diff --git a/SecurityPkg/Include/Library/HashLib.h b/SecurityPkg/Include/Library/HashLib.h
index 63f0839878..6ad960ad70 100644
--- a/SecurityPkg/Include/Library/HashLib.h
+++ b/SecurityPkg/Include/Library/HashLib.h
@@ -137,6 +137,10 @@ EFI_STATUS
 #define HASH_ALGORITHM_SHA256_GUID  EFI_HASH_ALGORITHM_SHA256_GUID
 #define HASH_ALGORITHM_SHA384_GUID  EFI_HASH_ALGORITHM_SHA384_GUID
 #define HASH_ALGORITHM_SHA512_GUID  EFI_HASH_ALGORITHM_SHA512_GUID
+#define HASH_ALGORITHM_SM3_256_GUID \
+  { \
+    0x251C7818, 0x0DBF, 0xE619, { 0x7F, 0xC2, 0xD6, 0xAC, 0x43, 0x42, 0x7D, 0xA3 } \
+  }
 
 typedef struct {
   EFI_GUID                           HashGuid;
diff --git a/SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.c b/SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.c
new file mode 100644
index 0000000000..8fd9516211
--- /dev/null
+++ b/SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.c
@@ -0,0 +1,150 @@
+/** @file
+  BaseCrypto SM3 hash instance library.
+  It can be registered to BaseCrypto router, to serve as hash engine.
+
+  Copyright (c) 2013 - 2019, Intel Corporation. All rights reserved.<BR>
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#include <PiPei.h>
+#include <Library/BaseLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/Tpm2CommandLib.h>
+#include <Library/DebugLib.h>
+#include <Library/BaseCryptLib.h>
+#include <Library/MemoryAllocationLib.h>
+#include <Library/HashLib.h>
+
+/**
+  The function set SM3 to digest list.
+
+  @param DigestList   digest list
+  @param Sm3Digest    SM3 digest
+**/
+VOID
+Tpm2SetSm3ToDigestList (
+  IN TPML_DIGEST_VALUES *DigestList,
+  IN UINT8              *Sm3Digest
+  )
+{
+  DigestList->count = 1;
+  DigestList->digests[0].hashAlg = TPM_ALG_SM3_256;
+  CopyMem (
+    DigestList->digests[0].digest.sm3_256,
+    Sm3Digest,
+    SM3_256_DIGEST_SIZE
+    );
+}
+
+/**
+  Start hash sequence.
+
+  @param HashHandle Hash handle.
+
+  @retval EFI_SUCCESS          Hash sequence start and HandleHandle returned.
+  @retval EFI_OUT_OF_RESOURCES No enough resource to start hash.
+**/
+EFI_STATUS
+EFIAPI
+Sm3HashInit (
+  OUT HASH_HANDLE    *HashHandle
+  )
+{
+  VOID     *Sm3Ctx;
+  UINTN    CtxSize;
+
+  CtxSize = Sm3GetContextSize ();
+  Sm3Ctx = AllocatePool (CtxSize);
+  if (Sm3Ctx == NULL) {
+    return EFI_OUT_OF_RESOURCES;
+  }
+
+  Sm3Init (Sm3Ctx);
+
+  *HashHandle = (HASH_HANDLE)Sm3Ctx;
+
+  return EFI_SUCCESS;
+}
+
+/**
+  Update hash sequence data.
+
+  @param HashHandle    Hash handle.
+  @param DataToHash    Data to be hashed.
+  @param DataToHashLen Data size.
+
+  @retval EFI_SUCCESS     Hash sequence updated.
+**/
+EFI_STATUS
+EFIAPI
+Sm3HashUpdate (
+  IN HASH_HANDLE    HashHandle,
+  IN VOID           *DataToHash,
+  IN UINTN          DataToHashLen
+  )
+{
+  VOID     *Sm3Ctx;
+
+  Sm3Ctx = (VOID *)HashHandle;
+  Sm3Update (Sm3Ctx, DataToHash, DataToHashLen);
+
+  return EFI_SUCCESS;
+}
+
+/**
+  Complete hash sequence complete.
+
+  @param HashHandle    Hash handle.
+  @param DigestList    Digest list.
+
+  @retval EFI_SUCCESS     Hash sequence complete and DigestList is returned.
+**/
+EFI_STATUS
+EFIAPI
+Sm3HashFinal (
+  IN HASH_HANDLE         HashHandle,
+  OUT TPML_DIGEST_VALUES *DigestList
+  )
+{
+  UINT8         Digest[SM3_256_DIGEST_SIZE];
+  VOID          *Sm3Ctx;
+
+  Sm3Ctx = (VOID *)HashHandle;
+  Sm3Final (Sm3Ctx, Digest);
+
+  FreePool (Sm3Ctx);
+
+  Tpm2SetSm3ToDigestList (DigestList, Digest);
+
+  return EFI_SUCCESS;
+}
+
+HASH_INTERFACE  mSm3InternalHashInstance = {
+  HASH_ALGORITHM_SM3_256_GUID,
+  Sm3HashInit,
+  Sm3HashUpdate,
+  Sm3HashFinal,
+};
+
+/**
+  The function register SM3 instance.
+
+  @retval EFI_SUCCESS   SM3 instance is registered, or system dose not support register SM3 instance
+**/
+EFI_STATUS
+EFIAPI
+HashInstanceLibSm3Constructor (
+  VOID
+  )
+{
+  EFI_STATUS  Status;
+
+  Status = RegisterHashInterfaceLib (&mSm3InternalHashInstance);
+  if ((Status == EFI_SUCCESS) || (Status == EFI_UNSUPPORTED)) {
+    //
+    // Unsupported means platform policy does not need this instance enabled.
+    //
+    return EFI_SUCCESS;
+  }
+  return Status;
+}
diff --git a/SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf b/SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf
new file mode 100644
index 0000000000..781164d74e
--- /dev/null
+++ b/SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf
@@ -0,0 +1,41 @@
+## @file
+#  Provides BaseCrypto SM3 hash service
+#
+#  This library can be registered to BaseCrypto router, to serve as hash engine.
+#
+#  Copyright (c) 2013 - 2019, Intel Corporation. All rights reserved.<BR>
+#  SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+[Defines]
+  INF_VERSION                    = 0x00010005
+  BASE_NAME                      = HashInstanceLibSm3
+  MODULE_UNI_FILE                = HashInstanceLibSm3.uni
+  FILE_GUID                      = C5865D5D-9ACE-39FB-DC7C-0511891D40F9
+  MODULE_TYPE                    = BASE
+  VERSION_STRING                 = 1.0
+  LIBRARY_CLASS                  = NULL
+  CONSTRUCTOR                    = HashInstanceLibSm3Constructor
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+#  VALID_ARCHITECTURES           = IA32 X64
+#
+
+[Sources]
+  HashInstanceLibSm3.c
+
+[Packages]
+  MdePkg/MdePkg.dec
+  SecurityPkg/SecurityPkg.dec
+  CryptoPkg/CryptoPkg.dec
+
+[LibraryClasses]
+  BaseLib
+  BaseMemoryLib
+  DebugLib
+  Tpm2CommandLib
+  MemoryAllocationLib
+  BaseCryptLib
diff --git a/SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.uni b/SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.uni
new file mode 100644
index 0000000000..07a5c53d99
--- /dev/null
+++ b/SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.uni
@@ -0,0 +1,15 @@
+// /** @file
+// Provides BaseCrypto SM3 hash service
+//
+// This library can be registered to BaseCrypto router, to serve as hash engine.
+//
+// Copyright (c) 2013 - 2019, Intel Corporation. All rights reserved.<BR>
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+
+#string STR_MODULE_ABSTRACT             #language en-US "Provides BaseCrypto SM3 hash service"
+
+#string STR_MODULE_DESCRIPTION          #language en-US "This library can be registered to BaseCrypto router, to serve as hash engine."
+
diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc
index 60f3b0110e..aef2ac3a20 100644
--- a/SecurityPkg/SecurityPkg.dsc
+++ b/SecurityPkg/SecurityPkg.dsc
@@ -226,6 +226,7 @@
   SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf
   SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf
   SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf
+  SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf
 
   SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf {
     <LibraryClasses>
@@ -240,6 +241,7 @@
       NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf
       NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf
       NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf
+      NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf
   }
 
   SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf {
@@ -250,6 +252,7 @@
       NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf
       NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf
       NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf
+      NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf
       PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf
   }
   SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf {