Hi Heiko, On Wed, 19 Nov 2025 at 07:40, Heiko Schocher <[email protected]> wrote: > > Hi Raymond, Ilias, > > On 18.11.25 16:11, Raymond Mao wrote: > > Hi Heiko, > > > > On Mon, Nov 17, 2025 at 11:30 PM Heiko Schocher <[email protected] > > <mailto:[email protected]>> wrote: > > > > > > Add SM3 secure hash, as specified by OSCCA GM/T 0004-2012 SM3 and > > described > > at https://datatracker.ietf.org/doc/html/draft-sca-cfrg-sm3-02 > > <https://datatracker.ietf.org/doc/html/draft-sca-cfrg-sm3-02> > > > > TPMv2 defines hash algo sm3_256, which is currently > > not supported and prevented TPMv2 chip with newer > > firmware to work with U-Boot. Seen this on a ST33TPHF2XI2C > > > > u-boot=> tpm2 init > > u-boot=> tpm2 autostart > > tpm2_get_pcr_info: too many pcrs: 5 > > Error: -90 > > u-boot=> > > > > Implement sm3 hash, so we can fix this problem. > > > > > > Did you add a Measured Boot CI test for SM3 on any boards? The QEMU test > > with swtpm I added might > > not work since it does not support SM3 (Currently it is configured to > > SHA256 only) . > > Not yet, I have to look how I can setup this, as Ilias also mentioned > that. Any chance to setup this with QEMU and swptm ? Ah, if I see it > correct no SM3 support yet in swtpm ?
Yes that's the problem. swtpm does not support SM3 and I can't test locally. If you just boot any OS, the measurements should appear since the functionality is supported by all the major distros and OE. Regards /Ilias > > bye, > Heiko > > > > Raymond > > > > Azure build: > > https://dev.azure.com/hs0298/hs/_build/results?buildId=194&view=results > > > > <https://dev.azure.com/hs0298/hs/_build/results?buildId=194&view=results> > > > > Changes in v3: > > Added Reviewed-by from Ilias > > rebased series to > > commit: 69cc92d6869 ("Merge tag 'efi-2026-01-rc3' of > > https://source.denx.de/u-boot/custodians/u-boot-efi > > <https://source.denx.de/u-boot/custodians/u-boot-efi>") > > add comments from Ilias > > - use sizeof(*sctx) instead of sizeof(struct sm3_context) > > - use output[] instead of output[SM3_DIGEST_SIZE] comment from Ilias > > This leaded to CI error: > > +lib/sm3.c:241:50: error: argument 2 of type ‘uint8_t[]’ {aka > > ‘unsigned char[]’} with > > mismatched bound [-Werror=array-parameter=] > > + 241 | void sm3_final(struct sm3_context *sctx, uint8_t output[]) > > + | ~~~~~~~~^~~~~~~~ > > see: > > > > https://dev.azure.com/hs0298/hs/_build/results?buildId=192&view=logs&j=182673a4-17b9-5c0c-69ad-98f742450579&t=34b689f8-3e29-5ffe-50ea-32bfe99f47c7&l=334 > > > > <https://dev.azure.com/hs0298/hs/_build/results?buildId=192&view=logs&j=182673a4-17b9-5c0c-69ad-98f742450579&t=34b689f8-3e29-5ffe-50ea-32bfe99f47c7&l=334> > > so made this change back to v2 state of the series, to have the same > > arguments as the other hashes in lib/ > > - seperate linux and U-Boot parts into 2 commits > > New in version 3 as Ilias recommended to split linux > > and U-boot changes. > > use CMD_TEST instead of DM_TEST, as Heinrich confirmed > > add comment from Ilias > > - add SM3 support in tcg2_hash_pe_image() > > Added Reviewed-by from Ilias > > > > Changes in v2: > > rebase to > > 6b27b688694: ("Merge branch 'master' of > > https://source.denx.de/u-boot/custodians/u-boot-sh > > <https://source.denx.de/u-boot/custodians/u-boot-sh>") > > add Ilias to Series-cc > > add sm3_hash to header file, so we can use it. > > add comments from Ilias > > - use ARRAY_SIZE(hash_algo_list) instead of a fix number > > in tpm2_get_pcr_info() for the count of supported hashes > > in U-Boot. > > - add SM3 hash in tpm_tcg2 > > Added Reviewed-by tag from Heinrich > > > > Heiko Schocher (6): > > lib: Import rol32 function from Linux > > lib: import sm3 256 hash parts from linux > > lib: sm3: implement U-Boot parts > > test: cmd: hash: add unit test for sm3_256 > > tpm2: add sm3 256 hash support > > test: cmd: fix a typo in md5 test > > > > MAINTAINERS | 7 + > > boot/Kconfig | 1 + > > cmd/Kconfig | 15 ++ > > cmd/Makefile | 1 + > > cmd/sm3sum.c | 48 ++++++ > > cmd/tpm-v2.c | 1 + > > common/hash.c | 42 ++++- > > include/linux/bitops.h | 11 ++ > > include/tpm-v2.h | 12 ++ > > include/u-boot/sm3.h | 35 +++++ > > lib/Kconfig | 7 + > > lib/Makefile | 1 + > > lib/efi_loader/efi_tcg2.c | 3 + > > lib/sm3.c | 312 ++++++++++++++++++++++++++++++++++++++ > > lib/tpm-v2.c | 4 +- > > lib/tpm_tcg2.c | 9 ++ > > test/cmd/hash.c | 49 +++++- > > 17 files changed, 554 insertions(+), 4 deletions(-) > > create mode 100644 cmd/sm3sum.c > > create mode 100644 include/u-boot/sm3.h > > create mode 100644 lib/sm3.c > > > > -- > > 2.20.1 > > > > base-commit: 69cc92d6869b8ff4591e5b8850872da34934bab9 > > > > -- > Nabla Software Engineering > HRB 40522 Augsburg > Phone: +49 821 45592596 > E-Mail: [email protected] > Geschäftsführer : Stefano Babic
