[PATCH next] lib: hash-checksum: Use DM_HASH if supported
ChiaWei Wang
chiawei_wang at aspeedtech.com
Thu Oct 7 04:06:55 CEST 2021
Hi Simon,
> From: Simon Glass <sjg at chromium.org>
> Sent: Wednesday, October 6, 2021 10:10 PM
>
> Hi Chia-Wei,
>
> On Thu, 16 Sept 2021 at 00:39, Chia-Wei Wang
> <chiawei_wang at aspeedtech.com> wrote:
> >
> > Use DM_HASH to perform hashing operations if supported.
> > Thus either SW or HW-assisted hashing could be leveraged.
>
> This is missing a full motivation. Please can you explain why this code is
> needed on a board, rather than just the host?
>
> As of recently, this has become host-only code.
The entry to non-DM hash function for U-Boot is kind of inconsistent.
When a FIT image is verified by a hash digest:
hash-1 {
algo = "sha256";
};
The hash is calculated by calculate_hash() in image-fit.c.
fit_image_verify_with_data() -> fit_image_check_hash() -> calculate_hash()
However, when a FIT image is verified by a checksum signature:
signature {
algo = "sha256,rsa2048";
key-name-hint = "dev";
};
The hash comes from hash_calculate() in hash-checksum.c.
fit_image_verify_with_data() -> fit_image_setup_verify() -> image_get_checksum_algo() -> hash_calculate()
I checked the master and next branches. It seems that the logic still exists. (correct me if I am wrong)
This patch is like a temporary solution to make the DM_HASH work smoothly.
I believe a patch to refactor hash calculation of U-boot itself and the host tools is needed in the future.
Regards,
Chiawei
More information about the U-Boot
mailing list