Commit 0db7f6859fef41c1e95bcef75761054a01782d1b
1 parent
6b83c38d7a
Exists in
smarc_8mq_lf_v2020.04
and in
17 other branches
FIT: Rename FIT_DISABLE_SHA256 to FIT_ENABLE_SHA256_SUPPORT
We rename CONFIG_FIT_DISABLE_SHA256 to CONFIG_FIT_ENABLE_SHA256_SUPPORT which is enabled by default and now a positive option. Convert the handful of boards that were disabling it before to save space. Cc: Dirk Eibach <eibach@gdsys.de> Cc: Lukasz Dalek <luk0104@gmail.com> Signed-off-by: Tom Rini <trini@konsulko.com> Reviewed-by: Simon Glass <sjg@chromium.org> Reviewed-by: Simon Glass <sjg@chromium.org>
Showing 16 changed files with 25 additions and 36 deletions Side-by-side Diff
- Kconfig
- README
- configs/dlvision-10g_defconfig
- configs/dlvision_defconfig
- configs/h2200_defconfig
- configs/io_defconfig
- configs/iocon_defconfig
- configs/neo_defconfig
- include/configs/dlvision-10g.h
- include/configs/dlvision.h
- include/configs/h2200.h
- include/configs/io.h
- include/configs/iocon.h
- include/configs/neo.h
- include/image.h
- scripts/config_whitelist.txt
Kconfig
... | ... | @@ -157,6 +157,19 @@ |
157 | 157 | |
158 | 158 | if FIT |
159 | 159 | |
160 | +config FIT_ENABLE_SHA256_SUPPORT | |
161 | + bool "Support SHA256 checksum of FIT image contents" | |
162 | + default y | |
163 | + help | |
164 | + Enable this to support SHA256 checksum of FIT image contents. A | |
165 | + SHA256 checksum is a 256-bit (32-byte) hash value used to check that | |
166 | + the image contents have not been corrupted. SHA256 is recommended | |
167 | + for use in secure applications since (as at 2016) there is no known | |
168 | + feasible attack that could produce a 'collision' with differing | |
169 | + input data. Use this for the highest security. Note that only the | |
170 | + SHA256 variant is supported: SHA512 and others are not currently | |
171 | + supported in U-Boot. | |
172 | + | |
160 | 173 | config FIT_SIGNATURE |
161 | 174 | bool "Enable signature verification of FIT uImages" |
162 | 175 | depends on DM |
README
... | ... | @@ -2973,15 +2973,6 @@ |
2973 | 2973 | This define is introduced, as the legacy image format is |
2974 | 2974 | enabled per default for backward compatibility. |
2975 | 2975 | |
2976 | -- FIT image support: | |
2977 | - CONFIG_FIT_DISABLE_SHA256 | |
2978 | - Supporting SHA256 hashes has quite an impact on binary size. | |
2979 | - For constrained systems sha256 hash support can be disabled | |
2980 | - with this option. | |
2981 | - | |
2982 | - TODO(sjg@chromium.org): Adjust this option to be positive, | |
2983 | - and move it to Kconfig | |
2984 | - | |
2985 | 2976 | - Standalone program support: |
2986 | 2977 | CONFIG_STANDALONE_LOAD_ADDR |
2987 | 2978 |
configs/dlvision-10g_defconfig
configs/dlvision_defconfig
configs/h2200_defconfig
configs/io_defconfig
configs/iocon_defconfig
configs/neo_defconfig
include/configs/dlvision-10g.h
include/configs/dlvision.h
include/configs/h2200.h
include/configs/io.h
include/configs/iocon.h
include/configs/neo.h
include/image.h
... | ... | @@ -29,6 +29,7 @@ |
29 | 29 | #define IMAGE_ENABLE_FIT 1 |
30 | 30 | #define IMAGE_ENABLE_OF_LIBFDT 1 |
31 | 31 | #define CONFIG_FIT_VERBOSE 1 /* enable fit_format_{error,warning}() */ |
32 | +#define CONFIG_FIT_ENABLE_SHA256_SUPPORT | |
32 | 33 | |
33 | 34 | #define IMAGE_ENABLE_IGNORE 0 |
34 | 35 | #define IMAGE_INDENT_STRING "" |
... | ... | @@ -62,9 +63,6 @@ |
62 | 63 | # ifdef CONFIG_SPL_SHA1_SUPPORT |
63 | 64 | # define IMAGE_ENABLE_SHA1 1 |
64 | 65 | # endif |
65 | -# ifdef CONFIG_SPL_SHA256_SUPPORT | |
66 | -# define IMAGE_ENABLE_SHA256 1 | |
67 | -# endif | |
68 | 66 | # else |
69 | 67 | # define CONFIG_CRC32 /* FIT images need CRC32 support */ |
70 | 68 | # define CONFIG_SHA1 /* and SHA1 */ |
71 | 69 | |
... | ... | @@ -72,14 +70,8 @@ |
72 | 70 | # define IMAGE_ENABLE_CRC32 1 |
73 | 71 | # define IMAGE_ENABLE_MD5 1 |
74 | 72 | # define IMAGE_ENABLE_SHA1 1 |
75 | -# define IMAGE_ENABLE_SHA256 1 | |
76 | 73 | # endif |
77 | 74 | |
78 | -#ifdef CONFIG_FIT_DISABLE_SHA256 | |
79 | -#undef CONFIG_SHA256 | |
80 | -#undef IMAGE_ENABLE_SHA256 | |
81 | -#endif | |
82 | - | |
83 | 75 | #ifndef IMAGE_ENABLE_CRC32 |
84 | 76 | #define IMAGE_ENABLE_CRC32 0 |
85 | 77 | #endif |
... | ... | @@ -92,7 +84,11 @@ |
92 | 84 | #define IMAGE_ENABLE_SHA1 0 |
93 | 85 | #endif |
94 | 86 | |
95 | -#ifndef IMAGE_ENABLE_SHA256 | |
87 | +#if defined(CONFIG_FIT_ENABLE_SHA256_SUPPORT) || \ | |
88 | + defined(CONFIG_SPL_SHA256_SUPPORT) | |
89 | +#define CONFIG_SHA256 | |
90 | +#define IMAGE_ENABLE_SHA256 1 | |
91 | +#else | |
96 | 92 | #define IMAGE_ENABLE_SHA256 0 |
97 | 93 | #endif |
98 | 94 |