On Mon, Mar 22, 2021 at 08:33:31AM -0500, Alexandru Gagniuc wrote:
When God said, "May there be FIT signature verification in SPL", Chuck Norris said "SPL image too big". And then there was this patch.
Enabling SPL_FIT_SIGNATURE increased the code size (armv7 platform) by about 16KiB, just enough to go over the SPL image limit. Of that:
- .text.sha256_process 3.8 KiB
- SHA1 implementation 4.4 KiB
Although SHA1 wasn't required, it could not be disabled.
The hash algorithms are implemented in lib/, as is their Kconfig selection for u-boot main. However, Kconfig selection for SPL is implemented in common/. To put it mildly, this is inconsistent. MD5 selection, on the other hand, does not have this problem.
Moving the SPL hash switches to lib/ solves half the problem. They have to be renamed from SPL_<hash>_SUPPORT to SPL_<hash> to make them work elegantly with the CONFIG_IS_ENABLED() macro.
The second half of the problem is not referencing the <hash> symbols when <hash> is disabled. Unfortunately, this requires some more
The above #ifdef problem could be solved in several ways. One way could be to move the hash handlers to linker lists. This, however, won't work for userspace tools (mkimage), as they don't implement custom linker scripts. One could implement a <hash>_register() function for this case, and manually register all hashes. However, this is beyond the scope of this patch.
Signed-off-by: Alexandru Gagniuc mr.nuke.me@gmail.com
This is designed to apply on top of the following series:
- [PATCH v6 00/11] Add support for ECDSA image signing
common/hash.c | 4 ++-- common/image-sig.c | 8 +++++-- common/spl/Kconfig | 54 ---------------------------------------------- include/image.h | 12 +++++------ lib/Kconfig | 39 +++++++++++++++++++++++++++++++++ lib/Makefile | 6 +++--- 6 files changed, 56 insertions(+), 67 deletions(-)
I like this idea. As-is, there's a few problems. socfpga_agilex_vab and imx8mm_venice now fail to build due to missing sha384 support for the former and sram overflow for the latter. ls1046ardb_qspi_spl now also grows SPL a bit by adding sha1 support. Can you look in to these please? Thanks.