FIT: Rename FIT_DISABLE_SHA256 to FIT_ENABLE_SHA256_SUPPORT
authorTom Rini <trini@konsulko.com>
Mon, 15 May 2017 16:17:48 +0000 (12:17 -0400)
committerTom Rini <trini@konsulko.com>
Mon, 22 May 2017 11:29:55 +0000 (07:29 -0400)
We rename CONFIG_FIT_DISABLE_SHA256 to CONFIG_FIT_ENABLE_SHA256_SUPPORT which
is enabled by default and now a positive option.  Convert the handful of boards
that were disabling it before to save space.

Cc: Dirk Eibach <eibach@gdsys.de>
Cc: Lukasz Dalek <luk0104@gmail.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
16 files changed:
Kconfig
README
configs/dlvision-10g_defconfig
configs/dlvision_defconfig
configs/h2200_defconfig
configs/io_defconfig
configs/iocon_defconfig
configs/neo_defconfig
include/configs/dlvision-10g.h
include/configs/dlvision.h
include/configs/h2200.h
include/configs/io.h
include/configs/iocon.h
include/configs/neo.h
include/image.h
scripts/config_whitelist.txt

diff --git a/Kconfig b/Kconfig
index 1cf990dfce3368a45ac24a73bee7397c3e641676..0a445313f62cee1c2c96eb4aa505cd15a2b6aa7d 100644 (file)
--- a/Kconfig
+++ b/Kconfig
@@ -157,6 +157,19 @@ config FIT
 
 if FIT
 
+config FIT_ENABLE_SHA256_SUPPORT
+       bool "Support SHA256 checksum of FIT image contents"
+       default y
+       help
+         Enable this to support SHA256 checksum of FIT image contents. A
+         SHA256 checksum is a 256-bit (32-byte) hash value used to check that
+         the image contents have not been corrupted. SHA256 is recommended
+         for use in secure applications since (as at 2016) there is no known
+         feasible attack that could produce a 'collision' with differing
+         input data. Use this for the highest security. Note that only the
+         SHA256 variant is supported: SHA512 and others are not currently
+         supported in U-Boot.
+
 config FIT_SIGNATURE
        bool "Enable signature verification of FIT uImages"
        depends on DM
diff --git a/README b/README
index 350b805c3801945fe8c86cdb43b67c34e23d5f6d..15ef469e6c532ed7062461639df9c31b0b94e2b2 100644 (file)
--- a/README
+++ b/README
@@ -2973,15 +2973,6 @@ FIT uImage format:
                This define is introduced, as the legacy image format is
                enabled per default for backward compatibility.
 
-- FIT image support:
-               CONFIG_FIT_DISABLE_SHA256
-               Supporting SHA256 hashes has quite an impact on binary size.
-               For constrained systems sha256 hash support can be disabled
-               with this option.
-
-               TODO(sjg@chromium.org): Adjust this option to be positive,
-               and move it to Kconfig
-
 - Standalone program support:
                CONFIG_STANDALONE_LOAD_ADDR
 
index c3574e199645bdf91d0a42e5bc0200d111c20461..44f7527a9ce7eff6ab415c9fda9e9fa9de2ab5c9 100644 (file)
@@ -3,6 +3,7 @@ CONFIG_IDENT_STRING=" dlvision-10g 0.06"
 CONFIG_4xx=y
 CONFIG_TARGET_DLVISION_10G=y
 CONFIG_FIT=y
+# CONFIG_FIT_ENABLE_SHA256_SUPPORT is not set
 CONFIG_FIT_VERBOSE=y
 CONFIG_OF_BOARD_SETUP=y
 CONFIG_BOOTDELAY=5
index f9f07ee8f12a91a9b7da733e1677e3a8246a8f31..4dd09a2af8d4ac8f071a634019243633b36493d8 100644 (file)
@@ -3,6 +3,7 @@ CONFIG_IDENT_STRING=" dlvision 0.02"
 CONFIG_4xx=y
 CONFIG_TARGET_DLVISION=y
 CONFIG_FIT=y
+# CONFIG_FIT_ENABLE_SHA256_SUPPORT is not set
 CONFIG_FIT_VERBOSE=y
 CONFIG_OF_BOARD_SETUP=y
 CONFIG_BOOTDELAY=5
index b85ed598066e62ab561369d378f2c7b35b108771..9d3698c5559c3d13d181b41dfff739b0cfc4e82a 100644 (file)
@@ -1,6 +1,7 @@
 CONFIG_ARM=y
 CONFIG_TARGET_H2200=y
 CONFIG_FIT=y
+# CONFIG_FIT_ENABLE_SHA256_SUPPORT is not set
 CONFIG_SYS_CONSOLE_IS_IN_ENV=y
 # CONFIG_DISPLAY_CPUINFO is not set
 # CONFIG_DISPLAY_BOARDINFO is not set
index 5dca2b121c8acfeedeafd71bd06589d5b70a22e8..27edc5976b2c74624ff85abdf73814b6dcfb3d57 100644 (file)
@@ -3,6 +3,7 @@ CONFIG_IDENT_STRING=" io 0.06"
 CONFIG_4xx=y
 CONFIG_TARGET_IO=y
 CONFIG_FIT=y
+# CONFIG_FIT_ENABLE_SHA256_SUPPORT is not set
 CONFIG_FIT_VERBOSE=y
 CONFIG_OF_BOARD_SETUP=y
 CONFIG_BOOTDELAY=5
index c74df944a6ae5c6b33f6d0fc6cf80b7ee1c8d938..2529181620d57eb178d7e67daa83289a72bcaa30 100644 (file)
@@ -3,6 +3,7 @@ CONFIG_IDENT_STRING=" iocon 0.06"
 CONFIG_4xx=y
 CONFIG_TARGET_IOCON=y
 CONFIG_FIT=y
+# CONFIG_FIT_ENABLE_SHA256_SUPPORT is not set
 CONFIG_OF_BOARD_SETUP=y
 CONFIG_BOOTDELAY=5
 CONFIG_SYS_CONSOLE_INFO_QUIET=y
index fbb2da47f0a6ca32dc83ff76b8f4c83069da6a6d..1bf5151baad613557326508952e7056ba8de3dfe 100644 (file)
@@ -3,6 +3,7 @@ CONFIG_IDENT_STRING=" neo 0.02"
 CONFIG_4xx=y
 CONFIG_TARGET_NEO=y
 CONFIG_FIT=y
+# CONFIG_FIT_ENABLE_SHA256_SUPPORT is not set
 CONFIG_FIT_VERBOSE=y
 CONFIG_OF_BOARD_SETUP=y
 CONFIG_BOOTDELAY=5
index e32651f5411307a8c7fada2324677d5fa7d90b13..c5e227650e54b4b665819a6e8d4743e937037685 100644 (file)
@@ -31,9 +31,6 @@
 #define PLLMR0_DEFAULT PLLMR0_266_133_66
 #define PLLMR1_DEFAULT PLLMR1_266_133_66
 
-/* new uImage format support */
-#define CONFIG_FIT_DISABLE_SHA256
-
 #define CONFIG_ENV_IS_IN_FLASH /* use FLASH for environment vars */
 
 /*
index 2b7d62b03482172e502b6a1c6684b8de1b1d25c3..f8d390ba33aec36119c3340d7050fe425a89f7fb 100644 (file)
@@ -29,9 +29,6 @@
 #define PLLMR0_DEFAULT PLLMR0_266_133_66_33
 #define PLLMR1_DEFAULT PLLMR1_266_133_66_33
 
-/* new uImage format support */
-#define CONFIG_FIT_DISABLE_SHA256
-
 #define CONFIG_ENV_IS_IN_FLASH /* use FLASH for environment vars */
 
 /*
index d8724f86a7384c674fc165dda0e0243b0e55a130..530a88e9e1a7ecb4312a7200e5fd0ae9e78160e6 100644 (file)
 
 #define CONFIG_SYS_BAUDRATE_TABLE      { 9600, 38400, 115200 }
 
-#define CONFIG_FIT_DISABLE_SHA256
 #define CONFIG_SETUP_MEMORY_TAGS
 #define CONFIG_CMDLINE_TAG
 #define CONFIG_INITRD_TAG
index 3e44a8c607533eb46d9632ac5ec9a944a5470127..ee2b52a7ede6d9b9501005982cbe235074e7d745 100644 (file)
@@ -31,9 +31,6 @@
 #define PLLMR0_DEFAULT PLLMR0_266_133_66
 #define PLLMR1_DEFAULT PLLMR1_266_133_66
 
-/* new uImage format support */
-#define CONFIG_FIT_DISABLE_SHA256
-
 #define CONFIG_ENV_IS_IN_FLASH /* use FLASH for environment vars */
 
 /*
index 9c3be78bc73bd794eee47c03c55524224080956c..afa69942e84a298075cf4b5dd5db042015c1fade 100644 (file)
@@ -33,9 +33,6 @@
 #define PLLMR0_DEFAULT PLLMR0_266_133_66
 #define PLLMR1_DEFAULT PLLMR1_266_133_66
 
-/* new uImage format support */
-#define CONFIG_FIT_DISABLE_SHA256
-
 #define CONFIG_ENV_IS_IN_FLASH /* use FLASH for environment vars */
 
 /*
index 9115e251b1bf736c0671639bac236591bc3bbb40..1d8e13f0353b12fe164586e7dd70f41f987cdcc2 100644 (file)
@@ -31,9 +31,6 @@
 #define PLLMR0_DEFAULT PLLMR0_266_133_66_33
 #define PLLMR1_DEFAULT PLLMR1_266_133_66_33
 
-/* new uImage format support */
-#define CONFIG_FIT_DISABLE_SHA256
-
 #define CONFIG_ENV_IS_IN_FLASH /* use FLASH for environment vars */
 
 /*
index 3f26f9bd1f625c365e6d8f7908a97bf0d1c84cc0..800426d51f9636f8fed7d1cad0935218eeedc60b 100644 (file)
@@ -29,6 +29,7 @@ struct lmb;
 #define IMAGE_ENABLE_FIT       1
 #define IMAGE_ENABLE_OF_LIBFDT 1
 #define CONFIG_FIT_VERBOSE     1 /* enable fit_format_{error,warning}() */
+#define CONFIG_FIT_ENABLE_SHA256_SUPPORT
 
 #define IMAGE_ENABLE_IGNORE    0
 #define IMAGE_INDENT_STRING    ""
@@ -62,9 +63,6 @@ struct lmb;
 #  ifdef CONFIG_SPL_SHA1_SUPPORT
 #   define IMAGE_ENABLE_SHA1   1
 #  endif
-#  ifdef CONFIG_SPL_SHA256_SUPPORT
-#   define IMAGE_ENABLE_SHA256 1
-#  endif
 # else
 #  define CONFIG_CRC32         /* FIT images need CRC32 support */
 #  define CONFIG_SHA1          /* and SHA1 */
@@ -72,14 +70,8 @@ struct lmb;
 #  define IMAGE_ENABLE_CRC32   1
 #  define IMAGE_ENABLE_MD5     1
 #  define IMAGE_ENABLE_SHA1    1
-#  define IMAGE_ENABLE_SHA256  1
 # endif
 
-#ifdef CONFIG_FIT_DISABLE_SHA256
-#undef CONFIG_SHA256
-#undef IMAGE_ENABLE_SHA256
-#endif
-
 #ifndef IMAGE_ENABLE_CRC32
 #define IMAGE_ENABLE_CRC32     0
 #endif
@@ -92,7 +84,11 @@ struct lmb;
 #define IMAGE_ENABLE_SHA1      0
 #endif
 
-#ifndef IMAGE_ENABLE_SHA256
+#if defined(CONFIG_FIT_ENABLE_SHA256_SUPPORT) || \
+       defined(CONFIG_SPL_SHA256_SUPPORT)
+#define CONFIG_SHA256
+#define IMAGE_ENABLE_SHA256    1
+#else
 #define IMAGE_ENABLE_SHA256    0
 #endif
 
index fa9c3fc8cbd03e66644fa8d1a2f4adb07f420aba..4ed76f3d66bdc97cd988c097cf10c36b6e292f9c 100644 (file)
@@ -947,7 +947,6 @@ CONFIG_FFUART
 CONFIG_FILE
 CONFIG_FIRMWARE_OFFSET
 CONFIG_FIRMWARE_SIZE
-CONFIG_FIT_DISABLE_SHA256
 CONFIG_FIXED_PHY
 CONFIG_FIXED_PHY_ADDR
 CONFIG_FIXED_SDHCI_ALIGNED_BUFFER