[PATCH] lib: Move selection of SPL hash algorithms from common/
Tom Rini
trini at konsulko.com
Thu Apr 22 20:09:11 CEST 2021
On Mon, Mar 22, 2021 at 08:33:31AM -0500, Alexandru Gagniuc wrote:
> When God said, "May there be FIT signature verification in SPL",
> Chuck Norris said "SPL image too big". And then there was this patch.
>
> Enabling SPL_FIT_SIGNATURE increased the code size (armv7 platform) by
> about 16KiB, just enough to go over the SPL image limit. Of that:
> * .text.sha256_process 3.8 KiB
> * SHA1 implementation 4.4 KiB
> Although SHA1 wasn't required, it could not be disabled.
>
> The hash algorithms are implemented in lib/, as is their Kconfig
> selection for u-boot main. However, Kconfig selection for SPL is
> implemented in common/. To put it mildly, this is inconsistent.
> MD5 selection, on the other hand, does not have this problem.
>
> Moving the SPL hash switches to lib/ solves half the problem. They
> have to be renamed from SPL_<hash>_SUPPORT to SPL_<hash> to make
> them work elegantly with the CONFIG_IS_ENABLED() macro.
>
> The second half of the problem is not referencing the <hash> symbols
> when <hash> is disabled. Unfortunately, this requires some more
>
> The above #ifdef problem could be solved in several ways. One way
> could be to move the hash handlers to linker lists. This, however,
> won't work for userspace tools (mkimage), as they don't implement
> custom linker scripts. One could implement a <hash>_register()
> function for this case, and manually register all hashes. However,
> this is beyond the scope of this patch.
>
> Signed-off-by: Alexandru Gagniuc <mr.nuke.me at gmail.com>
> ---
>
> This is designed to apply on top of the following series:
> * [PATCH v6 00/11] Add support for ECDSA image signing
>
> common/hash.c | 4 ++--
> common/image-sig.c | 8 +++++--
> common/spl/Kconfig | 54 ----------------------------------------------
> include/image.h | 12 +++++------
> lib/Kconfig | 39 +++++++++++++++++++++++++++++++++
> lib/Makefile | 6 +++---
> 6 files changed, 56 insertions(+), 67 deletions(-)
I like this idea. As-is, there's a few problems. socfpga_agilex_vab
and imx8mm_venice now fail to build due to missing sha384 support for
the former and sram overflow for the latter. ls1046ardb_qspi_spl now
also grows SPL a bit by adding sha1 support. Can you look in to these
please? Thanks.
--
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20210422/d1d665a5/attachment.sig>
More information about the U-Boot
mailing list