From eb5171ddec9d3b04c2517b60e69dc707e92cf716 Mon Sep 17 00:00:00 2001 From: Alexandru Gagniuc Date: Thu, 2 Sep 2021 19:54:17 -0500 Subject: common: Remove unused CONFIG_FIT_SHAxxx selectors Originally CONFIG_FIT_SHAxxx enabled specific SHA algos for and only for hash_calculate() in common/image-fit.c. However, since commit 14f061dcb1 ("image: Drop IMAGE_ENABLE_SHAxxx"), the correct selector was changed to CONFIG_SHAxxx. The extra "_FIT_" variants are neither used, nor needed. Remove them. One defconfig disables FIT_SHA256, which is now changed to 'SHA256'. CMD_MVEBU_BUBT needs to select select SHA256 to avoid undefined references to "sha256_*()". bubt.c needs sha256, so this selection is correct. It is not clear why this problem did not manifest before. Note that SHA selection in SPL is broken for this exact reason. There is no corresponding SPL_SHAxxx. Fixing this is is beyond the scope of this change. Also note that we make CONFIG_FIT now imply SHA256, to make up for FIT_SHA256 previously being a default y option. Signed-off-by: Alexandru Gagniuc [trini: Add imply SHA256 to FIT] Signed-off-by: Tom Rini --- include/image.h | 3 --- 1 file changed, 3 deletions(-) (limited to 'include') diff --git a/include/image.h b/include/image.h index e20f0b69d58..489b220eba4 100644 --- a/include/image.h +++ b/include/image.h @@ -31,9 +31,6 @@ struct fdt_region; #define IMAGE_ENABLE_OF_LIBFDT 1 #define CONFIG_FIT_VERBOSE 1 /* enable fit_format_{error,warning}() */ #define CONFIG_FIT_RSASSA_PSS 1 -#define CONFIG_FIT_SHA256 -#define CONFIG_FIT_SHA384 -#define CONFIG_FIT_SHA512 #define CONFIG_SHA1 #define CONFIG_SHA256 #define CONFIG_SHA384 -- cgit v1.3.1 From 0721209699c5092b4d364c3b57256840d3a7dcbc Mon Sep 17 00:00:00 2001 From: Alexandru Gagniuc Date: Thu, 2 Sep 2021 19:54:19 -0500 Subject: common/spl: Drop [ST]PL_HASH_SUPPORT in favor of [ST]PL_HASH All of these configs exist. Stick to using CONFIG_[ST]PL_HASH, and drop all references to CONFIG_[ST]PL_HASH_SUPPORT. This means we need for CHAIN_OF_TRUST to select SPL_HASH now. Signed-off-by: Alexandru Gagniuc [trini: Add TPL case, fix CHAIN_OF_TRUST, other tweaks] Signed-off-by: Tom Rini --- board/freescale/common/Kconfig | 1 + common/Kconfig.boot | 2 +- common/Makefile | 4 +--- common/spl/Kconfig | 23 +--------------------- .../ls1021atwr_sdcard_ifc_SECURE_BOOT_defconfig | 1 - configs/ls1043ardb_nand_SECURE_BOOT_defconfig | 1 - configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig | 1 - configs/ls1046ardb_sdcard_SECURE_BOOT_defconfig | 1 - .../ls1088ardb_sdcard_qspi_SECURE_BOOT_defconfig | 1 - include/configs/xilinx_zynqmp.h | 2 +- lib/Makefile | 2 +- 11 files changed, 6 insertions(+), 33 deletions(-) (limited to 'include') diff --git a/board/freescale/common/Kconfig b/board/freescale/common/Kconfig index ab9c14ae885..35a6115e5e4 100644 --- a/board/freescale/common/Kconfig +++ b/board/freescale/common/Kconfig @@ -4,6 +4,7 @@ config CHAIN_OF_TRUST imply CMD_HASH if ARM select FSL_CAAM select SPL_BOARD_INIT if (ARM && SPL) + select SPL_HASH if (ARM && SPL) select SHA_HW_ACCEL select SHA_PROG_HW_ACCEL select ENV_IS_NOWHERE diff --git a/common/Kconfig.boot b/common/Kconfig.boot index 8736e6af476..1f365d4a810 100644 --- a/common/Kconfig.boot +++ b/common/Kconfig.boot @@ -158,7 +158,7 @@ config SPL_FIT_SIGNATURE select FIT_SIGNATURE select SPL_FIT select SPL_CRYPTO - select SPL_HASH_SUPPORT + select SPL_HASH imply SPL_RSA imply SPL_RSA_VERIFY select SPL_IMAGE_SIGN_INFO diff --git a/common/Makefile b/common/Makefile index 9063ed93910..ae0430c35fe 100644 --- a/common/Makefile +++ b/common/Makefile @@ -8,7 +8,6 @@ ifndef CONFIG_SPL_BUILD obj-y += init/ obj-y += main.o obj-y += exports.o -obj-$(CONFIG_HASH) += hash.o obj-$(CONFIG_HUSH_PARSER) += cli_hush.o obj-$(CONFIG_AUTOBOOT) += autoboot.o @@ -66,8 +65,6 @@ ifdef CONFIG_SPL_BUILD ifdef CONFIG_SPL_DFU obj-$(CONFIG_DFU_OVER_USB) += dfu.o endif -obj-$(CONFIG_SPL_HASH_SUPPORT) += hash.o -obj-$(CONFIG_TPL_HASH_SUPPORT) += hash.o obj-$(CONFIG_SPL_LOAD_FIT) += common_fit.o obj-$(CONFIG_SPL_NET_SUPPORT) += miiphyutil.o obj-$(CONFIG_$(SPL_TPL_)OF_LIBFDT) += fdt_support.o @@ -105,6 +102,7 @@ endif endif obj-y += image.o +obj-$(CONFIG_$(SPL_TPL_)HASH) += hash.o obj-$(CONFIG_ANDROID_AB) += android_ab.o obj-$(CONFIG_ANDROID_BOOT_IMAGE) += image-android.o image-android-dt.o obj-$(CONFIG_$(SPL_TPL_)OF_LIBFDT) += image-fdt.o diff --git a/common/spl/Kconfig b/common/spl/Kconfig index d69d1fa5f78..29a46c47877 100644 --- a/common/spl/Kconfig +++ b/common/spl/Kconfig @@ -477,27 +477,6 @@ config SPL_CRYPTO this option to build the drivers in drivers/crypto as part of an SPL build. -config SPL_HASH_SUPPORT - bool "Support hashing drivers" - select SHA1 - select SHA256 - help - Enable hashing drivers in SPL. These drivers can be used to - accelerate secure boot processing in secure applications. Enable - this option to build system-specific drivers for hash acceleration - as part of an SPL build. - -config TPL_HASH_SUPPORT - bool "Support hashing drivers in TPL" - depends on TPL - select SHA1 - select SHA256 - help - Enable hashing drivers in SPL. These drivers can be used to - accelerate secure boot processing in secure applications. Enable - this option to build system-specific drivers for hash acceleration - as part of an SPL build. - config SPL_DMA bool "Support DMA drivers" help @@ -1193,7 +1172,7 @@ config SPL_USB_ETHER config SPL_DFU bool "Support DFU (Device Firmware Upgrade)" - select SPL_HASH_SUPPORT + select SPL_HASH select SPL_DFU_NO_RESET depends on SPL_RAM_SUPPORT help diff --git a/configs/ls1021atwr_sdcard_ifc_SECURE_BOOT_defconfig b/configs/ls1021atwr_sdcard_ifc_SECURE_BOOT_defconfig index 78196e6485d..f9d551c6a89 100644 --- a/configs/ls1021atwr_sdcard_ifc_SECURE_BOOT_defconfig +++ b/configs/ls1021atwr_sdcard_ifc_SECURE_BOOT_defconfig @@ -31,7 +31,6 @@ CONFIG_SPL_FSL_PBL=y CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_USE_SECTOR=y CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_SECTOR=0xe8 CONFIG_SPL_CRYPTO=y -CONFIG_SPL_HASH_SUPPORT=y CONFIG_SPL_ENV_SUPPORT=y CONFIG_SPL_I2C=y CONFIG_SPL_MPC8XXX_INIT_DDR_SUPPORT=y diff --git a/configs/ls1043ardb_nand_SECURE_BOOT_defconfig b/configs/ls1043ardb_nand_SECURE_BOOT_defconfig index 3736445d47c..2733ca83587 100644 --- a/configs/ls1043ardb_nand_SECURE_BOOT_defconfig +++ b/configs/ls1043ardb_nand_SECURE_BOOT_defconfig @@ -27,7 +27,6 @@ CONFIG_SPL_FSL_PBL=y CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_USE_SECTOR=y CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_SECTOR=0xf0 CONFIG_SPL_CRYPTO=y -CONFIG_SPL_HASH_SUPPORT=y CONFIG_SPL_ENV_SUPPORT=y CONFIG_SPL_MPC8XXX_INIT_DDR_SUPPORT=y CONFIG_SPL_NAND_SUPPORT=y diff --git a/configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig b/configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig index b879a0c3614..392ef1cbd55 100644 --- a/configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig +++ b/configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig @@ -27,7 +27,6 @@ CONFIG_SPL_FSL_PBL=y CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_USE_SECTOR=y CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_SECTOR=0x110 CONFIG_SPL_CRYPTO=y -CONFIG_SPL_HASH_SUPPORT=y CONFIG_SPL_ENV_SUPPORT=y CONFIG_SPL_MPC8XXX_INIT_DDR_SUPPORT=y CONFIG_SPL_WATCHDOG=y diff --git a/configs/ls1046ardb_sdcard_SECURE_BOOT_defconfig b/configs/ls1046ardb_sdcard_SECURE_BOOT_defconfig index c46d0dbedd3..3d5783aa260 100644 --- a/configs/ls1046ardb_sdcard_SECURE_BOOT_defconfig +++ b/configs/ls1046ardb_sdcard_SECURE_BOOT_defconfig @@ -27,7 +27,6 @@ CONFIG_SPL_FSL_PBL=y CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_USE_SECTOR=y CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_SECTOR=0x110 CONFIG_SPL_CRYPTO=y -CONFIG_SPL_HASH_SUPPORT=y CONFIG_SPL_ENV_SUPPORT=y CONFIG_SPL_I2C=y CONFIG_SPL_MPC8XXX_INIT_DDR_SUPPORT=y diff --git a/configs/ls1088ardb_sdcard_qspi_SECURE_BOOT_defconfig b/configs/ls1088ardb_sdcard_qspi_SECURE_BOOT_defconfig index 96d44799fa8..0d94027ccb9 100644 --- a/configs/ls1088ardb_sdcard_qspi_SECURE_BOOT_defconfig +++ b/configs/ls1088ardb_sdcard_qspi_SECURE_BOOT_defconfig @@ -33,7 +33,6 @@ CONFIG_MISC_INIT_R=y CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_USE_SECTOR=y CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_SECTOR=0x8b0 CONFIG_SPL_CRYPTO=y -CONFIG_SPL_HASH_SUPPORT=y CONFIG_SPL_ENV_SUPPORT=y CONFIG_SPL_I2C=y CONFIG_SPL_MPC8XXX_INIT_DDR_SUPPORT=y diff --git a/include/configs/xilinx_zynqmp.h b/include/configs/xilinx_zynqmp.h index 262154cdffd..42758ba7589 100644 --- a/include/configs/xilinx_zynqmp.h +++ b/include/configs/xilinx_zynqmp.h @@ -258,7 +258,7 @@ #if defined(CONFIG_SPL_BUILD) && defined(CONFIG_SPL_DFU) # define CONFIG_SPL_ENV_SUPPORT -# define CONFIG_SPL_HASH_SUPPORT +# define CONFIG_SPL_HASH # define CONFIG_ENV_MAX_ENTRIES 10 #endif diff --git a/lib/Makefile b/lib/Makefile index 6aa48ca3d50..93be86c34a0 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -87,7 +87,7 @@ endif ifdef CONFIG_SPL_BUILD obj-$(CONFIG_SPL_YMODEM_SUPPORT) += crc16.o -obj-$(CONFIG_$(SPL_TPL_)HASH_SUPPORT) += crc16.o +obj-$(CONFIG_$(SPL_TPL_)HASH) += crc16.o obj-y += net_utils.o endif obj-$(CONFIG_ADDR_MAP) += addr_map.o -- cgit v1.3.1 From fe54aeaa4acbb41880b05acef9ef949e62d299dd Mon Sep 17 00:00:00 2001 From: Alexandru Gagniuc Date: Thu, 2 Sep 2021 19:54:20 -0500 Subject: common: Move MD5 hash to hash_algo[] array. MD5 is being called directly in some places, but it is not available via hash_lookup_algo("md5"). This is inconsistent with other hasing routines. To resolve this, add an "md5" entry to hash_algos[]. The #ifdef clause looks funnier than those for other entries. This is because both MD5 and SPL_MD5 configs exist, whereas the other hashes do not have "SPL_" entries. The long term plan is to get rid of the ifdefs, so those should not be expected to survive much longer. The md5 entry does not have .hash_init/update/finish members. That's okay because hash_progressive_lookup_algo() will catch that, and return -EPROTONOSUPPORT, while hash_lookup_algo() will return the correct pointer. Signed-off-by: Alexandru Gagniuc [trini: Use CONFIG_IS_ENABLED not IS_ENABLED for MD5 check] Signed-off-by: Tom Rini --- common/hash.c | 13 +++++++++++++ include/image.h | 1 + include/u-boot/md5.h | 6 ++++-- lib/md5.c | 4 ++-- 4 files changed, 20 insertions(+), 4 deletions(-) (limited to 'include') diff --git a/common/hash.c b/common/hash.c index dca23635abe..6277fe65b3e 100644 --- a/common/hash.c +++ b/common/hash.c @@ -207,12 +207,25 @@ static int hash_finish_crc32(struct hash_algo *algo, void *ctx, void *dest_buf, return 0; } +#ifdef USE_HOSTCC +# define I_WANT_MD5 1 +#else +# define I_WANT_MD5 CONFIG_IS_ENABLED(MD5) +#endif /* * These are the hash algorithms we support. If we have hardware acceleration * is enable we will use that, otherwise a software version of the algorithm. * Note that algorithm names must be in lower case. */ static struct hash_algo hash_algo[] = { +#if I_WANT_MD5 + { + .name = "md5", + .digest_size = MD5_SUM_LEN, + .chunk_size = CHUNKSZ_MD5, + .hash_func_ws = md5_wd, + }, +#endif #ifdef CONFIG_SHA1 { .name = "sha1", diff --git a/include/image.h b/include/image.h index 489b220eba4..e4b9cd0df2d 100644 --- a/include/image.h +++ b/include/image.h @@ -31,6 +31,7 @@ struct fdt_region; #define IMAGE_ENABLE_OF_LIBFDT 1 #define CONFIG_FIT_VERBOSE 1 /* enable fit_format_{error,warning}() */ #define CONFIG_FIT_RSASSA_PSS 1 +#define CONFIG_MD5 #define CONFIG_SHA1 #define CONFIG_SHA256 #define CONFIG_SHA384 diff --git a/include/u-boot/md5.h b/include/u-boot/md5.h index e09c16a6e3f..6d48592aa64 100644 --- a/include/u-boot/md5.h +++ b/include/u-boot/md5.h @@ -8,6 +8,8 @@ #include "compiler.h" +#define MD5_SUM_LEN 16 + struct MD5Context { __u32 buf[4]; __u32 bits[2]; @@ -28,7 +30,7 @@ void md5 (unsigned char *input, int len, unsigned char output[16]); * 'output' must have enough space to hold 16 bytes. If 'chunk' Trigger the * watchdog every 'chunk_sz' bytes of input processed. */ -void md5_wd (unsigned char *input, int len, unsigned char output[16], - unsigned int chunk_sz); +void md5_wd(const unsigned char *input, unsigned int len, + unsigned char output[16], unsigned int chunk_sz); #endif /* _MD5_H */ diff --git a/lib/md5.c b/lib/md5.c index 2ae4a06319c..e2ba622ea4e 100644 --- a/lib/md5.c +++ b/lib/md5.c @@ -284,12 +284,12 @@ md5 (unsigned char *input, int len, unsigned char output[16]) * watchdog every 'chunk_sz' bytes of input processed. */ void -md5_wd (unsigned char *input, int len, unsigned char output[16], +md5_wd(const unsigned char *input, unsigned int len, unsigned char output[16], unsigned int chunk_sz) { struct MD5Context context; #if defined(CONFIG_HW_WATCHDOG) || defined(CONFIG_WATCHDOG) - unsigned char *end, *curr; + const unsigned char *end, *curr; int chunk; #endif -- cgit v1.3.1 From 0b905e25813a0b4e368730a147dadc7f55150edc Mon Sep 17 00:00:00 2001 From: Alexandru Gagniuc Date: Thu, 2 Sep 2021 19:54:22 -0500 Subject: image: Drop IMAGE_ENABLE_{MD5, CRC32} #defines These are no longer used, so drop them. Signed-off-by: Alexandru Gagniuc --- include/image.h | 20 -------------------- 1 file changed, 20 deletions(-) (limited to 'include') diff --git a/include/image.h b/include/image.h index e4b9cd0df2d..98b33d0629d 100644 --- a/include/image.h +++ b/include/image.h @@ -60,26 +60,6 @@ struct fdt_region; #include #include #include -# ifdef CONFIG_SPL_BUILD -# ifdef CONFIG_SPL_CRC32 -# define IMAGE_ENABLE_CRC32 1 -# endif -# ifdef CONFIG_SPL_MD5 -# define IMAGE_ENABLE_MD5 1 -# endif -# else -# define IMAGE_ENABLE_CRC32 1 -# define IMAGE_ENABLE_MD5 1 -# endif - -#ifndef IMAGE_ENABLE_CRC32 -#define IMAGE_ENABLE_CRC32 0 -#endif - -#ifndef IMAGE_ENABLE_MD5 -#define IMAGE_ENABLE_MD5 0 -#endif - #endif /* IMAGE_ENABLE_FIT */ #ifdef CONFIG_SYS_BOOT_GET_CMDLINE -- cgit v1.3.1