From 930c887e0fb88dcf1907f268960330c17999b5a3 Mon Sep 17 00:00:00 2001 From: Simon Glass Date: Sat, 25 Sep 2021 07:03:06 -0600 Subject: lib: Add memdup() Add a function to duplicate a memory region, a little like strdup(). Signed-off-by: Simon Glass --- lib/string.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) (limited to 'lib') diff --git a/lib/string.c b/lib/string.c index ba176fb08f7..78bd65c4136 100644 --- a/lib/string.c +++ b/lib/string.c @@ -659,6 +659,19 @@ void * memscan(void * addr, int c, size_t size) } #endif +char *memdup(const void *src, size_t len) +{ + char *p; + + p = malloc(len); + if (!p) + return NULL; + + memcpy(p, src, len); + + return p; +} + #ifndef __HAVE_ARCH_STRSTR /** * strstr - Find the first substring in a %NUL terminated string -- cgit v1.2.3 From 67bc59df05331eaac56cd0a00219d1386130aee2 Mon Sep 17 00:00:00 2001 From: Simon Glass Date: Sat, 25 Sep 2021 07:03:07 -0600 Subject: Add support for an owned buffer When passing a data buffer back from a function, it is not always clear who owns the buffer, i.e. who is responsible for freeing the memory used. An example of this is where multiple files are decompressed from the firmware image, using a temporary buffer for reading (since the compressed data has to live somewhere) and producing a temporary or permanent buffer with the resuilts. Where the firmware image can be memory-mapped, as on x86, the compressed data does not need to be buffered, but the complexity of having a buffer which is either allocated or not, makes the code hard to understand. Introduce a new 'abuf' which supports simple buffer operations: - encapsulating a buffer and its size - either allocated with malloc() or not - able to be reliably freed if necessary - able to be converted to an allocated buffer if needed This simple API makes it easier to deal with allocated and memory-mapped buffers. Signed-off-by: Simon Glass --- lib/Makefile | 1 + lib/abuf.c | 109 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 110 insertions(+) create mode 100644 lib/abuf.c (limited to 'lib') diff --git a/lib/Makefile b/lib/Makefile index 962470f4962..454396f101b 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -134,6 +134,7 @@ obj-$(CONFIG_OID_REGISTRY) += oid_registry.o obj-$(CONFIG_SSCANF) += sscanf.o endif +obj-y += abuf.o obj-y += date.o obj-y += rtc-lib.o obj-$(CONFIG_LIB_ELF) += elf.o diff --git a/lib/abuf.c b/lib/abuf.c new file mode 100644 index 00000000000..4b17e0b8c0d --- /dev/null +++ b/lib/abuf.c @@ -0,0 +1,109 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * Handles a buffer that can be allocated and freed + * + * Copyright 2021 Google LLC + * Written by Simon Glass + */ + +#include +#include +#include +#include +#include + +void abuf_set(struct abuf *abuf, void *data, size_t size) +{ + abuf_uninit(abuf); + abuf->data = data; + abuf->size = size; +} + +void abuf_map_sysmem(struct abuf *abuf, ulong addr, size_t size) +{ + abuf_set(abuf, map_sysmem(addr, size), size); +} + +bool abuf_realloc(struct abuf *abuf, size_t new_size) +{ + void *ptr; + + if (!new_size) { + /* easy case, just need to uninit, freeing any allocation */ + abuf_uninit(abuf); + return true; + } else if (abuf->alloced) { + /* currently allocated, so need to reallocate */ + ptr = realloc(abuf->data, new_size); + if (!ptr) + return false; + abuf->data = ptr; + abuf->size = new_size; + return true; + } else if (new_size <= abuf->size) { + /* + * not currently alloced and new size is no larger. Just update + * it. Data is lost off the end if new_size < abuf->size + */ + abuf->size = new_size; + return true; + } else { + /* not currently allocated and new size is larger. Alloc and + * copy in data. The new space is not inited. + */ + ptr = memdup(abuf->data, new_size); + if (!ptr) + return false; + abuf->data = ptr; + abuf->size = new_size; + abuf->alloced = true; + return true; + } +} + +void *abuf_uninit_move(struct abuf *abuf, size_t *sizep) +{ + void *ptr; + + if (sizep) + *sizep = abuf->size; + if (!abuf->size) + return NULL; + if (abuf->alloced) { + ptr = abuf->data; + } else { + ptr = memdup(abuf->data, abuf->size); + if (!ptr) + return NULL; + } + /* Clear everything out so there is no record of the data */ + abuf_init(abuf); + + return ptr; +} + +void abuf_init_set(struct abuf *abuf, void *data, size_t size) +{ + abuf_init(abuf); + abuf_set(abuf, data, size); +} + +void abuf_init_move(struct abuf *abuf, void *data, size_t size) +{ + abuf_init_set(abuf, data, size); + abuf->alloced = true; +} + +void abuf_uninit(struct abuf *abuf) +{ + if (abuf->alloced) + free(abuf->data); + abuf_init(abuf); +} + +void abuf_init(struct abuf *abuf) +{ + abuf->data = NULL; + abuf->size = 0; + abuf->alloced = false; +} -- cgit v1.2.3 From 94d0a2efc0315e2c5e3b62a7420292f0ce058079 Mon Sep 17 00:00:00 2001 From: Simon Glass Date: Sat, 25 Sep 2021 07:03:09 -0600 Subject: zstd: Create a function for use from U-Boot The existing zstd API requires the same sequence of calls to perform its task. Create a helper for U-Boot, to avoid code duplication, as is done with other compression algorithms. Make use of of this from the image code. Note that the zstd code lacks a test in test/compression.c and this should be added by the maintainer. Signed-off-by: Simon Glass --- lib/zstd/Makefile | 2 +- lib/zstd/zstd.c | 64 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 65 insertions(+), 1 deletion(-) create mode 100644 lib/zstd/zstd.c (limited to 'lib') diff --git a/lib/zstd/Makefile b/lib/zstd/Makefile index 33c1df48ec8..12170892923 100644 --- a/lib/zstd/Makefile +++ b/lib/zstd/Makefile @@ -1,4 +1,4 @@ obj-y += zstd_decompress.o zstd_decompress-y := huf_decompress.o decompress.o \ - entropy_common.o fse_decompress.o zstd_common.o + entropy_common.o fse_decompress.o zstd_common.o zstd.o diff --git a/lib/zstd/zstd.c b/lib/zstd/zstd.c new file mode 100644 index 00000000000..bf9cd19cfa3 --- /dev/null +++ b/lib/zstd/zstd.c @@ -0,0 +1,64 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * Copyright 2021 Google LLC + */ + +#define LOG_CATEGORY LOGC_BOOT + +#include +#include +#include +#include +#include + +int zstd_decompress(struct abuf *in, struct abuf *out) +{ + ZSTD_DStream *dstream; + ZSTD_inBuffer in_buf; + ZSTD_outBuffer out_buf; + void *workspace; + size_t wsize; + int ret; + + wsize = ZSTD_DStreamWorkspaceBound(abuf_size(in)); + workspace = malloc(wsize); + if (!workspace) { + debug("%s: cannot allocate workspace of size %zu\n", __func__, + wsize); + return -ENOMEM; + } + + dstream = ZSTD_initDStream(abuf_size(in), workspace, wsize); + if (!dstream) { + log_err("%s: ZSTD_initDStream failed\n", __func__); + ret = -EPERM; + goto do_free; + } + + in_buf.src = abuf_data(in); + in_buf.pos = 0; + in_buf.size = abuf_size(in); + + out_buf.dst = abuf_data(out); + out_buf.pos = 0; + out_buf.size = abuf_size(out); + + while (1) { + size_t res; + + res = ZSTD_decompressStream(dstream, &out_buf, &in_buf); + if (ZSTD_isError(res)) { + ret = ZSTD_getErrorCode(res); + log_err("ZSTD_decompressStream error %d\n", ret); + goto do_free; + } + + if (in_buf.pos >= abuf_size(in) || !res) + break; + } + + ret = out_buf.pos; +do_free: + free(workspace); + return ret; +} -- cgit v1.2.3 From 5a4f10d71bfe2b7a5646cf1f96b298805b36df7a Mon Sep 17 00:00:00 2001 From: Simon Glass Date: Sat, 25 Sep 2021 07:03:13 -0600 Subject: gzip: Avoid use of u64 The gzip API uses the u64 type in it, which is not available in the host build. This makes it impossible to include the header file. We could make this type available, but it seems unnecessary. Limiting the compression size to that of the 'unsigned long' type seems good enough. On 32-bit machines the limit then becomes 4GB, which likely exceeds available RAM anyway, therefore it should be sufficient. On 64-bit machines this is effectively u64 anyway. Update the header file and implementation to use 'ulong' instead of 'u64'. Add a definition of u32 for the cases that seem to need exactly that length. This should be safe enough. Signed-off-by: Simon Glass --- lib/gunzip.c | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) (limited to 'lib') diff --git a/lib/gunzip.c b/lib/gunzip.c index bee3b9261f3..a8e498d98d8 100644 --- a/lib/gunzip.c +++ b/lib/gunzip.c @@ -84,32 +84,32 @@ int gunzip(void *dst, int dstlen, unsigned char *src, unsigned long *lenp) #ifdef CONFIG_CMD_UNZIP __weak -void gzwrite_progress_init(u64 expectedsize) +void gzwrite_progress_init(ulong expectedsize) { putc('\n'); } __weak void gzwrite_progress(int iteration, - u64 bytes_written, - u64 total_bytes) + ulong bytes_written, + ulong total_bytes) { if (0 == (iteration & 3)) - printf("%llu/%llu\r", bytes_written, total_bytes); + printf("%lu/%lu\r", bytes_written, total_bytes); } __weak void gzwrite_progress_finish(int returnval, - u64 bytes_written, - u64 total_bytes, + ulong bytes_written, + ulong total_bytes, u32 expected_crc, u32 calculated_crc) { if (0 == returnval) { - printf("\n\t%llu bytes, crc 0x%08x\n", + printf("\n\t%lu bytes, crc 0x%08x\n", total_bytes, calculated_crc); } else { - printf("\n\tuncompressed %llu of %llu\n" + printf("\n\tuncompressed %lu of %lu\n" "\tcrcs == 0x%08x/0x%08x\n", bytes_written, total_bytes, expected_crc, calculated_crc); @@ -119,15 +119,15 @@ void gzwrite_progress_finish(int returnval, int gzwrite(unsigned char *src, int len, struct blk_desc *dev, unsigned long szwritebuf, - u64 startoffs, - u64 szexpected) + ulong startoffs, + ulong szexpected) { int i, flags; z_stream s; int r = 0; unsigned char *writebuf; unsigned crc = 0; - u64 totalfilled = 0; + ulong totalfilled = 0; lbaint_t blksperbuf, outblock; u32 expected_crc; u32 payload_size; @@ -142,7 +142,7 @@ int gzwrite(unsigned char *src, int len, } if (startoffs & (dev->blksz-1)) { - printf("%s: start offset %llu not a multiple of %lu\n", + printf("%s: start offset %lu not a multiple of %lu\n", __func__, startoffs, dev->blksz); return -1; } @@ -182,12 +182,12 @@ int gzwrite(unsigned char *src, int len, if (szexpected == 0) { szexpected = le32_to_cpu(szuncompressed); } else if (szuncompressed != (u32)szexpected) { - printf("size of %llx doesn't match trailer low bits %x\n", + printf("size of %lx doesn't match trailer low bits %x\n", szexpected, szuncompressed); return -1; } if (lldiv(szexpected, dev->blksz) > (dev->lba - outblock)) { - printf("%s: uncompressed size %llu exceeds device size\n", + printf("%s: uncompressed size %lu exceeds device size\n", __func__, szexpected); return -1; } -- cgit v1.2.3 From 603d15a572d5b1e2894db87b86d85a092dacdfd1 Mon Sep 17 00:00:00 2001 From: Simon Glass Date: Sat, 25 Sep 2021 19:43:17 -0600 Subject: spl: cypto: Bring back SPL_ versions of SHA Unfortunately these were removed by mistake. This means that adding hash support to SPL brings in all software algorithms, with a substantial increase in code size. The origin of the problem was renaming them to SPL_FIT_xxx and then these were removed altogether in a later commit. Add them back. This aligns with CONFIG_MD5, for example, which has an SPL variant. Signed-off-by: Simon Glass Fixes: f5bc9c25f31 ("image: Rename SPL_SHAxxx_SUPPORT to SPL_FIT_SHAxxx") Fixes: eb5171ddec9 ("common: Remove unused CONFIG_FIT_SHAxxx selectors") Reviewed-by: Alexandru Gagniuc --- lib/Kconfig | 43 ++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 42 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/Kconfig b/lib/Kconfig index 034af724b5d..7899e756f99 100644 --- a/lib/Kconfig +++ b/lib/Kconfig @@ -373,7 +373,6 @@ config SHA256 The SHA256 algorithm produces a 256-bit (32-byte) hash value (digest). - config SHA512 bool "Enable SHA512 support" help @@ -399,6 +398,48 @@ config SHA_HW_ACCEL hashing algorithms. This affects the 'hash' command and also the hash_lookup_algo() function. +if SPL + +config SPL_SHA1 + bool "Enable SHA1 support in SPL" + default y if SHA1 + help + This option enables support of hashing using SHA1 algorithm. + The hash is calculated in software. + The SHA1 algorithm produces a 160-bit (20-byte) hash value + (digest). + +config SPL_SHA256 + bool "Enable SHA256 support in SPL" + default y if SHA256 + help + This option enables support of hashing using SHA256 algorithm. + The hash is calculated in software. + The SHA256 algorithm produces a 256-bit (32-byte) hash value + (digest). + +config SPL_SHA512 + bool "Enable SHA512 support in SPL" + default y if SHA512 + help + This option enables support of hashing using SHA512 algorithm. + The hash is calculated in software. + The SHA512 algorithm produces a 512-bit (64-byte) hash value + (digest). + +config SPL_SHA384 + bool "Enable SHA384 support in SPL" + default y if SHA384 + select SPL_SHA512 + help + This option enables support of hashing using SHA384 algorithm. + The hash is calculated in software. This is also selects SHA512, + because these implementations share the bulk of the code.. + The SHA384 algorithm produces a 384-bit (48-byte) hash value + (digest). + +endif + if SHA_HW_ACCEL config SHA512_HW_ACCEL -- cgit v1.2.3 From 2c21256b27d70b5950bd059330cdab027fb6ab7e Mon Sep 17 00:00:00 2001 From: Simon Glass Date: Sat, 25 Sep 2021 19:43:18 -0600 Subject: hash: Use Kconfig to enable hashing in host tools and SPL At present when building host tools, we force CONFIG_SHAxxx to be enabled regardless of the board Kconfig setting. This is done in the image.h header file. For SPL we currently just assume the algorithm is desired if U-Boot proper enables it. Clean this up by adding new Kconfig options to enable hashing on the host, relying on CONFIG_IS_ENABLED() to deal with the different builds. Add new SPL Kconfigs for hardware-accelerated hashing, to maintain the current settings. This allows us to drop the image.h code and the I_WANT_MD5 hack. Signed-off-by: Simon Glass Reviewed-by: Alexandru Gagniuc --- lib/Kconfig | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) (limited to 'lib') diff --git a/lib/Kconfig b/lib/Kconfig index 7899e756f99..64765acfa61 100644 --- a/lib/Kconfig +++ b/lib/Kconfig @@ -438,6 +438,24 @@ config SPL_SHA384 The SHA384 algorithm produces a 384-bit (48-byte) hash value (digest). +config SPL_SHA_HW_ACCEL + bool "Enable hardware acceleration for SHA hash functions" + default y if SHA_HW_ACCEL + help + This option enables hardware acceleration for the SHA1 and SHA256 + hashing algorithms. This affects the 'hash' command and also the + hash_lookup_algo() function. + +config SPL_SHA_PROG_HW_ACCEL + bool "Enable Progressive hashing support using hardware in SPL" + depends on SHA_PROG_HW_ACCEL + default y + help + This option enables hardware-acceleration for SHA progressive + hashing. + Data can be streamed in a block at a time and the hashing is + performed in hardware. + endif if SHA_HW_ACCEL -- cgit v1.2.3 From 0c303f9a6628de9664b4f9140464a6f9d8224c36 Mon Sep 17 00:00:00 2001 From: Simon Glass Date: Sat, 25 Sep 2021 19:43:21 -0600 Subject: image: Drop IMAGE_ENABLE_OF_LIBFDT Add a host Kconfig for OF_LIBFDT. With this we can use CONFIG_IS_ENABLED(OF_LIBFDT) directly in the tools build, so drop the unnecessary indirection. Signed-off-by: Simon Glass Reviewed-by: Alexandru Gagniuc --- lib/lmb.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/lmb.c b/lib/lmb.c index 793647724c3..676b3a0bda6 100644 --- a/lib/lmb.c +++ b/lib/lmb.c @@ -153,7 +153,7 @@ static void lmb_reserve_common(struct lmb *lmb, void *fdt_blob) arch_lmb_reserve(lmb); board_lmb_reserve(lmb); - if (IMAGE_ENABLE_OF_LIBFDT && fdt_blob) + if (CONFIG_IS_ENABLED(OF_LIBFDT) && fdt_blob) boot_fdt_add_mem_rsv_regions(lmb, fdt_blob); } -- cgit v1.2.3 From 2bbed3ff8c7fa0c0fa3fd28a9497bf7a99e3388b Mon Sep 17 00:00:00 2001 From: Simon Glass Date: Sat, 25 Sep 2021 19:43:23 -0600 Subject: image: Use Kconfig to enable FIT_RSASSA_PSS on host Add a host Kconfig for FIT_RSASSA_PSS. With this we can use CONFIG_IS_ENABLED(FIT_RSASSA_PSS) directly in the host build, so drop the forcing of this in the image.h header. Drop the #ifdef around padding_pss_verify() too since it is not needed. Use the compiler to check the config where possible, instead of the preprocessor. Signed-off-by: Simon Glass Reviewed-by: Alexandru Gagniuc --- lib/rsa/rsa-sign.c | 5 ++--- lib/rsa/rsa-verify.c | 15 ++++----------- 2 files changed, 6 insertions(+), 14 deletions(-) (limited to 'lib') diff --git a/lib/rsa/rsa-sign.c b/lib/rsa/rsa-sign.c index c27a784c429..0579e5294ee 100644 --- a/lib/rsa/rsa-sign.c +++ b/lib/rsa/rsa-sign.c @@ -401,15 +401,14 @@ static int rsa_sign_with_key(EVP_PKEY *pkey, struct padding_algo *padding_algo, goto err_sign; } -#ifdef CONFIG_FIT_RSASSA_PSS - if (padding_algo && !strcmp(padding_algo->name, "pss")) { + if (CONFIG_IS_ENABLED(FIT_RSASSA_PSS) && padding_algo && + !strcmp(padding_algo->name, "pss")) { if (EVP_PKEY_CTX_set_rsa_padding(ckey, RSA_PKCS1_PSS_PADDING) <= 0) { ret = rsa_err("Signer padding setup failed"); goto err_sign; } } -#endif /* CONFIG_FIT_RSASSA_PSS */ for (i = 0; i < region_count; i++) { if (!EVP_DigestSignUpdate(context, region[i].data, diff --git a/lib/rsa/rsa-verify.c b/lib/rsa/rsa-verify.c index ad6d33d043a..600c93ab810 100644 --- a/lib/rsa/rsa-verify.c +++ b/lib/rsa/rsa-verify.c @@ -102,7 +102,7 @@ U_BOOT_PADDING_ALGO(pkcs_15) = { }; #endif -#ifdef CONFIG_FIT_RSASSA_PSS +#if CONFIG_IS_ENABLED(FIT_RSASSA_PSS) static void u32_i2osp(uint32_t val, uint8_t *buf) { buf[0] = (uint8_t)((val >> 24) & 0xff); @@ -313,7 +313,6 @@ U_BOOT_PADDING_ALGO(pss) = { #endif -#if CONFIG_IS_ENABLED(FIT_SIGNATURE) || CONFIG_IS_ENABLED(RSA_VERIFY_WITH_PKEY) /** * rsa_verify_key() - Verify a signature against some data using RSA Key * @@ -385,9 +384,7 @@ static int rsa_verify_key(struct image_sign_info *info, return 0; } -#endif -#if CONFIG_IS_ENABLED(RSA_VERIFY_WITH_PKEY) /** * rsa_verify_with_pkey() - Verify a signature against some data using * only modulus and exponent as RSA key properties. @@ -408,6 +405,9 @@ int rsa_verify_with_pkey(struct image_sign_info *info, struct key_prop *prop; int ret; + if (!CONFIG_IS_ENABLED(RSA_VERIFY_WITH_PKEY)) + return -EACCES; + /* Public key is self-described to fill key_prop */ ret = rsa_gen_key_prop(info->key, info->keylen, &prop); if (ret) { @@ -422,13 +422,6 @@ int rsa_verify_with_pkey(struct image_sign_info *info, return ret; } -#else -int rsa_verify_with_pkey(struct image_sign_info *info, - const void *hash, uint8_t *sig, uint sig_len) -{ - return -EACCES; -} -#endif #if CONFIG_IS_ENABLED(FIT_SIGNATURE) /** -- cgit v1.2.3 From e7d285b2f38202f9d7ffbdcae59283f08bafd8b9 Mon Sep 17 00:00:00 2001 From: Simon Glass Date: Sat, 25 Sep 2021 19:43:24 -0600 Subject: image: Use the correct checks for CRC32 Add a host Kconfig for CRC32. With this we can use CONFIG_IS_ENABLED(CRC32) directly in the host build, so drop the unnecessary indirection. Add a few more conditions to SPL_CRC32 to avoid build failures as well as TPL_CRC32. Also update hash.c to make crc32 optional and to actually take notice of SPL_CRC32. Signed-off-by: Simon Glass Reviewed-by: Alexandru Gagniuc --- lib/Kconfig | 5 +++++ lib/Makefile | 4 +--- 2 files changed, 6 insertions(+), 3 deletions(-) (limited to 'lib') diff --git a/lib/Kconfig b/lib/Kconfig index 64765acfa61..70bf8e7a464 100644 --- a/lib/Kconfig +++ b/lib/Kconfig @@ -496,6 +496,11 @@ config SPL_MD5 security applications, but it can be useful for providing a quick checksum of a block of data. +config CRC32 + def_bool y + help + Enables CRC32 support in U-Boot. This is normally required. + config CRC32C bool diff --git a/lib/Makefile b/lib/Makefile index 454396f101b..5ddbc77ed6d 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -96,9 +96,7 @@ obj-y += display_options.o CFLAGS_display_options.o := $(if $(BUILD_TAG),-DBUILD_TAG='"$(BUILD_TAG)"') obj-$(CONFIG_BCH) += bch.o obj-$(CONFIG_MMC_SPI) += crc7.o -#ifndef CONFIG_TPL_BUILD -obj-y += crc32.o -#endif +obj-$(CONFIG_$(SPL_TPL_)CRC32) += crc32.o obj-$(CONFIG_CRC32C) += crc32c.o obj-y += ctype.o obj-y += div64.o -- cgit v1.2.3 From 1eccbb16a2c0427488d91e169572c3c397c4c1d5 Mon Sep 17 00:00:00 2001 From: Simon Glass Date: Sat, 25 Sep 2021 19:43:29 -0600 Subject: efi: Correct dependency on FIT_SIGNATURE At present EFI_SECURE BOOT selects RSA but does not necessarily enable FIT_SIGNATURE. Mostly this is fine, but a few boards do not enable it, so U-Boot tries to do RSA verification when loading FIT images, but it is not enabled. This worked because the condition for checking the RSA signature is wrong in the fit_image_verify_with_data() function. In order to fix it we need to fix this dependency. Make sure that FIT_SIGNATURE is enabled so that RSA can be used. It might be better to avoid using 'select' in this situation. Signed-off-by: Simon Glass --- lib/efi_loader/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/efi_loader/Kconfig b/lib/efi_loader/Kconfig index 3d5a5cd189e..83d584a60e5 100644 --- a/lib/efi_loader/Kconfig +++ b/lib/efi_loader/Kconfig @@ -336,7 +336,7 @@ config EFI_LOAD_FILE2_INITRD config EFI_SECURE_BOOT bool "Enable EFI secure boot support" - depends on EFI_LOADER + depends on EFI_LOADER && FIT_SIGNATURE select HASH select SHA256 select RSA -- cgit v1.2.3 From 13c133b995decefdc64160f1df2c58e5bf342e28 Mon Sep 17 00:00:00 2001 From: Simon Glass Date: Sat, 25 Sep 2021 19:43:33 -0600 Subject: image: Drop unnecessary #ifdefs from image.h This file has a lot of conditional code and much of it is unnecessary. Clean this up to reduce the number of build combinations. Signed-off-by: Simon Glass --- lib/hash-checksum.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/hash-checksum.c b/lib/hash-checksum.c index d732ecc38fd..8f2a42f9a08 100644 --- a/lib/hash-checksum.c +++ b/lib/hash-checksum.c @@ -17,7 +17,7 @@ #include int hash_calculate(const char *name, - const struct image_region region[], + const struct image_region *region, int region_count, uint8_t *checksum) { struct hash_algo *algo; -- cgit v1.2.3