From: Alexandru Gagniuc Date: Fri, 3 Sep 2021 00:54:17 +0000 (-0500) Subject: common: Remove unused CONFIG_FIT_SHAxxx selectors X-Git-Tag: v2021.10~31^2~5 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=eb5171ddec9d3b04c2517b60e69dc707e92cf716;p=platform%2Fkernel%2Fu-boot.git common: Remove unused CONFIG_FIT_SHAxxx selectors Originally CONFIG_FIT_SHAxxx enabled specific SHA algos for and only for hash_calculate() in common/image-fit.c. However, since commit 14f061dcb1 ("image: Drop IMAGE_ENABLE_SHAxxx"), the correct selector was changed to CONFIG_SHAxxx. The extra "_FIT_" variants are neither used, nor needed. Remove them. One defconfig disables FIT_SHA256, which is now changed to 'SHA256'. CMD_MVEBU_BUBT needs to select select SHA256 to avoid undefined references to "sha256_*()". bubt.c needs sha256, so this selection is correct. It is not clear why this problem did not manifest before. Note that SHA selection in SPL is broken for this exact reason. There is no corresponding SPL_SHAxxx. Fixing this is is beyond the scope of this change. Also note that we make CONFIG_FIT now imply SHA256, to make up for FIT_SHA256 previously being a default y option. Signed-off-by: Alexandru Gagniuc [trini: Add imply SHA256 to FIT] Signed-off-by: Tom Rini --- diff --git a/cmd/mvebu/Kconfig b/cmd/mvebu/Kconfig index 7c42c75..340fb3a 100644 --- a/cmd/mvebu/Kconfig +++ b/cmd/mvebu/Kconfig @@ -4,6 +4,7 @@ depends on ARCH_MVEBU config CMD_MVEBU_BUBT bool "bubt" default n + select SHA256 if ARMADA_3700 help bubt - Burn a u-boot image to flash For details about bubt command please see the documentation diff --git a/common/Kconfig.boot b/common/Kconfig.boot index 0d4c384..8736e6a 100644 --- a/common/Kconfig.boot +++ b/common/Kconfig.boot @@ -13,6 +13,7 @@ config FIT bool "Support Flattened Image Tree" select MD5 select SHA1 + imply SHA256 help This option allows you to boot the new uImage structure, Flattened Image Tree. FIT is formally a FDT, which can include @@ -35,34 +36,6 @@ config FIT_EXTERNAL_OFFSET could be put in the hole between data payload and fit image header, such as CSF data on i.MX platform. -config FIT_SHA256 - bool "Support SHA256 checksum of FIT image contents" - default y - select SHA256 - help - Enable this to support SHA256 checksum of FIT image contents. A - SHA256 checksum is a 256-bit (32-byte) hash value used to check that - the image contents have not been corrupted. - -config FIT_SHA384 - bool "Support SHA384 checksum of FIT image contents" - default n - select SHA384 - help - Enable this to support SHA384 checksum of FIT image contents. A - SHA384 checksum is a 384-bit (48-byte) hash value used to check that - the image contents have not been corrupted. Use this for the highest - security. - -config FIT_SHA512 - bool "Support SHA512 checksum of FIT image contents" - default n - select SHA512 - help - Enable this to support SHA512 checksum of FIT image contents. A - SHA512 checksum is a 512-bit (64-byte) hash value used to check that - the image contents have not been corrupted. - config FIT_FULL_CHECK bool "Do a full check of the FIT before using it" default y diff --git a/common/spl/Kconfig b/common/spl/Kconfig index c155a3b..d69d1fa 100644 --- a/common/spl/Kconfig +++ b/common/spl/Kconfig @@ -439,48 +439,6 @@ config SPL_MD5 applications where images may be changed maliciously, you should consider SHA256 or SHA384. -config SPL_FIT_SHA1 - bool "Support SHA1" - depends on SPL_FIT - select SHA1 - help - Enable this to support SHA1 in FIT images within SPL. A SHA1 - checksum is a 160-bit (20-byte) hash value used to check that the - image contents have not been corrupted or maliciously altered. - While SHA1 is fairly secure it is coming to the end of its life - due to the expanding computing power available to brute-force - attacks. For more security, consider SHA256 or SHA384. - -config SPL_FIT_SHA256 - bool "Support SHA256" - depends on SPL_FIT - select SHA256 - help - Enable this to support SHA256 in FIT images within SPL. A SHA256 - checksum is a 256-bit (32-byte) hash value used to check that the - image contents have not been corrupted. - -config SPL_FIT_SHA384 - bool "Support SHA384" - depends on SPL_FIT - select SHA384 - select SHA512_ALGO - help - Enable this to support SHA384 in FIT images within SPL. A SHA384 - checksum is a 384-bit (48-byte) hash value used to check that the - image contents have not been corrupted. Use this for the highest - security. - -config SPL_FIT_SHA512 - bool "Support SHA512" - depends on SPL_FIT - select SHA512 - select SHA512_ALGO - help - Enable this to support SHA512 in FIT images within SPL. A SHA512 - checksum is a 512-bit (64-byte) hash value used to check that the - image contents have not been corrupted. - config SPL_FIT_IMAGE_TINY bool "Remove functionality from SPL FIT loading to reduce size" depends on SPL_FIT diff --git a/configs/mt8516_pumpkin_defconfig b/configs/mt8516_pumpkin_defconfig index 0a6c1fc..1478b01 100644 --- a/configs/mt8516_pumpkin_defconfig +++ b/configs/mt8516_pumpkin_defconfig @@ -13,7 +13,7 @@ CONFIG_DEBUG_UART_CLOCK=26000000 # CONFIG_PSCI_RESET is not set CONFIG_DEBUG_UART=y CONFIG_FIT=y -# CONFIG_FIT_SHA256 is not set +# CONFIG_SHA256 is not set # CONFIG_ARCH_FIXUP_FDT_MEMORY is not set CONFIG_DEFAULT_FDT_FILE="mt8516-pumpkin" # CONFIG_DISPLAY_BOARDINFO is not set diff --git a/include/image.h b/include/image.h index e20f0b6..489b220 100644 --- a/include/image.h +++ b/include/image.h @@ -31,9 +31,6 @@ struct fdt_region; #define IMAGE_ENABLE_OF_LIBFDT 1 #define CONFIG_FIT_VERBOSE 1 /* enable fit_format_{error,warning}() */ #define CONFIG_FIT_RSASSA_PSS 1 -#define CONFIG_FIT_SHA256 -#define CONFIG_FIT_SHA384 -#define CONFIG_FIT_SHA512 #define CONFIG_SHA1 #define CONFIG_SHA256 #define CONFIG_SHA384