[U-Boot] [PATCH v3 13/13] fit: make sha256 support optional

Heiko Schocher hs at denx.de
Fri Jul 4 06:17:33 CEST 2014


Hello Dirk, Tom, Simon,

Am 03.07.2014 21:17, schrieb Tom Rini:
> On Thu, Jul 03, 2014 at 09:14:01AM -0700, Simon Glass wrote:
>> Hi,
>>
>> On 3 July 2014 00:03, Heiko Schocher<hs at denx.de>  wrote:
>>>
>>> Hello Dirk,
>>>
>>> Am 03.07.2014 08:27, schrieb dirk.eibach at gdsys.cc:
>>>
>>>> From: Dirk Eibach<dirk.eibach at gdsys.cc>
>>>>
>>>> sha256 has some beefy memory footprint.
>>>> Make it optional for constrained systems.
>>>>
>>>>
>>>> Signed-off-by: Dirk Eibach<dirk.eibach at gdsys.cc>
>>>> ---
>>>>
>>>> Changes in v3: None
>>>> Changes in v2:
>>>> - make sha256 support optional
>>>>
>>>>    include/configs/dlvision-10g.h | 1 +
>>>>    include/configs/io.h           | 1 +
>>>>    include/configs/iocon.h        | 1 +
>>>>    include/configs/neo.h          | 1 +
>>>>    include/image.h                | 5 +++++
>>>>    5 files changed, 9 insertions(+)
>>>
>>>
>>> Sorry, some nitpick. As you introduce here the new define "CONFIG_FIT_DISABLE_SHA256",
>>> can you please add a short description in the README, thanks!
>>
>> I wonder if it would be better to make the option off by default? You
>> could perhaps use the existing CONFIG_SHA256 option, and check in
>> image.h to enable/disable support.
>>
>> Heiko what do you think?

Yes, that would be good, it would safe a lot of code ...

> I think I like this unless there's a problem...

... IIRC, as I did the sha256-rsa2048, sha256-rsa4096 adaptions,
I had this in mind, but there was a problem or just forgot it
to do it at the end ... so I just tried to compile the ids8313
board with having this options off by default, precisly on
current mainline I did:

$ git diff
diff --git a/include/image.h b/include/image.h
index 0a072f5..389423e 100644
--- a/include/image.h
+++ b/include/image.h
@@ -72,6 +72,9 @@ struct lmb;
  #  define IMAGE_ENABLE_SHA256  1
  # endif

+#undef CONFIG_SHA256
+#undef IMAGE_ENABLE_SHA256
+
  #ifndef IMAGE_ENABLE_CRC32
  #define IMAGE_ENABLE_CRC32     0
  #endif
-------------------------------------------------------

make mrproper
make ids8313_config
make CROSS_COMPILE=powerpc-linux- env
make CROSS_COMPILE=powerpc-linux- cross_tools

works without errors, but

$ ./MAKEALL ids8313
Configuring for ids8313 - Board: ids8313, Options: SYS_TEXT_BASE=0xFFF00000
powerpc-linux-size: './u-boot': No such file
lib/built-in.o: In function `sha256_calculate':
/home/hs/ids/u-boot/lib/rsa/rsa-checksum.c:159: undefined reference to `sha256_starts'
/home/hs/ids/u-boot/lib/rsa/rsa-checksum.c:161: undefined reference to `sha256_update'
/home/hs/ids/u-boot/lib/rsa/rsa-checksum.c:162: undefined reference to `sha256_finish'
make: *** [u-boot] Fehler 1

same for am335x_boneblack_vboot, sandbox.

So there must be also looked at this sha256_calculate() in
lib/rsa/rsa-checksum.c and common/image-sig.c checksum_algos[] and
image_sig_algos[] must be adjusted, reworked ...

If we do this for CONFIG_SHA256 I vote for doing this for all
checksum algorithms ... and we must look to the boards, which use
FIT support, that we enable all options bayk they use again.

bye,
Heiko
-- 
DENX Software Engineering GmbH,     MD: Wolfgang Denk & Detlev Zundel
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany


More information about the U-Boot mailing list