From mboxrd@z Thu Jan  1 00:00:00 1970
Authentication-Results: mx.groups.io;
 dkim=missing; spf=pass (domain: intel.com, ip: 192.55.52.88, mailfrom: imran.desai@intel.com)
Received: from mga01.intel.com (mga01.intel.com [192.55.52.88])
 by groups.io with SMTP; Tue, 21 May 2019 09:58:20 -0700
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from fmsmga007.fm.intel.com ([10.253.24.52])
  by fmsmga101.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 21 May 2019 09:58:20 -0700
X-ExtLoop1: 1
Received: from fmsmsx104.amr.corp.intel.com ([10.18.124.202])
  by fmsmga007.fm.intel.com with ESMTP; 21 May 2019 09:58:20 -0700
Received: from FMSMSX109.amr.corp.intel.com (10.18.116.9) by
 fmsmsx104.amr.corp.intel.com (10.18.124.202) with Microsoft SMTP Server (TLS)
 id 14.3.408.0; Tue, 21 May 2019 09:58:20 -0700
Received: from fmsmsx104.amr.corp.intel.com ([169.254.3.158]) by
 FMSMSX109.amr.corp.intel.com ([169.254.15.192]) with mapi id 14.03.0415.000;
 Tue, 21 May 2019 09:58:20 -0700
From: "Desai, Imran" <imran.desai@intel.com>
To: "Yao, Jiewen" <jiewen.yao@intel.com>, "devel@edk2.groups.io"
	<devel@edk2.groups.io>
Subject: Re: [edk2-devel] [Enable measured boot with SM3 digest algorithm 0/4]
Thread-Topic: [edk2-devel] [Enable measured boot with SM3 digest algorithm
 0/4]
Thread-Index: AQHVDPmOhLJ2eFCdFEqqAkFsDS2OZKZ0OMQugAGXYTg=
Date: Tue, 21 May 2019 16:58:19 +0000
Message-ID: <688D07BB9E3A9E4A852BA1336D1910FF83FA0361@fmsmsx104.amr.corp.intel.com>
References: <20190517183127.38140-1-imran.desai@intel.com>,<349057BE-9766-48BB-B2E9-3D4F3C98B009@intel.com>
In-Reply-To: <349057BE-9766-48BB-B2E9-3D4F3C98B009@intel.com>
Accept-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [10.19.9.46]
MIME-Version: 1.0
Return-Path: imran.desai@intel.com
Content-Language: en-US
Content-Type: text/plain; charset="iso-2022-jp"
Content-Transfer-Encoding: quoted-printable

Hello Jiewen,

I tested SM3 PCR extensions on the OvmfPkg using swTPM (and TPM2 simulator=
).
The validation was done comparing PCR extensions from the TCG2 EventLog an=
d SM3 PCR Bank data from the simulator at every extension.
Additionally each SM3 extension and resulting values were compared and con=
trasted against OpenSSL_1_1_1b on a linux dev machine to ensure the accurac=
y of the digest values being produced, extended and realized as a final val=
ue in the PCR.

Thanks and Regards,

Imran Desai
________________________________________
From: Yao, Jiewen
Sent: Monday, May 20, 2019 9:30 AM
To: devel@edk2.groups.io; Desai, Imran
Subject: Re: [edk2-devel] [Enable measured boot with SM3 digest algorithm =
0/4]

hi
thanks for this contribution
Besides the comment from Laszlo, would you please also share your unit tes=
t result?
What test you have done for this patch?

thank you!
Yao, Jiewen


> =1B$B:_=1B(B 2019=1B$BG/=1B(B5=1B$B7n=1B(B17=1B$BF|!$2<8a=1B(B2:43=1B$B!=
$=1B(BImran Desai <imran.desai@intel.com> =1B$B<LF;!'=1B(B
>
> https://github.com/idesai/edk2/tree/enable_sm3_measured_boot
>
> Support for SM3 digest algorithm is needed for TPM with SM3 PCR banks. T=
his digest algorithm is part of the China Crypto algorithm suite. Support f=
or these algorithms is needed to enable platforms for the PRC market.
> This integration has dependency on the openssl_1_1_1b integration into e=
dk2.
>
> Imran Desai (4):
>  sm3_enabling: Augment crypt interface with calls into openssl to
>    calculate sm3 digest prior to exercising TPM2 calls for PCR extend
>  sm3-enabling: Add SM3 TCG algorithm registry value to the
>    PcdTpm2HashMask
>  sm3-enabling: Add SM3 guid reference in the TPM2 hash mask  structure
>    in HashLibBaseCryptoRouterCommon.c
>  sm3-enabling: Add SM3 hashinstance library information to all OvmfPkg
>    and SecurityPkg
>
> SecurityPkg/SecurityPkg.dec                   |   5 +-
> OvmfPkg/OvmfPkgIa32.dsc                       |   2 +
> OvmfPkg/OvmfPkgIa32X64.dsc                    |   2 +
> OvmfPkg/OvmfPkgX64.dsc                        |   2 +
> SecurityPkg/SecurityPkg.dsc                   |   3 +
> .../HashInstanceLibSm3/HashInstanceLibSm3.inf |  46 ++++++
> MdePkg/Include/Protocol/Hash.h                |   5 +
> SecurityPkg/Include/Library/HashLib.h         |   1 +
> .../HashInstanceLibSm3/HashInstanceLibSm3.c   | 155 ++++++++++++++++++
> .../HashLibBaseCryptoRouterCommon.c           |   1 +
> .../HashInstanceLibSm3/HashInstanceLibSm3.uni |  21 +++
> 11 files changed, 241 insertions(+), 2 deletions(-)
> create mode 100644 SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLi=
bSm3.inf
> create mode 100644 SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLi=
bSm3.c
> create mode 100644 SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLi=
bSm3.uni
>
> --
> 2.17.0
>
>
>=20
>