Comment 27 for bug 1938678

I've not read every comment in detail, but I think there is a bit of misunderstanding about what the firmware options discussed here actually do.

Disabling the SM3_256 PCR bank will stop the firmware measuring events to the TPM using SM3_256 and will omit SM3_256 digests from the event log. I assume that the firmware also makes use of the TPM2_PCR_Allocate command to disable all of the PCRs in the SM3_256 bank.

What it does not do is disable SM3_256. If you use the TPM2_PCR_Event or TPM2_EventSequenceComplete command, the TPM will still compute digests for SM3_256 and will respond with a TPML_DIGEST_VALUES structure containing SM3_256 digests. This is where the issue is - because of the way that TPML_DIGEST_VALUES is designed (it doesn't contain sizes in the payload), go-tpm2 needs to know the size of SM3_256 in order to decode the response from the TPM, and it currently doesn't because it relies on go's standard library for this, and that also doesn't support SM3_256.

There is no TCG defined API that would allow platform firmware to disable a digest algorithm via an option in the firmware UI - the TPM's supported algorithms are defined at build time.