From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: redhat.com, ip: 209.132.183.28, mailfrom: lersek@redhat.com) Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by groups.io with SMTP; Mon, 15 Jul 2019 07:33:12 -0700 Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id B26F9C057F3C; Mon, 15 Jul 2019 14:33:11 +0000 (UTC) Received: from lacos-laptop-7.usersys.redhat.com (ovpn-117-21.ams2.redhat.com [10.36.117.21]) by smtp.corp.redhat.com (Postfix) with ESMTP id DBEA760C05; Mon, 15 Jul 2019 14:33:07 +0000 (UTC) Subject: Re: [PATCH v6 5/5] OvmfPkg: link SM3 support into Tcg2Pei and Tcg2Dxe To: Imran Desai , devel@edk2.groups.io Cc: Jordan Justen , Ard Biesheuvel , =?UTF-8?Q?Marc-Andr=c3=a9_Lureau?= , Stefan Berger References: <20190713004701.78253-1-imran.desai@intel.com> <20190713004701.78253-6-imran.desai@intel.com> From: "Laszlo Ersek" Message-ID: Date: Mon, 15 Jul 2019 16:33:06 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: <20190713004701.78253-6-imran.desai@intel.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.32]); Mon, 15 Jul 2019 14:33:11 +0000 (UTC) Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 07/13/19 02:47, Imran Desai wrote: > BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1781 > GITHUB: https://github.com/idesai/edk2/tree/enable_sm3_measured_boot_v6 >=20 > EDK2 Support for SM3 digest algorithm is needed to enable TPM with SM3 = PCR > banks. This digest algorithm is part of the China Crypto algorithm suit= e. > This integration has dependency on the openssl_1_1_1b integration into > edk2. >=20 > This patch links SM3 support into Tcg2Pei and Tcg2Dxe. >=20 > Cc: Jordan Justen > Cc: Laszlo Ersek > Cc: Ard Biesheuvel > Cc: Marc-Andr=C3=83=C2=A9 Lureau > Cc: Stefan Berger >=20 > Signed-off-by: Imran Desai > --- > OvmfPkg/OvmfPkgIa32.dsc | 2 ++ > OvmfPkg/OvmfPkgIa32X64.dsc | 2 ++ > OvmfPkg/OvmfPkgX64.dsc | 2 ++ > 3 files changed, 6 insertions(+) >=20 > diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc > index 5bbf87540ab9..6ab730018694 100644 > --- a/OvmfPkg/OvmfPkgIa32.dsc > +++ b/OvmfPkg/OvmfPkgIa32.dsc > @@ -625,6 +625,7 @@ [Components] > NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSh= a256.inf > NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSh= a384.inf > NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSh= a512.inf > + NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.i= nf > } > !if $(TPM2_CONFIG_ENABLE) =3D=3D TRUE > SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf > @@ -906,5 +907,6 @@ [Components] > NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSh= a256.inf > NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSh= a384.inf > NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSh= a512.inf > + NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.i= nf > } > !endif > diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc > index 5015e92b6eea..f163aa267132 100644 > --- a/OvmfPkg/OvmfPkgIa32X64.dsc > +++ b/OvmfPkg/OvmfPkgIa32X64.dsc > @@ -637,6 +637,7 @@ [Components.IA32] > NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSh= a256.inf > NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSh= a384.inf > NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSh= a512.inf > + NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.i= nf > } > !if $(TPM2_CONFIG_ENABLE) =3D=3D TRUE > SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf > @@ -920,5 +921,6 @@ [Components.X64] > NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSh= a256.inf > NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSh= a384.inf > NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSh= a512.inf > + NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.i= nf > } > !endif > diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc > index dda8dac18441..fa98f16a3fb3 100644 > --- a/OvmfPkg/OvmfPkgX64.dsc > +++ b/OvmfPkg/OvmfPkgX64.dsc > @@ -636,6 +636,7 @@ [Components] > NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSh= a256.inf > NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSh= a384.inf > NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSh= a512.inf > + NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.i= nf > } > !if $(TPM2_CONFIG_ENABLE) =3D=3D TRUE > SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf > @@ -918,5 +919,6 @@ [Components] > NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSh= a256.inf > NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSh= a384.inf > NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSh= a512.inf > + NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.i= nf > } > !endif >=20 * This is very similar to commit b9130c866dc0 ("OvmfPkg: link Sha384 and Sha512 support into Tcg2Pei and Tcg2Dxe", 2018-08-16); I'm glad to have a cheat-sheet like that for reviewing this patch. Reviewed-by: Laszlo Ersek * To the maintainer that pushes this series: please make sure that Marc-Andr=C3=A9's name is corrected in the CC tag. = The unicode code point that is currently encoded incorrectly in the commit message is "LATIN SMALL LETTER E WITH ACUTE" (U+00E9). Thanks, Laszlo