[PATCH v6 07/28] hash: integrate hash on mbedtls
Raymond Mao
raymond.mao at linaro.org
Fri Sep 6 16:00:27 CEST 2024
Hi Ilias,
On Fri, 6 Sept 2024 at 03:36, Ilias Apalodimas <ilias.apalodimas at linaro.org>
wrote:
> Hi Raymond,
>
> On Tue, 3 Sept 2024 at 18:54, Raymond Mao <raymond.mao at linaro.org> wrote:
> >
> > Hi Ilias,
> >
> > On Fri, 30 Aug 2024 at 05:37, Ilias Apalodimas <
> ilias.apalodimas at linaro.org> wrote:
> >>
> >> Hi Simon,
> >>
> >> On Thu, 29 Aug 2024 at 18:01, Simon Glass <sjg at chromium.org> wrote:
> >> >
> >> > Hi Raymond,
> >> >
> >> > On Fri, 16 Aug 2024 at 15:47, Raymond Mao <raymond.mao at linaro.org>
> wrote:
> >> > >
> >> > > Integrate common/hash.c on the hash shim layer so that hash APIs
> >> > > from mbedtls can be leveraged by boot/image and efi_loader.
> >> > >
> >> > > Signed-off-by: Raymond Mao <raymond.mao at linaro.org>
> >> > > ---
> >> > > Changes in v2
> >> > > - Use the original head files instead of creating new ones.
> >> > > Changes in v3
> >> > > - Add handle checkers for malloc.
> >> > > Changes in v4
> >> > > - None.
> >> > > Changes in v5
> >> > > - Add __maybe_unused to solve linker errors in some platforms.
> >> > > - replace malloc with calloc.
> >> > > Changes in v6
> >> > > - None.
> >> > >
> >> > > common/hash.c | 146
> ++++++++++++++++++++++++++++++++++++++++++++++++++
> >> > > 1 file changed, 146 insertions(+)
> >> >
> >> > I am not seeing the benefit of replacing U-Boot's hashing algorithms.
> >> > They work well and don't change. Also it seems to be making the code a
> >> > lot uglier, with an uncertain timeline for clean-up.
> >>
> >> A lot uglier where? It adds a few wrappers that fit into the current
> >> design and callbacks.
> >> I don't think what you are asking is possible. To do assymetric
> >> crypto, signatures etc -- and in the future add TLS support in wget
> >> mbedTLS relies on its internal hashing functions for the cipher suites
> >> it supports. So what you are asking would just make the code even
> >> larger. Raymond can you please double check?
> >>
> > Digest is the basic library of MbedTLS, I don't believe we can disable it
> > but only use the ones for certificates, unless MbedTLS makes changes
> > to allow hooking external digest libraries - as I mentioned in a
> previous reply,
> > I don't think this is what MbedTLS wants.
>
> There's a config option on config.h we could use to override shaXXX,
> but given that mbedTLS can be used to add more hashing alogorithms, I
> dont think we should do that
>
> If you mean the _ALT macros, they are used for porting HW acceleration.
Maybe we can point this to the original U-Boot ones, but I didn't try.
Raymond
More information about the U-Boot
mailing list