From 5d3248a688c2368be54aaa9407be30adfa994abc Mon Sep 17 00:00:00 2001 From: Simon Glass Date: Sat, 25 Sep 2021 07:03:17 -0600 Subject: image: Split host code out into its own file To avoid having #ifdefs in a few functions which are completely different in the board and host code, create a new image-host.c file. Signed-off-by: Simon Glass --- tools/Makefile | 1 + 1 file changed, 1 insertion(+) (limited to 'tools') diff --git a/tools/Makefile b/tools/Makefile index 4a86321f646..999fd465316 100644 --- a/tools/Makefile +++ b/tools/Makefile @@ -113,6 +113,7 @@ dumpimage-mkimage-objs := aisimage.o \ lib/fdtdec_common.o \ lib/fdtdec.o \ common/image.o \ + common/image-host.o \ imagetool.o \ imximage.o \ imx8image.o \ -- cgit v1.3.1 From e02b3fd4b9cf34c7d22254e8d6db69e2f4471f4f Mon Sep 17 00:00:00 2001 From: Simon Glass Date: Sat, 25 Sep 2021 19:43:16 -0600 Subject: image: Add Kconfig options for FIT in the tools build In preparation for enabling CONFIG_IS_ENABLED() on the host build, add some options to enable the various FIT options expected in these tools. This will ensure that the code builds correctly when CONFIG_TOOLS_xxx is distinct from CONFIG_xxx. Drop some #ifdefs which are immediately unnecessary (many more are in later patches). Signed-off-by: Simon Glass Reviewed-by: Alexandru Gagniuc Reviewed-by: Alexandru Gagniuc --- common/image-fit-sig.c | 3 ++- common/image-fit.c | 4 ++-- tools/Kconfig | 25 +++++++++++++++++++++++++ 3 files changed, 29 insertions(+), 3 deletions(-) (limited to 'tools') diff --git a/common/image-fit-sig.c b/common/image-fit-sig.c index b979cd2a4b6..e95e64bd2fe 100644 --- a/common/image-fit-sig.c +++ b/common/image-fit-sig.c @@ -72,11 +72,12 @@ static int fit_image_setup_verify(struct image_sign_info *info, char *algo_name; const char *padding_name; +#ifndef USE_HOSTCC if (fdt_totalsize(fit) > CONFIG_FIT_SIGNATURE_MAX_SIZE) { *err_msgp = "Total size too large"; return 1; } - +#endif if (fit_image_hash_get_algo(fit, noffset, &algo_name)) { *err_msgp = "Can't get hash algo property"; return -1; diff --git a/common/image-fit.c b/common/image-fit.c index 6f8e67e4158..17c6d4e7813 100644 --- a/common/image-fit.c +++ b/common/image-fit.c @@ -170,7 +170,7 @@ int fit_get_subimage_count(const void *fit, int images_noffset) return count; } -#if CONFIG_IS_ENABLED(FIT_PRINT) || CONFIG_IS_ENABLED(SPL_FIT_PRINT) +#if CONFIG_IS_ENABLED(FIT_PRINT) /** * fit_image_print_data() - prints out the hash node details * @fit: pointer to the FIT format image header @@ -578,7 +578,7 @@ void fit_image_print(const void *fit, int image_noffset, const char *p) #else void fit_print_contents(const void *fit) { } void fit_image_print(const void *fit, int image_noffset, const char *p) { } -#endif /* CONFIG_IS_ENABLED(FIR_PRINT) || CONFIG_IS_ENABLED(SPL_FIT_PRINT) */ +#endif /* CONFIG_IS_ENABLED(FIT_PRINT) */ /** * fit_get_desc - get node description property diff --git a/tools/Kconfig b/tools/Kconfig index d6f82cd949b..ea986ab0479 100644 --- a/tools/Kconfig +++ b/tools/Kconfig @@ -20,4 +20,29 @@ config TOOLS_LIBCRYPTO This selection does not affect target features, such as runtime FIT signature verification. +config TOOLS_FIT + def_bool y + help + Enable FIT support in the tools builds. + +config TOOLS_FIT_FULL_CHECK + def_bool y + help + Do a full check of the FIT before using it in the tools builds + +config TOOLS_FIT_PRINT + def_bool y + help + Print the content of the FIT verbosely in the tools builds + +config TOOLS_FIT_SIGNATURE + def_bool y + help + Enable signature verification of FIT uImages in the tools builds + +config TOOLS_FIT_SIGNATURE_MAX_SIZE + hex + depends on TOOLS_FIT_SIGNATURE + default 0x10000000 + endmenu -- cgit v1.3.1 From 2c21256b27d70b5950bd059330cdab027fb6ab7e Mon Sep 17 00:00:00 2001 From: Simon Glass Date: Sat, 25 Sep 2021 19:43:18 -0600 Subject: hash: Use Kconfig to enable hashing in host tools and SPL At present when building host tools, we force CONFIG_SHAxxx to be enabled regardless of the board Kconfig setting. This is done in the image.h header file. For SPL we currently just assume the algorithm is desired if U-Boot proper enables it. Clean this up by adding new Kconfig options to enable hashing on the host, relying on CONFIG_IS_ENABLED() to deal with the different builds. Add new SPL Kconfigs for hardware-accelerated hashing, to maintain the current settings. This allows us to drop the image.h code and the I_WANT_MD5 hack. Signed-off-by: Simon Glass Reviewed-by: Alexandru Gagniuc --- common/hash.c | 49 +++++++++++++++++++++++-------------------------- include/fdt_support.h | 2 +- include/hash.h | 6 +++++- include/image.h | 5 ----- lib/Kconfig | 18 ++++++++++++++++++ tools/Kconfig | 25 +++++++++++++++++++++++++ 6 files changed, 72 insertions(+), 33 deletions(-) (limited to 'tools') diff --git a/common/hash.c b/common/hash.c index 3884298edf2..2b8e7a4d5c3 100644 --- a/common/hash.c +++ b/common/hash.c @@ -25,6 +25,7 @@ #else #include "mkimage.h" #include +#include #endif /* !USE_HOSTCC*/ #include @@ -41,7 +42,7 @@ DECLARE_GLOBAL_DATA_PTR; static void reloc_update(void); -#if defined(CONFIG_SHA1) && !defined(CONFIG_SHA_PROG_HW_ACCEL) +#if CONFIG_IS_ENABLED(SHA1) && !CONFIG_IS_ENABLED(SHA_PROG_HW_ACCEL) static int hash_init_sha1(struct hash_algo *algo, void **ctxp) { sha1_context *ctx = malloc(sizeof(sha1_context)); @@ -69,7 +70,7 @@ static int hash_finish_sha1(struct hash_algo *algo, void *ctx, void *dest_buf, } #endif -#if defined(CONFIG_SHA256) && !defined(CONFIG_SHA_PROG_HW_ACCEL) +#if CONFIG_IS_ENABLED(SHA256) && !CONFIG_IS_ENABLED(SHA_PROG_HW_ACCEL) static int hash_init_sha256(struct hash_algo *algo, void **ctxp) { sha256_context *ctx = malloc(sizeof(sha256_context)); @@ -97,7 +98,7 @@ static int hash_finish_sha256(struct hash_algo *algo, void *ctx, void } #endif -#if defined(CONFIG_SHA384) && !defined(CONFIG_SHA_PROG_HW_ACCEL) +#if CONFIG_IS_ENABLED(SHA384) && !CONFIG_IS_ENABLED(SHA_PROG_HW_ACCEL) static int hash_init_sha384(struct hash_algo *algo, void **ctxp) { sha512_context *ctx = malloc(sizeof(sha512_context)); @@ -125,7 +126,7 @@ static int hash_finish_sha384(struct hash_algo *algo, void *ctx, void } #endif -#if defined(CONFIG_SHA512) && !defined(CONFIG_SHA_PROG_HW_ACCEL) +#if CONFIG_IS_ENABLED(SHA512) && !CONFIG_IS_ENABLED(SHA_PROG_HW_ACCEL) static int hash_init_sha512(struct hash_algo *algo, void **ctxp) { sha512_context *ctx = malloc(sizeof(sha512_context)); @@ -207,18 +208,13 @@ static int hash_finish_crc32(struct hash_algo *algo, void *ctx, void *dest_buf, return 0; } -#ifdef USE_HOSTCC -# define I_WANT_MD5 1 -#else -# define I_WANT_MD5 CONFIG_IS_ENABLED(MD5) -#endif /* * These are the hash algorithms we support. If we have hardware acceleration * is enable we will use that, otherwise a software version of the algorithm. * Note that algorithm names must be in lower case. */ static struct hash_algo hash_algo[] = { -#if I_WANT_MD5 +#if CONFIG_IS_ENABLED(MD5) { .name = "md5", .digest_size = MD5_SUM_LEN, @@ -226,17 +222,17 @@ static struct hash_algo hash_algo[] = { .hash_func_ws = md5_wd, }, #endif -#ifdef CONFIG_SHA1 +#if CONFIG_IS_ENABLED(SHA1) { .name = "sha1", .digest_size = SHA1_SUM_LEN, .chunk_size = CHUNKSZ_SHA1, -#ifdef CONFIG_SHA_HW_ACCEL +#if CONFIG_IS_ENABLED(SHA_HW_ACCEL) .hash_func_ws = hw_sha1, #else .hash_func_ws = sha1_csum_wd, #endif -#ifdef CONFIG_SHA_PROG_HW_ACCEL +#if CONFIG_IS_ENABLED(SHA_PROG_HW_ACCEL) .hash_init = hw_sha_init, .hash_update = hw_sha_update, .hash_finish = hw_sha_finish, @@ -247,17 +243,17 @@ static struct hash_algo hash_algo[] = { #endif }, #endif -#ifdef CONFIG_SHA256 +#if CONFIG_IS_ENABLED(SHA256) { .name = "sha256", .digest_size = SHA256_SUM_LEN, .chunk_size = CHUNKSZ_SHA256, -#ifdef CONFIG_SHA_HW_ACCEL +#if CONFIG_IS_ENABLED(SHA_HW_ACCEL) .hash_func_ws = hw_sha256, #else .hash_func_ws = sha256_csum_wd, #endif -#ifdef CONFIG_SHA_PROG_HW_ACCEL +#if CONFIG_IS_ENABLED(SHA_PROG_HW_ACCEL) .hash_init = hw_sha_init, .hash_update = hw_sha_update, .hash_finish = hw_sha_finish, @@ -268,17 +264,17 @@ static struct hash_algo hash_algo[] = { #endif }, #endif -#ifdef CONFIG_SHA384 +#if CONFIG_IS_ENABLED(SHA384) { .name = "sha384", .digest_size = SHA384_SUM_LEN, .chunk_size = CHUNKSZ_SHA384, -#ifdef CONFIG_SHA512_HW_ACCEL +#if CONFIG_IS_ENABLED(SHA512_HW_ACCEL) .hash_func_ws = hw_sha384, #else .hash_func_ws = sha384_csum_wd, #endif -#if defined(CONFIG_SHA512_HW_ACCEL) && defined(CONFIG_SHA_PROG_HW_ACCEL) +#if CONFIG_IS_ENABLED(SHA512_HW_ACCEL) && CONFIG_IS_ENABLED(SHA_PROG_HW_ACCEL) .hash_init = hw_sha_init, .hash_update = hw_sha_update, .hash_finish = hw_sha_finish, @@ -289,17 +285,17 @@ static struct hash_algo hash_algo[] = { #endif }, #endif -#ifdef CONFIG_SHA512 +#if CONFIG_IS_ENABLED(SHA512) { .name = "sha512", .digest_size = SHA512_SUM_LEN, .chunk_size = CHUNKSZ_SHA512, -#ifdef CONFIG_SHA512_HW_ACCEL +#if CONFIG_IS_ENABLED(SHA512_HW_ACCEL) .hash_func_ws = hw_sha512, #else .hash_func_ws = sha512_csum_wd, #endif -#if defined(CONFIG_SHA512_HW_ACCEL) && defined(CONFIG_SHA_PROG_HW_ACCEL) +#if CONFIG_IS_ENABLED(SHA512_HW_ACCEL) && CONFIG_IS_ENABLED(SHA_PROG_HW_ACCEL) .hash_init = hw_sha_init, .hash_update = hw_sha_update, .hash_finish = hw_sha_finish, @@ -331,9 +327,9 @@ static struct hash_algo hash_algo[] = { }; /* Try to minimize code size for boards that don't want much hashing */ -#if defined(CONFIG_SHA256) || defined(CONFIG_CMD_SHA1SUM) || \ - defined(CONFIG_CRC32_VERIFY) || defined(CONFIG_CMD_HASH) || \ - defined(CONFIG_SHA384) || defined(CONFIG_SHA512) +#if CONFIG_IS_ENABLED(SHA256) || CONFIG_IS_ENABLED(CMD_SHA1SUM) || \ + CONFIG_IS_ENABLED(CRC32_VERIFY) || CONFIG_IS_ENABLED(CMD_HASH) || \ + CONFIG_IS_ENABLED(SHA384) || CONFIG_IS_ENABLED(SHA512) #define multi_hash() 1 #else #define multi_hash() 0 @@ -438,7 +434,8 @@ int hash_block(const char *algo_name, const void *data, unsigned int len, return 0; } -#if defined(CONFIG_CMD_HASH) || defined(CONFIG_CMD_SHA1SUM) || defined(CONFIG_CMD_CRC32) +#if !defined(CONFIG_SPL_BUILD) && (defined(CONFIG_CMD_HASH) || \ + defined(CONFIG_CMD_SHA1SUM) || defined(CONFIG_CMD_CRC32)) /** * store_result: Store the resulting sum to an address or variable * diff --git a/include/fdt_support.h b/include/fdt_support.h index 72a5b90c97c..88d129c8038 100644 --- a/include/fdt_support.h +++ b/include/fdt_support.h @@ -7,7 +7,7 @@ #ifndef __FDT_SUPPORT_H #define __FDT_SUPPORT_H -#ifdef CONFIG_OF_LIBFDT +#if defined(CONFIG_OF_LIBFDT) && !defined(USE_HOSTCC) #include #include diff --git a/include/hash.h b/include/hash.h index 97bb3ed5d9a..cfafbe70064 100644 --- a/include/hash.h +++ b/include/hash.h @@ -6,13 +6,17 @@ #ifndef _HASH_H #define _HASH_H +#ifdef USE_HOSTCC +#include +#endif + struct cmd_tbl; /* * Maximum digest size for all algorithms we support. Having this value * avoids a malloc() or C99 local declaration in common/cmd_hash.c. */ -#if defined(CONFIG_SHA384) || defined(CONFIG_SHA512) +#if CONFIG_IS_ENABLED(SHA384) || CONFIG_IS_ENABLED(SHA512) #define HASH_MAX_DIGEST_SIZE 64 #else #define HASH_MAX_DIGEST_SIZE 32 diff --git a/include/image.h b/include/image.h index 73a763a6936..03857f4b500 100644 --- a/include/image.h +++ b/include/image.h @@ -31,11 +31,6 @@ struct fdt_region; #define IMAGE_ENABLE_OF_LIBFDT 1 #define CONFIG_FIT_VERBOSE 1 /* enable fit_format_{error,warning}() */ #define CONFIG_FIT_RSASSA_PSS 1 -#define CONFIG_MD5 -#define CONFIG_SHA1 -#define CONFIG_SHA256 -#define CONFIG_SHA384 -#define CONFIG_SHA512 #define IMAGE_ENABLE_IGNORE 0 #define IMAGE_INDENT_STRING "" diff --git a/lib/Kconfig b/lib/Kconfig index 7899e756f99..64765acfa61 100644 --- a/lib/Kconfig +++ b/lib/Kconfig @@ -438,6 +438,24 @@ config SPL_SHA384 The SHA384 algorithm produces a 384-bit (48-byte) hash value (digest). +config SPL_SHA_HW_ACCEL + bool "Enable hardware acceleration for SHA hash functions" + default y if SHA_HW_ACCEL + help + This option enables hardware acceleration for the SHA1 and SHA256 + hashing algorithms. This affects the 'hash' command and also the + hash_lookup_algo() function. + +config SPL_SHA_PROG_HW_ACCEL + bool "Enable Progressive hashing support using hardware in SPL" + depends on SHA_PROG_HW_ACCEL + default y + help + This option enables hardware-acceleration for SHA progressive + hashing. + Data can be streamed in a block at a time and the hashing is + performed in hardware. + endif if SHA_HW_ACCEL diff --git a/tools/Kconfig b/tools/Kconfig index ea986ab0479..6ffc2c0aa31 100644 --- a/tools/Kconfig +++ b/tools/Kconfig @@ -45,4 +45,29 @@ config TOOLS_FIT_SIGNATURE_MAX_SIZE depends on TOOLS_FIT_SIGNATURE default 0x10000000 +config TOOLS_MD5 + def_bool y + help + Enable MD5 support in the tools builds + +config TOOLS_SHA1 + def_bool y + help + Enable SHA1 support in the tools builds + +config TOOLS_SHA256 + def_bool y + help + Enable SHA256 support in the tools builds + +config TOOLS_SHA384 + def_bool y + help + Enable SHA384 support in the tools builds + +config TOOLS_SHA512 + def_bool y + help + Enable SHA512 support in the tools builds + endmenu -- cgit v1.3.1 From 0c303f9a6628de9664b4f9140464a6f9d8224c36 Mon Sep 17 00:00:00 2001 From: Simon Glass Date: Sat, 25 Sep 2021 19:43:21 -0600 Subject: image: Drop IMAGE_ENABLE_OF_LIBFDT Add a host Kconfig for OF_LIBFDT. With this we can use CONFIG_IS_ENABLED(OF_LIBFDT) directly in the tools build, so drop the unnecessary indirection. Signed-off-by: Simon Glass Reviewed-by: Alexandru Gagniuc --- arch/arc/lib/bootm.c | 2 +- arch/arm/lib/bootm.c | 4 ++-- arch/microblaze/lib/bootm.c | 2 +- arch/nds32/lib/bootm.c | 4 ++-- arch/riscv/lib/bootm.c | 4 ++-- board/synopsys/hsdk/hsdk.c | 2 +- common/bootm.c | 4 ++-- common/image-board.c | 8 ++++---- common/image.c | 2 +- include/image.h | 3 --- lib/lmb.c | 2 +- tools/Kconfig | 5 +++++ 12 files changed, 22 insertions(+), 20 deletions(-) (limited to 'tools') diff --git a/arch/arc/lib/bootm.c b/arch/arc/lib/bootm.c index 41408c2b460..ed6c5dfa584 100644 --- a/arch/arc/lib/bootm.c +++ b/arch/arc/lib/bootm.c @@ -63,7 +63,7 @@ static void boot_jump_linux(bootm_headers_t *images, int flag) "(fake run for tracing)" : ""); bootstage_mark_name(BOOTSTAGE_ID_BOOTM_HANDOFF, "start_kernel"); - if (IMAGE_ENABLE_OF_LIBFDT && images->ft_len) { + if (CONFIG_IS_ENABLED(OF_LIBFDT) && images->ft_len) { r0 = 2; r2 = (unsigned int)images->ft_addr; } else { diff --git a/arch/arm/lib/bootm.c b/arch/arm/lib/bootm.c index dd6a69315ac..a59a5e6c0ea 100644 --- a/arch/arm/lib/bootm.c +++ b/arch/arm/lib/bootm.c @@ -199,7 +199,7 @@ static void boot_prep_linux(bootm_headers_t *images) { char *commandline = env_get("bootargs"); - if (IMAGE_ENABLE_OF_LIBFDT && images->ft_len) { + if (CONFIG_IS_ENABLED(OF_LIBFDT) && images->ft_len) { #ifdef CONFIG_OF_LIBFDT debug("using: FDT\n"); if (image_setup_linux(images)) { @@ -356,7 +356,7 @@ static void boot_jump_linux(bootm_headers_t *images, int flag) bootstage_mark(BOOTSTAGE_ID_RUN_OS); announce_and_cleanup(fake); - if (IMAGE_ENABLE_OF_LIBFDT && images->ft_len) + if (CONFIG_IS_ENABLED(OF_LIBFDT) && images->ft_len) r2 = (unsigned long)images->ft_addr; else r2 = gd->bd->bi_boot_params; diff --git a/arch/microblaze/lib/bootm.c b/arch/microblaze/lib/bootm.c index 3a6da6e29ff..12ea32488e6 100644 --- a/arch/microblaze/lib/bootm.c +++ b/arch/microblaze/lib/bootm.c @@ -75,7 +75,7 @@ static void boot_jump_linux(bootm_headers_t *images, int flag) static void boot_prep_linux(bootm_headers_t *images) { - if (IMAGE_ENABLE_OF_LIBFDT && images->ft_len) { + if (CONFIG_IS_ENABLED(OF_LIBFDT) && images->ft_len) { debug("using: FDT\n"); if (image_setup_linux(images)) { printf("FDT creation failed! hanging..."); diff --git a/arch/nds32/lib/bootm.c b/arch/nds32/lib/bootm.c index 1c7f7856999..71ebfb4225b 100644 --- a/arch/nds32/lib/bootm.c +++ b/arch/nds32/lib/bootm.c @@ -69,7 +69,7 @@ int do_bootm_linux(int flag, int argc, char *argv[], bootm_headers_t *images) debug("## Transferring control to Linux (at address %08lx) ...\n", (ulong)theKernel); - if (IMAGE_ENABLE_OF_LIBFDT && images->ft_len) { + if (CONFIG_IS_ENABLED(OF_LIBFDT) && images->ft_len) { #ifdef CONFIG_OF_LIBFDT debug("using: FDT\n"); if (image_setup_linux(images)) { @@ -110,7 +110,7 @@ int do_bootm_linux(int flag, int argc, char *argv[], bootm_headers_t *images) #endif } cleanup_before_linux(); - if (IMAGE_ENABLE_OF_LIBFDT && images->ft_len) + if (CONFIG_IS_ENABLED(OF_LIBFDT) && images->ft_len) theKernel(0, machid, (unsigned long)images->ft_addr); else theKernel(0, machid, bd->bi_boot_params); diff --git a/arch/riscv/lib/bootm.c b/arch/riscv/lib/bootm.c index ff1bdf71318..2e1e286c8ef 100644 --- a/arch/riscv/lib/bootm.c +++ b/arch/riscv/lib/bootm.c @@ -64,7 +64,7 @@ static void announce_and_cleanup(int fake) static void boot_prep_linux(bootm_headers_t *images) { - if (IMAGE_ENABLE_OF_LIBFDT && images->ft_len) { + if (CONFIG_IS_ENABLED(OF_LIBFDT) && images->ft_len) { #ifdef CONFIG_OF_LIBFDT debug("using: FDT\n"); if (image_setup_linux(images)) { @@ -96,7 +96,7 @@ static void boot_jump_linux(bootm_headers_t *images, int flag) announce_and_cleanup(fake); if (!fake) { - if (IMAGE_ENABLE_OF_LIBFDT && images->ft_len) { + if (CONFIG_IS_ENABLED(OF_LIBFDT) && images->ft_len) { #ifdef CONFIG_SMP ret = smp_call_function(images->ep, (ulong)images->ft_addr, 0, 0); diff --git a/board/synopsys/hsdk/hsdk.c b/board/synopsys/hsdk/hsdk.c index 892b94bb083..226fbba6296 100644 --- a/board/synopsys/hsdk/hsdk.c +++ b/board/synopsys/hsdk/hsdk.c @@ -871,7 +871,7 @@ int board_prep_linux(bootm_headers_t *images) if (env_common.core_mask.val == ALL_CPU_MASK) return 0; - if (!IMAGE_ENABLE_OF_LIBFDT || !images->ft_len) { + if (!CONFIG_IS_ENABLED(OF_LIBFDT) || !images->ft_len) { pr_err("WARN: core_mask setup will work properly only with external DTB!\n"); return 0; } diff --git a/common/bootm.c b/common/bootm.c index 8d614fe140e..4482f84b40a 100644 --- a/common/bootm.c +++ b/common/bootm.c @@ -271,7 +271,7 @@ int bootm_find_images(int flag, int argc, char *const argv[], ulong start, return 1; } -#if IMAGE_ENABLE_OF_LIBFDT +#if CONFIG_IS_ENABLED(OF_LIBFDT) /* find flattened device tree */ ret = boot_get_fdt(flag, argc, argv, IH_ARCH_DEFAULT, &images, &images.ft_addr, &images.ft_len); @@ -706,7 +706,7 @@ int do_bootm_states(struct cmd_tbl *cmdtp, int flag, int argc, } } #endif -#if IMAGE_ENABLE_OF_LIBFDT && defined(CONFIG_LMB) +#if CONFIG_IS_ENABLED(OF_LIBFDT) && defined(CONFIG_LMB) if (!ret && (states & BOOTM_STATE_FDT)) { boot_fdt_add_mem_rsv_regions(&images->lmb, images->ft_addr); ret = boot_relocate_fdt(&images->lmb, &images->ft_addr, diff --git a/common/image-board.c b/common/image-board.c index 0ad75fdc75b..cb2479f2f30 100644 --- a/common/image-board.c +++ b/common/image-board.c @@ -282,7 +282,7 @@ int genimg_get_format(const void *img_addr) if (image_check_magic(hdr)) return IMAGE_FORMAT_LEGACY; #endif -#if CONFIG_IS_ENABLED(FIT) || IMAGE_ENABLE_OF_LIBFDT +#if CONFIG_IS_ENABLED(FIT) || CONFIG_IS_ENABLED(OF_LIBFDT) if (fdt_check_header(img_addr) == 0) return IMAGE_FORMAT_FIT; #endif @@ -895,7 +895,7 @@ int image_setup_linux(bootm_headers_t *images) struct lmb *lmb = &images->lmb; int ret; - if (IMAGE_ENABLE_OF_LIBFDT) + if (CONFIG_IS_ENABLED(OF_LIBFDT)) boot_fdt_add_mem_rsv_regions(lmb, *of_flat_tree); if (IMAGE_BOOT_GET_CMDLINE) { @@ -907,13 +907,13 @@ int image_setup_linux(bootm_headers_t *images) } } - if (IMAGE_ENABLE_OF_LIBFDT) { + if (CONFIG_IS_ENABLED(OF_LIBFDT)) { ret = boot_relocate_fdt(lmb, of_flat_tree, &of_size); if (ret) return ret; } - if (IMAGE_ENABLE_OF_LIBFDT && of_size) { + if (CONFIG_IS_ENABLED(OF_LIBFDT) && of_size) { ret = image_setup_libfdt(images, *of_flat_tree, of_size, lmb); if (ret) return ret; diff --git a/common/image.c b/common/image.c index 59b5e70ccae..5b77113bea3 100644 --- a/common/image.c +++ b/common/image.c @@ -18,7 +18,7 @@ #include #endif -#if CONFIG_IS_ENABLED(FIT) || IMAGE_ENABLE_OF_LIBFDT +#if CONFIG_IS_ENABLED(FIT) || CONFIG_IS_ENABLED(OF_LIBFDT) #include #include #endif diff --git a/include/image.h b/include/image.h index 6c229212cb1..f09eb9de516 100644 --- a/include/image.h +++ b/include/image.h @@ -28,7 +28,6 @@ struct fdt_region; #include /* new uImage format support enabled on host */ -#define IMAGE_ENABLE_OF_LIBFDT 1 #define CONFIG_FIT_VERBOSE 1 /* enable fit_format_{error,warning}() */ #define CONFIG_FIT_RSASSA_PSS 1 @@ -46,8 +45,6 @@ struct fdt_region; #define IMAGE_ENABLE_IGNORE 1 #define IMAGE_INDENT_STRING " " -#define IMAGE_ENABLE_OF_LIBFDT CONFIG_IS_ENABLED(OF_LIBFDT) - #endif /* USE_HOSTCC */ #if CONFIG_IS_ENABLED(FIT) diff --git a/lib/lmb.c b/lib/lmb.c index 793647724c3..676b3a0bda6 100644 --- a/lib/lmb.c +++ b/lib/lmb.c @@ -153,7 +153,7 @@ static void lmb_reserve_common(struct lmb *lmb, void *fdt_blob) arch_lmb_reserve(lmb); board_lmb_reserve(lmb); - if (IMAGE_ENABLE_OF_LIBFDT && fdt_blob) + if (CONFIG_IS_ENABLED(OF_LIBFDT) && fdt_blob) boot_fdt_add_mem_rsv_regions(lmb, fdt_blob); } diff --git a/tools/Kconfig b/tools/Kconfig index 6ffc2c0aa31..747d221803f 100644 --- a/tools/Kconfig +++ b/tools/Kconfig @@ -50,6 +50,11 @@ config TOOLS_MD5 help Enable MD5 support in the tools builds +config TOOLS_OF_LIBFDT + def_bool y + help + Enable libfdt support in the tools builds + config TOOLS_SHA1 def_bool y help -- cgit v1.3.1 From e059157f0d5737b63fe2f1fec145509d82508109 Mon Sep 17 00:00:00 2001 From: Simon Glass Date: Sat, 25 Sep 2021 19:43:22 -0600 Subject: image: Use Kconfig to enable CONFIG_FIT_VERBOSE on host Add a host Kconfig for FIT_VERBOSE. With this we can use CONFIG_IS_ENABLED(FIT_VERBOSE) directly in the tools build, so drop the forcing of this in the image.h header. Signed-off-by: Simon Glass Reviewed-by: Alexandru Gagniuc --- include/image.h | 5 ++--- tools/Kconfig | 5 +++++ 2 files changed, 7 insertions(+), 3 deletions(-) (limited to 'tools') diff --git a/include/image.h b/include/image.h index f09eb9de516..6efbef06e64 100644 --- a/include/image.h +++ b/include/image.h @@ -28,7 +28,6 @@ struct fdt_region; #include /* new uImage format support enabled on host */ -#define CONFIG_FIT_VERBOSE 1 /* enable fit_format_{error,warning}() */ #define CONFIG_FIT_RSASSA_PSS 1 #define IMAGE_ENABLE_IGNORE 0 @@ -1458,7 +1457,7 @@ int fit_image_cipher_get_algo(const void *fit, int noffset, char **algo); struct cipher_algo *image_get_cipher_algo(const char *full_name); -#ifdef CONFIG_FIT_VERBOSE +#if CONFIG_IS_ENABLED(FIT_VERBOSE) #define fit_unsupported(msg) printf("! %s:%d " \ "FIT images not supported for '%s'\n", \ __FILE__, __LINE__, (msg)) @@ -1470,7 +1469,7 @@ struct cipher_algo *image_get_cipher_algo(const char *full_name); #else #define fit_unsupported(msg) #define fit_unsupported_reset(msg) -#endif /* CONFIG_FIT_VERBOSE */ +#endif /* FIT_VERBOSE */ #endif /* CONFIG_FIT */ #if !defined(USE_HOSTCC) diff --git a/tools/Kconfig b/tools/Kconfig index 747d221803f..9d1c0efd40c 100644 --- a/tools/Kconfig +++ b/tools/Kconfig @@ -45,6 +45,11 @@ config TOOLS_FIT_SIGNATURE_MAX_SIZE depends on TOOLS_FIT_SIGNATURE default 0x10000000 +config TOOLS_FIT_VERBOSE + def_bool y + help + Support verbose FIT output in the tools builds + config TOOLS_MD5 def_bool y help -- cgit v1.3.1 From 2bbed3ff8c7fa0c0fa3fd28a9497bf7a99e3388b Mon Sep 17 00:00:00 2001 From: Simon Glass Date: Sat, 25 Sep 2021 19:43:23 -0600 Subject: image: Use Kconfig to enable FIT_RSASSA_PSS on host Add a host Kconfig for FIT_RSASSA_PSS. With this we can use CONFIG_IS_ENABLED(FIT_RSASSA_PSS) directly in the host build, so drop the forcing of this in the image.h header. Drop the #ifdef around padding_pss_verify() too since it is not needed. Use the compiler to check the config where possible, instead of the preprocessor. Signed-off-by: Simon Glass Reviewed-by: Alexandru Gagniuc --- include/image.h | 3 --- include/u-boot/rsa.h | 2 -- lib/rsa/rsa-sign.c | 5 ++--- lib/rsa/rsa-verify.c | 15 ++++----------- tools/Kconfig | 5 +++++ 5 files changed, 11 insertions(+), 19 deletions(-) (limited to 'tools') diff --git a/include/image.h b/include/image.h index 6efbef06e64..dc872ef5b24 100644 --- a/include/image.h +++ b/include/image.h @@ -27,9 +27,6 @@ struct fdt_region; #include #include -/* new uImage format support enabled on host */ -#define CONFIG_FIT_RSASSA_PSS 1 - #define IMAGE_ENABLE_IGNORE 0 #define IMAGE_INDENT_STRING "" diff --git a/include/u-boot/rsa.h b/include/u-boot/rsa.h index 89a9c4caa0a..7556aa5b4b7 100644 --- a/include/u-boot/rsa.h +++ b/include/u-boot/rsa.h @@ -103,11 +103,9 @@ int padding_pkcs_15_verify(struct image_sign_info *info, uint8_t *msg, int msg_len, const uint8_t *hash, int hash_len); -#ifdef CONFIG_FIT_RSASSA_PSS int padding_pss_verify(struct image_sign_info *info, uint8_t *msg, int msg_len, const uint8_t *hash, int hash_len); -#endif /* CONFIG_FIT_RSASSA_PSS */ #define RSA_DEFAULT_PADDING_NAME "pkcs-1.5" diff --git a/lib/rsa/rsa-sign.c b/lib/rsa/rsa-sign.c index c27a784c429..0579e5294ee 100644 --- a/lib/rsa/rsa-sign.c +++ b/lib/rsa/rsa-sign.c @@ -401,15 +401,14 @@ static int rsa_sign_with_key(EVP_PKEY *pkey, struct padding_algo *padding_algo, goto err_sign; } -#ifdef CONFIG_FIT_RSASSA_PSS - if (padding_algo && !strcmp(padding_algo->name, "pss")) { + if (CONFIG_IS_ENABLED(FIT_RSASSA_PSS) && padding_algo && + !strcmp(padding_algo->name, "pss")) { if (EVP_PKEY_CTX_set_rsa_padding(ckey, RSA_PKCS1_PSS_PADDING) <= 0) { ret = rsa_err("Signer padding setup failed"); goto err_sign; } } -#endif /* CONFIG_FIT_RSASSA_PSS */ for (i = 0; i < region_count; i++) { if (!EVP_DigestSignUpdate(context, region[i].data, diff --git a/lib/rsa/rsa-verify.c b/lib/rsa/rsa-verify.c index ad6d33d043a..600c93ab810 100644 --- a/lib/rsa/rsa-verify.c +++ b/lib/rsa/rsa-verify.c @@ -102,7 +102,7 @@ U_BOOT_PADDING_ALGO(pkcs_15) = { }; #endif -#ifdef CONFIG_FIT_RSASSA_PSS +#if CONFIG_IS_ENABLED(FIT_RSASSA_PSS) static void u32_i2osp(uint32_t val, uint8_t *buf) { buf[0] = (uint8_t)((val >> 24) & 0xff); @@ -313,7 +313,6 @@ U_BOOT_PADDING_ALGO(pss) = { #endif -#if CONFIG_IS_ENABLED(FIT_SIGNATURE) || CONFIG_IS_ENABLED(RSA_VERIFY_WITH_PKEY) /** * rsa_verify_key() - Verify a signature against some data using RSA Key * @@ -385,9 +384,7 @@ static int rsa_verify_key(struct image_sign_info *info, return 0; } -#endif -#if CONFIG_IS_ENABLED(RSA_VERIFY_WITH_PKEY) /** * rsa_verify_with_pkey() - Verify a signature against some data using * only modulus and exponent as RSA key properties. @@ -408,6 +405,9 @@ int rsa_verify_with_pkey(struct image_sign_info *info, struct key_prop *prop; int ret; + if (!CONFIG_IS_ENABLED(RSA_VERIFY_WITH_PKEY)) + return -EACCES; + /* Public key is self-described to fill key_prop */ ret = rsa_gen_key_prop(info->key, info->keylen, &prop); if (ret) { @@ -422,13 +422,6 @@ int rsa_verify_with_pkey(struct image_sign_info *info, return ret; } -#else -int rsa_verify_with_pkey(struct image_sign_info *info, - const void *hash, uint8_t *sig, uint sig_len) -{ - return -EACCES; -} -#endif #if CONFIG_IS_ENABLED(FIT_SIGNATURE) /** diff --git a/tools/Kconfig b/tools/Kconfig index 9d1c0efd40c..8685c800f93 100644 --- a/tools/Kconfig +++ b/tools/Kconfig @@ -35,6 +35,11 @@ config TOOLS_FIT_PRINT help Print the content of the FIT verbosely in the tools builds +config TOOLS_FIT_RSASSA_PSS + def_bool y + help + Support the rsassa-pss signature scheme in the tools builds + config TOOLS_FIT_SIGNATURE def_bool y help -- cgit v1.3.1 From e7d285b2f38202f9d7ffbdcae59283f08bafd8b9 Mon Sep 17 00:00:00 2001 From: Simon Glass Date: Sat, 25 Sep 2021 19:43:24 -0600 Subject: image: Use the correct checks for CRC32 Add a host Kconfig for CRC32. With this we can use CONFIG_IS_ENABLED(CRC32) directly in the host build, so drop the unnecessary indirection. Add a few more conditions to SPL_CRC32 to avoid build failures as well as TPL_CRC32. Also update hash.c to make crc32 optional and to actually take notice of SPL_CRC32. Signed-off-by: Simon Glass Reviewed-by: Alexandru Gagniuc --- common/hash.c | 13 ++++++++----- common/spl/Kconfig | 13 ++++++++++++- lib/Kconfig | 5 +++++ lib/Makefile | 4 +--- tools/Kconfig | 5 +++++ 5 files changed, 31 insertions(+), 9 deletions(-) (limited to 'tools') diff --git a/common/hash.c b/common/hash.c index 3b591ba09e3..79202e18a2a 100644 --- a/common/hash.c +++ b/common/hash.c @@ -178,7 +178,7 @@ static int hash_finish_crc16_ccitt(struct hash_algo *algo, void *ctx, return 0; } -static int hash_init_crc32(struct hash_algo *algo, void **ctxp) +static int __maybe_unused hash_init_crc32(struct hash_algo *algo, void **ctxp) { uint32_t *ctx = malloc(sizeof(uint32_t)); *ctx = 0; @@ -186,15 +186,16 @@ static int hash_init_crc32(struct hash_algo *algo, void **ctxp) return 0; } -static int hash_update_crc32(struct hash_algo *algo, void *ctx, - const void *buf, unsigned int size, int is_last) +static int __maybe_unused hash_update_crc32(struct hash_algo *algo, void *ctx, + const void *buf, unsigned int size, + int is_last) { *((uint32_t *)ctx) = crc32(*((uint32_t *)ctx), buf, size); return 0; } -static int hash_finish_crc32(struct hash_algo *algo, void *ctx, void *dest_buf, - int size) +static int __maybe_unused hash_finish_crc32(struct hash_algo *algo, void *ctx, + void *dest_buf, int size) { if (size < algo->digest_size) return -1; @@ -311,6 +312,7 @@ static struct hash_algo hash_algo[] = { .hash_update = hash_update_crc16_ccitt, .hash_finish = hash_finish_crc16_ccitt, }, +#if CONFIG_IS_ENABLED(CRC32) { .name = "crc32", .digest_size = 4, @@ -320,6 +322,7 @@ static struct hash_algo hash_algo[] = { .hash_update = hash_update_crc32, .hash_finish = hash_finish_crc32, }, +#endif }; /* Try to minimize code size for boards that don't want much hashing */ diff --git a/common/spl/Kconfig b/common/spl/Kconfig index 8a8a971a91e..17ce2f6b615 100644 --- a/common/spl/Kconfig +++ b/common/spl/Kconfig @@ -419,7 +419,8 @@ config SYS_MMCSD_RAW_MODE_EMMC_BOOT_PARTITION config SPL_CRC32 bool "Support CRC32" - default y if SPL_LEGACY_IMAGE_SUPPORT + default y if SPL_LEGACY_IMAGE_SUPPORT || SPL_EFI_PARTITION + default y if SPL_ENV_SUPPORT || TPL_BLOBLIST help Enable this to support CRC32 in uImages or FIT images within SPL. This is a 32-bit checksum value that can be used to verify images. @@ -1419,6 +1420,16 @@ config TPL_BOOTROM_SUPPORT BOOT_DEVICE_BOOTROM (or fall-through to the next boot device in the boot device list, if not implemented for a given board) +config TPL_CRC32 + bool "Support CRC32 in TPL" + default y if TPL_ENV_SUPPORT || TPL_BLOBLIST + help + Enable this to support CRC32 in uImages or FIT images within SPL. + This is a 32-bit checksum value that can be used to verify images. + For FIT images, this is the least secure type of checksum, suitable + for detected accidental image corruption. For secure applications you + should consider SHA1 or SHA256. + config TPL_DRIVERS_MISC bool "Support misc drivers in TPL" help diff --git a/lib/Kconfig b/lib/Kconfig index 64765acfa61..70bf8e7a464 100644 --- a/lib/Kconfig +++ b/lib/Kconfig @@ -496,6 +496,11 @@ config SPL_MD5 security applications, but it can be useful for providing a quick checksum of a block of data. +config CRC32 + def_bool y + help + Enables CRC32 support in U-Boot. This is normally required. + config CRC32C bool diff --git a/lib/Makefile b/lib/Makefile index 454396f101b..5ddbc77ed6d 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -96,9 +96,7 @@ obj-y += display_options.o CFLAGS_display_options.o := $(if $(BUILD_TAG),-DBUILD_TAG='"$(BUILD_TAG)"') obj-$(CONFIG_BCH) += bch.o obj-$(CONFIG_MMC_SPI) += crc7.o -#ifndef CONFIG_TPL_BUILD -obj-y += crc32.o -#endif +obj-$(CONFIG_$(SPL_TPL_)CRC32) += crc32.o obj-$(CONFIG_CRC32C) += crc32c.o obj-y += ctype.o obj-y += div64.o diff --git a/tools/Kconfig b/tools/Kconfig index 8685c800f93..91ce8ae3e51 100644 --- a/tools/Kconfig +++ b/tools/Kconfig @@ -9,6 +9,11 @@ config MKIMAGE_DTC_PATH some cases the system dtc may not support all required features and the path to a different version should be given here. +config TOOLS_CRC32 + def_bool y + help + Enable CRC32 support in the tools builds + config TOOLS_LIBCRYPTO bool "Use OpenSSL's libcrypto library for host tools" default y -- cgit v1.3.1