++
include/u-boot/sm3.h | 35 +++++
lib/Kconfig | 7 +
lib/Makefile | 1 +
lib/efi_loader/efi_tcg2.c | 3 +
lib/sm3.c | 312 ++++++++++++++++++++++++++++++++++++++
lib/tpm-v2.c | 4 +-
lib/tpm_tcg2.c | 9 ++
test/cmd/hash.c | 49 +++++-
17 files changed, 554 insertions(+), 4 deletions(-)
create mode 100644 cmd/sm3sum.c
create mode 100644 include/u-boot/sm3.h
create mode 100644 lib/sm3.c
--
2.20.1
base-commit: 69cc92d6869b8ff4591e5b8850872da34934bab9
--
Nabla Software Engineering
HRB 40522 Augsburg
Phone: +49 821 45592596
E-Mail: [email protected]
Geschäftsführer : Stefano Babic
