[U-Boot] [PATCH v2 3/8] fit: add sha256 support

Simon Glass sjg at chromium.org
Mon Feb 17 23:14:06 CET 2014


Hi Heiko,

On 16 February 2014 23:49, Heiko Schocher <hs at denx.de> wrote:
> Hello Simon,
>
> I was a little to fast with my answer ...
>
> Am 17.02.2014 07:33, schrieb Heiko Schocher:
>
>> Hello Simon,
>>
>> Am 15.02.2014 23:47, schrieb Simon Glass:
>>>
>>> Hi Heiko,
>>>
>>> On 8 February 2014 22:34, Heiko Schocher<hs at denx.de> wrote:
>>>>
>>>> add sha256 support to fit images
>>>>
>>>> Signed-off-by: Heiko Schocher<hs at denx.de>
>>>> Acked-by: Simon Glass<sjg at chromium.org>
>>>
>>>
>>> Sorry I spotted a few things since.
>>
>>
>> No problem! Thanks for your review.
>>
>>>> ---
>>>> changes for v2:
>>>> - add Acked-by from Simon Glass
>>>>
>>>> common/image-fit.c | 5 +++++
>>>> include/image.h | 9 +++++++++
>>>> lib/sha256.c | 2 +-
>>>> tools/Makefile | 3 +++
>>>> 4 files changed, 18 insertions(+), 1 deletion(-)
>>>>
>> [...]
>>>>
>>>> diff --git a/include/image.h b/include/image.h
>>>> index 7de2bb2..f001a5f 100644
>>>> --- a/include/image.h
>>>> +++ b/include/image.h
>>>> @@ -57,13 +57,18 @@ struct lmb;
>>>> # ifdef CONFIG_SPL_SHA1_SUPPORT
>>>> # define IMAGE_ENABLE_SHA1 1
>>>> # endif
>>>> +# ifdef CONFIG_SPL_SHA256_SUPPORT
>>>> +# define IMAGE_ENABLE_SHA256 1
>>>> +# endif
>>>> # else
>>>> # define CONFIG_CRC32 /* FIT images need CRC32 support */
>>>> # define CONFIG_MD5 /* and MD5 */
>>>> # define CONFIG_SHA1 /* and SHA1 */
>>>> +# define CONFIG_SHA256 /* and SHA256 */
>>>
>>>
>>> Thinking about this again, I wonder if we want to force SHA256 to be
>>> enabled when FIT is used? Should we just hold the existing
>>> CONFIG_SHA256 setting in the board file and change:
>>
>>
>> I can do this, but why are the others fix?
>
>
> Hmm.. if I do this, mkimage does not work, as missing
> this "IMAGE_ENABLE_SHA256" define ... I get the following
> error message:
>
> "Unsupported hash algorithm (sha256) for 'hash at 1' hash node in 'U-BOOT at 1'
> image node
> tools/mkimage Can't add hashes to FIT blob"
>
> I think, when compiling mkimage for the host, we have no board config
> header availiable, as mkimage is not compiled (and not intent to be)
> board specific ...
>
> Seems that this is the reason, why the other algorithms are also
> always enabled ...

Ah yes, I remember this problem - I wanted mkimage to support
everything rather than be dependent on what particular board you build
with. In the end I dropped the signing part from this idea.

So yes your code is correct and I'm sorry for the trouble.

Regards,
Simon


More information about the U-Boot mailing list