[PATCH] hash: Kconfig option for SHA512 hardware acceleration
Commit a479f103dc1c ("hash: Allow for SHA512 hardware implementations") defined function definitions for hardware accelerated SHA384 and SHA512. If CONFIG_SHA_HW_ACCEL=y, these functions are used.
We already have boards using CONFIG_SHA_HW_ACCEL=y but none implements the new functions hw_sha384() and hw_sha512().
For implementing the EFI TCG2 protocol we need SHA384 and SHA512. The missing hardware acceleration functions lead to build errors on boards like peach-pi_defconfig.
Introduce a new Kconfig symbol CONFIG_SHA512_HW_ACCEL to control if the functions hw_sha384() and hw_sha512() shall be used to implement the SHA384 and SHA512 algorithms.
Fixes: a479f103dc1c ("hash: Allow for SHA512 hardware implementations") Signed-off-by: Heinrich Schuchardt xypron.glpk@gmx.de --- This patch replaces hash: revert Allow for SHA512 hardware implementations https://lists.denx.de/pipermail/u-boot/2021-May/449648.html https://patchwork.ozlabs.org/project/uboot/patch/20210512170040.137058-1-xyp... --- common/hash.c | 8 ++++---- lib/Kconfig | 21 ++++++++++++++++----- 2 files changed, 20 insertions(+), 9 deletions(-)
diff --git a/common/hash.c b/common/hash.c index 10dff7ddb0..90cf46bcba 100644 --- a/common/hash.c +++ b/common/hash.c @@ -260,12 +260,12 @@ static struct hash_algo hash_algo[] = { .name = "sha384", .digest_size = SHA384_SUM_LEN, .chunk_size = CHUNKSZ_SHA384, -#ifdef CONFIG_SHA_HW_ACCEL +#ifdef CONFIG_SHA512_HW_ACCEL .hash_func_ws = hw_sha384, #else .hash_func_ws = sha384_csum_wd, #endif -#ifdef CONFIG_SHA_PROG_HW_ACCEL +#if defined(CONFIG_SHA512_HW_ACCEL) && defined(CONFIG_SHA_PROG_HW_ACCEL) .hash_init = hw_sha_init, .hash_update = hw_sha_update, .hash_finish = hw_sha_finish, @@ -281,12 +281,12 @@ static struct hash_algo hash_algo[] = { .name = "sha512", .digest_size = SHA512_SUM_LEN, .chunk_size = CHUNKSZ_SHA512, -#ifdef CONFIG_SHA_HW_ACCEL +#ifdef CONFIG_SHA512_HW_ACCEL .hash_func_ws = hw_sha512, #else .hash_func_ws = sha512_csum_wd, #endif -#ifdef CONFIG_SHA_PROG_HW_ACCEL +#if defined(CONFIG_SHA512_HW_ACCEL) && defined(CONFIG_SHA_PROG_HW_ACCEL) .hash_init = hw_sha_init, .hash_update = hw_sha_update, .hash_finish = hw_sha_finish, diff --git a/lib/Kconfig b/lib/Kconfig index 6d2d41de30..e9b7b5dc49 100644 --- a/lib/Kconfig +++ b/lib/Kconfig @@ -389,21 +389,32 @@ config SHA384 (digest).
config SHA_HW_ACCEL - bool "Enable hashing using hardware" + bool "Enable hardware acceleration for SHA hash functions" help - This option enables hardware acceleration for SHA hashing. - This affects the 'hash' command and also the hash_lookup_algo() - function. + This option enables hardware acceleration for the SHA1 and SHA256 + hashing algorithms. This affects the 'hash' command and also the + hash_lookup_algo() function. + +if SHA_HW_ACCEL + +config SHA512_HW_ACCEL + bool "Enable hardware acceleration for SHA512" + depends on SHA512_ALGO + help + This option enables hardware acceleration for the SHA384 andSHA512 + hashing algorithms. This affects the 'hash' command and also the + hash_lookup_algo() function.
config SHA_PROG_HW_ACCEL bool "Enable Progressive hashing support using hardware" - depends on SHA_HW_ACCEL help This option enables hardware-acceleration for SHA progressive hashing. Data can be streamed in a block at a time and the hashing is performed in hardware.
+endif + config MD5 bool "Support MD5 algorithm" help -- 2.30.2
Hi Heinrich,
On Fri, 14 May 2021 at 03:17, Heinrich Schuchardt xypron.glpk@gmx.de wrote:
Commit a479f103dc1c ("hash: Allow for SHA512 hardware implementations") defined function definitions for hardware accelerated SHA384 and SHA512. If CONFIG_SHA_HW_ACCEL=y, these functions are used.
We already have boards using CONFIG_SHA_HW_ACCEL=y but none implements the new functions hw_sha384() and hw_sha512().
For implementing the EFI TCG2 protocol we need SHA384 and SHA512. The missing hardware acceleration functions lead to build errors on boards like peach-pi_defconfig.
Introduce a new Kconfig symbol CONFIG_SHA512_HW_ACCEL to control if the functions hw_sha384() and hw_sha512() shall be used to implement the SHA384 and SHA512 algorithms.
Fixes: a479f103dc1c ("hash: Allow for SHA512 hardware implementations") Signed-off-by: Heinrich Schuchardt xypron.glpk@gmx.de
This patch replaces hash: revert Allow for SHA512 hardware implementations https://lists.denx.de/pipermail/u-boot/2021-May/449648.html https://patchwork.ozlabs.org/project/uboot/patch/20210512170040.137058-1-xyp...
common/hash.c | 8 ++++---- lib/Kconfig | 21 ++++++++++++++++----- 2 files changed, 20 insertions(+), 9 deletions(-)
This is good as a stopgap, thanks.
Reviewed-by: Simon Glass sjg@chromium.org
On Fri, 14 May 2021 at 09:12, Heinrich Schuchardt xypron.glpk@gmx.de wrote:
Commit a479f103dc1c ("hash: Allow for SHA512 hardware implementations") defined function definitions for hardware accelerated SHA384 and SHA512. If CONFIG_SHA_HW_ACCEL=y, these functions are used.
We already have boards using CONFIG_SHA_HW_ACCEL=y but none implements the new functions hw_sha384() and hw_sha512().
For implementing the EFI TCG2 protocol we need SHA384 and SHA512. The missing hardware acceleration functions lead to build errors on boards like peach-pi_defconfig.
Introduce a new Kconfig symbol CONFIG_SHA512_HW_ACCEL to control if the functions hw_sha384() and hw_sha512() shall be used to implement the SHA384 and SHA512 algorithms.
Fixes: a479f103dc1c ("hash: Allow for SHA512 hardware implementations") Signed-off-by: Heinrich Schuchardt xypron.glpk@gmx.de
This patch replaces hash: revert Allow for SHA512 hardware implementations https://lists.denx.de/pipermail/u-boot/2021-May/449648.html https://patchwork.ozlabs.org/project/uboot/patch/20210512170040.137058-1-xyp...
This looks to be a good compromise. Thanks for fixing it.
Reviewed-by: Joel Stanley joel@jms.id.au
The CONFIG maze that is the hash acceleration code could do with some overarching cleanup at some point.
--- a/lib/Kconfig +++ b/lib/Kconfig @@ -389,21 +389,32 @@ config SHA384 (digest).
config SHA_HW_ACCEL
bool "Enable hashing using hardware"
bool "Enable hardware acceleration for SHA hash functions" help
This option enables hardware acceleration for SHA hashing.This affects the 'hash' command and also the hash_lookup_algo()function.
This option enables hardware acceleration for the SHA1 and SHA256hashing algorithms. This affects the 'hash' command and also thehash_lookup_algo() function.+if SHA_HW_ACCEL
+config SHA512_HW_ACCEL
bool "Enable hardware acceleration for SHA512"depends on SHA512_ALGO
This dependency is new, does it make sense? We don't have an equivalent one for SHA_HW_ACCEL, but perhaps we should introduce one?
helpThis option enables hardware acceleration for the SHA384 andSHA512
Nit: there's a missing space after "and" here.
Perhaps you could add to the help text that this option should be disabled if the platform requires SHA512 support but does not have hardware acceleration.
hashing algorithms. This affects the 'hash' command and also thehash_lookup_algo() function.config SHA_PROG_HW_ACCEL bool "Enable Progressive hashing support using hardware"
depends on SHA_HW_ACCEL help This option enables hardware-acceleration for SHA progressive hashing. Data can be streamed in a block at a time and the hashing is performed in hardware.+endif
config MD5 bool "Support MD5 algorithm" help -- 2.30.2
On 5/18/21 5:36 AM, Joel Stanley wrote:
On Fri, 14 May 2021 at 09:12, Heinrich Schuchardt xypron.glpk@gmx.de wrote:
Commit a479f103dc1c ("hash: Allow for SHA512 hardware implementations") defined function definitions for hardware accelerated SHA384 and SHA512. If CONFIG_SHA_HW_ACCEL=y, these functions are used.
We already have boards using CONFIG_SHA_HW_ACCEL=y but none implements the new functions hw_sha384() and hw_sha512().
For implementing the EFI TCG2 protocol we need SHA384 and SHA512. The missing hardware acceleration functions lead to build errors on boards like peach-pi_defconfig.
Introduce a new Kconfig symbol CONFIG_SHA512_HW_ACCEL to control if the functions hw_sha384() and hw_sha512() shall be used to implement the SHA384 and SHA512 algorithms.
Fixes: a479f103dc1c ("hash: Allow for SHA512 hardware implementations") Signed-off-by: Heinrich Schuchardt xypron.glpk@gmx.de
This patch replaces hash: revert Allow for SHA512 hardware implementations https://lists.denx.de/pipermail/u-boot/2021-May/449648.html https://patchwork.ozlabs.org/project/uboot/patch/20210512170040.137058-1-xyp...
This looks to be a good compromise. Thanks for fixing it.
Reviewed-by: Joel Stanley joel@jms.id.au
The CONFIG maze that is the hash acceleration code could do with some overarching cleanup at some point.
--- a/lib/Kconfig +++ b/lib/Kconfig @@ -389,21 +389,32 @@ config SHA384 (digest).
config SHA_HW_ACCEL
bool "Enable hashing using hardware"
bool "Enable hardware acceleration for SHA hash functions" help
This option enables hardware acceleration for SHA hashing.This affects the 'hash' command and also the hash_lookup_algo()function.
This option enables hardware acceleration for the SHA1 and SHA256hashing algorithms. This affects the 'hash' command and also thehash_lookup_algo() function.+if SHA_HW_ACCEL
+config SHA512_HW_ACCEL
bool "Enable hardware acceleration for SHA512"depends on SHA512_ALGOThis dependency is new, does it make sense? We don't have an equivalent one for SHA_HW_ACCEL, but perhaps we should introduce one?
It does not make sense to show SHA512_HW_ACCEL is we cannot have SHA512 or SHA384.
helpThis option enables hardware acceleration for the SHA384 andSHA512Nit: there's a missing space after "and" here.
I will add it.
Perhaps you could add to the help text that this option should be disabled if the platform requires SHA512 support but does not have hardware acceleration.
The current text already says that it "enables hardware acceleration".
It would provide little value to add to all Kconfig options: "Don't enable this option if you don't have a hardware for it.".
Best regards
Heinrich
hashing algorithms. This affects the 'hash' command and also thehash_lookup_algo() function.config SHA_PROG_HW_ACCEL bool "Enable Progressive hashing support using hardware"
depends on SHA_HW_ACCEL help This option enables hardware-acceleration for SHA progressive hashing. Data can be streamed in a block at a time and the hashing is performed in hardware.+endif
- config MD5 bool "Support MD5 algorithm" help
-- 2.30.2
participants (3)
-
Heinrich Schuchardt -
Joel Stanley -
Simon Glass