From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: intel.com, ip: 134.134.136.65, mailfrom: jian.j.wang@intel.com) Received: from mga03.intel.com (mga03.intel.com [134.134.136.65]) by groups.io with SMTP; Fri, 07 Jun 2019 15:19:24 -0700 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga003.jf.intel.com ([10.7.209.27]) by orsmga103.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 07 Jun 2019 15:19:24 -0700 X-ExtLoop1: 1 Received: from fmsmsx106.amr.corp.intel.com ([10.18.124.204]) by orsmga003.jf.intel.com with ESMTP; 07 Jun 2019 15:19:24 -0700 Received: from fmsmsx117.amr.corp.intel.com (10.18.116.17) by FMSMSX106.amr.corp.intel.com (10.18.124.204) with Microsoft SMTP Server (TLS) id 14.3.408.0; Fri, 7 Jun 2019 15:19:14 -0700 Received: from shsmsx152.ccr.corp.intel.com (10.239.6.52) by fmsmsx117.amr.corp.intel.com (10.18.116.17) with Microsoft SMTP Server (TLS) id 14.3.408.0; Fri, 7 Jun 2019 15:19:14 -0700 Received: from shsmsx107.ccr.corp.intel.com ([169.254.9.98]) by SHSMSX152.ccr.corp.intel.com ([169.254.6.187]) with mapi id 14.03.0415.000; Sat, 8 Jun 2019 06:19:12 +0800 From: "Wang, Jian J" To: "devel@edk2.groups.io" , "Desai, Imran" Subject: Re: [edk2-devel] [PATCH v2 4/5] SecurityPkg: set SM3 bit in TPM 2.0 hash mask by default Thread-Topic: [edk2-devel] [PATCH v2 4/5] SecurityPkg: set SM3 bit in TPM 2.0 hash mask by default Thread-Index: AQHVFZXBkFiMV5IZZkCpGPqYaUpOKaaQ0tbA Date: Fri, 7 Jun 2019 22:19:11 +0000 Message-ID: References: <20190528204049.86463-1-imran.desai@intel.com> <20190528204049.86463-5-imran.desai@intel.com> In-Reply-To: <20190528204049.86463-5-imran.desai@intel.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiNjI4MjBlMTMtMzY4Yy00Mzk3LWIxYTYtZmZkYjY3NDhiNjBmIiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoia2dweGc1c1BFckd1SWxyd29la1BuNUd4OEdBcG1qaXNMOUJMZ2M1YWFUNldqUmV0MGVES1FOdDlReU1DQTlQTiJ9 x-ctpclassification: CTP_NT dlp-product: dlpe-windows dlp-version: 11.0.600.7 dlp-reaction: no-action x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Return-Path: jian.j.wang@intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Reviewed-by: Jian J Wang > -----Original Message----- > From: devel@edk2.groups.io [mailto:devel@edk2.groups.io] On Behalf Of Im= ran > Desai > Sent: Wednesday, May 29, 2019 4:41 AM > To: devel@edk2.groups.io > Subject: [edk2-devel] [PATCH v2 4/5] SecurityPkg: set SM3 bit in TPM 2.0= hash > mask by default >=20 >=20 > BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1781 >=20 > EDK2 Support for SM3 digest algorithm is needed to enable TPM with SM3 P= CR > banks. This digest algorithm is part of the China Crypto algorithm suite= . > This integration has dependency on the openssl_1_1_1b integration into > edk2. > This patch sets SM3 bit in TPM2.0 hash mask by default. >=20 > Signed-off-by: Imran Desai > Cc: Chao Zhang > Cc: Jiewen Yao > Cc: Jian Wang > --- > SecurityPkg/SecurityPkg.dec | 5 +++-- > 1 file changed, 3 insertions(+), 2 deletions(-) >=20 > diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec > index 3314f1854be4..fa3a4fcf5869 100644 > --- a/SecurityPkg/SecurityPkg.dec > +++ b/SecurityPkg/SecurityPkg.dec > @@ -438,9 +438,10 @@ [PcdsDynamic, PcdsDynamicEx] > # BIT1 - SHA256.
> # BIT2 - SHA384.
> # BIT3 - SHA512.
> + # BIT4 - SM3_256.
> # @Prompt Hash mask for TPM 2.0 > - # @ValidRange 0x80000001 | 0x00000000 - 0x0000000F > - > gEfiSecurityPkgTokenSpaceGuid.PcdTpm2HashMask|0x0000000F|UINT32|0x00 > 010010 > + # @ValidRange 0x80000001 | 0x00000000 - 0x0000001F > + > gEfiSecurityPkgTokenSpaceGuid.PcdTpm2HashMask|0x0000001F|UINT32|0x00 > 010010 >=20 > ## This PCD indicated final BIOS supported Hash mask. > # Bios may choose to register a subset of PcdTpm2HashMask. > -- > 2.17.0 >=20 >=20 >=20