Merge patch series "Add support for SM3 secure hash"

Heiko Schocher <[email protected]> says:

Add SM3 secure hash, as specified by OSCCA GM/T 0004-2012 SM3 and described
at https://datatracker.ietf.org/doc/html/draft-sca-cfrg-sm3-02

TPMv2 defines hash algo sm3_256, which is currently
not supported and prevented TPMv2 chip with newer
firmware to work with U-Boot. Seen this on a ST33TPHF2XI2C

    u-boot=> tpm2 init
    u-boot=> tpm2 autostart
    tpm2_get_pcr_info: too many pcrs: 5
    Error: -90
    u-boot=>

Implement sm3 hash, so we can fix this problem.

Link: https://lore.kernel.org/r/[email protected]

4 files changed, 65 insertions, 0 deletions

diff --git a/cmd/Kconfig b/cmd/Kconfig
index 5b9c13d85e7..8e3efff2bee 100644
--- a/cmd/Kconfig
+++ b/cmd/Kconfig
@@ -264,6 +264,21 @@ config CMD_SBI
 	help
 	  Display information about the SBI implementation.
 
+config CMD_SM3SUM
+	bool "sm3sum"
+	select SM3
+	select HASH
+	help
+	  Compute SM3 checksum.
+	  add SM3 hash functionality
+
+config SM3SUM_VERIFY
+	bool "sm3sum -v"
+	depends on CMD_SM3SUM
+	help
+	  Add for the sm3sum command the -v option
+	  to verify data against an SM3 checksum.
+
 config CMD_SMBIOS
 	bool "smbios"
 	depends on SMBIOS
diff --git a/cmd/Makefile b/cmd/Makefile
index 25479907797..642042cfe00 100644
--- a/cmd/Makefile
+++ b/cmd/Makefile
@@ -177,6 +177,7 @@ obj-$(CONFIG_CMD_SETEXPR) += setexpr.o
 obj-$(CONFIG_CMD_SETEXPR_FMT) += printf.o
 obj-$(CONFIG_CMD_SPI) += spi.o
 obj-$(CONFIG_CMD_STRINGS) += strings.o
+obj-$(CONFIG_CMD_SM3SUM) += sm3sum.o
 obj-$(CONFIG_CMD_SMBIOS) += smbios.o
 obj-$(CONFIG_CMD_SMC) += smccc.o
 obj-$(CONFIG_CMD_SYSBOOT) += sysboot.o
diff --git a/cmd/sm3sum.c b/cmd/sm3sum.c
new file mode 100644
index 00000000000..9044a322e22
--- /dev/null
+++ b/cmd/sm3sum.c
@@ -0,0 +1,48 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * (C) Copyright 2025
+ * Heiko Schocher, Nabladev Software Engineering, [email protected]
+ *
+ * based on code from cmd/md5sum.c
+ */
+
+#include <command.h>
+#include <env.h>
+#include <hash.h>
+
+static int do_sm3sum(struct cmd_tbl *cmdtp, int flag, int argc,
+		     char *const argv[])
+{
+	int flags = HASH_FLAG_ENV;
+	int ac;
+	char *const *av;
+
+	if (argc < 3)
+		return CMD_RET_USAGE;
+
+	av = argv + 1;
+	ac = argc - 1;
+	if (IS_ENABLED(CONFIG_SM3SUM_VERIFY) && strcmp(*av, "-v") == 0) {
+		flags |= HASH_FLAG_VERIFY;
+		av++;
+		ac--;
+	}
+
+	return hash_command("sm3_256", flags, cmdtp, flag, ac, av);
+}
+
+#if IS_ENABLED(CONFIG_SM3SUM_VERIFY)
+U_BOOT_CMD(sm3sum, 5, 1, do_sm3sum,
+	   "compute SM3 message digest",
+	   "address count [[*]sum]\n"
+	   "  - compute SM3 message digest [save to sum]\n"
+	   "sm3sum -v address count [*]sum\n"
+	   "  - verify sm3sum of memory area"
+);
+#else
+U_BOOT_CMD(sm3sum, 4, 1, do_sm3sum,
+	   "compute SM3 message digest",
+	   "address count [[*]sum]\n"
+	   "  - compute SM3 message digest [save to sum]"
+);
+#endif /* IS_ENABLED(CONFIG_SM3SUM_VERIFY) */
diff --git a/cmd/tpm-v2.c b/cmd/tpm-v2.c
index 346e21d27bb..847b2691581 100644
--- a/cmd/tpm-v2.c
+++ b/cmd/tpm-v2.c
@@ -589,6 +589,7 @@ U_BOOT_CMD(tpm2, CONFIG_SYS_MAXARGS, 1, do_tpm, "Issue a TPMv2.x command",
 "        * sha256\n"
 "        * sha384\n"
 "        * sha512\n"
+"        * sm3_256\n"
 "    <on|off> is one of:\n"
 "        * on  - Select all available PCRs associated with the specified\n"
 "                algorithm (bank)\n"