[U-Boot] [PATCH][v5] crypto/fsl - Add progressive hashing support using hardware acceleration.

Simon Glass sjg at chromium.org
Thu Feb 19 14:47:55 CET 2015 

Hi Gaurav,

On 12 February 2015 at 02:43, Gaurav Rana <gaurav.rana at freescale.com> wrote:
> Currently only normal hashing is supported using hardware acceleration.
> Added support for progressive hashing using hardware.
>
> Signed-off-by: Ruchika Gupta <ruchika.gupta at freescale.com>
> Signed-off-by: Gaurav Rana <gaurav.rana at freescale.com>
> CC: Simon Glass <sjg at chromium.org>

Acked-by: Simon Glass <sjg at chromium.org>

I have some requested edits on the Kconfig help below. Can you please
respin with these and my Ack?

York do you plan to pick this up>? If not I can bring it through u-boot-dm.

> ---
> Changes in v5:
> Modify description for CONFIG_SHA256, CONFIG_SHA256.
>
> Changes in v4:
> Add CONFIG_SHA256, CONFIG_SHA256, CONFIG_SHA_PROG_HW_ACCEL, CONFIG_SHA_HW_ACCEL to Kconfig.
> Modify README for these configs descriptions.
>
> Changes in v3:
> Remove duplication of code and create function gen_hash_type.
> Modify MAX_SG to MAX_SG_32
>
> Changes in v2:
> Merge to common functions for SHA1 and SHA256.
> Replace malloc and memset with calloc.
> Remove cast conversions for void* pointers.
> Replace hardcoded errors with Macros.
> Corrected comments.
>
>  Kconfig                       |   4 +-
>  README                        |  23 +++++--
>  common/hash.c                 |  10 +++
>  drivers/crypto/fsl/fsl_hash.c | 138 +++++++++++++++++++++++++++++++++++++++++-
>  drivers/crypto/fsl/fsl_hash.h |  34 +++++++++++
>  include/fsl_sec.h             |  26 ++++++++
>  include/hw_sha.h              |  41 ++++++++++++-
>  lib/Kconfig                   |  38 ++++++++++++
>  8 files changed, 307 insertions(+), 7 deletions(-)
>  create mode 100644 drivers/crypto/fsl/fsl_hash.h
>
> diff --git a/Kconfig b/Kconfig
> index fed488f..c4afb82 100644
> --- a/Kconfig
> +++ b/Kconfig
> @@ -121,7 +121,9 @@ config FIT_SIGNATURE
>         select RSA
>         help
>           This option enables signature verification of FIT uImages,
> -         using a hash signed and verified using RSA.
> +         using a hash signed and verified using RSA. If
> +         CONFIG_SHA_PROG_HW_ACCEL is defined, i.e support for progressive
> +         hashing is available using hardware, RSA library will be using it.

s/will be using it/will use it/

>           See doc/uImage.FIT/signature.txt for more details.
>
>  config SYS_EXTRA_OPTIONS
> diff --git a/README b/README
> index cac7978..7a3f1e7 100644
> --- a/README
> +++ b/README
> @@ -3149,8 +3149,21 @@ CBFS (Coreboot Filesystem) support
>                 Enable the hash verify command (hash -v). This adds to code
>                 size a little.
>
> -               CONFIG_SHA1 - support SHA1 hashing
> -               CONFIG_SHA256 - support SHA256 hashing
> +               CONFIG_SHA1 - This option enables support of hashing using SHA1
> +               algorithm. The hash is calculated in software.
> +               CONFIG_SHA256 - This option enables support of hashing using
> +               SHA256 algorithm. The hash is calculated in software.
> +               CONFIG_SHA_HW_ACCEL - This option enables calculation of hash
> +               using SHA1/SHA256 algorithm in hardware. The files using
> +               hash_lookup_algo function would get pointer to structure having
> +               hardware accelerated SHA support. The hash command would
> +               automatically use hardware support if this option is enabled.
> +               CONFIG_SHA_PROG_HW_ACCEL - This option enables SHA1 or SHA256
> +               progressive hashing using hardware acceleration. The
> +               hash_progressive_lookup_algo function would return pointer to
> +               structure having support for progressive hashing in hardware.
> +               FIT_SIGNATURE which uses this function would automatically
> +               use hardware support if this option is enabled.

The use of tense here bothers me - here are some suggestions. Can you
please try to incorporate this to simplify the message?

CONFIG_SHA_HW_ACCEL - This option enables hardware acceleration for
SHA1/SHA256 hashing.

This affects the 'hash' command and also hash_lookup_algo().

CONFIG_SHA_PROG_HW_ACCEL - This option enables hardware-acceleration
for SHA1/SHA256 progressive hashing. Data can be streamed in a block
at a time and the hashing is performed in hardware.

This affects hash_progressive_lookup_algo() and also verified boot.

> @@ -3444,8 +3457,10 @@ FIT uImage format:
>
>                 CONFIG_FIT_SIGNATURE
>                 This option enables signature verification of FIT uImages,
> -               using a hash signed and verified using RSA. See
> -               doc/uImage.FIT/signature.txt for more details.
> +               using a hash signed and verified using RSA. If
> +               CONFIG_SHA_PROG_HW_ACCEL is defined, i.e support for progressive
> +               hashing is available using hardware, RSA library will be using it.

s/be using it/use it/

> +               See doc/uImage.FIT/signature.txt for more details.
>
>                 WARNING: When relying on signed FIT images with required
>                 signature check the legacy image format is default

[snip]

> diff --git a/lib/Kconfig b/lib/Kconfig
> index a1f30a2..e3dd7ad 100644
> --- a/lib/Kconfig
> +++ b/lib/Kconfig
> @@ -29,4 +29,42 @@ config SYS_HZ
>
>  source lib/rsa/Kconfig
>
> +menu "Hashing Support"
> +
> +config SHA1
> +       bool "Enable SHA1 support"
> +       help
> +         This option enables support of hashing using SHA1 algorithm.
> +         The hash is calculated in software.
> +         The SHA1 algorithm produces a 160bits (20-byte) hash value
> +         termed as digest size.

How about "a 160-bit (20-byte) hash value (digest)"

> +
> +config SHA256
> +       bool "Enable SHA256 support"
> +       help
> +         This option enables support of hashing using SHA256 algorithm.
> +         The hash is calculated in software.
> +         The SHA256 algorithm produces a 256bits (32-byte) hash value
> +         termed as digest size.

How about "a 256-bit (32-byte) hash value (digest)"

> +
> +config SHA_HW_ACCEL
> +       bool "Enable hashing using hardware"
> +       help
> +         This option enables calculation of hash using SHA1/SHA256 algorithm
> +         in hardware. The files using hash_lookup_algo function would get
> +         pointer to structure having hardware accelerated SHA support. The
> +         hash command would automatically use hardware support if this option
> +         is enabled.

Again please try to remove 'would'., and below.

> +
> +config SHA_PROG_HW_ACCEL
> +       bool "Enable Progressive hashing support using hardware"
> +       depends on SHA_HW_ACCEL
> +       help
> +         This option enables SHA1 or SHA256 progressive hashing using hardware
> +         acceleration. The hash_progressive_lookup_algo function would return
> +         pointer to structure having support for progressive hashing in
> +         hardware. FIT_SIGNATURE which uses this function would automatically
> +         use hardware support if this option is enabled.
> +endmenu
> +
>  endmenu
> --
> 1.8.1.4
>

Regards,
Simon

More information about the U-Boot mailing list