[PATCH 11/23] efi_loader: switch sha256 to mbedtls
Raymond Mao
raymond.mao at linaro.org
Tue Apr 16 21:00:07 CEST 2024
When MBEDTLS_LIB_CRYPTO is enabled, use the APIs of sha256 from
hash shim layer instead.
Signed-off-by: Raymond Mao <raymond.mao at linaro.org>
---
lib/efi_loader/efi_tcg2.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/lib/efi_loader/efi_tcg2.c b/lib/efi_loader/efi_tcg2.c
index ac056dcfc5..3c356abc6e 100644
--- a/lib/efi_loader/efi_tcg2.c
+++ b/lib/efi_loader/efi_tcg2.c
@@ -1321,12 +1321,21 @@ efi_status_t efi_tcg2_measure_dtb(void *dtb)
/* Measure populated areas of the DTB */
header = dtb;
+#if CONFIG_IS_ENABLED(MBEDTLS_LIB_CRYPTO)
+ sha256_starts_mb(&hash_ctx);
+ sha256_update_mb(&hash_ctx, (u8 *)header, sizeof(struct fdt_header));
+ sha256_update_mb(&hash_ctx, (u8 *)dtb + fdt_off_dt_struct(dtb), fdt_size_dt_strings(dtb));
+ sha256_update_mb(&hash_ctx, (u8 *)dtb + fdt_off_dt_strings(dtb), fdt_size_dt_struct(dtb));
+ sha256_update_mb(&hash_ctx, (u8 *)dtb + fdt_off_mem_rsvmap(dtb), rsvmap_size);
+ sha256_finish_mb(&hash_ctx, blob->data + blob->blob_description_size);
+#else
sha256_starts(&hash_ctx);
sha256_update(&hash_ctx, (u8 *)header, sizeof(struct fdt_header));
sha256_update(&hash_ctx, (u8 *)dtb + fdt_off_dt_struct(dtb), fdt_size_dt_strings(dtb));
sha256_update(&hash_ctx, (u8 *)dtb + fdt_off_dt_strings(dtb), fdt_size_dt_struct(dtb));
sha256_update(&hash_ctx, (u8 *)dtb + fdt_off_mem_rsvmap(dtb), rsvmap_size);
sha256_finish(&hash_ctx, blob->data + blob->blob_description_size);
+#endif
ret = measure_event(dev, 0, EV_POST_CODE, event_size, (u8 *)blob);
--
2.25.1
More information about the U-Boot
mailing list