[PATCH v5 05/29] hash: Use Kconfig to enable hashing in host tools and SPL
Alex G.
mr.nuke.me at gmail.com
Mon Sep 27 17:53:42 CEST 2021
Hi Simon
On 9/25/21 8:43 PM, Simon Glass wrote:
> At present when building host tools, we force CONFIG_SHAxxx to be enabled
> regardless of the board Kconfig setting. This is done in the image.h
> header file.
>
> For SPL we currently just assume the algorithm is desired if U-Boot proper
> enables it.
>
> Clean this up by adding new Kconfig options to enable hashing on the host,
> relying on CONFIG_IS_ENABLED() to deal with the different builds.
>
> Add new SPL Kconfigs for hardware-accelerated hashing, to maintain the
> current settings.
>
> This allows us to drop the image.h code and the I_WANT_MD5 hack.
>
> Signed-off-by: Simon Glass <sjg at chromium.org>
> ---
>
> Changes in v5:
> - Drop I_WANT_MD5
> - Use TOOLS_ instead of HOST_
>
I was planning to move hash algos to a linker list for target code, and
a simple, ifdef-free list for the host, like we've done for crypto
algos, and I think padding algos.
We'd be able to drop #define I_WANT_MD5 (which is temporary), and drop
define CONFIG_SHA_*, and by extension, drop the need for
CONFIG_TOOLS_SHA*. I think that's far more elegant.
Alex
> Changes in v2:
> - Add SPL_ Kconfigs also, since otherwise hashing algorithms drop from SPL
>
> common/hash.c | 49 +++++++++++++++++++++++--------------------------
> include/image.h | 5 -----
> lib/Kconfig | 18 ++++++++++++++++++
> tools/Kconfig | 25 +++++++++++++++++++++++++
> 4 files changed, 66 insertions(+), 31 deletions(-)
>
> diff --git a/common/hash.c b/common/hash.c
> index 6277fe65b3e..0fe65c959d0 100644
> --- a/common/hash.c
> +++ b/common/hash.c
> @@ -25,6 +25,7 @@
> #else
> #include "mkimage.h"
> #include <time.h>
> +#include <linux/kconfig.h>
> #endif /* !USE_HOSTCC*/
>
> #include <hash.h>
> @@ -41,7 +42,7 @@ DECLARE_GLOBAL_DATA_PTR;
>
> static void reloc_update(void);
>
> -#if defined(CONFIG_SHA1) && !defined(CONFIG_SHA_PROG_HW_ACCEL)
> +#if CONFIG_IS_ENABLED(SHA1) && !CONFIG_IS_ENABLED(SHA_PROG_HW_ACCEL)
> static int hash_init_sha1(struct hash_algo *algo, void **ctxp)
> {
> sha1_context *ctx = malloc(sizeof(sha1_context));
> @@ -69,7 +70,7 @@ static int hash_finish_sha1(struct hash_algo *algo, void *ctx, void *dest_buf,
> }
> #endif
>
> -#if defined(CONFIG_SHA256) && !defined(CONFIG_SHA_PROG_HW_ACCEL)
> +#if CONFIG_IS_ENABLED(SHA256) && !CONFIG_IS_ENABLED(SHA_PROG_HW_ACCEL)
> static int hash_init_sha256(struct hash_algo *algo, void **ctxp)
> {
> sha256_context *ctx = malloc(sizeof(sha256_context));
> @@ -97,7 +98,7 @@ static int hash_finish_sha256(struct hash_algo *algo, void *ctx, void
> }
> #endif
>
> -#if defined(CONFIG_SHA384) && !defined(CONFIG_SHA_PROG_HW_ACCEL)
> +#if CONFIG_IS_ENABLED(SHA384) && !CONFIG_IS_ENABLED(SHA_PROG_HW_ACCEL)
> static int hash_init_sha384(struct hash_algo *algo, void **ctxp)
> {
> sha512_context *ctx = malloc(sizeof(sha512_context));
> @@ -125,7 +126,7 @@ static int hash_finish_sha384(struct hash_algo *algo, void *ctx, void
> }
> #endif
>
> -#if defined(CONFIG_SHA512) && !defined(CONFIG_SHA_PROG_HW_ACCEL)
> +#if CONFIG_IS_ENABLED(SHA512) && !CONFIG_IS_ENABLED(SHA_PROG_HW_ACCEL)
> static int hash_init_sha512(struct hash_algo *algo, void **ctxp)
> {
> sha512_context *ctx = malloc(sizeof(sha512_context));
> @@ -207,18 +208,13 @@ static int hash_finish_crc32(struct hash_algo *algo, void *ctx, void *dest_buf,
> return 0;
> }
>
> -#ifdef USE_HOSTCC
> -# define I_WANT_MD5 1
> -#else
> -# define I_WANT_MD5 CONFIG_IS_ENABLED(MD5)
> -#endif
> /*
> * These are the hash algorithms we support. If we have hardware acceleration
> * is enable we will use that, otherwise a software version of the algorithm.
> * Note that algorithm names must be in lower case.
> */
> static struct hash_algo hash_algo[] = {
> -#if I_WANT_MD5
> +#if CONFIG_IS_ENABLED(MD5)
> {
> .name = "md5",
> .digest_size = MD5_SUM_LEN,
> @@ -226,17 +222,17 @@ static struct hash_algo hash_algo[] = {
> .hash_func_ws = md5_wd,
> },
> #endif
> -#ifdef CONFIG_SHA1
> +#if CONFIG_IS_ENABLED(SHA1)
> {
> .name = "sha1",
> .digest_size = SHA1_SUM_LEN,
> .chunk_size = CHUNKSZ_SHA1,
> -#ifdef CONFIG_SHA_HW_ACCEL
> +#if CONFIG_IS_ENABLED(SHA_HW_ACCEL)
> .hash_func_ws = hw_sha1,
> #else
> .hash_func_ws = sha1_csum_wd,
> #endif
> -#ifdef CONFIG_SHA_PROG_HW_ACCEL
> +#if CONFIG_IS_ENABLED(SHA_PROG_HW_ACCEL)
> .hash_init = hw_sha_init,
> .hash_update = hw_sha_update,
> .hash_finish = hw_sha_finish,
> @@ -247,17 +243,17 @@ static struct hash_algo hash_algo[] = {
> #endif
> },
> #endif
> -#ifdef CONFIG_SHA256
> +#if CONFIG_IS_ENABLED(SHA256)
> {
> .name = "sha256",
> .digest_size = SHA256_SUM_LEN,
> .chunk_size = CHUNKSZ_SHA256,
> -#ifdef CONFIG_SHA_HW_ACCEL
> +#if CONFIG_IS_ENABLED(SHA_HW_ACCEL)
> .hash_func_ws = hw_sha256,
> #else
> .hash_func_ws = sha256_csum_wd,
> #endif
> -#ifdef CONFIG_SHA_PROG_HW_ACCEL
> +#if CONFIG_IS_ENABLED(SHA_PROG_HW_ACCEL)
> .hash_init = hw_sha_init,
> .hash_update = hw_sha_update,
> .hash_finish = hw_sha_finish,
> @@ -268,17 +264,17 @@ static struct hash_algo hash_algo[] = {
> #endif
> },
> #endif
> -#ifdef CONFIG_SHA384
> +#if CONFIG_IS_ENABLED(SHA384)
> {
> .name = "sha384",
> .digest_size = SHA384_SUM_LEN,
> .chunk_size = CHUNKSZ_SHA384,
> -#ifdef CONFIG_SHA512_HW_ACCEL
> +#if CONFIG_IS_ENABLED(SHA512_HW_ACCEL)
> .hash_func_ws = hw_sha384,
> #else
> .hash_func_ws = sha384_csum_wd,
> #endif
> -#if defined(CONFIG_SHA512_HW_ACCEL) && defined(CONFIG_SHA_PROG_HW_ACCEL)
> +#if CONFIG_IS_ENABLED(SHA512_HW_ACCEL) && CONFIG_IS_ENABLED(SHA_PROG_HW_ACCEL)
> .hash_init = hw_sha_init,
> .hash_update = hw_sha_update,
> .hash_finish = hw_sha_finish,
> @@ -289,17 +285,17 @@ static struct hash_algo hash_algo[] = {
> #endif
> },
> #endif
> -#ifdef CONFIG_SHA512
> +#if CONFIG_IS_ENABLED(SHA512)
> {
> .name = "sha512",
> .digest_size = SHA512_SUM_LEN,
> .chunk_size = CHUNKSZ_SHA512,
> -#ifdef CONFIG_SHA512_HW_ACCEL
> +#if CONFIG_IS_ENABLED(SHA512_HW_ACCEL)
> .hash_func_ws = hw_sha512,
> #else
> .hash_func_ws = sha512_csum_wd,
> #endif
> -#if defined(CONFIG_SHA512_HW_ACCEL) && defined(CONFIG_SHA_PROG_HW_ACCEL)
> +#if CONFIG_IS_ENABLED(SHA512_HW_ACCEL) && CONFIG_IS_ENABLED(SHA_PROG_HW_ACCEL)
> .hash_init = hw_sha_init,
> .hash_update = hw_sha_update,
> .hash_finish = hw_sha_finish,
> @@ -331,9 +327,9 @@ static struct hash_algo hash_algo[] = {
> };
>
> /* Try to minimize code size for boards that don't want much hashing */
> -#if defined(CONFIG_SHA256) || defined(CONFIG_CMD_SHA1SUM) || \
> - defined(CONFIG_CRC32_VERIFY) || defined(CONFIG_CMD_HASH) || \
> - defined(CONFIG_SHA384) || defined(CONFIG_SHA512)
> +#if CONFIG_IS_ENABLED(SHA256) || CONFIG_IS_ENABLED(CMD_SHA1SUM) || \
> + CONFIG_IS_ENABLED(CRC32_VERIFY) || CONFIG_IS_ENABLED(CMD_HASH) || \
> + CONFIG_IS_ENABLED(SHA384) || CONFIG_IS_ENABLED(SHA512)
> #define multi_hash() 1
> #else
> #define multi_hash() 0
> @@ -438,7 +434,8 @@ int hash_block(const char *algo_name, const void *data, unsigned int len,
> return 0;
> }
>
> -#if defined(CONFIG_CMD_HASH) || defined(CONFIG_CMD_SHA1SUM) || defined(CONFIG_CMD_CRC32)
> +#if !defined(CONFIG_SPL_BUILD) && (defined(CONFIG_CMD_HASH) || \
> + defined(CONFIG_CMD_SHA1SUM) || defined(CONFIG_CMD_CRC32))
> /**
> * store_result: Store the resulting sum to an address or variable
> *
> diff --git a/include/image.h b/include/image.h
> index 73a763a6936..03857f4b500 100644
> --- a/include/image.h
> +++ b/include/image.h
> @@ -31,11 +31,6 @@ struct fdt_region;
> #define IMAGE_ENABLE_OF_LIBFDT 1
> #define CONFIG_FIT_VERBOSE 1 /* enable fit_format_{error,warning}() */
> #define CONFIG_FIT_RSASSA_PSS 1
> -#define CONFIG_MD5
> -#define CONFIG_SHA1
> -#define CONFIG_SHA256
> -#define CONFIG_SHA384
> -#define CONFIG_SHA512
>
> #define IMAGE_ENABLE_IGNORE 0
> #define IMAGE_INDENT_STRING ""
> diff --git a/lib/Kconfig b/lib/Kconfig
> index 7899e756f99..64765acfa61 100644
> --- a/lib/Kconfig
> +++ b/lib/Kconfig
> @@ -438,6 +438,24 @@ config SPL_SHA384
> The SHA384 algorithm produces a 384-bit (48-byte) hash value
> (digest).
>
> +config SPL_SHA_HW_ACCEL
> + bool "Enable hardware acceleration for SHA hash functions"
> + default y if SHA_HW_ACCEL
> + help
> + This option enables hardware acceleration for the SHA1 and SHA256
> + hashing algorithms. This affects the 'hash' command and also the
> + hash_lookup_algo() function.
> +
> +config SPL_SHA_PROG_HW_ACCEL
> + bool "Enable Progressive hashing support using hardware in SPL"
> + depends on SHA_PROG_HW_ACCEL
> + default y
> + help
> + This option enables hardware-acceleration for SHA progressive
> + hashing.
> + Data can be streamed in a block at a time and the hashing is
> + performed in hardware.
> +
> endif
>
> if SHA_HW_ACCEL
> diff --git a/tools/Kconfig b/tools/Kconfig
> index ea986ab0479..6ffc2c0aa31 100644
> --- a/tools/Kconfig
> +++ b/tools/Kconfig
> @@ -45,4 +45,29 @@ config TOOLS_FIT_SIGNATURE_MAX_SIZE
> depends on TOOLS_FIT_SIGNATURE
> default 0x10000000
>
> +config TOOLS_MD5
> + def_bool y
> + help
> + Enable MD5 support in the tools builds
> +
> +config TOOLS_SHA1
> + def_bool y
> + help
> + Enable SHA1 support in the tools builds
> +
> +config TOOLS_SHA256
> + def_bool y
> + help
> + Enable SHA256 support in the tools builds
> +
> +config TOOLS_SHA384
> + def_bool y
> + help
> + Enable SHA384 support in the tools builds
> +
> +config TOOLS_SHA512
> + def_bool y
> + help
> + Enable SHA512 support in the tools builds
> +
> endmenu
>
More information about the U-Boot
mailing list