[PATCH] Add support for SHA384 and SHA512

Tom Rini trini at konsulko.com
Fri Apr 24 17:08:15 CEST 2020


On Fri, Apr 17, 2020 at 08:19:04AM +1200, Reuben Dowle wrote:

> The current recommendation for best security practice from the US government
> is to use SHA384 for TOP SECRET [1].
> 
> This patch adds support for SHA384 and SHA512 in the hash command, and also
> allows FIT images to be hashed with these algorithms, and signed with
> sha384,rsaXXXX and sha512,rsaXXXX
> 
> The SHA implementation is adapted from the linux kernel implementation.
> 
> [1] Commercial National Security Algorithm Suite
> http://www.iad.gov/iad/programs/iad-initiatives/cnsa-suite.cfm
> 
> Signed-off-by: Reuben Dowle <reuben.dowle at 4rf.com>

Two general comments.  First, please use CONFIG_IS_ENABLED() to test for
the new symbols so that we won't have any growth in SPL if we have one
of these enabled in the main binary but NOT SPL.  Second, please
make sure that all new files have an SPDX license tag on them.  Finally,
when porting code from the Linux kernel please make sure to include what
release or githash they came from, thanks!

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20200424/6cff3c4c/attachment.sig>


More information about the U-Boot mailing list