mirror of
https://github.com/AsahiLinux/u-boot
synced 2024-11-10 15:14:43 +00:00
common: Remove unused CONFIG_FIT_SHAxxx selectors
Originally CONFIG_FIT_SHAxxx enabled specific SHA algos for and only
for hash_calculate() in common/image-fit.c. However, since commit
14f061dcb1 ("image: Drop IMAGE_ENABLE_SHAxxx"),
the correct selector was changed to CONFIG_SHAxxx.
The extra "_FIT_" variants are neither used, nor needed. Remove them.
One defconfig disables FIT_SHA256, which is now changed to 'SHA256'.
CMD_MVEBU_BUBT needs to select select SHA256 to avoid undefined
references to "sha256_*()". bubt.c needs sha256, so this selection is
correct. It is not clear why this problem did not manifest before.
Note that SHA selection in SPL is broken for this exact reason. There
is no corresponding SPL_SHAxxx. Fixing this is is beyond the scope of
this change.
Also note that we make CONFIG_FIT now imply SHA256, to make up for
FIT_SHA256 previously being a default y option.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
[trini: Add imply SHA256 to FIT]
Signed-off-by: Tom Rini <trini@konsulko.com>
This commit is contained in:
Alexandru Gagniuc
Tom Rini
parent
1c02fd4686
commit
eb5171ddec
5 changed files with 3 additions and 74 deletions
|
|
@ -4,6 +4,7 @@ depends on ARCH_MVEBU
|
|||
config CMD_MVEBU_BUBT
|
||||
bool "bubt"
|
||||
default n
|
||||
select SHA256 if ARMADA_3700
|
||||
help
|
||||
bubt - Burn a u-boot image to flash
|
||||
For details about bubt command please see the documentation
|
||||
|
|
|
|||
|
|
@ -13,6 +13,7 @@ config FIT
|
|||
bool "Support Flattened Image Tree"
|
||||
select MD5
|
||||
select SHA1
|
||||
imply SHA256
|
||||
help
|
||||
This option allows you to boot the new uImage structure,
|
||||
Flattened Image Tree. FIT is formally a FDT, which can include
|
||||
|
|
@ -35,34 +36,6 @@ config FIT_EXTERNAL_OFFSET
|
|||
could be put in the hole between data payload and fit image
|
||||
header, such as CSF data on i.MX platform.
|
||||
|
||||
config FIT_SHA256
|
||||
bool "Support SHA256 checksum of FIT image contents"
|
||||
default y
|
||||
select SHA256
|
||||
help
|
||||
Enable this to support SHA256 checksum of FIT image contents. A
|
||||
SHA256 checksum is a 256-bit (32-byte) hash value used to check that
|
||||
the image contents have not been corrupted.
|
||||
|
||||
config FIT_SHA384
|
||||
bool "Support SHA384 checksum of FIT image contents"
|
||||
default n
|
||||
select SHA384
|
||||
help
|
||||
Enable this to support SHA384 checksum of FIT image contents. A
|
||||
SHA384 checksum is a 384-bit (48-byte) hash value used to check that
|
||||
the image contents have not been corrupted. Use this for the highest
|
||||
security.
|
||||
|
||||
config FIT_SHA512
|
||||
bool "Support SHA512 checksum of FIT image contents"
|
||||
default n
|
||||
select SHA512
|
||||
help
|
||||
Enable this to support SHA512 checksum of FIT image contents. A
|
||||
SHA512 checksum is a 512-bit (64-byte) hash value used to check that
|
||||
the image contents have not been corrupted.
|
||||
|
||||
config FIT_FULL_CHECK
|
||||
bool "Do a full check of the FIT before using it"
|
||||
default y
|
||||
|
|
|
|||
|
|
@ -439,48 +439,6 @@ config SPL_MD5
|
|||
applications where images may be changed maliciously, you should
|
||||
consider SHA256 or SHA384.
|
||||
|
||||
config SPL_FIT_SHA1
|
||||
bool "Support SHA1"
|
||||
depends on SPL_FIT
|
||||
select SHA1
|
||||
help
|
||||
Enable this to support SHA1 in FIT images within SPL. A SHA1
|
||||
checksum is a 160-bit (20-byte) hash value used to check that the
|
||||
image contents have not been corrupted or maliciously altered.
|
||||
While SHA1 is fairly secure it is coming to the end of its life
|
||||
due to the expanding computing power available to brute-force
|
||||
attacks. For more security, consider SHA256 or SHA384.
|
||||
|
||||
config SPL_FIT_SHA256
|
||||
bool "Support SHA256"
|
||||
depends on SPL_FIT
|
||||
select SHA256
|
||||
help
|
||||
Enable this to support SHA256 in FIT images within SPL. A SHA256
|
||||
checksum is a 256-bit (32-byte) hash value used to check that the
|
||||
image contents have not been corrupted.
|
||||
|
||||
config SPL_FIT_SHA384
|
||||
bool "Support SHA384"
|
||||
depends on SPL_FIT
|
||||
select SHA384
|
||||
select SHA512_ALGO
|
||||
help
|
||||
Enable this to support SHA384 in FIT images within SPL. A SHA384
|
||||
checksum is a 384-bit (48-byte) hash value used to check that the
|
||||
image contents have not been corrupted. Use this for the highest
|
||||
security.
|
||||
|
||||
config SPL_FIT_SHA512
|
||||
bool "Support SHA512"
|
||||
depends on SPL_FIT
|
||||
select SHA512
|
||||
select SHA512_ALGO
|
||||
help
|
||||
Enable this to support SHA512 in FIT images within SPL. A SHA512
|
||||
checksum is a 512-bit (64-byte) hash value used to check that the
|
||||
image contents have not been corrupted.
|
||||
|
||||
config SPL_FIT_IMAGE_TINY
|
||||
bool "Remove functionality from SPL FIT loading to reduce size"
|
||||
depends on SPL_FIT
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@ CONFIG_DEBUG_UART_CLOCK=26000000
|
|||
# CONFIG_PSCI_RESET is not set
|
||||
CONFIG_DEBUG_UART=y
|
||||
CONFIG_FIT=y
|
||||
# CONFIG_FIT_SHA256 is not set
|
||||
# CONFIG_SHA256 is not set
|
||||
# CONFIG_ARCH_FIXUP_FDT_MEMORY is not set
|
||||
CONFIG_DEFAULT_FDT_FILE="mt8516-pumpkin"
|
||||
# CONFIG_DISPLAY_BOARDINFO is not set
|
||||
|
|
|
|||
|
|
@ -31,9 +31,6 @@ struct fdt_region;
|
|||
#define IMAGE_ENABLE_OF_LIBFDT 1
|
||||
#define CONFIG_FIT_VERBOSE 1 /* enable fit_format_{error,warning}() */
|
||||
#define CONFIG_FIT_RSASSA_PSS 1
|
||||
#define CONFIG_FIT_SHA256
|
||||
#define CONFIG_FIT_SHA384
|
||||
#define CONFIG_FIT_SHA512
|
||||
#define CONFIG_SHA1
|
||||
#define CONFIG_SHA256
|
||||
#define CONFIG_SHA384
|
||||
|
|
|
|||
Loading…
Reference in a new issue