mirror of
https://github.com/AsahiLinux/u-boot
synced 2024-11-24 21:54:01 +00:00
FIT: Rename FIT_DISABLE_SHA256 to FIT_ENABLE_SHA256_SUPPORT
We rename CONFIG_FIT_DISABLE_SHA256 to CONFIG_FIT_ENABLE_SHA256_SUPPORT which is enabled by default and now a positive option. Convert the handful of boards that were disabling it before to save space. Cc: Dirk Eibach <eibach@gdsys.de> Cc: Lukasz Dalek <luk0104@gmail.com> Signed-off-by: Tom Rini <trini@konsulko.com> Reviewed-by: Simon Glass <sjg@chromium.org> Reviewed-by: Simon Glass <sjg@chromium.org>
This commit is contained in:
parent
6b83c38d7a
commit
0db7f6859f
16 changed files with 25 additions and 36 deletions
13
Kconfig
13
Kconfig
|
@ -157,6 +157,19 @@ config FIT
|
||||||
|
|
||||||
if FIT
|
if FIT
|
||||||
|
|
||||||
|
config FIT_ENABLE_SHA256_SUPPORT
|
||||||
|
bool "Support SHA256 checksum of FIT image contents"
|
||||||
|
default y
|
||||||
|
help
|
||||||
|
Enable this to support SHA256 checksum of FIT image contents. A
|
||||||
|
SHA256 checksum is a 256-bit (32-byte) hash value used to check that
|
||||||
|
the image contents have not been corrupted. SHA256 is recommended
|
||||||
|
for use in secure applications since (as at 2016) there is no known
|
||||||
|
feasible attack that could produce a 'collision' with differing
|
||||||
|
input data. Use this for the highest security. Note that only the
|
||||||
|
SHA256 variant is supported: SHA512 and others are not currently
|
||||||
|
supported in U-Boot.
|
||||||
|
|
||||||
config FIT_SIGNATURE
|
config FIT_SIGNATURE
|
||||||
bool "Enable signature verification of FIT uImages"
|
bool "Enable signature verification of FIT uImages"
|
||||||
depends on DM
|
depends on DM
|
||||||
|
|
9
README
9
README
|
@ -2973,15 +2973,6 @@ FIT uImage format:
|
||||||
This define is introduced, as the legacy image format is
|
This define is introduced, as the legacy image format is
|
||||||
enabled per default for backward compatibility.
|
enabled per default for backward compatibility.
|
||||||
|
|
||||||
- FIT image support:
|
|
||||||
CONFIG_FIT_DISABLE_SHA256
|
|
||||||
Supporting SHA256 hashes has quite an impact on binary size.
|
|
||||||
For constrained systems sha256 hash support can be disabled
|
|
||||||
with this option.
|
|
||||||
|
|
||||||
TODO(sjg@chromium.org): Adjust this option to be positive,
|
|
||||||
and move it to Kconfig
|
|
||||||
|
|
||||||
- Standalone program support:
|
- Standalone program support:
|
||||||
CONFIG_STANDALONE_LOAD_ADDR
|
CONFIG_STANDALONE_LOAD_ADDR
|
||||||
|
|
||||||
|
|
|
@ -3,6 +3,7 @@ CONFIG_IDENT_STRING=" dlvision-10g 0.06"
|
||||||
CONFIG_4xx=y
|
CONFIG_4xx=y
|
||||||
CONFIG_TARGET_DLVISION_10G=y
|
CONFIG_TARGET_DLVISION_10G=y
|
||||||
CONFIG_FIT=y
|
CONFIG_FIT=y
|
||||||
|
# CONFIG_FIT_ENABLE_SHA256_SUPPORT is not set
|
||||||
CONFIG_FIT_VERBOSE=y
|
CONFIG_FIT_VERBOSE=y
|
||||||
CONFIG_OF_BOARD_SETUP=y
|
CONFIG_OF_BOARD_SETUP=y
|
||||||
CONFIG_BOOTDELAY=5
|
CONFIG_BOOTDELAY=5
|
||||||
|
|
|
@ -3,6 +3,7 @@ CONFIG_IDENT_STRING=" dlvision 0.02"
|
||||||
CONFIG_4xx=y
|
CONFIG_4xx=y
|
||||||
CONFIG_TARGET_DLVISION=y
|
CONFIG_TARGET_DLVISION=y
|
||||||
CONFIG_FIT=y
|
CONFIG_FIT=y
|
||||||
|
# CONFIG_FIT_ENABLE_SHA256_SUPPORT is not set
|
||||||
CONFIG_FIT_VERBOSE=y
|
CONFIG_FIT_VERBOSE=y
|
||||||
CONFIG_OF_BOARD_SETUP=y
|
CONFIG_OF_BOARD_SETUP=y
|
||||||
CONFIG_BOOTDELAY=5
|
CONFIG_BOOTDELAY=5
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
CONFIG_ARM=y
|
CONFIG_ARM=y
|
||||||
CONFIG_TARGET_H2200=y
|
CONFIG_TARGET_H2200=y
|
||||||
CONFIG_FIT=y
|
CONFIG_FIT=y
|
||||||
|
# CONFIG_FIT_ENABLE_SHA256_SUPPORT is not set
|
||||||
CONFIG_SYS_CONSOLE_IS_IN_ENV=y
|
CONFIG_SYS_CONSOLE_IS_IN_ENV=y
|
||||||
# CONFIG_DISPLAY_CPUINFO is not set
|
# CONFIG_DISPLAY_CPUINFO is not set
|
||||||
# CONFIG_DISPLAY_BOARDINFO is not set
|
# CONFIG_DISPLAY_BOARDINFO is not set
|
||||||
|
|
|
@ -3,6 +3,7 @@ CONFIG_IDENT_STRING=" io 0.06"
|
||||||
CONFIG_4xx=y
|
CONFIG_4xx=y
|
||||||
CONFIG_TARGET_IO=y
|
CONFIG_TARGET_IO=y
|
||||||
CONFIG_FIT=y
|
CONFIG_FIT=y
|
||||||
|
# CONFIG_FIT_ENABLE_SHA256_SUPPORT is not set
|
||||||
CONFIG_FIT_VERBOSE=y
|
CONFIG_FIT_VERBOSE=y
|
||||||
CONFIG_OF_BOARD_SETUP=y
|
CONFIG_OF_BOARD_SETUP=y
|
||||||
CONFIG_BOOTDELAY=5
|
CONFIG_BOOTDELAY=5
|
||||||
|
|
|
@ -3,6 +3,7 @@ CONFIG_IDENT_STRING=" iocon 0.06"
|
||||||
CONFIG_4xx=y
|
CONFIG_4xx=y
|
||||||
CONFIG_TARGET_IOCON=y
|
CONFIG_TARGET_IOCON=y
|
||||||
CONFIG_FIT=y
|
CONFIG_FIT=y
|
||||||
|
# CONFIG_FIT_ENABLE_SHA256_SUPPORT is not set
|
||||||
CONFIG_OF_BOARD_SETUP=y
|
CONFIG_OF_BOARD_SETUP=y
|
||||||
CONFIG_BOOTDELAY=5
|
CONFIG_BOOTDELAY=5
|
||||||
CONFIG_SYS_CONSOLE_INFO_QUIET=y
|
CONFIG_SYS_CONSOLE_INFO_QUIET=y
|
||||||
|
|
|
@ -3,6 +3,7 @@ CONFIG_IDENT_STRING=" neo 0.02"
|
||||||
CONFIG_4xx=y
|
CONFIG_4xx=y
|
||||||
CONFIG_TARGET_NEO=y
|
CONFIG_TARGET_NEO=y
|
||||||
CONFIG_FIT=y
|
CONFIG_FIT=y
|
||||||
|
# CONFIG_FIT_ENABLE_SHA256_SUPPORT is not set
|
||||||
CONFIG_FIT_VERBOSE=y
|
CONFIG_FIT_VERBOSE=y
|
||||||
CONFIG_OF_BOARD_SETUP=y
|
CONFIG_OF_BOARD_SETUP=y
|
||||||
CONFIG_BOOTDELAY=5
|
CONFIG_BOOTDELAY=5
|
||||||
|
|
|
@ -31,9 +31,6 @@
|
||||||
#define PLLMR0_DEFAULT PLLMR0_266_133_66
|
#define PLLMR0_DEFAULT PLLMR0_266_133_66
|
||||||
#define PLLMR1_DEFAULT PLLMR1_266_133_66
|
#define PLLMR1_DEFAULT PLLMR1_266_133_66
|
||||||
|
|
||||||
/* new uImage format support */
|
|
||||||
#define CONFIG_FIT_DISABLE_SHA256
|
|
||||||
|
|
||||||
#define CONFIG_ENV_IS_IN_FLASH /* use FLASH for environment vars */
|
#define CONFIG_ENV_IS_IN_FLASH /* use FLASH for environment vars */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
|
|
@ -29,9 +29,6 @@
|
||||||
#define PLLMR0_DEFAULT PLLMR0_266_133_66_33
|
#define PLLMR0_DEFAULT PLLMR0_266_133_66_33
|
||||||
#define PLLMR1_DEFAULT PLLMR1_266_133_66_33
|
#define PLLMR1_DEFAULT PLLMR1_266_133_66_33
|
||||||
|
|
||||||
/* new uImage format support */
|
|
||||||
#define CONFIG_FIT_DISABLE_SHA256
|
|
||||||
|
|
||||||
#define CONFIG_ENV_IS_IN_FLASH /* use FLASH for environment vars */
|
#define CONFIG_ENV_IS_IN_FLASH /* use FLASH for environment vars */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
|
|
@ -109,7 +109,6 @@
|
||||||
|
|
||||||
#define CONFIG_SYS_BAUDRATE_TABLE { 9600, 38400, 115200 }
|
#define CONFIG_SYS_BAUDRATE_TABLE { 9600, 38400, 115200 }
|
||||||
|
|
||||||
#define CONFIG_FIT_DISABLE_SHA256
|
|
||||||
#define CONFIG_SETUP_MEMORY_TAGS
|
#define CONFIG_SETUP_MEMORY_TAGS
|
||||||
#define CONFIG_CMDLINE_TAG
|
#define CONFIG_CMDLINE_TAG
|
||||||
#define CONFIG_INITRD_TAG
|
#define CONFIG_INITRD_TAG
|
||||||
|
|
|
@ -31,9 +31,6 @@
|
||||||
#define PLLMR0_DEFAULT PLLMR0_266_133_66
|
#define PLLMR0_DEFAULT PLLMR0_266_133_66
|
||||||
#define PLLMR1_DEFAULT PLLMR1_266_133_66
|
#define PLLMR1_DEFAULT PLLMR1_266_133_66
|
||||||
|
|
||||||
/* new uImage format support */
|
|
||||||
#define CONFIG_FIT_DISABLE_SHA256
|
|
||||||
|
|
||||||
#define CONFIG_ENV_IS_IN_FLASH /* use FLASH for environment vars */
|
#define CONFIG_ENV_IS_IN_FLASH /* use FLASH for environment vars */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
|
|
@ -33,9 +33,6 @@
|
||||||
#define PLLMR0_DEFAULT PLLMR0_266_133_66
|
#define PLLMR0_DEFAULT PLLMR0_266_133_66
|
||||||
#define PLLMR1_DEFAULT PLLMR1_266_133_66
|
#define PLLMR1_DEFAULT PLLMR1_266_133_66
|
||||||
|
|
||||||
/* new uImage format support */
|
|
||||||
#define CONFIG_FIT_DISABLE_SHA256
|
|
||||||
|
|
||||||
#define CONFIG_ENV_IS_IN_FLASH /* use FLASH for environment vars */
|
#define CONFIG_ENV_IS_IN_FLASH /* use FLASH for environment vars */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
|
|
@ -31,9 +31,6 @@
|
||||||
#define PLLMR0_DEFAULT PLLMR0_266_133_66_33
|
#define PLLMR0_DEFAULT PLLMR0_266_133_66_33
|
||||||
#define PLLMR1_DEFAULT PLLMR1_266_133_66_33
|
#define PLLMR1_DEFAULT PLLMR1_266_133_66_33
|
||||||
|
|
||||||
/* new uImage format support */
|
|
||||||
#define CONFIG_FIT_DISABLE_SHA256
|
|
||||||
|
|
||||||
#define CONFIG_ENV_IS_IN_FLASH /* use FLASH for environment vars */
|
#define CONFIG_ENV_IS_IN_FLASH /* use FLASH for environment vars */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
|
|
@ -29,6 +29,7 @@ struct lmb;
|
||||||
#define IMAGE_ENABLE_FIT 1
|
#define IMAGE_ENABLE_FIT 1
|
||||||
#define IMAGE_ENABLE_OF_LIBFDT 1
|
#define IMAGE_ENABLE_OF_LIBFDT 1
|
||||||
#define CONFIG_FIT_VERBOSE 1 /* enable fit_format_{error,warning}() */
|
#define CONFIG_FIT_VERBOSE 1 /* enable fit_format_{error,warning}() */
|
||||||
|
#define CONFIG_FIT_ENABLE_SHA256_SUPPORT
|
||||||
|
|
||||||
#define IMAGE_ENABLE_IGNORE 0
|
#define IMAGE_ENABLE_IGNORE 0
|
||||||
#define IMAGE_INDENT_STRING ""
|
#define IMAGE_INDENT_STRING ""
|
||||||
|
@ -62,9 +63,6 @@ struct lmb;
|
||||||
# ifdef CONFIG_SPL_SHA1_SUPPORT
|
# ifdef CONFIG_SPL_SHA1_SUPPORT
|
||||||
# define IMAGE_ENABLE_SHA1 1
|
# define IMAGE_ENABLE_SHA1 1
|
||||||
# endif
|
# endif
|
||||||
# ifdef CONFIG_SPL_SHA256_SUPPORT
|
|
||||||
# define IMAGE_ENABLE_SHA256 1
|
|
||||||
# endif
|
|
||||||
# else
|
# else
|
||||||
# define CONFIG_CRC32 /* FIT images need CRC32 support */
|
# define CONFIG_CRC32 /* FIT images need CRC32 support */
|
||||||
# define CONFIG_SHA1 /* and SHA1 */
|
# define CONFIG_SHA1 /* and SHA1 */
|
||||||
|
@ -72,14 +70,8 @@ struct lmb;
|
||||||
# define IMAGE_ENABLE_CRC32 1
|
# define IMAGE_ENABLE_CRC32 1
|
||||||
# define IMAGE_ENABLE_MD5 1
|
# define IMAGE_ENABLE_MD5 1
|
||||||
# define IMAGE_ENABLE_SHA1 1
|
# define IMAGE_ENABLE_SHA1 1
|
||||||
# define IMAGE_ENABLE_SHA256 1
|
|
||||||
# endif
|
# endif
|
||||||
|
|
||||||
#ifdef CONFIG_FIT_DISABLE_SHA256
|
|
||||||
#undef CONFIG_SHA256
|
|
||||||
#undef IMAGE_ENABLE_SHA256
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#ifndef IMAGE_ENABLE_CRC32
|
#ifndef IMAGE_ENABLE_CRC32
|
||||||
#define IMAGE_ENABLE_CRC32 0
|
#define IMAGE_ENABLE_CRC32 0
|
||||||
#endif
|
#endif
|
||||||
|
@ -92,7 +84,11 @@ struct lmb;
|
||||||
#define IMAGE_ENABLE_SHA1 0
|
#define IMAGE_ENABLE_SHA1 0
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifndef IMAGE_ENABLE_SHA256
|
#if defined(CONFIG_FIT_ENABLE_SHA256_SUPPORT) || \
|
||||||
|
defined(CONFIG_SPL_SHA256_SUPPORT)
|
||||||
|
#define CONFIG_SHA256
|
||||||
|
#define IMAGE_ENABLE_SHA256 1
|
||||||
|
#else
|
||||||
#define IMAGE_ENABLE_SHA256 0
|
#define IMAGE_ENABLE_SHA256 0
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
|
|
@ -947,7 +947,6 @@ CONFIG_FFUART
|
||||||
CONFIG_FILE
|
CONFIG_FILE
|
||||||
CONFIG_FIRMWARE_OFFSET
|
CONFIG_FIRMWARE_OFFSET
|
||||||
CONFIG_FIRMWARE_SIZE
|
CONFIG_FIRMWARE_SIZE
|
||||||
CONFIG_FIT_DISABLE_SHA256
|
|
||||||
CONFIG_FIXED_PHY
|
CONFIG_FIXED_PHY
|
||||||
CONFIG_FIXED_PHY_ADDR
|
CONFIG_FIXED_PHY_ADDR
|
||||||
CONFIG_FIXED_SDHCI_ALIGNED_BUFFER
|
CONFIG_FIXED_SDHCI_ALIGNED_BUFFER
|
||||||
|
|
Loading…
Reference in a new issue