[PATCH v6 00/28] Integrate MbedTLS v3.6 LTS with U-Boot
Ilias Apalodimas
ilias.apalodimas at linaro.org
Fri Sep 6 09:01:03 CEST 2024
Hi Tom
On Wed, 4 Sept 2024 at 19:43, Tom Rini <trini at konsulko.com> wrote:
>
> On Wed, Sep 04, 2024 at 01:48:43PM +0100, Peter Robinson wrote:
> > Hi Simon,
> >
> > > I wonder if we could leave out the SHA stuff? The algorithms are
> >
> > One of the big advantages of the mbedtls when it comes to all things
> > security is that it's seen a wide audit of it's code which for a lot
> > of usecases is very useful from a security PoV, I'm not sure the
> > amount of audit the U-Boot in project code has had, I'm sure there has
> > been but I've not seen anything published.
>
> Yes, it's a positive in my mind to bring in the assorted hashing
> algorithms from mbedTLS here.
Exactly. So apart from the know shaXXX there's other alogrithms we can
pull directly -- e.g SM2/3/4.
In any case, I looked into mbedTLS. You can override the default
hashing algos with MBEDTLS_SHA256_ALT etc definitions in the config
entry but I don't see the point.
>
> > > stable and this would seem to avoid much of the size growth, and all
> > > the pain of trying to integrate another yet another hashing layer (we
> > > already have normal, progressive and h/w acceleration, plus
> >
> > What's the difference between the first two?
> >
> > > UCLASS_HASH which h/w acceleration should use but that migration never
> >
[...]
Thanks
/Ilias
More information about the U-Boot
mailing list