Hi Tom
On Wed, 4 Sept 2024 at 19:43, Tom Rini trini@konsulko.com wrote:
On Wed, Sep 04, 2024 at 01:48:43PM +0100, Peter Robinson wrote:
Hi Simon,
I wonder if we could leave out the SHA stuff? The algorithms are
One of the big advantages of the mbedtls when it comes to all things security is that it's seen a wide audit of it's code which for a lot of usecases is very useful from a security PoV, I'm not sure the amount of audit the U-Boot in project code has had, I'm sure there has been but I've not seen anything published.
Yes, it's a positive in my mind to bring in the assorted hashing algorithms from mbedTLS here.
Exactly. So apart from the know shaXXX there's other alogrithms we can pull directly -- e.g SM2/3/4. In any case, I looked into mbedTLS. You can override the default hashing algos with MBEDTLS_SHA256_ALT etc definitions in the config entry but I don't see the point.
stable and this would seem to avoid much of the size growth, and all the pain of trying to integrate another yet another hashing layer (we already have normal, progressive and h/w acceleration, plus
What's the difference between the first two?
UCLASS_HASH which h/w acceleration should use but that migration never
[...]
Thanks /Ilias