From mboxrd@z Thu Jan  1 00:00:00 1970
Authentication-Results: mx.groups.io;
 dkim=missing; spf=pass (domain: intel.com, ip: 134.134.136.100, mailfrom: jiewen.yao@intel.com)
Received: from mga07.intel.com (mga07.intel.com [134.134.136.100])
 by groups.io with SMTP; Tue, 21 May 2019 10:01:21 -0700
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from fmsmga001.fm.intel.com ([10.253.24.23])
  by orsmga105.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 21 May 2019 10:01:20 -0700
X-ExtLoop1: 1
Received: from fmsmsx106.amr.corp.intel.com ([10.18.124.204])
  by fmsmga001.fm.intel.com with ESMTP; 21 May 2019 10:01:20 -0700
Received: from fmsmsx155.amr.corp.intel.com (10.18.116.71) by
 FMSMSX106.amr.corp.intel.com (10.18.124.204) with Microsoft SMTP Server (TLS)
 id 14.3.408.0; Tue, 21 May 2019 10:01:19 -0700
Received: from shsmsx108.ccr.corp.intel.com (10.239.4.97) by
 FMSMSX155.amr.corp.intel.com (10.18.116.71) with Microsoft SMTP Server (TLS)
 id 14.3.408.0; Tue, 21 May 2019 10:01:19 -0700
Received: from shsmsx102.ccr.corp.intel.com ([169.254.2.249]) by
 SHSMSX108.ccr.corp.intel.com ([169.254.8.126]) with mapi id 14.03.0415.000;
 Wed, 22 May 2019 01:01:17 +0800
From: "Yao, Jiewen" <jiewen.yao@intel.com>
To: "Desai, Imran" <imran.desai@intel.com>
CC: "devel@edk2.groups.io" <devel@edk2.groups.io>
Subject: Re: [edk2-devel] [Enable measured boot with SM3 digest algorithm 0/4]
Thread-Topic: [edk2-devel] [Enable measured boot with SM3 digest algorithm
 0/4]
Thread-Index: AQHVDPmOcv2IWSLyMUSf22u173eOJ6Z0OMQugAET9ICAAIbwuQ==
Date: Tue, 21 May 2019 17:01:16 +0000
Message-ID: <8CC817A1-7DF3-4518-89B8-2B129A28120B@intel.com>
References: <20190517183127.38140-1-imran.desai@intel.com>,<349057BE-9766-48BB-B2E9-3D4F3C98B009@intel.com>,<688D07BB9E3A9E4A852BA1336D1910FF83FA0361@fmsmsx104.amr.corp.intel.com>
In-Reply-To: <688D07BB9E3A9E4A852BA1336D1910FF83FA0361@fmsmsx104.amr.corp.intel.com>
Accept-Language: zh-CN, en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
MIME-Version: 1.0
Return-Path: jiewen.yao@intel.com
Content-Language: zh-CN
Content-Type: text/plain; charset="iso-2022-jp"
Content-Transfer-Encoding: quoted-printable

Cool Thanks

thank you!
Yao, Jiewen


> =1B$B:_=1B(B 2019=1B$BG/=1B(B5=1B$B7n=1B(B21=1B$BF|!$>e8a=1B(B9:58=1B$B!=
$=1B(BDesai, Imran <imran.desai@intel.com> =1B$B<LF;!'=1B(B
>=20
> Hello Jiewen,
>=20
> I tested SM3 PCR extensions on the OvmfPkg using swTPM (and TPM2 simulat=
or).
> The validation was done comparing PCR extensions from the TCG2 EventLog =
and SM3 PCR Bank data from the simulator at every extension.
> Additionally each SM3 extension and resulting values were compared and c=
ontrasted against OpenSSL_1_1_1b on a linux dev machine to ensure the accur=
acy of the digest values being produced, extended and realized as a final v=
alue in the PCR.
>=20
> Thanks and Regards,
>=20
> Imran Desai
> ________________________________________
> From: Yao, Jiewen
> Sent: Monday, May 20, 2019 9:30 AM
> To: devel@edk2.groups.io; Desai, Imran
> Subject: Re: [edk2-devel] [Enable measured boot with SM3 digest algorith=
m 0/4]
>=20
> hi
> thanks for this contribution
> Besides the comment from Laszlo, would you please also share your unit t=
est result?
> What test you have done for this patch?
>=20
> thank you!
> Yao, Jiewen
>=20
>=20
>> =1B$B:_=1B(B 2019=1B$BG/=1B(B5=1B$B7n=1B(B17=1B$BF|!$2<8a=1B(B2:43=1B$B=
!$=1B(BImran Desai <imran.desai@intel.com> =1B$B<LF;!'=1B(B
>>=20
>> https://github.com/idesai/edk2/tree/enable_sm3_measured_boot
>>=20
>> Support for SM3 digest algorithm is needed for TPM with SM3 PCR banks. =
This digest algorithm is part of the China Crypto algorithm suite. Support =
for these algorithms is needed to enable platforms for the PRC market.
>> This integration has dependency on the openssl_1_1_1b integration into =
edk2.
>>=20
>> Imran Desai (4):
>> sm3_enabling: Augment crypt interface with calls into openssl to
>>   calculate sm3 digest prior to exercising TPM2 calls for PCR extend
>> sm3-enabling: Add SM3 TCG algorithm registry value to the
>>   PcdTpm2HashMask
>> sm3-enabling: Add SM3 guid reference in the TPM2 hash mask  structure
>>   in HashLibBaseCryptoRouterCommon.c
>> sm3-enabling: Add SM3 hashinstance library information to all OvmfPkg
>>   and SecurityPkg
>>=20
>> SecurityPkg/SecurityPkg.dec                   |   5 +-
>> OvmfPkg/OvmfPkgIa32.dsc                       |   2 +
>> OvmfPkg/OvmfPkgIa32X64.dsc                    |   2 +
>> OvmfPkg/OvmfPkgX64.dsc                        |   2 +
>> SecurityPkg/SecurityPkg.dsc                   |   3 +
>> .../HashInstanceLibSm3/HashInstanceLibSm3.inf |  46 ++++++
>> MdePkg/Include/Protocol/Hash.h                |   5 +
>> SecurityPkg/Include/Library/HashLib.h         |   1 +
>> .../HashInstanceLibSm3/HashInstanceLibSm3.c   | 155 ++++++++++++++++++
>> .../HashLibBaseCryptoRouterCommon.c           |   1 +
>> .../HashInstanceLibSm3/HashInstanceLibSm3.uni |  21 +++
>> 11 files changed, 241 insertions(+), 2 deletions(-)
>> create mode 100644 SecurityPkg/Library/HashInstanceLibSm3/HashInstanceL=
ibSm3.inf
>> create mode 100644 SecurityPkg/Library/HashInstanceLibSm3/HashInstanceL=
ibSm3.c
>> create mode 100644 SecurityPkg/Library/HashInstanceLibSm3/HashInstanceL=
ibSm3.uni
>>=20
>> --
>> 2.17.0
>>=20
>>=20
>>=20
>>=20