[PATCH v7 1/3] lib: introduce HASH_CALCULATE option

Heinrich Schuchardt xypron.glpk at gmx.de
Thu May 13 16:55:09 CEST 2021


On 5/13/21 4:48 PM, Masahisa Kojima wrote:
> Build error occurs when CONFIG_EFI_SECURE_BOOT or
> CONFIG_EFI_CAPSULE_AUTHENTICATE is enabled,
> because hash-checksum.c is not compiled.
>
> Since hash_calculate() implemented in hash-checksum.c can be
> commonly used aside from FIT image signature verification,
> this commit itroduces HASH_CALCULATE option to decide
> if hash-checksum.c shall be compiled.
>
> Signed-off-by: Masahisa Kojima <masahisa.kojima at linaro.org>
> ---
>
> Changes in v7:
> - newly introduce HASH_CALCULATE option
>
> Changes in v6:
> - update lib/Makefile to compile hash-checksum.c, instead of
>    selecting FIT_SIGNATURE in secure boot and capsule authentication.
>
> Changes in v5:
> - Missing option for EFI_TCG2_PROTOROL already added in different commit.
>    This commit adds FIT_SIGNATURE only.
>
> Changes in v4:
> - newly added in this patch series, due to rebasing
>    the base code.
>
>   common/Kconfig.boot    | 1 +
>   lib/Kconfig            | 3 +++
>   lib/Makefile           | 2 +-
>   lib/efi_loader/Kconfig | 2 ++
>   4 files changed, 7 insertions(+), 1 deletion(-)
>
> diff --git a/common/Kconfig.boot b/common/Kconfig.boot
> index 5a18d62d78..56608226cc 100644
> --- a/common/Kconfig.boot
> +++ b/common/Kconfig.boot
> @@ -80,6 +80,7 @@ config FIT_SIGNATURE
>   	select RSA_VERIFY
>   	select IMAGE_SIGN_INFO
>   	select FIT_FULL_CHECK
> +	select HASH_CALCULATE
>   	help
>   	  This option enables signature verification of FIT uImages,
>   	  using a hash signed and verified using RSA. If
> diff --git a/lib/Kconfig b/lib/Kconfig
> index 6d2d41de30..df67eb0503 100644
> --- a/lib/Kconfig
> +++ b/lib/Kconfig
> @@ -428,6 +428,9 @@ config CRC32C
>   config XXHASH
>   	bool
>
> +config HASH_CALCULATE
> +	bool
> +
>   endmenu
>
>   menu "Compression Support"
> diff --git a/lib/Makefile b/lib/Makefile
> index 6825671955..0835ea292c 100644
> --- a/lib/Makefile
> +++ b/lib/Makefile
> @@ -61,7 +61,7 @@ endif
>   obj-$(CONFIG_$(SPL_)ACPIGEN) += acpi/
>   obj-$(CONFIG_$(SPL_)MD5) += md5.o
>   obj-$(CONFIG_$(SPL_)RSA) += rsa/
> -obj-$(CONFIG_FIT_SIGNATURE) += hash-checksum.o

CONFIG_FIT_SIGNATURE has to select CONFIG_HASH_CALCULATE too?

Best regards

Heinrich

> +obj-$(CONFIG_HASH_CALCULATE) += hash-checksum.o
>   obj-$(CONFIG_SHA1) += sha1.o
>   obj-$(CONFIG_SHA256) += sha256.o
>   obj-$(CONFIG_SHA512_ALGO) += sha512.o
> diff --git a/lib/efi_loader/Kconfig b/lib/efi_loader/Kconfig
> index c259abe033..eb5c4d6f29 100644
> --- a/lib/efi_loader/Kconfig
> +++ b/lib/efi_loader/Kconfig
> @@ -174,6 +174,7 @@ config EFI_CAPSULE_AUTHENTICATE
>   	select PKCS7_MESSAGE_PARSER
>   	select PKCS7_VERIFY
>   	select IMAGE_SIGN_INFO
> +	select HASH_CALCULATE
>   	default n
>   	help
>   	  Select this option if you want to enable capsule
> @@ -342,6 +343,7 @@ config EFI_SECURE_BOOT
>   	select X509_CERTIFICATE_PARSER
>   	select PKCS7_MESSAGE_PARSER
>   	select PKCS7_VERIFY
> +	select HASH_CALCULATE
>   	default n
>   	help
>   	  Select this option to enable EFI secure boot support.
>



More information about the U-Boot mailing list