[PATCH next] lib: hash-checksum: Use DM_HASH if supported

[Simon Glass]

Hi ChiaWei,

+Alexandru Gagniuc too

On Wed, 6 Oct 2021 at 20:07, ChiaWei Wang <chiawei_wang at aspeedtech.com> wrote:
>
> Hi Simon,
>
> > From: Simon Glass <sjg at chromium.org>
> > Sent: Wednesday, October 6, 2021 10:10 PM
> >
> > Hi Chia-Wei,
> >
> > On Thu, 16 Sept 2021 at 00:39, Chia-Wei Wang
> > <chiawei_wang at aspeedtech.com> wrote:
> > >
> > > Use DM_HASH to perform hashing operations if supported.
> > > Thus either SW or HW-assisted hashing could be leveraged.
> >
> > This is missing a full motivation. Please can you explain why this code is
> > needed on a board, rather than just the host?
> >
> > As of recently, this has become host-only code.
>
> The entry to non-DM hash function for U-Boot is kind of inconsistent.
>
> When a FIT image is verified by a hash digest:
>     hash-1 {
>         algo = "sha256";
>     };
>
> The hash is calculated by calculate_hash() in image-fit.c.
> fit_image_verify_with_data() -> fit_image_check_hash() -> calculate_hash()
>
> However, when a FIT image is verified by a checksum signature:
>     signature {
>         algo = "sha256,rsa2048";
>         key-name-hint = "dev";
>     };
>
> The hash comes from hash_calculate() in hash-checksum.c.
> fit_image_verify_with_data() -> fit_image_setup_verify() -> image_get_checksum_algo() -> hash_calculate()
>
> I checked the master and next branches. It seems that the logic still exists. (correct me if I am wrong)
> This patch is like a temporary solution to make the DM_HASH work smoothly.
> I believe a patch to refactor hash calculation of U-boot itself and the host tools is needed in the future.

Yes I see. We should move this code into common then, I suppose. You
patch looks reasonable to me.

Alex, can you comment on this?

Regards,
Simon