[PATCH v7 1/3] lib: introduce HASH_CALCULATE option
Heinrich Schuchardt
xypron.glpk at gmx.de
Thu May 13 16:55:09 CEST 2021
On 5/13/21 4:48 PM, Masahisa Kojima wrote:
> Build error occurs when CONFIG_EFI_SECURE_BOOT or
> CONFIG_EFI_CAPSULE_AUTHENTICATE is enabled,
> because hash-checksum.c is not compiled.
>
> Since hash_calculate() implemented in hash-checksum.c can be
> commonly used aside from FIT image signature verification,
> this commit itroduces HASH_CALCULATE option to decide
> if hash-checksum.c shall be compiled.
>
> Signed-off-by: Masahisa Kojima <masahisa.kojima at linaro.org>
> ---
>
> Changes in v7:
> - newly introduce HASH_CALCULATE option
>
> Changes in v6:
> - update lib/Makefile to compile hash-checksum.c, instead of
> selecting FIT_SIGNATURE in secure boot and capsule authentication.
>
> Changes in v5:
> - Missing option for EFI_TCG2_PROTOROL already added in different commit.
> This commit adds FIT_SIGNATURE only.
>
> Changes in v4:
> - newly added in this patch series, due to rebasing
> the base code.
>
> common/Kconfig.boot | 1 +
> lib/Kconfig | 3 +++
> lib/Makefile | 2 +-
> lib/efi_loader/Kconfig | 2 ++
> 4 files changed, 7 insertions(+), 1 deletion(-)
>
> diff --git a/common/Kconfig.boot b/common/Kconfig.boot
> index 5a18d62d78..56608226cc 100644
> --- a/common/Kconfig.boot
> +++ b/common/Kconfig.boot
> @@ -80,6 +80,7 @@ config FIT_SIGNATURE
> select RSA_VERIFY
> select IMAGE_SIGN_INFO
> select FIT_FULL_CHECK
> + select HASH_CALCULATE
> help
> This option enables signature verification of FIT uImages,
> using a hash signed and verified using RSA. If
> diff --git a/lib/Kconfig b/lib/Kconfig
> index 6d2d41de30..df67eb0503 100644
> --- a/lib/Kconfig
> +++ b/lib/Kconfig
> @@ -428,6 +428,9 @@ config CRC32C
> config XXHASH
> bool
>
> +config HASH_CALCULATE
> + bool
> +
> endmenu
>
> menu "Compression Support"
> diff --git a/lib/Makefile b/lib/Makefile
> index 6825671955..0835ea292c 100644
> --- a/lib/Makefile
> +++ b/lib/Makefile
> @@ -61,7 +61,7 @@ endif
> obj-$(CONFIG_$(SPL_)ACPIGEN) += acpi/
> obj-$(CONFIG_$(SPL_)MD5) += md5.o
> obj-$(CONFIG_$(SPL_)RSA) += rsa/
> -obj-$(CONFIG_FIT_SIGNATURE) += hash-checksum.o
CONFIG_FIT_SIGNATURE has to select CONFIG_HASH_CALCULATE too?
Best regards
Heinrich
> +obj-$(CONFIG_HASH_CALCULATE) += hash-checksum.o
> obj-$(CONFIG_SHA1) += sha1.o
> obj-$(CONFIG_SHA256) += sha256.o
> obj-$(CONFIG_SHA512_ALGO) += sha512.o
> diff --git a/lib/efi_loader/Kconfig b/lib/efi_loader/Kconfig
> index c259abe033..eb5c4d6f29 100644
> --- a/lib/efi_loader/Kconfig
> +++ b/lib/efi_loader/Kconfig
> @@ -174,6 +174,7 @@ config EFI_CAPSULE_AUTHENTICATE
> select PKCS7_MESSAGE_PARSER
> select PKCS7_VERIFY
> select IMAGE_SIGN_INFO
> + select HASH_CALCULATE
> default n
> help
> Select this option if you want to enable capsule
> @@ -342,6 +343,7 @@ config EFI_SECURE_BOOT
> select X509_CERTIFICATE_PARSER
> select PKCS7_MESSAGE_PARSER
> select PKCS7_VERIFY
> + select HASH_CALCULATE
> default n
> help
> Select this option to enable EFI secure boot support.
>
More information about the U-Boot
mailing list