Hi Simon,
From: Simon Glass sjg@chromium.org Sent: Wednesday, October 6, 2021 10:10 PM
Hi Chia-Wei,
On Thu, 16 Sept 2021 at 00:39, Chia-Wei Wang chiawei_wang@aspeedtech.com wrote:
Use DM_HASH to perform hashing operations if supported. Thus either SW or HW-assisted hashing could be leveraged.
This is missing a full motivation. Please can you explain why this code is needed on a board, rather than just the host?
As of recently, this has become host-only code.
The entry to non-DM hash function for U-Boot is kind of inconsistent.
When a FIT image is verified by a hash digest: hash-1 { algo = "sha256"; };
The hash is calculated by calculate_hash() in image-fit.c. fit_image_verify_with_data() -> fit_image_check_hash() -> calculate_hash()
However, when a FIT image is verified by a checksum signature: signature { algo = "sha256,rsa2048"; key-name-hint = "dev"; };
The hash comes from hash_calculate() in hash-checksum.c. fit_image_verify_with_data() -> fit_image_setup_verify() -> image_get_checksum_algo() -> hash_calculate()
I checked the master and next branches. It seems that the logic still exists. (correct me if I am wrong) This patch is like a temporary solution to make the DM_HASH work smoothly. I believe a patch to refactor hash calculation of U-boot itself and the host tools is needed in the future.
Regards, Chiawei