[PATCH next] lib: hash-checksum: Use DM_HASH if supported

ChiaWei Wang chiawei_wang at aspeedtech.com
Thu Oct 7 04:06:55 CEST 2021

Hi Simon,

> From: Simon Glass <sjg at chromium.org>
> Sent: Wednesday, October 6, 2021 10:10 PM
> Hi Chia-Wei,
> On Thu, 16 Sept 2021 at 00:39, Chia-Wei Wang
> <chiawei_wang at aspeedtech.com> wrote:
> >
> > Use DM_HASH to perform hashing operations if supported.
> > Thus either SW or HW-assisted hashing could be leveraged.
> This is missing a full motivation. Please can you explain why this code is
> needed on a board, rather than just the host?
> As of recently, this has become host-only code.

The entry to non-DM hash function for U-Boot is kind of inconsistent.

When a FIT image is verified by a hash digest:
    hash-1 {
        algo = "sha256";

The hash is calculated by calculate_hash() in image-fit.c.
fit_image_verify_with_data() -> fit_image_check_hash() -> calculate_hash()

However, when a FIT image is verified by a checksum signature:
    signature {
        algo = "sha256,rsa2048";
        key-name-hint = "dev";

The hash comes from hash_calculate() in hash-checksum.c.
fit_image_verify_with_data() -> fit_image_setup_verify() -> image_get_checksum_algo() -> hash_calculate()

I checked the master and next branches. It seems that the logic still exists. (correct me if I am wrong)
This patch is like a temporary solution to make the DM_HASH work smoothly.
I believe a patch to refactor hash calculation of U-boot itself and the host tools is needed in the future.


More information about the U-Boot mailing list