[U-Boot] [PATCHv4 1/2] FIT: Rename FIT_DISABLE_SHA256 to FIT_ENABLE_SHA256_SUPPORT
We rename CONFIG_FIT_DISABLE_SHA256 to CONFIG_FIT_ENABLE_SHA256_SUPPORT which is enabled by default and now a positive option. Convert the handful of boards that were disabling it before to save space.
Cc: Dirk Eibach eibach@gdsys.de Cc: Lukasz Dalek luk0104@gmail.com Signed-off-by: Tom Rini trini@konsulko.com Reviewed-by: Simon Glass sjg@chromium.org --- Changes in v4: - Fix HOST_CC side of changes to include/image.h so that the host tools will continue to have SHA256 support. --- Kconfig | 13 +++++++++++++ README | 9 --------- configs/dlvision-10g_defconfig | 1 + configs/dlvision_defconfig | 1 + configs/h2200_defconfig | 1 + configs/io_defconfig | 1 + configs/iocon_defconfig | 1 + configs/neo_defconfig | 1 + include/configs/dlvision-10g.h | 3 --- include/configs/dlvision.h | 3 --- include/configs/h2200.h | 1 - include/configs/io.h | 3 --- include/configs/iocon.h | 3 --- include/configs/neo.h | 3 --- include/image.h | 16 ++++++---------- scripts/config_whitelist.txt | 1 - 16 files changed, 25 insertions(+), 36 deletions(-)
diff --git a/Kconfig b/Kconfig index 1cf990dfce33..0a445313f62c 100644 --- a/Kconfig +++ b/Kconfig @@ -157,6 +157,19 @@ config FIT
if FIT
+config FIT_ENABLE_SHA256_SUPPORT + bool "Support SHA256 checksum of FIT image contents" + default y + help + Enable this to support SHA256 checksum of FIT image contents. A + SHA256 checksum is a 256-bit (32-byte) hash value used to check that + the image contents have not been corrupted. SHA256 is recommended + for use in secure applications since (as at 2016) there is no known + feasible attack that could produce a 'collision' with differing + input data. Use this for the highest security. Note that only the + SHA256 variant is supported: SHA512 and others are not currently + supported in U-Boot. + config FIT_SIGNATURE bool "Enable signature verification of FIT uImages" depends on DM diff --git a/README b/README index f4eecd0a0bd1..9a642afaa80f 100644 --- a/README +++ b/README @@ -3035,15 +3035,6 @@ FIT uImage format: This define is introduced, as the legacy image format is enabled per default for backward compatibility.
-- FIT image support: - CONFIG_FIT_DISABLE_SHA256 - Supporting SHA256 hashes has quite an impact on binary size. - For constrained systems sha256 hash support can be disabled - with this option. - - TODO(sjg@chromium.org): Adjust this option to be positive, - and move it to Kconfig - - Standalone program support: CONFIG_STANDALONE_LOAD_ADDR
diff --git a/configs/dlvision-10g_defconfig b/configs/dlvision-10g_defconfig index c3574e199645..44f7527a9ce7 100644 --- a/configs/dlvision-10g_defconfig +++ b/configs/dlvision-10g_defconfig @@ -3,6 +3,7 @@ CONFIG_IDENT_STRING=" dlvision-10g 0.06" CONFIG_4xx=y CONFIG_TARGET_DLVISION_10G=y CONFIG_FIT=y +# CONFIG_FIT_ENABLE_SHA256_SUPPORT is not set CONFIG_FIT_VERBOSE=y CONFIG_OF_BOARD_SETUP=y CONFIG_BOOTDELAY=5 diff --git a/configs/dlvision_defconfig b/configs/dlvision_defconfig index f9f07ee8f12a..4dd09a2af8d4 100644 --- a/configs/dlvision_defconfig +++ b/configs/dlvision_defconfig @@ -3,6 +3,7 @@ CONFIG_IDENT_STRING=" dlvision 0.02" CONFIG_4xx=y CONFIG_TARGET_DLVISION=y CONFIG_FIT=y +# CONFIG_FIT_ENABLE_SHA256_SUPPORT is not set CONFIG_FIT_VERBOSE=y CONFIG_OF_BOARD_SETUP=y CONFIG_BOOTDELAY=5 diff --git a/configs/h2200_defconfig b/configs/h2200_defconfig index b85ed598066e..9d3698c5559c 100644 --- a/configs/h2200_defconfig +++ b/configs/h2200_defconfig @@ -1,6 +1,7 @@ CONFIG_ARM=y CONFIG_TARGET_H2200=y CONFIG_FIT=y +# CONFIG_FIT_ENABLE_SHA256_SUPPORT is not set CONFIG_SYS_CONSOLE_IS_IN_ENV=y # CONFIG_DISPLAY_CPUINFO is not set # CONFIG_DISPLAY_BOARDINFO is not set diff --git a/configs/io_defconfig b/configs/io_defconfig index 5dca2b121c8a..27edc5976b2c 100644 --- a/configs/io_defconfig +++ b/configs/io_defconfig @@ -3,6 +3,7 @@ CONFIG_IDENT_STRING=" io 0.06" CONFIG_4xx=y CONFIG_TARGET_IO=y CONFIG_FIT=y +# CONFIG_FIT_ENABLE_SHA256_SUPPORT is not set CONFIG_FIT_VERBOSE=y CONFIG_OF_BOARD_SETUP=y CONFIG_BOOTDELAY=5 diff --git a/configs/iocon_defconfig b/configs/iocon_defconfig index c74df944a6ae..2529181620d5 100644 --- a/configs/iocon_defconfig +++ b/configs/iocon_defconfig @@ -3,6 +3,7 @@ CONFIG_IDENT_STRING=" iocon 0.06" CONFIG_4xx=y CONFIG_TARGET_IOCON=y CONFIG_FIT=y +# CONFIG_FIT_ENABLE_SHA256_SUPPORT is not set CONFIG_OF_BOARD_SETUP=y CONFIG_BOOTDELAY=5 CONFIG_SYS_CONSOLE_INFO_QUIET=y diff --git a/configs/neo_defconfig b/configs/neo_defconfig index fbb2da47f0a6..1bf5151baad6 100644 --- a/configs/neo_defconfig +++ b/configs/neo_defconfig @@ -3,6 +3,7 @@ CONFIG_IDENT_STRING=" neo 0.02" CONFIG_4xx=y CONFIG_TARGET_NEO=y CONFIG_FIT=y +# CONFIG_FIT_ENABLE_SHA256_SUPPORT is not set CONFIG_FIT_VERBOSE=y CONFIG_OF_BOARD_SETUP=y CONFIG_BOOTDELAY=5 diff --git a/include/configs/dlvision-10g.h b/include/configs/dlvision-10g.h index e32651f54113..c5e227650e54 100644 --- a/include/configs/dlvision-10g.h +++ b/include/configs/dlvision-10g.h @@ -31,9 +31,6 @@ #define PLLMR0_DEFAULT PLLMR0_266_133_66 #define PLLMR1_DEFAULT PLLMR1_266_133_66
-/* new uImage format support */ -#define CONFIG_FIT_DISABLE_SHA256 - #define CONFIG_ENV_IS_IN_FLASH /* use FLASH for environment vars */
/* diff --git a/include/configs/dlvision.h b/include/configs/dlvision.h index 2b7d62b03482..f8d390ba33ae 100644 --- a/include/configs/dlvision.h +++ b/include/configs/dlvision.h @@ -29,9 +29,6 @@ #define PLLMR0_DEFAULT PLLMR0_266_133_66_33 #define PLLMR1_DEFAULT PLLMR1_266_133_66_33
-/* new uImage format support */ -#define CONFIG_FIT_DISABLE_SHA256 - #define CONFIG_ENV_IS_IN_FLASH /* use FLASH for environment vars */
/* diff --git a/include/configs/h2200.h b/include/configs/h2200.h index d8724f86a738..530a88e9e1a7 100644 --- a/include/configs/h2200.h +++ b/include/configs/h2200.h @@ -109,7 +109,6 @@
#define CONFIG_SYS_BAUDRATE_TABLE { 9600, 38400, 115200 }
-#define CONFIG_FIT_DISABLE_SHA256 #define CONFIG_SETUP_MEMORY_TAGS #define CONFIG_CMDLINE_TAG #define CONFIG_INITRD_TAG diff --git a/include/configs/io.h b/include/configs/io.h index 3e44a8c60753..ee2b52a7ede6 100644 --- a/include/configs/io.h +++ b/include/configs/io.h @@ -31,9 +31,6 @@ #define PLLMR0_DEFAULT PLLMR0_266_133_66 #define PLLMR1_DEFAULT PLLMR1_266_133_66
-/* new uImage format support */ -#define CONFIG_FIT_DISABLE_SHA256 - #define CONFIG_ENV_IS_IN_FLASH /* use FLASH for environment vars */
/* diff --git a/include/configs/iocon.h b/include/configs/iocon.h index 9c3be78bc73b..afa69942e84a 100644 --- a/include/configs/iocon.h +++ b/include/configs/iocon.h @@ -33,9 +33,6 @@ #define PLLMR0_DEFAULT PLLMR0_266_133_66 #define PLLMR1_DEFAULT PLLMR1_266_133_66
-/* new uImage format support */ -#define CONFIG_FIT_DISABLE_SHA256 - #define CONFIG_ENV_IS_IN_FLASH /* use FLASH for environment vars */
/* diff --git a/include/configs/neo.h b/include/configs/neo.h index 9115e251b1bf..1d8e13f0353b 100644 --- a/include/configs/neo.h +++ b/include/configs/neo.h @@ -31,9 +31,6 @@ #define PLLMR0_DEFAULT PLLMR0_266_133_66_33 #define PLLMR1_DEFAULT PLLMR1_266_133_66_33
-/* new uImage format support */ -#define CONFIG_FIT_DISABLE_SHA256 - #define CONFIG_ENV_IS_IN_FLASH /* use FLASH for environment vars */
/* diff --git a/include/image.h b/include/image.h index 3f26f9bd1f62..800426d51f96 100644 --- a/include/image.h +++ b/include/image.h @@ -29,6 +29,7 @@ struct lmb; #define IMAGE_ENABLE_FIT 1 #define IMAGE_ENABLE_OF_LIBFDT 1 #define CONFIG_FIT_VERBOSE 1 /* enable fit_format_{error,warning}() */ +#define CONFIG_FIT_ENABLE_SHA256_SUPPORT
#define IMAGE_ENABLE_IGNORE 0 #define IMAGE_INDENT_STRING "" @@ -62,9 +63,6 @@ struct lmb; # ifdef CONFIG_SPL_SHA1_SUPPORT # define IMAGE_ENABLE_SHA1 1 # endif -# ifdef CONFIG_SPL_SHA256_SUPPORT -# define IMAGE_ENABLE_SHA256 1 -# endif # else # define CONFIG_CRC32 /* FIT images need CRC32 support */ # define CONFIG_SHA1 /* and SHA1 */ @@ -72,14 +70,8 @@ struct lmb; # define IMAGE_ENABLE_CRC32 1 # define IMAGE_ENABLE_MD5 1 # define IMAGE_ENABLE_SHA1 1 -# define IMAGE_ENABLE_SHA256 1 # endif
-#ifdef CONFIG_FIT_DISABLE_SHA256 -#undef CONFIG_SHA256 -#undef IMAGE_ENABLE_SHA256 -#endif - #ifndef IMAGE_ENABLE_CRC32 #define IMAGE_ENABLE_CRC32 0 #endif @@ -92,7 +84,11 @@ struct lmb; #define IMAGE_ENABLE_SHA1 0 #endif
-#ifndef IMAGE_ENABLE_SHA256 +#if defined(CONFIG_FIT_ENABLE_SHA256_SUPPORT) || \ + defined(CONFIG_SPL_SHA256_SUPPORT) +#define CONFIG_SHA256 +#define IMAGE_ENABLE_SHA256 1 +#else #define IMAGE_ENABLE_SHA256 0 #endif
diff --git a/scripts/config_whitelist.txt b/scripts/config_whitelist.txt index 0cb5d338ab12..8e456fe03fbd 100644 --- a/scripts/config_whitelist.txt +++ b/scripts/config_whitelist.txt @@ -948,7 +948,6 @@ CONFIG_FFUART CONFIG_FILE CONFIG_FIRMWARE_OFFSET CONFIG_FIRMWARE_SIZE -CONFIG_FIT_DISABLE_SHA256 CONFIG_FIXED_PHY CONFIG_FIXED_PHY_ADDR CONFIG_FIXED_SDHCI_ALIGNED_BUFFER
Commit 94e3c8c4fd7b ("crypto/fsl - Add progressive hashing support using hardware acceleration.") created entries for CONFIG_SHA1, CONFIG_SHA256, CONFIG_SHA_HW_ACCEL, and CONFIG_SHA_PROG_HW_ACCEL. However, no defconfig has migrated to it. Complete the move by first adding additional logic to various Kconfig files to select this when required and then use the moveconfig tool. In many cases we can select these because they are required to implement other drivers. We also correct how we include the various hashing algorithms in SPL.
This commit was generated as follows (after Kconfig additions):
[1] tools/moveconfig.py -y SHA1 SHA256 SHA_HW_ACCEL [2] tools/moveconfig.py -y SHA_PROG_HW_ACCEL
Note: We cannot move SHA_HW_ACCEL and SHA_PROG_HW_ACCEL simultaneously because there is dependency between them.
Cc: Poonam Aggrwal poonam.aggrwal@freescale.com Cc: Naveen Burmi NaveenBurmi@freescale.com Cc: Po Liu po.liu@freescale.com Cc: Shengzhou Liu Shengzhou.Liu@freescale.com Cc: Priyanka Jain Priyanka.Jain@freescale.com Cc: Shaohui Xie Shaohui.Xie@freescale.com Cc: Chunhe Lan Chunhe.Lan@freescale.com Cc: Chander Kashyap k.chander@samsung.com Cc: Steve Rae steve.rae@raedomain.com Cc: Dirk Eibach eibach@gdsys.de Cc: Feng Li feng.li_2@nxp.com Cc: Alison Wang alison.wang@freescale.com Cc: Sumit Garg sumit.garg@nxp.com Cc: Mingkai Hu Mingkai.Hu@freescale.com Cc: York Sun york.sun@nxp.com Cc: Prabhakar Kushwaha prabhakar.kushwaha@nxp.com Cc: Jaehoon Chung jh80.chung@samsung.com Cc: Akshay Saraswat akshay.s@samsung.com Cc: Simon Glass sjg@chromium.org Cc: Heiko Schocher hs@denx.de Cc: Jagan Teki jagan@amarulasolutions.com Signed-off-by: Tom Rini trini@konsulko.com --- Changes in v4: - Clean up README as well - Re-sync defconfig changes (much less this time). - select SHA_HW_ACCEL on ARCH_EXYNOS5. Changes in v3: - Take authorship, update commit message more to reflect how the migration happened. Changes in v2: - Add a large number of select statements so that our overall delta is fairly small. This is not size neutral but is I believe correct. We had a number of cases before where we did not enable hw assist in the hash command and only made use of it in certain back end locations.
Kconfig | 2 ++ arch/arm/include/asm/fsl_secure_boot.h | 2 -- arch/powerpc/include/asm/fsl_secure_boot.h | 1 - board/freescale/common/Kconfig | 2 ++ common/spl/Kconfig | 4 ++++ configs/B4420QDS_NAND_defconfig | 1 + configs/B4420QDS_SPIFLASH_defconfig | 1 + configs/B4420QDS_defconfig | 1 + configs/B4860QDS_NAND_defconfig | 1 + configs/B4860QDS_SPIFLASH_defconfig | 1 + configs/B4860QDS_SRIO_PCIE_BOOT_defconfig | 1 + configs/B4860QDS_defconfig | 1 + configs/BSC9131RDB_NAND_SYSCLK100_defconfig | 1 + configs/BSC9131RDB_NAND_defconfig | 1 + configs/BSC9131RDB_SPIFLASH_SYSCLK100_defconfig | 1 + configs/BSC9131RDB_SPIFLASH_defconfig | 1 + configs/BSC9132QDS_NAND_DDRCLK100_defconfig | 1 + configs/BSC9132QDS_NAND_DDRCLK133_defconfig | 1 + configs/BSC9132QDS_NOR_DDRCLK100_defconfig | 1 + configs/BSC9132QDS_NOR_DDRCLK133_defconfig | 1 + configs/BSC9132QDS_SDCARD_DDRCLK100_defconfig | 1 + configs/BSC9132QDS_SDCARD_DDRCLK133_defconfig | 1 + configs/BSC9132QDS_SPIFLASH_DDRCLK100_defconfig | 1 + configs/BSC9132QDS_SPIFLASH_DDRCLK133_defconfig | 1 + configs/C29XPCIE_NAND_defconfig | 1 + configs/C29XPCIE_SPIFLASH_defconfig | 1 + configs/C29XPCIE_defconfig | 1 + configs/P1010RDB-PA_36BIT_NAND_defconfig | 1 + configs/P1010RDB-PA_36BIT_NOR_defconfig | 1 + configs/P1010RDB-PA_36BIT_SDCARD_defconfig | 1 + configs/P1010RDB-PA_36BIT_SPIFLASH_defconfig | 1 + configs/P1010RDB-PA_NAND_defconfig | 1 + configs/P1010RDB-PA_NOR_defconfig | 1 + configs/P1010RDB-PA_SDCARD_defconfig | 1 + configs/P1010RDB-PA_SPIFLASH_defconfig | 1 + configs/P1010RDB-PB_36BIT_NAND_defconfig | 1 + configs/P1010RDB-PB_36BIT_NOR_defconfig | 1 + configs/P1010RDB-PB_36BIT_SDCARD_defconfig | 1 + configs/P1010RDB-PB_36BIT_SPIFLASH_defconfig | 1 + configs/P1010RDB-PB_NAND_defconfig | 1 + configs/P1010RDB-PB_NOR_defconfig | 1 + configs/P1010RDB-PB_SDCARD_defconfig | 1 + configs/P1010RDB-PB_SPIFLASH_defconfig | 1 + configs/P2041RDB_NAND_defconfig | 1 + configs/P2041RDB_SDCARD_defconfig | 1 + configs/P2041RDB_SPIFLASH_defconfig | 1 + configs/P2041RDB_SRIO_PCIE_BOOT_defconfig | 1 + configs/P2041RDB_defconfig | 1 + configs/P3041DS_NAND_defconfig | 1 + configs/P3041DS_SDCARD_defconfig | 1 + configs/P3041DS_SPIFLASH_defconfig | 1 + configs/P3041DS_SRIO_PCIE_BOOT_defconfig | 1 + configs/P3041DS_defconfig | 1 + configs/P4080DS_SDCARD_defconfig | 1 + configs/P4080DS_SPIFLASH_defconfig | 1 + configs/P4080DS_SRIO_PCIE_BOOT_defconfig | 1 + configs/P4080DS_defconfig | 1 + configs/P5020DS_NAND_defconfig | 1 + configs/P5020DS_SDCARD_defconfig | 1 + configs/P5020DS_SPIFLASH_defconfig | 1 + configs/P5020DS_SRIO_PCIE_BOOT_defconfig | 1 + configs/P5020DS_defconfig | 1 + configs/P5040DS_NAND_defconfig | 1 + configs/P5040DS_SDCARD_defconfig | 1 + configs/P5040DS_SPIFLASH_defconfig | 1 + configs/P5040DS_defconfig | 1 + configs/T1023RDB_NAND_defconfig | 1 + configs/T1023RDB_SDCARD_defconfig | 1 + configs/T1023RDB_SPIFLASH_defconfig | 1 + configs/T1023RDB_defconfig | 1 + configs/T1024QDS_DDR4_defconfig | 1 + configs/T1024QDS_NAND_defconfig | 1 + configs/T1024QDS_SDCARD_defconfig | 1 + configs/T1024QDS_SPIFLASH_defconfig | 1 + configs/T1024QDS_defconfig | 1 + configs/T1024RDB_NAND_defconfig | 1 + configs/T1024RDB_SDCARD_defconfig | 1 + configs/T1024RDB_SPIFLASH_defconfig | 1 + configs/T1024RDB_defconfig | 1 + configs/T1040D4RDB_NAND_defconfig | 1 + configs/T1040D4RDB_SDCARD_defconfig | 1 + configs/T1040D4RDB_SPIFLASH_defconfig | 1 + configs/T1040D4RDB_defconfig | 1 + configs/T1040QDS_DDR4_defconfig | 1 + configs/T1040QDS_defconfig | 1 + configs/T1040RDB_NAND_defconfig | 1 + configs/T1040RDB_SDCARD_defconfig | 1 + configs/T1040RDB_SPIFLASH_defconfig | 1 + configs/T1040RDB_defconfig | 1 + configs/T1042D4RDB_NAND_defconfig | 1 + configs/T1042D4RDB_SDCARD_defconfig | 1 + configs/T1042D4RDB_SPIFLASH_defconfig | 1 + configs/T1042D4RDB_defconfig | 1 + configs/T1042RDB_PI_NAND_defconfig | 1 + configs/T1042RDB_PI_SDCARD_defconfig | 1 + configs/T1042RDB_PI_SPIFLASH_defconfig | 1 + configs/T1042RDB_PI_defconfig | 1 + configs/T1042RDB_defconfig | 1 + configs/T2080QDS_NAND_defconfig | 1 + configs/T2080QDS_SDCARD_defconfig | 1 + configs/T2080QDS_SPIFLASH_defconfig | 1 + configs/T2080QDS_SRIO_PCIE_BOOT_defconfig | 1 + configs/T2080QDS_defconfig | 1 + configs/T2080RDB_NAND_defconfig | 1 + configs/T2080RDB_SDCARD_defconfig | 1 + configs/T2080RDB_SPIFLASH_defconfig | 1 + configs/T2080RDB_SRIO_PCIE_BOOT_defconfig | 1 + configs/T2080RDB_defconfig | 1 + configs/T2081QDS_NAND_defconfig | 1 + configs/T2081QDS_SDCARD_defconfig | 1 + configs/T2081QDS_SPIFLASH_defconfig | 1 + configs/T2081QDS_SRIO_PCIE_BOOT_defconfig | 1 + configs/T2081QDS_defconfig | 1 + configs/T4160QDS_NAND_defconfig | 1 + configs/T4160QDS_SDCARD_defconfig | 1 + configs/T4160QDS_defconfig | 1 + configs/T4160RDB_defconfig | 1 + configs/T4240QDS_NAND_defconfig | 1 + configs/T4240QDS_SDCARD_defconfig | 1 + configs/T4240QDS_SRIO_PCIE_BOOT_defconfig | 1 + configs/T4240QDS_defconfig | 1 + configs/T4240RDB_SDCARD_defconfig | 1 + configs/T4240RDB_defconfig | 1 + configs/arndale_defconfig | 1 + configs/bcm911360_entphn-ns_defconfig | 2 ++ configs/bcm911360_entphn_defconfig | 2 ++ configs/bcm911360k_defconfig | 2 ++ configs/bcm958300k-ns_defconfig | 2 ++ configs/bcm958300k_defconfig | 2 ++ configs/bcm958305k_defconfig | 2 ++ configs/bcm958622hr_defconfig | 2 ++ configs/controlcenterd_TRAILBLAZER_DEVELOP_defconfig | 1 + configs/controlcenterd_TRAILBLAZER_defconfig | 1 + configs/ls1021aiot_qspi_defconfig | 1 + configs/ls1021aiot_sdcard_defconfig | 1 + configs/ls1021aqds_ddr4_nor_defconfig | 1 + configs/ls1021aqds_ddr4_nor_lpuart_defconfig | 1 + configs/ls1021aqds_nand_defconfig | 1 + configs/ls1021aqds_nor_defconfig | 1 + configs/ls1021aqds_nor_lpuart_defconfig | 1 + configs/ls1021aqds_qspi_defconfig | 1 + configs/ls1021aqds_sdcard_ifc_defconfig | 1 + configs/ls1021aqds_sdcard_qspi_defconfig | 1 + configs/ls1021atwr_nor_defconfig | 1 + configs/ls1021atwr_nor_lpuart_defconfig | 1 + configs/ls1021atwr_qspi_defconfig | 1 + configs/ls1021atwr_sdcard_ifc_defconfig | 1 + configs/ls1021atwr_sdcard_qspi_defconfig | 1 + configs/ls1043aqds_defconfig | 1 + configs/ls1043aqds_lpuart_defconfig | 1 + configs/ls1043aqds_nand_defconfig | 1 + configs/ls1043aqds_nor_ddr3_defconfig | 1 + configs/ls1043aqds_qspi_defconfig | 1 + configs/ls1043aqds_sdcard_ifc_defconfig | 1 + configs/ls1043aqds_sdcard_qspi_defconfig | 1 + configs/ls1043ardb_defconfig | 1 + configs/ls1043ardb_nand_defconfig | 1 + configs/ls1043ardb_sdcard_defconfig | 1 + configs/ls1046aqds_defconfig | 1 + configs/ls1046aqds_lpuart_defconfig | 1 + configs/ls1046aqds_nand_defconfig | 1 + configs/ls1046aqds_qspi_defconfig | 1 + configs/ls1046aqds_sdcard_ifc_defconfig | 1 + configs/ls1046aqds_sdcard_qspi_defconfig | 1 + configs/ls1046ardb_emmc_defconfig | 1 + configs/ls1046ardb_qspi_defconfig | 1 + configs/ls1046ardb_sdcard_defconfig | 1 + configs/ls2080a_emu_defconfig | 1 + configs/ls2080a_simu_defconfig | 1 + configs/ls2080aqds_defconfig | 1 + configs/ls2080aqds_nand_defconfig | 1 + configs/ls2080aqds_qspi_defconfig | 1 + configs/ls2080ardb_defconfig | 1 + configs/ls2080ardb_nand_defconfig | 1 + configs/odroid-xu3_defconfig | 1 + configs/peach-pi_defconfig | 1 + configs/peach-pit_defconfig | 1 + configs/smdk5250_defconfig | 1 + configs/smdk5420_defconfig | 1 + configs/snow_defconfig | 1 + configs/spring_defconfig | 1 + drivers/crypto/fsl/Kconfig | 2 ++ include/configs/B4860QDS.h | 1 - include/configs/BSC9131RDB.h | 1 - include/configs/BSC9132QDS.h | 1 - include/configs/C29XPCIE.h | 1 - include/configs/P1010RDB.h | 1 - include/configs/P2041RDB.h | 1 - include/configs/T102xQDS.h | 1 - include/configs/T102xRDB.h | 1 - include/configs/T1040QDS.h | 1 - include/configs/T104xRDB.h | 1 - include/configs/T208xQDS.h | 1 - include/configs/T208xRDB.h | 1 - include/configs/T4240QDS.h | 1 - include/configs/T4240RDB.h | 1 - include/configs/bcm_ep_board.h | 2 -- include/configs/controlcenterd.h | 2 -- include/configs/corenet_ds.h | 1 - include/configs/exynos5-common.h | 3 --- include/configs/ids8313.h | 2 -- include/configs/imx6qdl_icore.h | 2 -- include/configs/imx6qdl_icore_rqs.h | 2 -- include/configs/imx6ul_geam.h | 2 -- include/configs/ls1021aiot.h | 2 -- include/configs/ls1021aqds.h | 1 - include/configs/ls1021atwr.h | 1 - include/configs/ls1043a_common.h | 1 - include/configs/ls1046a_common.h | 1 - include/configs/ls2080a_common.h | 1 - include/configs/sandbox.h | 2 -- include/image.h | 3 --- lib/Makefile | 6 +++--- 213 files changed, 196 insertions(+), 48 deletions(-) --- Kconfig | 2 ++ README | 13 ------------- arch/arm/include/asm/fsl_secure_boot.h | 2 -- arch/arm/mach-exynos/Kconfig | 1 + arch/powerpc/include/asm/fsl_secure_boot.h | 1 - board/freescale/common/Kconfig | 2 ++ common/spl/Kconfig | 4 ++++ configs/bcm911360_entphn-ns_defconfig | 2 ++ configs/bcm911360_entphn_defconfig | 2 ++ configs/bcm911360k_defconfig | 2 ++ configs/bcm958300k-ns_defconfig | 2 ++ configs/bcm958300k_defconfig | 2 ++ configs/bcm958305k_defconfig | 2 ++ configs/bcm958622hr_defconfig | 2 ++ configs/controlcenterd_TRAILBLAZER_DEVELOP_defconfig | 1 + configs/controlcenterd_TRAILBLAZER_defconfig | 1 + drivers/crypto/fsl/Kconfig | 2 ++ include/configs/B4860QDS.h | 1 - include/configs/BSC9131RDB.h | 1 - include/configs/BSC9132QDS.h | 1 - include/configs/C29XPCIE.h | 1 - include/configs/P1010RDB.h | 1 - include/configs/P2041RDB.h | 1 - include/configs/T102xQDS.h | 1 - include/configs/T102xRDB.h | 1 - include/configs/T1040QDS.h | 1 - include/configs/T104xRDB.h | 1 - include/configs/T208xQDS.h | 1 - include/configs/T208xRDB.h | 1 - include/configs/T4240QDS.h | 1 - include/configs/T4240RDB.h | 1 - include/configs/bcm_ep_board.h | 2 -- include/configs/controlcenterd.h | 2 -- include/configs/corenet_ds.h | 1 - include/configs/exynos5-common.h | 3 --- include/configs/ids8313.h | 2 -- include/configs/imx6qdl_icore.h | 2 -- include/configs/imx6qdl_icore_rqs.h | 2 -- include/configs/imx6ul_geam.h | 2 -- include/configs/imx6ul_isiot.h | 2 -- include/configs/ls1021aiot.h | 5 ----- include/configs/ls1021aqds.h | 1 - include/configs/ls1021atwr.h | 1 - include/configs/ls1043a_common.h | 1 - include/configs/ls1046a_common.h | 1 - include/configs/ls2080a_common.h | 1 - include/configs/sandbox.h | 2 -- include/image.h | 3 --- lib/Makefile | 6 +++--- 49 files changed, 30 insertions(+), 66 deletions(-)
diff --git a/Kconfig b/Kconfig index 0a445313f62c..1b19b7b76c71 100644 --- a/Kconfig +++ b/Kconfig @@ -145,6 +145,7 @@ menu "Boot images" config FIT bool "Support Flattened Image Tree" select MD5 + select SHA1 help This option allows you to boot the new uImage structure, Flattened Image Tree. FIT is formally a FDT, which can include @@ -159,6 +160,7 @@ if FIT
config FIT_ENABLE_SHA256_SUPPORT bool "Support SHA256 checksum of FIT image contents" + select SHA256 default y help Enable this to support SHA256 checksum of FIT image contents. A diff --git a/README b/README index 9a642afaa80f..570d85534f76 100644 --- a/README +++ b/README @@ -2818,19 +2818,6 @@ The following options need to be configured: Enable the hash verify command (hash -v). This adds to code size a little.
- CONFIG_SHA1 - This option enables support of hashing using SHA1 - algorithm. The hash is calculated in software. - CONFIG_SHA256 - This option enables support of hashing using - SHA256 algorithm. The hash is calculated in software. - CONFIG_SHA_HW_ACCEL - This option enables hardware acceleration - for SHA1/SHA256 hashing. - This affects the 'hash' command and also the - hash_lookup_algo() function. - CONFIG_SHA_PROG_HW_ACCEL - This option enables - hardware-acceleration for SHA1/SHA256 progressive hashing. - Data can be streamed in a block at a time and the hashing - is performed in hardware. - Note: There is also a sha1sum command, which should perhaps be deprecated in favour of 'hash sha1'.
diff --git a/arch/arm/include/asm/fsl_secure_boot.h b/arch/arm/include/asm/fsl_secure_boot.h index b0ca4bcf044b..c1dedf00d7ea 100644 --- a/arch/arm/include/asm/fsl_secure_boot.h +++ b/arch/arm/include/asm/fsl_secure_boot.h @@ -10,8 +10,6 @@ #ifdef CONFIG_CHAIN_OF_TRUST #define CONFIG_CMD_ESBC_VALIDATE #define CONFIG_FSL_SEC_MON -#define CONFIG_SHA_HW_ACCEL -#define CONFIG_SHA_PROG_HW_ACCEL
#define CONFIG_SPL_BOARD_INIT #ifdef CONFIG_SPL_BUILD diff --git a/arch/arm/mach-exynos/Kconfig b/arch/arm/mach-exynos/Kconfig index 46981a5933b2..24cb99e466b0 100644 --- a/arch/arm/mach-exynos/Kconfig +++ b/arch/arm/mach-exynos/Kconfig @@ -17,6 +17,7 @@ config ARCH_EXYNOS5 bool "Exynos5 SoC family" select CPU_V7 select BOARD_EARLY_INIT_F + select SHA_HW_ACCEL help Samsung Exynos5 SoC family are based on ARM Cortex-A15 CPU (and Cortex-A7 CPU in big.LITTLE configuration). There are multiple SoCs diff --git a/arch/powerpc/include/asm/fsl_secure_boot.h b/arch/powerpc/include/asm/fsl_secure_boot.h index 62ce816b135b..8f66fc5182d9 100644 --- a/arch/powerpc/include/asm/fsl_secure_boot.h +++ b/arch/powerpc/include/asm/fsl_secure_boot.h @@ -101,7 +101,6 @@
#define CONFIG_CMD_ESBC_VALIDATE #define CONFIG_FSL_SEC_MON -#define CONFIG_SHA_PROG_HW_ACCEL
#ifndef CONFIG_SPL_BUILD /* diff --git a/board/freescale/common/Kconfig b/board/freescale/common/Kconfig index 8a9a9be8ce85..2d7adfa73389 100644 --- a/board/freescale/common/Kconfig +++ b/board/freescale/common/Kconfig @@ -2,5 +2,7 @@ config CHAIN_OF_TRUST depends on !FIT_SIGNATURE && SECURE_BOOT imply CMD_BLOB select FSL_CAAM + select SHA_HW_ACCEL + select SHA_PROG_HW_ACCEL bool default y diff --git a/common/spl/Kconfig b/common/spl/Kconfig index e324e24b4f25..5d32b778671b 100644 --- a/common/spl/Kconfig +++ b/common/spl/Kconfig @@ -179,6 +179,7 @@ config SPL_MD5_SUPPORT config SPL_SHA1_SUPPORT bool "Support SHA1" depends on SPL_FIT + select SHA1 help Enable this to support SHA1 in FIT images within SPL. A SHA1 checksum is a 160-bit (20-byte) hash value used to check that the @@ -190,6 +191,7 @@ config SPL_SHA1_SUPPORT config SPL_SHA256_SUPPORT bool "Support SHA256" depends on SPL_FIT + select SHA256 help Enable this to support SHA256 in FIT images within SPL. A SHA256 checksum is a 256-bit (32-byte) hash value used to check that the @@ -221,6 +223,8 @@ config SPL_CRYPTO_SUPPORT
config SPL_HASH_SUPPORT bool "Support hashing drivers" + select SHA1 + select SHA256 depends on SPL help Enable hashing drivers in SPL. These drivers can be used to diff --git a/configs/bcm911360_entphn-ns_defconfig b/configs/bcm911360_entphn-ns_defconfig index 4f045903bfcf..61336d38f0dd 100644 --- a/configs/bcm911360_entphn-ns_defconfig +++ b/configs/bcm911360_entphn-ns_defconfig @@ -18,4 +18,6 @@ CONFIG_CMD_TIME=y CONFIG_CMD_FAT=y # CONFIG_MMC is not set CONFIG_SYS_NS16550=y +CONFIG_SHA1=y +CONFIG_SHA256=y CONFIG_OF_LIBFDT=y diff --git a/configs/bcm911360_entphn_defconfig b/configs/bcm911360_entphn_defconfig index 2469792f68be..cbef3d836502 100644 --- a/configs/bcm911360_entphn_defconfig +++ b/configs/bcm911360_entphn_defconfig @@ -18,4 +18,6 @@ CONFIG_CMD_TIME=y CONFIG_CMD_FAT=y # CONFIG_MMC is not set CONFIG_SYS_NS16550=y +CONFIG_SHA1=y +CONFIG_SHA256=y CONFIG_OF_LIBFDT=y diff --git a/configs/bcm911360k_defconfig b/configs/bcm911360k_defconfig index 83afce41d60b..b12420636193 100644 --- a/configs/bcm911360k_defconfig +++ b/configs/bcm911360k_defconfig @@ -18,4 +18,6 @@ CONFIG_CMD_TIME=y CONFIG_CMD_FAT=y # CONFIG_MMC is not set CONFIG_SYS_NS16550=y +CONFIG_SHA1=y +CONFIG_SHA256=y CONFIG_OF_LIBFDT=y diff --git a/configs/bcm958300k-ns_defconfig b/configs/bcm958300k-ns_defconfig index b21fea4331ec..f271fa06e5c8 100644 --- a/configs/bcm958300k-ns_defconfig +++ b/configs/bcm958300k-ns_defconfig @@ -18,4 +18,6 @@ CONFIG_CMD_TIME=y CONFIG_CMD_FAT=y # CONFIG_MMC is not set CONFIG_SYS_NS16550=y +CONFIG_SHA1=y +CONFIG_SHA256=y CONFIG_OF_LIBFDT=y diff --git a/configs/bcm958300k_defconfig b/configs/bcm958300k_defconfig index 83afce41d60b..b12420636193 100644 --- a/configs/bcm958300k_defconfig +++ b/configs/bcm958300k_defconfig @@ -18,4 +18,6 @@ CONFIG_CMD_TIME=y CONFIG_CMD_FAT=y # CONFIG_MMC is not set CONFIG_SYS_NS16550=y +CONFIG_SHA1=y +CONFIG_SHA256=y CONFIG_OF_LIBFDT=y diff --git a/configs/bcm958305k_defconfig b/configs/bcm958305k_defconfig index 83afce41d60b..b12420636193 100644 --- a/configs/bcm958305k_defconfig +++ b/configs/bcm958305k_defconfig @@ -18,4 +18,6 @@ CONFIG_CMD_TIME=y CONFIG_CMD_FAT=y # CONFIG_MMC is not set CONFIG_SYS_NS16550=y +CONFIG_SHA1=y +CONFIG_SHA256=y CONFIG_OF_LIBFDT=y diff --git a/configs/bcm958622hr_defconfig b/configs/bcm958622hr_defconfig index a639336d94a1..9ffbe4b673bb 100644 --- a/configs/bcm958622hr_defconfig +++ b/configs/bcm958622hr_defconfig @@ -16,4 +16,6 @@ CONFIG_CMD_TIME=y CONFIG_CMD_FAT=y # CONFIG_MMC is not set CONFIG_SYS_NS16550=y +CONFIG_SHA1=y +CONFIG_SHA256=y CONFIG_OF_LIBFDT=y diff --git a/configs/controlcenterd_TRAILBLAZER_DEVELOP_defconfig b/configs/controlcenterd_TRAILBLAZER_DEVELOP_defconfig index bc2e7b43310f..e85da506fef2 100644 --- a/configs/controlcenterd_TRAILBLAZER_DEVELOP_defconfig +++ b/configs/controlcenterd_TRAILBLAZER_DEVELOP_defconfig @@ -19,3 +19,4 @@ CONFIG_DM=y CONFIG_SYS_NS16550=y CONFIG_TPM_AUTH_SESSIONS=y CONFIG_TPM=y +CONFIG_SHA1=y diff --git a/configs/controlcenterd_TRAILBLAZER_defconfig b/configs/controlcenterd_TRAILBLAZER_defconfig index 7ec77a1102d1..061dd171a986 100644 --- a/configs/controlcenterd_TRAILBLAZER_defconfig +++ b/configs/controlcenterd_TRAILBLAZER_defconfig @@ -19,3 +19,4 @@ CONFIG_DM=y CONFIG_SYS_NS16550=y CONFIG_TPM_AUTH_SESSIONS=y CONFIG_TPM=y +CONFIG_SHA1=y diff --git a/drivers/crypto/fsl/Kconfig b/drivers/crypto/fsl/Kconfig index 31889598e8e7..64b7f8caaea8 100644 --- a/drivers/crypto/fsl/Kconfig +++ b/drivers/crypto/fsl/Kconfig @@ -1,5 +1,7 @@ config FSL_CAAM bool "Freescale Crypto Driver Support" + select SHA_HW_ACCEL + select SHA_PROG_HW_ACCEL help Enables the Freescale's Cryptographic Accelerator and Assurance Module (CAAM), also known as the SEC version 4 (SEC4). The driver uses diff --git a/include/configs/B4860QDS.h b/include/configs/B4860QDS.h index 2041b7bb3e58..e94ac5ea2c09 100644 --- a/include/configs/B4860QDS.h +++ b/include/configs/B4860QDS.h @@ -714,7 +714,6 @@ unsigned long get_board_ddr_clk(void); /* Hash command with SHA acceleration supported in hardware */ #ifdef CONFIG_FSL_CAAM #define CONFIG_CMD_HASH -#define CONFIG_SHA_HW_ACCEL #endif
/* diff --git a/include/configs/BSC9131RDB.h b/include/configs/BSC9131RDB.h index 72dc8ba71041..bce6229496f9 100644 --- a/include/configs/BSC9131RDB.h +++ b/include/configs/BSC9131RDB.h @@ -331,7 +331,6 @@ extern unsigned long get_sdram_size(void); /* Hash command with SHA acceleration supported in hardware */ #ifdef CONFIG_FSL_CAAM #define CONFIG_CMD_HASH -#define CONFIG_SHA_HW_ACCEL #endif
#ifdef CONFIG_USB_EHCI_HCD diff --git a/include/configs/BSC9132QDS.h b/include/configs/BSC9132QDS.h index 1b956fc7da65..b303b4b51b62 100644 --- a/include/configs/BSC9132QDS.h +++ b/include/configs/BSC9132QDS.h @@ -528,7 +528,6 @@ combinations. this should be removed later /* Hash command with SHA acceleration supported in hardware */ #ifdef CONFIG_FSL_CAAM #define CONFIG_CMD_HASH -#define CONFIG_SHA_HW_ACCEL #endif
/* diff --git a/include/configs/C29XPCIE.h b/include/configs/C29XPCIE.h index f95c3b9eebbc..b8c823cc566e 100644 --- a/include/configs/C29XPCIE.h +++ b/include/configs/C29XPCIE.h @@ -444,7 +444,6 @@ /* Hash command with SHA acceleration supported in hardware */ #ifdef CONFIG_FSL_CAAM #define CONFIG_CMD_HASH -#define CONFIG_SHA_HW_ACCEL #endif
/* diff --git a/include/configs/P1010RDB.h b/include/configs/P1010RDB.h index 867004fb4899..ce32f431fcb2 100644 --- a/include/configs/P1010RDB.h +++ b/include/configs/P1010RDB.h @@ -738,7 +738,6 @@ extern unsigned long get_sdram_size(void); /* Hash command with SHA acceleration supported in hardware */ #ifdef CONFIG_FSL_CAAM #define CONFIG_CMD_HASH -#define CONFIG_SHA_HW_ACCEL #endif
/* diff --git a/include/configs/P2041RDB.h b/include/configs/P2041RDB.h index 7629fe8eb496..66c1bba2f4b6 100644 --- a/include/configs/P2041RDB.h +++ b/include/configs/P2041RDB.h @@ -607,7 +607,6 @@ unsigned long get_board_sys_clk(unsigned long dummy); /* Hash command with SHA acceleration supported in hardware */ #ifdef CONFIG_FSL_CAAM #define CONFIG_CMD_HASH -#define CONFIG_SHA_HW_ACCEL #endif
/* diff --git a/include/configs/T102xQDS.h b/include/configs/T102xQDS.h index 42e692c4a021..94828931ae83 100644 --- a/include/configs/T102xQDS.h +++ b/include/configs/T102xQDS.h @@ -868,7 +868,6 @@ unsigned long get_board_ddr_clk(void); /* Hash command with SHA acceleration supported in hardware */ #ifdef CONFIG_FSL_CAAM #define CONFIG_CMD_HASH -#define CONFIG_SHA_HW_ACCEL #endif
#include <asm/fsl_secure_boot.h> diff --git a/include/configs/T102xRDB.h b/include/configs/T102xRDB.h index c2175bda345a..373cb2a81c91 100644 --- a/include/configs/T102xRDB.h +++ b/include/configs/T102xRDB.h @@ -887,7 +887,6 @@ unsigned long get_board_ddr_clk(void); /* Hash command with SHA acceleration supported in hardware */ #ifdef CONFIG_FSL_CAAM #define CONFIG_CMD_HASH -#define CONFIG_SHA_HW_ACCEL #endif
#include <asm/fsl_secure_boot.h> diff --git a/include/configs/T1040QDS.h b/include/configs/T1040QDS.h index 25658871e470..0ae9eda463d2 100644 --- a/include/configs/T1040QDS.h +++ b/include/configs/T1040QDS.h @@ -671,7 +671,6 @@ unsigned long get_board_ddr_clk(void); /* Hash command with SHA acceleration supported in hardware */ #ifdef CONFIG_FSL_CAAM #define CONFIG_CMD_HASH -#define CONFIG_SHA_HW_ACCEL #endif
/* diff --git a/include/configs/T104xRDB.h b/include/configs/T104xRDB.h index d2ece40d4ac3..b3d595709ec5 100644 --- a/include/configs/T104xRDB.h +++ b/include/configs/T104xRDB.h @@ -783,7 +783,6 @@ $(SRCTREE)/board/freescale/t104xrdb/t1042d4_sd_rcw.cfg /* Hash command with SHA acceleration supported in hardware */ #ifdef CONFIG_FSL_CAAM #define CONFIG_CMD_HASH -#define CONFIG_SHA_HW_ACCEL #endif
/* diff --git a/include/configs/T208xQDS.h b/include/configs/T208xQDS.h index 02fd37d5cb32..a426da40d792 100644 --- a/include/configs/T208xQDS.h +++ b/include/configs/T208xQDS.h @@ -755,7 +755,6 @@ unsigned long get_board_ddr_clk(void); /* Hash command with SHA acceleration supported in hardware */ #ifdef CONFIG_FSL_CAAM #define CONFIG_CMD_HASH -#define CONFIG_SHA_HW_ACCEL #endif
/* diff --git a/include/configs/T208xRDB.h b/include/configs/T208xRDB.h index faa1111e9f11..315067332b8d 100644 --- a/include/configs/T208xRDB.h +++ b/include/configs/T208xRDB.h @@ -700,7 +700,6 @@ unsigned long get_board_ddr_clk(void); /* Hash command with SHA acceleration supported in hardware */ #ifdef CONFIG_FSL_CAAM #define CONFIG_CMD_HASH -#define CONFIG_SHA_HW_ACCEL #endif
/* diff --git a/include/configs/T4240QDS.h b/include/configs/T4240QDS.h index 5d030d117965..28476c4f2f48 100644 --- a/include/configs/T4240QDS.h +++ b/include/configs/T4240QDS.h @@ -501,7 +501,6 @@ unsigned long get_board_ddr_clk(void); /* Hash command with SHA acceleration supported in hardware */ #ifdef CONFIG_FSL_CAAM #define CONFIG_CMD_HASH -#define CONFIG_SHA_HW_ACCEL #endif
/* diff --git a/include/configs/T4240RDB.h b/include/configs/T4240RDB.h index 8ebfde19f936..ba725d21e568 100644 --- a/include/configs/T4240RDB.h +++ b/include/configs/T4240RDB.h @@ -699,7 +699,6 @@ unsigned long get_board_ddr_clk(void); /* Hash command with SHA acceleration supported in hardware */ #ifdef CONFIG_FSL_CAAM #define CONFIG_CMD_HASH -#define CONFIG_SHA_HW_ACCEL #endif
diff --git a/include/configs/bcm_ep_board.h b/include/configs/bcm_ep_board.h index d9b88fa2d315..d264e1c77b5d 100644 --- a/include/configs/bcm_ep_board.h +++ b/include/configs/bcm_ep_board.h @@ -69,8 +69,6 @@ /* SHA hashing */ #define CONFIG_CMD_HASH #define CONFIG_HASH_VERIFY -#define CONFIG_SHA1 -#define CONFIG_SHA256
/* Enable Time Command */
diff --git a/include/configs/controlcenterd.h b/include/configs/controlcenterd.h index 7535ad5a62da..809e70dbf03e 100644 --- a/include/configs/controlcenterd.h +++ b/include/configs/controlcenterd.h @@ -199,8 +199,6 @@ #define CONFIG_SF_DEFAULT_MODE 0 #endif
-#define CONFIG_SHA1 - /* * MMC */ diff --git a/include/configs/corenet_ds.h b/include/configs/corenet_ds.h index 7e606cd794ca..e92327f8ef04 100644 --- a/include/configs/corenet_ds.h +++ b/include/configs/corenet_ds.h @@ -621,7 +621,6 @@ /* Hash command with SHA acceleration supported in hardware */ #ifdef CONFIG_FSL_CAAM #define CONFIG_CMD_HASH -#define CONFIG_SHA_HW_ACCEL #endif
/* diff --git a/include/configs/exynos5-common.h b/include/configs/exynos5-common.h index 5411e5ff49f7..f893b2e34784 100644 --- a/include/configs/exynos5-common.h +++ b/include/configs/exynos5-common.h @@ -26,7 +26,6 @@
/* Enable ACE acceleration for SHA1 and SHA256 */ #define CONFIG_EXYNOS_ACE_SHA -#define CONFIG_SHA_HW_ACCEL
/* Power Down Modes */ #define S5P_CHECK_SLEEP 0x00000BAD @@ -139,8 +138,6 @@ /* SHA hashing */ #define CONFIG_CMD_HASH #define CONFIG_HASH_VERIFY -#define CONFIG_SHA1 -#define CONFIG_SHA256
/* Enable Time Command */
diff --git a/include/configs/ids8313.h b/include/configs/ids8313.h index 6b6bbbd5c027..fa41c842031b 100644 --- a/include/configs/ids8313.h +++ b/include/configs/ids8313.h @@ -543,7 +543,5 @@
#define CONFIG_IMAGE_FORMAT_LEGACY #define CONFIG_CMD_HASH -#define CONFIG_SHA1 -#define CONFIG_SHA256
#endif /* __CONFIG_H */ diff --git a/include/configs/imx6qdl_icore.h b/include/configs/imx6qdl_icore.h index 5a28b15afc79..d43e87f5d365 100644 --- a/include/configs/imx6qdl_icore.h +++ b/include/configs/imx6qdl_icore.h @@ -133,8 +133,6 @@ /* FIT */ #ifdef CONFIG_FIT # define CONFIG_HASH_VERIFY -# define CONFIG_SHA1 -# define CONFIG_SHA256 # define CONFIG_IMAGE_FORMAT_LEGACY #endif
diff --git a/include/configs/imx6qdl_icore_rqs.h b/include/configs/imx6qdl_icore_rqs.h index 3358320e66fd..88bba016b5a7 100644 --- a/include/configs/imx6qdl_icore_rqs.h +++ b/include/configs/imx6qdl_icore_rqs.h @@ -109,8 +109,6 @@ /* FIT */ #ifdef CONFIG_FIT # define CONFIG_HASH_VERIFY -# define CONFIG_SHA1 -# define CONFIG_SHA256 # define CONFIG_IMAGE_FORMAT_LEGACY #endif
diff --git a/include/configs/imx6ul_geam.h b/include/configs/imx6ul_geam.h index 8bffacde4dfc..bb1fdc69b000 100644 --- a/include/configs/imx6ul_geam.h +++ b/include/configs/imx6ul_geam.h @@ -131,8 +131,6 @@ /* FIT */ #ifdef CONFIG_FIT # define CONFIG_HASH_VERIFY -# define CONFIG_SHA1 -# define CONFIG_SHA256 # define CONFIG_IMAGE_FORMAT_LEGACY #endif
diff --git a/include/configs/imx6ul_isiot.h b/include/configs/imx6ul_isiot.h index 4009648628f1..f55a1cc16f2c 100644 --- a/include/configs/imx6ul_isiot.h +++ b/include/configs/imx6ul_isiot.h @@ -126,8 +126,6 @@ /* FIT */ #ifdef CONFIG_FIT # define CONFIG_HASH_VERIFY -# define CONFIG_SHA1 -# define CONFIG_SHA256 # define CONFIG_IMAGE_FORMAT_LEGACY #endif
diff --git a/include/configs/ls1021aiot.h b/include/configs/ls1021aiot.h index 35d17b96f4ab..1b165157f7e2 100644 --- a/include/configs/ls1021aiot.h +++ b/include/configs/ls1021aiot.h @@ -306,13 +306,8 @@ #define CONFIG_MISC_INIT_R
/* Hash command with SHA acceleration supported in hardware */ - #ifdef CONFIG_FSL_CAAM - #define CONFIG_CMD_HASH - -#define CONFIG_SHA_HW_ACCEL - #endif
#include <asm/fsl_secure_boot.h> diff --git a/include/configs/ls1021aqds.h b/include/configs/ls1021aqds.h index 333bb2662384..2de01444814e 100644 --- a/include/configs/ls1021aqds.h +++ b/include/configs/ls1021aqds.h @@ -573,7 +573,6 @@ unsigned long get_board_ddr_clk(void); /* Hash command with SHA acceleration supported in hardware */ #ifdef CONFIG_FSL_CAAM #define CONFIG_CMD_HASH -#define CONFIG_SHA_HW_ACCEL #endif
#include <asm/fsl_secure_boot.h> diff --git a/include/configs/ls1021atwr.h b/include/configs/ls1021atwr.h index 81f38a30a473..14534ecd1b0c 100644 --- a/include/configs/ls1021atwr.h +++ b/include/configs/ls1021atwr.h @@ -437,7 +437,6 @@ /* Hash command with SHA acceleration supported in hardware */ #ifdef CONFIG_FSL_CAAM #define CONFIG_CMD_HASH -#define CONFIG_SHA_HW_ACCEL #endif
#include <asm/fsl_secure_boot.h> diff --git a/include/configs/ls1043a_common.h b/include/configs/ls1043a_common.h index e26924877d10..0522d1e9d727 100644 --- a/include/configs/ls1043a_common.h +++ b/include/configs/ls1043a_common.h @@ -304,7 +304,6 @@ /* Hash command with SHA acceleration supported in hardware */ #ifdef CONFIG_FSL_CAAM #define CONFIG_CMD_HASH -#define CONFIG_SHA_HW_ACCEL #endif
#endif /* __LS1043A_COMMON_H */ diff --git a/include/configs/ls1046a_common.h b/include/configs/ls1046a_common.h index 957ffd36347f..da1e860de334 100644 --- a/include/configs/ls1046a_common.h +++ b/include/configs/ls1046a_common.h @@ -233,7 +233,6 @@ /* Hash command with SHA acceleration supported in hardware */ #ifdef CONFIG_FSL_CAAM #define CONFIG_CMD_HASH -#define CONFIG_SHA_HW_ACCEL #endif
#endif /* __LS1046A_COMMON_H */ diff --git a/include/configs/ls2080a_common.h b/include/configs/ls2080a_common.h index 427f623e8c52..512eed8bdcab 100644 --- a/include/configs/ls2080a_common.h +++ b/include/configs/ls2080a_common.h @@ -233,7 +233,6 @@ unsigned long long get_qixis_addr(void); /* Hash command with SHA acceleration supported in hardware */ #ifdef CONFIG_FSL_CAAM #define CONFIG_CMD_HASH -#define CONFIG_SHA_HW_ACCEL #endif
#endif /* __LS2_COMMON_H */ diff --git a/include/configs/sandbox.h b/include/configs/sandbox.h index 37c6132b8afa..8ba37fc2455f 100644 --- a/include/configs/sandbox.h +++ b/include/configs/sandbox.h @@ -104,8 +104,6 @@
#define CONFIG_CMD_HASH #define CONFIG_HASH_VERIFY -#define CONFIG_SHA1 -#define CONFIG_SHA256
#define CONFIG_CMD_SANDBOX
diff --git a/include/image.h b/include/image.h index 800426d51f96..83ab15aa9e07 100644 --- a/include/image.h +++ b/include/image.h @@ -65,8 +65,6 @@ struct lmb; # endif # else # define CONFIG_CRC32 /* FIT images need CRC32 support */ -# define CONFIG_SHA1 /* and SHA1 */ -# define CONFIG_SHA256 /* and SHA256 */ # define IMAGE_ENABLE_CRC32 1 # define IMAGE_ENABLE_MD5 1 # define IMAGE_ENABLE_SHA1 1 @@ -86,7 +84,6 @@ struct lmb;
#if defined(CONFIG_FIT_ENABLE_SHA256_SUPPORT) || \ defined(CONFIG_SPL_SHA256_SUPPORT) -#define CONFIG_SHA256 #define IMAGE_ENABLE_SHA256 1 #else #define IMAGE_ENABLE_SHA256 0 diff --git a/lib/Makefile b/lib/Makefile index 23e9f1ef11db..328b4a25c3a2 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -44,9 +44,9 @@ obj-$(CONFIG_BITREVERSE) += bitrev.o obj-y += list_sort.o endif
-obj-$(CONFIG_$(SPL_)RSA) += rsa/ -obj-$(CONFIG_$(SPL_)SHA1) += sha1.o -obj-$(CONFIG_$(SPL_)SHA256) += sha256.o +obj-$(CONFIG_RSA) += rsa/ +obj-$(CONFIG_SHA1) += sha1.o +obj-$(CONFIG_SHA256) += sha256.o
obj-$(CONFIG_SPL_SAVEENV) += qsort.o obj-$(CONFIG_$(SPL_)OF_LIBFDT) += libfdt/
On 15 May 2017 at 10:17, Tom Rini trini@konsulko.com wrote:
Commit 94e3c8c4fd7b ("crypto/fsl - Add progressive hashing support using hardware acceleration.") created entries for CONFIG_SHA1, CONFIG_SHA256, CONFIG_SHA_HW_ACCEL, and CONFIG_SHA_PROG_HW_ACCEL. However, no defconfig has migrated to it. Complete the move by first adding additional logic to various Kconfig files to select this when required and then use the moveconfig tool. In many cases we can select these because they are required to implement other drivers. We also correct how we include the various hashing algorithms in SPL.
This commit was generated as follows (after Kconfig additions):
[1] tools/moveconfig.py -y SHA1 SHA256 SHA_HW_ACCEL [2] tools/moveconfig.py -y SHA_PROG_HW_ACCEL
Note: We cannot move SHA_HW_ACCEL and SHA_PROG_HW_ACCEL simultaneously because there is dependency between them.
Cc: Poonam Aggrwal poonam.aggrwal@freescale.com Cc: Naveen Burmi NaveenBurmi@freescale.com Cc: Po Liu po.liu@freescale.com Cc: Shengzhou Liu Shengzhou.Liu@freescale.com Cc: Priyanka Jain Priyanka.Jain@freescale.com Cc: Shaohui Xie Shaohui.Xie@freescale.com Cc: Chunhe Lan Chunhe.Lan@freescale.com Cc: Chander Kashyap k.chander@samsung.com Cc: Steve Rae steve.rae@raedomain.com Cc: Dirk Eibach eibach@gdsys.de Cc: Feng Li feng.li_2@nxp.com Cc: Alison Wang alison.wang@freescale.com Cc: Sumit Garg sumit.garg@nxp.com Cc: Mingkai Hu Mingkai.Hu@freescale.com Cc: York Sun york.sun@nxp.com Cc: Prabhakar Kushwaha prabhakar.kushwaha@nxp.com Cc: Jaehoon Chung jh80.chung@samsung.com Cc: Akshay Saraswat akshay.s@samsung.com Cc: Simon Glass sjg@chromium.org Cc: Heiko Schocher hs@denx.de Cc: Jagan Teki jagan@amarulasolutions.com Signed-off-by: Tom Rini trini@konsulko.com
Changes in v4:
- Clean up README as well
- Re-sync defconfig changes (much less this time).
- select SHA_HW_ACCEL on ARCH_EXYNOS5.
Changes in v3:
- Take authorship, update commit message more to reflect how the migration happened.
Changes in v2:
- Add a large number of select statements so that our overall delta is fairly small. This is not size neutral but is I believe correct. We had a number of cases before where we did not enable hw assist in the hash command and only made use of it in certain back end locations.
Reviewed-by: Simon Glass sjg@chromium.org
On Mon, May 15, 2017 at 12:17:49PM -0400, Tom Rini wrote:
Commit 94e3c8c4fd7b ("crypto/fsl - Add progressive hashing support using hardware acceleration.") created entries for CONFIG_SHA1, CONFIG_SHA256, CONFIG_SHA_HW_ACCEL, and CONFIG_SHA_PROG_HW_ACCEL. However, no defconfig has migrated to it. Complete the move by first adding additional logic to various Kconfig files to select this when required and then use the moveconfig tool. In many cases we can select these because they are required to implement other drivers. We also correct how we include the various hashing algorithms in SPL.
This commit was generated as follows (after Kconfig additions):
[1] tools/moveconfig.py -y SHA1 SHA256 SHA_HW_ACCEL [2] tools/moveconfig.py -y SHA_PROG_HW_ACCEL
Note: We cannot move SHA_HW_ACCEL and SHA_PROG_HW_ACCEL simultaneously because there is dependency between them.
Cc: Poonam Aggrwal poonam.aggrwal@freescale.com Cc: Naveen Burmi NaveenBurmi@freescale.com Cc: Po Liu po.liu@freescale.com Cc: Shengzhou Liu Shengzhou.Liu@freescale.com Cc: Priyanka Jain Priyanka.Jain@freescale.com Cc: Shaohui Xie Shaohui.Xie@freescale.com Cc: Chunhe Lan Chunhe.Lan@freescale.com Cc: Chander Kashyap k.chander@samsung.com Cc: Steve Rae steve.rae@raedomain.com Cc: Dirk Eibach eibach@gdsys.de Cc: Feng Li feng.li_2@nxp.com Cc: Alison Wang alison.wang@freescale.com Cc: Sumit Garg sumit.garg@nxp.com Cc: Mingkai Hu Mingkai.Hu@freescale.com Cc: York Sun york.sun@nxp.com Cc: Prabhakar Kushwaha prabhakar.kushwaha@nxp.com Cc: Jaehoon Chung jh80.chung@samsung.com Cc: Akshay Saraswat akshay.s@samsung.com Cc: Simon Glass sjg@chromium.org Cc: Heiko Schocher hs@denx.de Cc: Jagan Teki jagan@amarulasolutions.com Signed-off-by: Tom Rini trini@konsulko.com Reviewed-by: Simon Glass sjg@chromium.org
Applied to u-boot/master, thanks!
On 15 May 2017 at 10:17, Tom Rini trini@konsulko.com wrote:
We rename CONFIG_FIT_DISABLE_SHA256 to CONFIG_FIT_ENABLE_SHA256_SUPPORT which is enabled by default and now a positive option. Convert the handful of boards that were disabling it before to save space.
Cc: Dirk Eibach eibach@gdsys.de Cc: Lukasz Dalek luk0104@gmail.com Signed-off-by: Tom Rini trini@konsulko.com Reviewed-by: Simon Glass sjg@chromium.org
Changes in v4:
- Fix HOST_CC side of changes to include/image.h so that the host tools will continue to have SHA256 support.
Kconfig | 13 +++++++++++++ README | 9 --------- configs/dlvision-10g_defconfig | 1 + configs/dlvision_defconfig | 1 + configs/h2200_defconfig | 1 + configs/io_defconfig | 1 + configs/iocon_defconfig | 1 + configs/neo_defconfig | 1 + include/configs/dlvision-10g.h | 3 --- include/configs/dlvision.h | 3 --- include/configs/h2200.h | 1 - include/configs/io.h | 3 --- include/configs/iocon.h | 3 --- include/configs/neo.h | 3 --- include/image.h | 16 ++++++---------- scripts/config_whitelist.txt | 1 - 16 files changed, 25 insertions(+), 36 deletions(-)
Reviewed-by: Simon Glass sjg@chromium.org
On Mon, May 15, 2017 at 12:17:48PM -0400, Tom Rini wrote:
We rename CONFIG_FIT_DISABLE_SHA256 to CONFIG_FIT_ENABLE_SHA256_SUPPORT which is enabled by default and now a positive option. Convert the handful of boards that were disabling it before to save space.
Cc: Dirk Eibach eibach@gdsys.de Cc: Lukasz Dalek luk0104@gmail.com Signed-off-by: Tom Rini trini@konsulko.com Reviewed-by: Simon Glass sjg@chromium.org Reviewed-by: Simon Glass sjg@chromium.org
Applied to u-boot/master, thanks!
participants (2)
-
Simon Glass -
Tom Rini