[PATCH] hash: Kconfig option for SHA512 hardware acceleration
Heinrich Schuchardt
xypron.glpk at gmx.de
Tue May 18 12:15:48 CEST 2021
On 5/18/21 5:36 AM, Joel Stanley wrote:
> On Fri, 14 May 2021 at 09:12, Heinrich Schuchardt <xypron.glpk at gmx.de> wrote:
>>
>> Commit a479f103dc1c ("hash: Allow for SHA512 hardware implementations")
>> defined function definitions for hardware accelerated SHA384 and SHA512.
>> If CONFIG_SHA_HW_ACCEL=y, these functions are used.
>>
>> We already have boards using CONFIG_SHA_HW_ACCEL=y but none implements the
>> new functions hw_sha384() and hw_sha512().
>>
>> For implementing the EFI TCG2 protocol we need SHA384 and SHA512. The
>> missing hardware acceleration functions lead to build errors on boards like
>> peach-pi_defconfig.
>>
>> Introduce a new Kconfig symbol CONFIG_SHA512_HW_ACCEL to control if the
>> functions hw_sha384() and hw_sha512() shall be used to implement the SHA384
>> and SHA512 algorithms.
>>
>> Fixes: a479f103dc1c ("hash: Allow for SHA512 hardware implementations")
>> Signed-off-by: Heinrich Schuchardt <xypron.glpk at gmx.de>
>> ---
>> This patch replaces
>> hash: revert Allow for SHA512 hardware implementations
>> https://lists.denx.de/pipermail/u-boot/2021-May/449648.html
>> https://patchwork.ozlabs.org/project/uboot/patch/20210512170040.137058-1-xypron.glpk@gmx.de/
>
> This looks to be a good compromise. Thanks for fixing it.
>
> Reviewed-by: Joel Stanley <joel at jms.id.au>
>
> The CONFIG maze that is the hash acceleration code could do with some
> overarching cleanup at some point.
>
>
>> --- a/lib/Kconfig
>> +++ b/lib/Kconfig
>> @@ -389,21 +389,32 @@ config SHA384
>> (digest).
>>
>> config SHA_HW_ACCEL
>> - bool "Enable hashing using hardware"
>> + bool "Enable hardware acceleration for SHA hash functions"
>> help
>> - This option enables hardware acceleration for SHA hashing.
>> - This affects the 'hash' command and also the hash_lookup_algo()
>> - function.
>> + This option enables hardware acceleration for the SHA1 and SHA256
>> + hashing algorithms. This affects the 'hash' command and also the
>> + hash_lookup_algo() function.
>> +
>> +if SHA_HW_ACCEL
>> +
>> +config SHA512_HW_ACCEL
>> + bool "Enable hardware acceleration for SHA512"
>> + depends on SHA512_ALGO
>
> This dependency is new, does it make sense? We don't have an
> equivalent one for SHA_HW_ACCEL, but perhaps we should introduce one?
It does not make sense to show SHA512_HW_ACCEL is we cannot have SHA512
or SHA384.
>
>> + help
>> + This option enables hardware acceleration for the SHA384 andSHA512
>
> Nit: there's a missing space after "and" here.
I will add it.
>
> Perhaps you could add to the help text that this option should be
> disabled if the platform requires SHA512 support but does not have
> hardware acceleration.
The current text already says that it "enables hardware acceleration".
It would provide little value to add to all Kconfig options:
"Don't enable this option if you don't have a hardware for it.".
Best regards
Heinrich
>
>> + hashing algorithms. This affects the 'hash' command and also the
>> + hash_lookup_algo() function.
>>
>> config SHA_PROG_HW_ACCEL
>> bool "Enable Progressive hashing support using hardware"
>> - depends on SHA_HW_ACCEL
>> help
>> This option enables hardware-acceleration for SHA progressive
>> hashing.
>> Data can be streamed in a block at a time and the hashing is
>> performed in hardware.
>>
>> +endif
>> +
>> config MD5
>> bool "Support MD5 algorithm"
>> help
>> --
>> 2.30.2
>>
More information about the U-Boot
mailing list