[PATCH] lib: Move selection of SPL hash algorithms from common/

Tom Rini trini at konsulko.com
Thu Apr 22 20:09:11 CEST 2021


On Mon, Mar 22, 2021 at 08:33:31AM -0500, Alexandru Gagniuc wrote:

> When God said, "May there be FIT signature verification in SPL",
> Chuck Norris said "SPL image too big". And then there was this patch.
> 
> Enabling SPL_FIT_SIGNATURE increased the code size (armv7 platform) by
> about 16KiB, just enough to go over the SPL image limit. Of that:
>   * .text.sha256_process	3.8 KiB
>   * SHA1 implementation         4.4 KiB
> Although SHA1 wasn't required, it could not be disabled.
> 
> The hash algorithms are implemented in lib/, as is their Kconfig
> selection for u-boot main. However, Kconfig selection for SPL is
> implemented in common/. To put it mildly, this is inconsistent.
> MD5 selection, on the other hand, does not have this problem.
> 
> Moving the SPL hash switches to lib/ solves half the problem. They
> have to be renamed from SPL_<hash>_SUPPORT to SPL_<hash> to make
> them work elegantly with the CONFIG_IS_ENABLED() macro.
> 
> The second half of the problem is not referencing the <hash> symbols
> when <hash> is disabled. Unfortunately, this requires some more
> 
> The above #ifdef problem could be solved in several ways. One way
> could be to move the hash handlers to linker lists. This, however,
> won't work for userspace tools (mkimage), as they don't implement
> custom linker scripts. One could implement a <hash>_register()
> function for this case, and manually register all hashes. However,
> this is beyond the scope of this patch.
> 
> Signed-off-by: Alexandru Gagniuc <mr.nuke.me at gmail.com>
> ---
> 
> This is designed to apply on top of the following series:
>  * [PATCH v6 00/11] Add support for ECDSA image signing
> 
>  common/hash.c      |  4 ++--
>  common/image-sig.c |  8 +++++--
>  common/spl/Kconfig | 54 ----------------------------------------------
>  include/image.h    | 12 +++++------
>  lib/Kconfig        | 39 +++++++++++++++++++++++++++++++++
>  lib/Makefile       |  6 +++---
>  6 files changed, 56 insertions(+), 67 deletions(-)

I like this idea.  As-is, there's a few problems.  socfpga_agilex_vab
and imx8mm_venice now fail to build due to missing sha384 support for
the former and sram overflow for the latter.   ls1046ardb_qspi_spl now
also grows SPL a bit by adding sha1 support.  Can you look in to these
please?  Thanks.

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20210422/d1d665a5/attachment.sig>


More information about the U-Boot mailing list