I've not read every comment in detail, but I think there is a bit of misunderstanding about what the firmware options discussed here actually do.
Disabling the SM3_256 PCR bank will stop the firmware measuring events to the TPM using SM3_256 and will omit SM3_256 digests from the event log. I assume that the firmware also makes use of the TPM2_PCR_Allocate command to disable all of the PCRs in the SM3_256 bank. What it does not do is disable SM3_256. If you use the TPM2_PCR_Event or TPM2_EventSequenceComplete command, the TPM will still compute digests for SM3_256 and will respond with a TPML_DIGEST_VALUES structure containing SM3_256 digests. This is where the issue is - because of the way that TPML_DIGEST_VALUES is designed (it doesn't contain sizes in the payload), go-tpm2 needs to know the size of SM3_256 in order to decode the response from the TPM, and it currently doesn't because it relies on go's standard library for this, and that also doesn't support SM3_256. There is no TCG defined API that would allow platform firmware to disable a digest algorithm via an option in the firmware UI - the TPM's supported algorithms are defined at build time. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1938678 Title: [intel] [tgl-h][iotg] [hwe-tpm] Ubuntu Core hangs during bootup on TGL-H To manage notifications about this bug go to: https://bugs.launchpad.net/intel/+bug/1938678/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
