The latest go-tpm2[1] seems to support SM3_256.
I tried to build test snapd and kernel snaps but got a dependency issue.
The latest secboot[2] still uses old go-tpm2 API.
I applied the attached patch in comment#17 to go-tpm2[3] which is currently used by snapd.
And, I built a test image with patched snapd and kernel snaps.
Unfortunately, the FDE function still doesn't work with this test image.
The new error message is:
the-tool[334]: panic: crypto: requested hash function #0 is unavailable.
(For details, please refer to the attached photo in comment#18)
As the commit in comment#15 mentioned, the TPM spec currently has one hash algorithm with no corresponding crypto.Hash[4] value (SM3). Whilst it's not possible to use this algorithm in go-tpm2 right now even though there is a go implementation of it.
So, the UC image doesn't support SM3_256 now because Go cryptography libraries[4] doesn't support it.
The latest go-tpm2[1] seems to support SM3_256.
I tried to build test snapd and kernel snaps but got a dependency issue.
The latest secboot[2] still uses old go-tpm2 API.
I applied the attached patch in comment#17 to go-tpm2[3] which is currently used by snapd.
And, I built a test image with patched snapd and kernel snaps.
Unfortunately, the FDE function still doesn't work with this test image.
The new error message is:
the-tool[334]: panic: crypto: requested hash function #0 is unavailable.
(For details, please refer to the attached photo in comment#18)
As the commit in comment#15 mentioned, the TPM spec currently has one hash algorithm with no corresponding crypto.Hash[4] value (SM3). Whilst it's not possible to use this algorithm in go-tpm2 right now even though there is a go implementation of it.
So, the UC image doesn't support SM3_256 now because Go cryptography libraries[4] doesn't support it.
--- /github. com/canonical/ go-tpm2/ blob/master/ types_interface .go#L61 /github. com/snapcore/ secboot f4793dc3c65a019 d749674bc6 /cs.opensource. google/ go/x/crypto
[1] https:/
[2] https:/
[3] go-tpm2, comment id: 32171bd353b113f
[4] https:/