* [meta-oe][PATCH v2] kernel-fitimage: introduce FIT_HASH_ALG
@ 2017-11-02 15:48 Ayoub Zaki
2017-11-02 18:45 ` Denys Dmytriyenko
2019-06-18 8:25 ` [meta-oe,v2] " Luca Boccassi
0 siblings, 2 replies; 11+ messages in thread
From: Ayoub Zaki @ 2017-11-02 15:48 UTC (permalink / raw)
To: openembedded-core
sanitize fitImage hash algorithm selection with FIT_HASH_ALG
switch default hash algorithm from sha1 to sha256
Signed-off-by: Ayoub Zaki <ayoub.zaki@embexus.com>
---
meta/classes/kernel-fitimage.bbclass | 13 ++++++++-----
1 file changed, 8 insertions(+), 5 deletions(-)
diff --git a/meta/classes/kernel-fitimage.bbclass b/meta/classes/kernel-fitimage.bbclass
index 179185b..3cc3a33 100644
--- a/meta/classes/kernel-fitimage.bbclass
+++ b/meta/classes/kernel-fitimage.bbclass
@@ -36,6 +36,9 @@ python __anonymous () {
# Options for the device tree compiler passed to mkimage '-D' feature:
UBOOT_MKIMAGE_DTCOPTS ??= ""
+# fitImage Hash Algo
+FIT_HASH_ALG ?= "sha256"
+
#
# Emit the fitImage ITS header
#
@@ -95,7 +98,7 @@ EOF
# $4 ... Compression type
fitimage_emit_section_kernel() {
- kernel_csum="sha1"
+ kernel_csum="${FIT_HASH_ALG}"
ENTRYPOINT=${UBOOT_ENTRYPOINT}
if [ -n "${UBOOT_ENTRYSYMBOL}" ]; then
@@ -128,7 +131,7 @@ EOF
# $3 ... Path to DTB image
fitimage_emit_section_dtb() {
- dtb_csum="sha1"
+ dtb_csum="${FIT_HASH_ALG}"
cat << EOF >> ${1}
fdt@${2} {
@@ -152,7 +155,7 @@ EOF
# $3 ... Path to setup image
fitimage_emit_section_setup() {
- setup_csum="sha1"
+ setup_csum="${FIT_HASH_ALG}"
cat << EOF >> ${1}
setup@${2} {
@@ -179,7 +182,7 @@ EOF
# $3 ... Path to ramdisk image
fitimage_emit_section_ramdisk() {
- ramdisk_csum="sha1"
+ ramdisk_csum="${FIT_HASH_ALG}"
ramdisk_ctype="none"
ramdisk_loadline=""
ramdisk_entryline=""
@@ -237,7 +240,7 @@ EOF
# $6 ... default flag
fitimage_emit_section_config() {
- conf_csum="sha1"
+ conf_csum="${FIT_HASH_ALG}"
if [ -n "${UBOOT_SIGN_ENABLE}" ] ; then
conf_sign_keyname="${UBOOT_SIGN_KEYNAME}"
fi
--
2.7.4
^ permalink raw reply related [flat|nested] 11+ messages in thread
* Re: [meta-oe][PATCH v2] kernel-fitimage: introduce FIT_HASH_ALG
2017-11-02 15:48 [meta-oe][PATCH v2] kernel-fitimage: introduce FIT_HASH_ALG Ayoub Zaki
@ 2017-11-02 18:45 ` Denys Dmytriyenko
2019-06-18 8:25 ` [meta-oe,v2] " Luca Boccassi
1 sibling, 0 replies; 11+ messages in thread
From: Denys Dmytriyenko @ 2017-11-02 18:45 UTC (permalink / raw)
To: Ayoub Zaki; +Cc: openembedded-core
On Thu, Nov 02, 2017 at 04:48:18PM +0100, Ayoub Zaki wrote:
> sanitize fitImage hash algorithm selection with FIT_HASH_ALG
> switch default hash algorithm from sha1 to sha256
>
> Signed-off-by: Ayoub Zaki <ayoub.zaki@embexus.com>
Acked-by: Denys Dmytriyenko <denys@ti.com>
> ---
> meta/classes/kernel-fitimage.bbclass | 13 ++++++++-----
> 1 file changed, 8 insertions(+), 5 deletions(-)
>
> diff --git a/meta/classes/kernel-fitimage.bbclass b/meta/classes/kernel-fitimage.bbclass
> index 179185b..3cc3a33 100644
> --- a/meta/classes/kernel-fitimage.bbclass
> +++ b/meta/classes/kernel-fitimage.bbclass
> @@ -36,6 +36,9 @@ python __anonymous () {
> # Options for the device tree compiler passed to mkimage '-D' feature:
> UBOOT_MKIMAGE_DTCOPTS ??= ""
>
> +# fitImage Hash Algo
> +FIT_HASH_ALG ?= "sha256"
> +
> #
> # Emit the fitImage ITS header
> #
> @@ -95,7 +98,7 @@ EOF
> # $4 ... Compression type
> fitimage_emit_section_kernel() {
>
> - kernel_csum="sha1"
> + kernel_csum="${FIT_HASH_ALG}"
>
> ENTRYPOINT=${UBOOT_ENTRYPOINT}
> if [ -n "${UBOOT_ENTRYSYMBOL}" ]; then
> @@ -128,7 +131,7 @@ EOF
> # $3 ... Path to DTB image
> fitimage_emit_section_dtb() {
>
> - dtb_csum="sha1"
> + dtb_csum="${FIT_HASH_ALG}"
>
> cat << EOF >> ${1}
> fdt@${2} {
> @@ -152,7 +155,7 @@ EOF
> # $3 ... Path to setup image
> fitimage_emit_section_setup() {
>
> - setup_csum="sha1"
> + setup_csum="${FIT_HASH_ALG}"
>
> cat << EOF >> ${1}
> setup@${2} {
> @@ -179,7 +182,7 @@ EOF
> # $3 ... Path to ramdisk image
> fitimage_emit_section_ramdisk() {
>
> - ramdisk_csum="sha1"
> + ramdisk_csum="${FIT_HASH_ALG}"
> ramdisk_ctype="none"
> ramdisk_loadline=""
> ramdisk_entryline=""
> @@ -237,7 +240,7 @@ EOF
> # $6 ... default flag
> fitimage_emit_section_config() {
>
> - conf_csum="sha1"
> + conf_csum="${FIT_HASH_ALG}"
> if [ -n "${UBOOT_SIGN_ENABLE}" ] ; then
> conf_sign_keyname="${UBOOT_SIGN_KEYNAME}"
> fi
> --
> 2.7.4
>
> --
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core@lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-core
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [meta-oe,v2] kernel-fitimage: introduce FIT_HASH_ALG
2017-11-02 15:48 [meta-oe][PATCH v2] kernel-fitimage: introduce FIT_HASH_ALG Ayoub Zaki
2017-11-02 18:45 ` Denys Dmytriyenko
@ 2019-06-18 8:25 ` Luca Boccassi
2019-06-18 15:53 ` Khem Raj
1 sibling, 1 reply; 11+ messages in thread
From: Luca Boccassi @ 2019-06-18 8:25 UTC (permalink / raw)
To: Ayoub Zaki, openembedded-core
On Thu, 2017-11-02 at 16:48 +0100, Ayoub Zaki wrote:
> sanitize fitImage hash algorithm selection with FIT_HASH_ALG
> switch default hash algorithm from sha1 to sha256
>
> Signed-off-by: Ayoub Zaki <
> ayoub.zaki@embexus.com
> >
> Acked-by: Denys Dmytriyenko <
> denys@ti.com
> >
> ---
> meta/classes/kernel-fitimage.bbclass | 13 ++++++++-----
> 1 file changed, 8 insertions(+), 5 deletions(-)
>
> diff --git a/meta/classes/kernel-fitimage.bbclass
> b/meta/classes/kernel-fitimage.bbclass
> index 179185b..3cc3a33 100644
> --- a/meta/classes/kernel-fitimage.bbclass
> +++ b/meta/classes/kernel-fitimage.bbclass
> @@ -36,6 +36,9 @@ python __anonymous () {
> # Options for the device tree compiler passed to mkimage '-D'
> feature:
> UBOOT_MKIMAGE_DTCOPTS ??= ""
>
> +# fitImage Hash Algo
> +FIT_HASH_ALG ?= "sha256"
> +
> #
> # Emit the fitImage ITS header
> #
> @@ -95,7 +98,7 @@ EOF
> # $4 ... Compression type
> fitimage_emit_section_kernel() {
>
> - kernel_csum="sha1"
> + kernel_csum="${FIT_HASH_ALG}"
>
> ENTRYPOINT=${UBOOT_ENTRYPOINT}
> if [ -n "${UBOOT_ENTRYSYMBOL}" ]; then
> @@ -128,7 +131,7 @@ EOF
> # $3 ... Path to DTB image
> fitimage_emit_section_dtb() {
>
> - dtb_csum="sha1"
> + dtb_csum="${FIT_HASH_ALG}"
>
> cat << EOF >> ${1}
> fdt@${2} {
> @@ -152,7 +155,7 @@ EOF
> # $3 ... Path to setup image
> fitimage_emit_section_setup() {
>
> - setup_csum="sha1"
> + setup_csum="${FIT_HASH_ALG}"
>
> cat << EOF >> ${1}
> setup@${2} {
> @@ -179,7 +182,7 @@ EOF
> # $3 ... Path to ramdisk image
> fitimage_emit_section_ramdisk() {
>
> - ramdisk_csum="sha1"
> + ramdisk_csum="${FIT_HASH_ALG}"
> ramdisk_ctype="none"
> ramdisk_loadline=""
> ramdisk_entryline=""
> @@ -237,7 +240,7 @@ EOF
> # $6 ... default flag
> fitimage_emit_section_config() {
>
> - conf_csum="sha1"
> + conf_csum="${FIT_HASH_ALG}"
> if [ -n "${UBOOT_SIGN_ENABLE}" ] ; then
> conf_sign_keyname="${UBOOT_SIGN_KEYNAME}"
> fi
Hi,
Any update on this patch? It was acked almost 2 years ago.
It would be great to have a way to change the hashsum algorithm when
building signed images.
Thanks!
--
Kind regards,
Luca Boccassi
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [meta-oe,v2] kernel-fitimage: introduce FIT_HASH_ALG
2019-06-18 8:25 ` [meta-oe,v2] " Luca Boccassi
@ 2019-06-18 15:53 ` Khem Raj
2019-06-18 16:11 ` Richard Purdie
0 siblings, 1 reply; 11+ messages in thread
From: Khem Raj @ 2019-06-18 15:53 UTC (permalink / raw)
To: Luca Boccassi; +Cc: Ayoub Zaki, Patches and discussions about the oe-core layer
On Tue, Jun 18, 2019 at 1:26 AM Luca Boccassi <luca.boccassi@gmail.com> wrote:
>
> On Thu, 2017-11-02 at 16:48 +0100, Ayoub Zaki wrote:
> > sanitize fitImage hash algorithm selection with FIT_HASH_ALG
> > switch default hash algorithm from sha1 to sha256
> >
> > Signed-off-by: Ayoub Zaki <
> > ayoub.zaki@embexus.com
> > >
> > Acked-by: Denys Dmytriyenko <
> > denys@ti.com
> > >
> > ---
> > meta/classes/kernel-fitimage.bbclass | 13 ++++++++-----
> > 1 file changed, 8 insertions(+), 5 deletions(-)
> >
> > diff --git a/meta/classes/kernel-fitimage.bbclass
> > b/meta/classes/kernel-fitimage.bbclass
> > index 179185b..3cc3a33 100644
> > --- a/meta/classes/kernel-fitimage.bbclass
> > +++ b/meta/classes/kernel-fitimage.bbclass
> > @@ -36,6 +36,9 @@ python __anonymous () {
> > # Options for the device tree compiler passed to mkimage '-D'
> > feature:
> > UBOOT_MKIMAGE_DTCOPTS ??= ""
> >
> > +# fitImage Hash Algo
> > +FIT_HASH_ALG ?= "sha256"
> > +
> > #
> > # Emit the fitImage ITS header
> > #
> > @@ -95,7 +98,7 @@ EOF
> > # $4 ... Compression type
> > fitimage_emit_section_kernel() {
> >
> > - kernel_csum="sha1"
> > + kernel_csum="${FIT_HASH_ALG}"
> >
> > ENTRYPOINT=${UBOOT_ENTRYPOINT}
> > if [ -n "${UBOOT_ENTRYSYMBOL}" ]; then
> > @@ -128,7 +131,7 @@ EOF
> > # $3 ... Path to DTB image
> > fitimage_emit_section_dtb() {
> >
> > - dtb_csum="sha1"
> > + dtb_csum="${FIT_HASH_ALG}"
> >
> > cat << EOF >> ${1}
> > fdt@${2} {
> > @@ -152,7 +155,7 @@ EOF
> > # $3 ... Path to setup image
> > fitimage_emit_section_setup() {
> >
> > - setup_csum="sha1"
> > + setup_csum="${FIT_HASH_ALG}"
> >
> > cat << EOF >> ${1}
> > setup@${2} {
> > @@ -179,7 +182,7 @@ EOF
> > # $3 ... Path to ramdisk image
> > fitimage_emit_section_ramdisk() {
> >
> > - ramdisk_csum="sha1"
> > + ramdisk_csum="${FIT_HASH_ALG}"
> > ramdisk_ctype="none"
> > ramdisk_loadline=""
> > ramdisk_entryline=""
> > @@ -237,7 +240,7 @@ EOF
> > # $6 ... default flag
> > fitimage_emit_section_config() {
> >
> > - conf_csum="sha1"
> > + conf_csum="${FIT_HASH_ALG}"
> > if [ -n "${UBOOT_SIGN_ENABLE}" ] ; then
> > conf_sign_keyname="${UBOOT_SIGN_KEYNAME}"
> > fi
>
> Hi,
>
> Any update on this patch? It was acked almost 2 years ago.
>
> It would be great to have a way to change the hashsum algorithm when
> building signed images.
>
I agree, but it would be good to resend this patch on top of current master
> Thanks!
>
> --
> Kind regards,
> Luca Boccassi
>
> --
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core@lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-core
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [meta-oe,v2] kernel-fitimage: introduce FIT_HASH_ALG
2019-06-18 15:53 ` Khem Raj
@ 2019-06-18 16:11 ` Richard Purdie
2019-06-19 8:47 ` Luca Boccassi
0 siblings, 1 reply; 11+ messages in thread
From: Richard Purdie @ 2019-06-18 16:11 UTC (permalink / raw)
To: Khem Raj, Luca Boccassi
Cc: Ayoub Zaki, Patches and discussions about the oe-core layer
On Tue, 2019-06-18 at 08:53 -0700, Khem Raj wrote:
> On Tue, Jun 18, 2019 at 1:26 AM Luca Boccassi <
> luca.boccassi@gmail.com> wrote:
> > On Thu, 2017-11-02 at 16:48 +0100, Ayoub Zaki wrote:
> > > sanitize fitImage hash algorithm selection with FIT_HASH_ALG
> > > switch default hash algorithm from sha1 to sha256
> > >
> > > Signed-off-by: Ayoub Zaki <
> > > ayoub.zaki@embexus.com
> > > Acked-by: Denys Dmytriyenko <
> > > denys@ti.com
> > > ---
> > > meta/classes/kernel-fitimage.bbclass | 13 ++++++++-----
> > > 1 file changed, 8 insertions(+), 5 deletions(-)
> > >
> > > diff --git a/meta/classes/kernel-fitimage.bbclass
> > > b/meta/classes/kernel-fitimage.bbclass
> > > index 179185b..3cc3a33 100644
> > > --- a/meta/classes/kernel-fitimage.bbclass
> > > +++ b/meta/classes/kernel-fitimage.bbclass
> > > @@ -36,6 +36,9 @@ python __anonymous () {
> > > # Options for the device tree compiler passed to mkimage '-D'
> > > feature:
> > > UBOOT_MKIMAGE_DTCOPTS ??= ""
> > >
> > > +# fitImage Hash Algo
> > > +FIT_HASH_ALG ?= "sha256"
> > > +
> > > #
> > > # Emit the fitImage ITS header
> > > #
> > > @@ -95,7 +98,7 @@ EOF
> > > # $4 ... Compression type
> > > fitimage_emit_section_kernel() {
> > >
> > > - kernel_csum="sha1"
> > > + kernel_csum="${FIT_HASH_ALG}"
> > >
> > > ENTRYPOINT=${UBOOT_ENTRYPOINT}
> > > if [ -n "${UBOOT_ENTRYSYMBOL}" ]; then
> > > @@ -128,7 +131,7 @@ EOF
> > > # $3 ... Path to DTB image
> > > fitimage_emit_section_dtb() {
> > >
> > > - dtb_csum="sha1"
> > > + dtb_csum="${FIT_HASH_ALG}"
> > >
> > > cat << EOF >> ${1}
> > > fdt@${2} {
> > > @@ -152,7 +155,7 @@ EOF
> > > # $3 ... Path to setup image
> > > fitimage_emit_section_setup() {
> > >
> > > - setup_csum="sha1"
> > > + setup_csum="${FIT_HASH_ALG}"
> > >
> > > cat << EOF >> ${1}
> > > setup@${2} {
> > > @@ -179,7 +182,7 @@ EOF
> > > # $3 ... Path to ramdisk image
> > > fitimage_emit_section_ramdisk() {
> > >
> > > - ramdisk_csum="sha1"
> > > + ramdisk_csum="${FIT_HASH_ALG}"
> > > ramdisk_ctype="none"
> > > ramdisk_loadline=""
> > > ramdisk_entryline=""
> > > @@ -237,7 +240,7 @@ EOF
> > > # $6 ... default flag
> > > fitimage_emit_section_config() {
> > >
> > > - conf_csum="sha1"
> > > + conf_csum="${FIT_HASH_ALG}"
> > > if [ -n "${UBOOT_SIGN_ENABLE}" ] ; then
> > > conf_sign_keyname="${UBOOT_SIGN_KEYNAME}"
> > > fi
> >
> > Hi,
> >
> > Any update on this patch? It was acked almost 2 years ago.
> >
> > It would be great to have a way to change the hashsum algorithm
> > when
> > building signed images.
> >
>
> I agree, but it would be good to resend this patch on top of current
> master
I managed to apply it to master so its in testing now.
My concerns about the lack of tests for this class are the main reason
patches here get held up.
Cheers,
Richard
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [meta-oe,v2] kernel-fitimage: introduce FIT_HASH_ALG
2019-06-18 16:11 ` Richard Purdie
@ 2019-06-19 8:47 ` Luca Boccassi
2019-06-19 9:06 ` Alex Kiernan
0 siblings, 1 reply; 11+ messages in thread
From: Luca Boccassi @ 2019-06-19 8:47 UTC (permalink / raw)
To: Richard Purdie, Khem Raj
Cc: Ayoub Zaki, Patches and discussions about the oe-core layer
On Tue, 2019-06-18 at 17:11 +0100, Richard Purdie wrote:
> On Tue, 2019-06-18 at 08:53 -0700, Khem Raj wrote:
> > On Tue, Jun 18, 2019 at 1:26 AM Luca Boccassi <
> > luca.boccassi@gmail.com
> > > wrote:
> > > On Thu, 2017-11-02 at 16:48 +0100, Ayoub Zaki wrote:
> > > > sanitize fitImage hash algorithm selection with FIT_HASH_ALG
> > > > switch default hash algorithm from sha1 to sha256
> > > >
> > > > Signed-off-by: Ayoub Zaki <
> > > > ayoub.zaki@embexus.com
> > > >
> > > > Acked-by: Denys Dmytriyenko <
> > > > denys@ti.com
> > > >
> > > > ---
> > > > meta/classes/kernel-fitimage.bbclass | 13 ++++++++-----
> > > > 1 file changed, 8 insertions(+), 5 deletions(-)
> > > >
> > > > diff --git a/meta/classes/kernel-fitimage.bbclass
> > > > b/meta/classes/kernel-fitimage.bbclass
> > > > index 179185b..3cc3a33 100644
> > > > --- a/meta/classes/kernel-fitimage.bbclass
> > > > +++ b/meta/classes/kernel-fitimage.bbclass
> > > > @@ -36,6 +36,9 @@ python __anonymous () {
> > > > # Options for the device tree compiler passed to mkimage '-D'
> > > > feature:
> > > > UBOOT_MKIMAGE_DTCOPTS ??= ""
> > > >
> > > > +# fitImage Hash Algo
> > > > +FIT_HASH_ALG ?= "sha256"
> > > > +
> > > > #
> > > > # Emit the fitImage ITS header
> > > > #
> > > > @@ -95,7 +98,7 @@ EOF
> > > > # $4 ... Compression type
> > > > fitimage_emit_section_kernel() {
> > > >
> > > > - kernel_csum="sha1"
> > > > + kernel_csum="${FIT_HASH_ALG}"
> > > >
> > > > ENTRYPOINT=${UBOOT_ENTRYPOINT}
> > > > if [ -n "${UBOOT_ENTRYSYMBOL}" ]; then
> > > > @@ -128,7 +131,7 @@ EOF
> > > > # $3 ... Path to DTB image
> > > > fitimage_emit_section_dtb() {
> > > >
> > > > - dtb_csum="sha1"
> > > > + dtb_csum="${FIT_HASH_ALG}"
> > > >
> > > > cat << EOF >> ${1}
> > > > fdt@${2} {
> > > > @@ -152,7 +155,7 @@ EOF
> > > > # $3 ... Path to setup image
> > > > fitimage_emit_section_setup() {
> > > >
> > > > - setup_csum="sha1"
> > > > + setup_csum="${FIT_HASH_ALG}"
> > > >
> > > > cat << EOF >> ${1}
> > > > setup@${2} {
> > > > @@ -179,7 +182,7 @@ EOF
> > > > # $3 ... Path to ramdisk image
> > > > fitimage_emit_section_ramdisk() {
> > > >
> > > > - ramdisk_csum="sha1"
> > > > + ramdisk_csum="${FIT_HASH_ALG}"
> > > > ramdisk_ctype="none"
> > > > ramdisk_loadline=""
> > > > ramdisk_entryline=""
> > > > @@ -237,7 +240,7 @@ EOF
> > > > # $6 ... default flag
> > > > fitimage_emit_section_config() {
> > > >
> > > > - conf_csum="sha1"
> > > > + conf_csum="${FIT_HASH_ALG}"
> > > > if [ -n "${UBOOT_SIGN_ENABLE}" ] ; then
> > > > conf_sign_keyname="${UBOOT_SIGN_KEYNAME}"
> > > > fi
> > >
> > > Hi,
> > >
> > > Any update on this patch? It was acked almost 2 years ago.
> > >
> > > It would be great to have a way to change the hashsum algorithm
> > > when
> > > building signed images.
> > >
> >
> > I agree, but it would be good to resend this patch on top of
> > current
> > master
>
> I managed to apply it to master so its in testing now.
>
> My concerns about the lack of tests for this class are the main
> reason
> patches here get held up.
>
> Cheers,
>
> Richard
Thanks Richard - in case it helps, we've been using this patch for a
few months at $work (on top of sumo) and it seems to work fine.
--
Kind regards,
Luca Boccassi
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [meta-oe,v2] kernel-fitimage: introduce FIT_HASH_ALG
2019-06-19 8:47 ` Luca Boccassi
@ 2019-06-19 9:06 ` Alex Kiernan
2019-06-19 9:14 ` Luca Boccassi
0 siblings, 1 reply; 11+ messages in thread
From: Alex Kiernan @ 2019-06-19 9:06 UTC (permalink / raw)
To: Luca Boccassi; +Cc: Ayoub Zaki, Patches and discussions about the oe-core layer
On Wed, Jun 19, 2019 at 9:48 AM Luca Boccassi <luca.boccassi@gmail.com> wrote:
>
> On Tue, 2019-06-18 at 17:11 +0100, Richard Purdie wrote:
> > On Tue, 2019-06-18 at 08:53 -0700, Khem Raj wrote:
> > > On Tue, Jun 18, 2019 at 1:26 AM Luca Boccassi <
> > > luca.boccassi@gmail.com
> > > > wrote:
> > > > On Thu, 2017-11-02 at 16:48 +0100, Ayoub Zaki wrote:
> > > > > sanitize fitImage hash algorithm selection with FIT_HASH_ALG
> > > > > switch default hash algorithm from sha1 to sha256
> > > > >
> > > > > Signed-off-by: Ayoub Zaki <
> > > > > ayoub.zaki@embexus.com
> > > > >
> > > > > Acked-by: Denys Dmytriyenko <
> > > > > denys@ti.com
> > > > >
> > > > > ---
> > > > > meta/classes/kernel-fitimage.bbclass | 13 ++++++++-----
> > > > > 1 file changed, 8 insertions(+), 5 deletions(-)
> > > > >
> > > > > diff --git a/meta/classes/kernel-fitimage.bbclass
> > > > > b/meta/classes/kernel-fitimage.bbclass
> > > > > index 179185b..3cc3a33 100644
> > > > > --- a/meta/classes/kernel-fitimage.bbclass
> > > > > +++ b/meta/classes/kernel-fitimage.bbclass
> > > > > @@ -36,6 +36,9 @@ python __anonymous () {
> > > > > # Options for the device tree compiler passed to mkimage '-D'
> > > > > feature:
> > > > > UBOOT_MKIMAGE_DTCOPTS ??= ""
> > > > >
> > > > > +# fitImage Hash Algo
> > > > > +FIT_HASH_ALG ?= "sha256"
Should this be ??=
> > > > > +
> > > > > #
> > > > > # Emit the fitImage ITS header
> > > > > #
> > > > > @@ -95,7 +98,7 @@ EOF
> > > > > # $4 ... Compression type
> > > > > fitimage_emit_section_kernel() {
> > > > >
> > > > > - kernel_csum="sha1"
> > > > > + kernel_csum="${FIT_HASH_ALG}"
> > > > >
> > > > > ENTRYPOINT=${UBOOT_ENTRYPOINT}
> > > > > if [ -n "${UBOOT_ENTRYSYMBOL}" ]; then
> > > > > @@ -128,7 +131,7 @@ EOF
> > > > > # $3 ... Path to DTB image
> > > > > fitimage_emit_section_dtb() {
> > > > >
> > > > > - dtb_csum="sha1"
> > > > > + dtb_csum="${FIT_HASH_ALG}"
> > > > >
> > > > > cat << EOF >> ${1}
> > > > > fdt@${2} {
> > > > > @@ -152,7 +155,7 @@ EOF
> > > > > # $3 ... Path to setup image
> > > > > fitimage_emit_section_setup() {
> > > > >
> > > > > - setup_csum="sha1"
> > > > > + setup_csum="${FIT_HASH_ALG}"
> > > > >
> > > > > cat << EOF >> ${1}
> > > > > setup@${2} {
> > > > > @@ -179,7 +182,7 @@ EOF
> > > > > # $3 ... Path to ramdisk image
> > > > > fitimage_emit_section_ramdisk() {
> > > > >
> > > > > - ramdisk_csum="sha1"
> > > > > + ramdisk_csum="${FIT_HASH_ALG}"
> > > > > ramdisk_ctype="none"
> > > > > ramdisk_loadline=""
> > > > > ramdisk_entryline=""
> > > > > @@ -237,7 +240,7 @@ EOF
> > > > > # $6 ... default flag
> > > > > fitimage_emit_section_config() {
> > > > >
> > > > > - conf_csum="sha1"
> > > > > + conf_csum="${FIT_HASH_ALG}"
> > > > > if [ -n "${UBOOT_SIGN_ENABLE}" ] ; then
> > > > > conf_sign_keyname="${UBOOT_SIGN_KEYNAME}"
> > > > > fi
> > > >
> > > > Hi,
> > > >
> > > > Any update on this patch? It was acked almost 2 years ago.
> > > >
> > > > It would be great to have a way to change the hashsum algorithm
> > > > when
> > > > building signed images.
> > > >
> > >
> > > I agree, but it would be good to resend this patch on top of
> > > current
> > > master
> >
> > I managed to apply it to master so its in testing now.
> >
> > My concerns about the lack of tests for this class are the main
> > reason
> > patches here get held up.
> >
> > Cheers,
> >
> > Richard
>
> Thanks Richard - in case it helps, we've been using this patch for a
> few months at $work (on top of sumo) and it seems to work fine.
>
I expect that's true for everyone touching stuff in this class - it
works fine for them... the problem is everyone else, since it's
terribly fragile and has no tests.
I'd not be at all surprised if changing the default from sha1 to
sha256 doesn't break someone.
--
Alex Kiernan
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [meta-oe,v2] kernel-fitimage: introduce FIT_HASH_ALG
2019-06-19 9:06 ` Alex Kiernan
@ 2019-06-19 9:14 ` Luca Boccassi
2019-06-19 14:51 ` richard.purdie
0 siblings, 1 reply; 11+ messages in thread
From: Luca Boccassi @ 2019-06-19 9:14 UTC (permalink / raw)
To: Alex Kiernan; +Cc: Ayoub Zaki, Patches and discussions about the oe-core layer
On Wed, 2019-06-19 at 10:06 +0100, Alex Kiernan wrote:
> On Wed, Jun 19, 2019 at 9:48 AM Luca Boccassi <
> luca.boccassi@gmail.com
> > wrote:
> > On Tue, 2019-06-18 at 17:11 +0100, Richard Purdie wrote:
> > > On Tue, 2019-06-18 at 08:53 -0700, Khem Raj wrote:
> > > > On Tue, Jun 18, 2019 at 1:26 AM Luca Boccassi <
> > > > luca.boccassi@gmail.com
> > > >
> > > > > wrote:
> > > > > On Thu, 2017-11-02 at 16:48 +0100, Ayoub Zaki wrote:
> > > > > > sanitize fitImage hash algorithm selection with
> > > > > > FIT_HASH_ALG
> > > > > > switch default hash algorithm from sha1 to sha256
> > > > > >
> > > > > > Signed-off-by: Ayoub Zaki <
> > > > > > ayoub.zaki@embexus.com
> > > > > >
> > > > > >
> > > > > > Acked-by: Denys Dmytriyenko <
> > > > > > denys@ti.com
> > > > > >
> > > > > >
> > > > > > ---
> > > > > > meta/classes/kernel-fitimage.bbclass | 13 ++++++++-----
> > > > > > 1 file changed, 8 insertions(+), 5 deletions(-)
> > > > > >
> > > > > > diff --git a/meta/classes/kernel-fitimage.bbclass
> > > > > > b/meta/classes/kernel-fitimage.bbclass
> > > > > > index 179185b..3cc3a33 100644
> > > > > > --- a/meta/classes/kernel-fitimage.bbclass
> > > > > > +++ b/meta/classes/kernel-fitimage.bbclass
> > > > > > @@ -36,6 +36,9 @@ python __anonymous () {
> > > > > > # Options for the device tree compiler passed to mkimage
> > > > > > '-D'
> > > > > > feature:
> > > > > > UBOOT_MKIMAGE_DTCOPTS ??= ""
> > > > > >
> > > > > > +# fitImage Hash Algo
> > > > > > +FIT_HASH_ALG ?= "sha256"
>
> Should this be ??=
>
> > > > > > +
> > > > > > #
> > > > > > # Emit the fitImage ITS header
> > > > > > #
> > > > > > @@ -95,7 +98,7 @@ EOF
> > > > > > # $4 ... Compression type
> > > > > > fitimage_emit_section_kernel() {
> > > > > >
> > > > > > - kernel_csum="sha1"
> > > > > > + kernel_csum="${FIT_HASH_ALG}"
> > > > > >
> > > > > > ENTRYPOINT=${UBOOT_ENTRYPOINT}
> > > > > > if [ -n "${UBOOT_ENTRYSYMBOL}" ]; then
> > > > > > @@ -128,7 +131,7 @@ EOF
> > > > > > # $3 ... Path to DTB image
> > > > > > fitimage_emit_section_dtb() {
> > > > > >
> > > > > > - dtb_csum="sha1"
> > > > > > + dtb_csum="${FIT_HASH_ALG}"
> > > > > >
> > > > > > cat << EOF >> ${1}
> > > > > > fdt@${2} {
> > > > > > @@ -152,7 +155,7 @@ EOF
> > > > > > # $3 ... Path to setup image
> > > > > > fitimage_emit_section_setup() {
> > > > > >
> > > > > > - setup_csum="sha1"
> > > > > > + setup_csum="${FIT_HASH_ALG}"
> > > > > >
> > > > > > cat << EOF >> ${1}
> > > > > > setup@${2} {
> > > > > > @@ -179,7 +182,7 @@ EOF
> > > > > > # $3 ... Path to ramdisk image
> > > > > > fitimage_emit_section_ramdisk() {
> > > > > >
> > > > > > - ramdisk_csum="sha1"
> > > > > > + ramdisk_csum="${FIT_HASH_ALG}"
> > > > > > ramdisk_ctype="none"
> > > > > > ramdisk_loadline=""
> > > > > > ramdisk_entryline=""
> > > > > > @@ -237,7 +240,7 @@ EOF
> > > > > > # $6 ... default flag
> > > > > > fitimage_emit_section_config() {
> > > > > >
> > > > > > - conf_csum="sha1"
> > > > > > + conf_csum="${FIT_HASH_ALG}"
> > > > > > if [ -n "${UBOOT_SIGN_ENABLE}" ] ; then
> > > > > > conf_sign_keyname="${UBOOT_SIGN_KEYNAME}"
> > > > > > fi
> > > > >
> > > > > Hi,
> > > > >
> > > > > Any update on this patch? It was acked almost 2 years ago.
> > > > >
> > > > > It would be great to have a way to change the hashsum
> > > > > algorithm
> > > > > when
> > > > > building signed images.
> > > > >
> > > >
> > > > I agree, but it would be good to resend this patch on top of
> > > > current
> > > > master
> > >
> > > I managed to apply it to master so its in testing now.
> > >
> > > My concerns about the lack of tests for this class are the main
> > > reason
> > > patches here get held up.
> > >
> > > Cheers,
> > >
> > > Richard
> >
> > Thanks Richard - in case it helps, we've been using this patch for
> > a
> > few months at $work (on top of sumo) and it seems to work fine.
> >
>
> I expect that's true for everyone touching stuff in this class - it
> works fine for them... the problem is everyone else, since it's
> terribly fragile and has no tests.
>
> I'd not be at all surprised if changing the default from sha1 to
> sha256 doesn't break someone.
Keeping the default to sha1 would be fine by me, it's the ability to
configure it that is useful.
--
Kind regards,
Luca Boccassi
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [meta-oe,v2] kernel-fitimage: introduce FIT_HASH_ALG
2019-06-19 9:14 ` Luca Boccassi
@ 2019-06-19 14:51 ` richard.purdie
2019-06-19 15:30 ` Alex Kiernan
0 siblings, 1 reply; 11+ messages in thread
From: richard.purdie @ 2019-06-19 14:51 UTC (permalink / raw)
To: Luca Boccassi, Alex Kiernan
Cc: Ayoub Zaki, Patches and discussions about the oe-core layer
On Wed, 2019-06-19 at 10:14 +0100, Luca Boccassi wrote:
> On Wed, 2019-06-19 at 10:06 +0100, Alex Kiernan wrote:
> > On Wed, Jun 19, 2019 at 9:48 AM Luca Boccassi <
> > luca.boccassi@gmail.com
> > >
> > > Thanks Richard - in case it helps, we've been using this patch
> > > for a few months at $work (on top of sumo) and it seems to work
> > > fine.
> > >
> >
> > I expect that's true for everyone touching stuff in this class - it
> > works fine for them... the problem is everyone else, since it's
> > terribly fragile and has no tests.
> >
> > I'd not be at all surprised if changing the default from sha1 to
> > sha256 doesn't break someone.
>
> Keeping the default to sha1 would be fine by me, it's the ability to
> configure it that is useful.
Its merged and it probably makes sense to change the default, I just
continue to worry about how we can test this class and make sure the
commonly used workflows continue to work...
Cheers,
Richard
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [meta-oe,v2] kernel-fitimage: introduce FIT_HASH_ALG
2019-06-19 14:51 ` richard.purdie
@ 2019-06-19 15:30 ` Alex Kiernan
2019-06-19 21:43 ` richard.purdie
0 siblings, 1 reply; 11+ messages in thread
From: Alex Kiernan @ 2019-06-19 15:30 UTC (permalink / raw)
To: Richard Purdie
Cc: Ayoub Zaki, Luca Boccassi,
Patches and discussions about the oe-core layer
On Wed, Jun 19, 2019 at 3:51 PM <richard.purdie@linuxfoundation.org> wrote:
>
> On Wed, 2019-06-19 at 10:14 +0100, Luca Boccassi wrote:
> > On Wed, 2019-06-19 at 10:06 +0100, Alex Kiernan wrote:
> > > On Wed, Jun 19, 2019 at 9:48 AM Luca Boccassi <
> > > luca.boccassi@gmail.com
> > > >
> > > > Thanks Richard - in case it helps, we've been using this patch
> > > > for a few months at $work (on top of sumo) and it seems to work
> > > > fine.
> > > >
> > >
> > > I expect that's true for everyone touching stuff in this class - it
> > > works fine for them... the problem is everyone else, since it's
> > > terribly fragile and has no tests.
> > >
> > > I'd not be at all surprised if changing the default from sha1 to
> > > sha256 doesn't break someone.
> >
> > Keeping the default to sha1 would be fine by me, it's the ability to
> > configure it that is useful.
>
> Its merged and it probably makes sense to change the default, I just
> continue to worry about how we can test this class and make sure the
> commonly used workflows continue to work...
>
I've a bunch of stuff I need to get out of the door at the moment, but
once that's out of the way, I'm going to see if I can get qemu +
U-Boot + FIT image as part of a test image as a starting point.
--
Alex Kiernan
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [meta-oe,v2] kernel-fitimage: introduce FIT_HASH_ALG
2019-06-19 15:30 ` Alex Kiernan
@ 2019-06-19 21:43 ` richard.purdie
0 siblings, 0 replies; 11+ messages in thread
From: richard.purdie @ 2019-06-19 21:43 UTC (permalink / raw)
To: Alex Kiernan
Cc: Ayoub Zaki, Luca Boccassi,
Patches and discussions about the oe-core layer
On Wed, 2019-06-19 at 16:30 +0100, Alex Kiernan wrote:
> I've a bunch of stuff I need to get out of the door at the moment,
> but once that's out of the way, I'm going to see if I can get qemu +
> U-Boot + FIT image as part of a test image as a starting point.
That would be great!
Cheers,
Richard
^ permalink raw reply [flat|nested] 11+ messages in thread
end of thread, other threads:[~2019-06-19 21:43 UTC | newest]
Thread overview: 11+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-11-02 15:48 [meta-oe][PATCH v2] kernel-fitimage: introduce FIT_HASH_ALG Ayoub Zaki
2017-11-02 18:45 ` Denys Dmytriyenko
2019-06-18 8:25 ` [meta-oe,v2] " Luca Boccassi
2019-06-18 15:53 ` Khem Raj
2019-06-18 16:11 ` Richard Purdie
2019-06-19 8:47 ` Luca Boccassi
2019-06-19 9:06 ` Alex Kiernan
2019-06-19 9:14 ` Luca Boccassi
2019-06-19 14:51 ` richard.purdie
2019-06-19 15:30 ` Alex Kiernan
2019-06-19 21:43 ` richard.purdie
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.