[PATCH 1/5] common: Remove unused CONFIG_FIT_SHAxxx selectors
Alexandru Gagniuc
mr.nuke.me at gmail.com
Tue Aug 24 02:53:16 CEST 2021
Originally CONFIG_FIT_SHAxxx enabled specific SHA algos for and only
for has_calculate() in common/image-fit.c. However, since commit
14f061dcb1 ("image: Drop IMAGE_ENABLE_SHAxxx"),
the correct selector was changed to CONFIG_SHAxxx.
The extra "_FIT_" variants are neither used, nor needed. Remove them.
One defconfig disables FIT_SHA256, which is now changed to 'SHA256'.
Note that SHA selection in SPL is broken for this exact reason. There
is no corresponding SPL_SHAxxx. Fixing this is is beyond the scope of
this change.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me at gmail.com>
---
common/Kconfig.boot | 28 ---------------------
common/spl/Kconfig | 42 --------------------------------
configs/mt8516_pumpkin_defconfig | 2 +-
include/image.h | 3 ---
4 files changed, 1 insertion(+), 74 deletions(-)
diff --git a/common/Kconfig.boot b/common/Kconfig.boot
index 0d4c38402c..2399d5849e 100644
--- a/common/Kconfig.boot
+++ b/common/Kconfig.boot
@@ -35,34 +35,6 @@ config FIT_EXTERNAL_OFFSET
could be put in the hole between data payload and fit image
header, such as CSF data on i.MX platform.
-config FIT_SHA256
- bool "Support SHA256 checksum of FIT image contents"
- default y
- select SHA256
- help
- Enable this to support SHA256 checksum of FIT image contents. A
- SHA256 checksum is a 256-bit (32-byte) hash value used to check that
- the image contents have not been corrupted.
-
-config FIT_SHA384
- bool "Support SHA384 checksum of FIT image contents"
- default n
- select SHA384
- help
- Enable this to support SHA384 checksum of FIT image contents. A
- SHA384 checksum is a 384-bit (48-byte) hash value used to check that
- the image contents have not been corrupted. Use this for the highest
- security.
-
-config FIT_SHA512
- bool "Support SHA512 checksum of FIT image contents"
- default n
- select SHA512
- help
- Enable this to support SHA512 checksum of FIT image contents. A
- SHA512 checksum is a 512-bit (64-byte) hash value used to check that
- the image contents have not been corrupted.
-
config FIT_FULL_CHECK
bool "Do a full check of the FIT before using it"
default y
diff --git a/common/spl/Kconfig b/common/spl/Kconfig
index c155a3b5fc..d69d1fa5f7 100644
--- a/common/spl/Kconfig
+++ b/common/spl/Kconfig
@@ -439,48 +439,6 @@ config SPL_MD5
applications where images may be changed maliciously, you should
consider SHA256 or SHA384.
-config SPL_FIT_SHA1
- bool "Support SHA1"
- depends on SPL_FIT
- select SHA1
- help
- Enable this to support SHA1 in FIT images within SPL. A SHA1
- checksum is a 160-bit (20-byte) hash value used to check that the
- image contents have not been corrupted or maliciously altered.
- While SHA1 is fairly secure it is coming to the end of its life
- due to the expanding computing power available to brute-force
- attacks. For more security, consider SHA256 or SHA384.
-
-config SPL_FIT_SHA256
- bool "Support SHA256"
- depends on SPL_FIT
- select SHA256
- help
- Enable this to support SHA256 in FIT images within SPL. A SHA256
- checksum is a 256-bit (32-byte) hash value used to check that the
- image contents have not been corrupted.
-
-config SPL_FIT_SHA384
- bool "Support SHA384"
- depends on SPL_FIT
- select SHA384
- select SHA512_ALGO
- help
- Enable this to support SHA384 in FIT images within SPL. A SHA384
- checksum is a 384-bit (48-byte) hash value used to check that the
- image contents have not been corrupted. Use this for the highest
- security.
-
-config SPL_FIT_SHA512
- bool "Support SHA512"
- depends on SPL_FIT
- select SHA512
- select SHA512_ALGO
- help
- Enable this to support SHA512 in FIT images within SPL. A SHA512
- checksum is a 512-bit (64-byte) hash value used to check that the
- image contents have not been corrupted.
-
config SPL_FIT_IMAGE_TINY
bool "Remove functionality from SPL FIT loading to reduce size"
depends on SPL_FIT
diff --git a/configs/mt8516_pumpkin_defconfig b/configs/mt8516_pumpkin_defconfig
index 0a6c1fccae..1478b01716 100644
--- a/configs/mt8516_pumpkin_defconfig
+++ b/configs/mt8516_pumpkin_defconfig
@@ -13,7 +13,7 @@ CONFIG_DEBUG_UART_CLOCK=26000000
# CONFIG_PSCI_RESET is not set
CONFIG_DEBUG_UART=y
CONFIG_FIT=y
-# CONFIG_FIT_SHA256 is not set
+# CONFIG_SHA256 is not set
# CONFIG_ARCH_FIXUP_FDT_MEMORY is not set
CONFIG_DEFAULT_FDT_FILE="mt8516-pumpkin"
# CONFIG_DISPLAY_BOARDINFO is not set
diff --git a/include/image.h b/include/image.h
index e20f0b69d5..489b220eba 100644
--- a/include/image.h
+++ b/include/image.h
@@ -31,9 +31,6 @@ struct fdt_region;
#define IMAGE_ENABLE_OF_LIBFDT 1
#define CONFIG_FIT_VERBOSE 1 /* enable fit_format_{error,warning}() */
#define CONFIG_FIT_RSASSA_PSS 1
-#define CONFIG_FIT_SHA256
-#define CONFIG_FIT_SHA384
-#define CONFIG_FIT_SHA512
#define CONFIG_SHA1
#define CONFIG_SHA256
#define CONFIG_SHA384
--
2.31.1
More information about the U-Boot
mailing list