From: Tom Rini <trini@konsulko.com>
To: u-boot@lists.denx.de
Subject: [PATCH] Add support for SHA384 and SHA512
Date: Fri, 24 Apr 2020 11:08:15 -0400 [thread overview]
Message-ID: <20200424150815.GM4555@bill-the-cat> (raw)
In-Reply-To: <1587068344-32511-1-git-send-email-reuben.dowle@4rf.com>
On Fri, Apr 17, 2020 at 08:19:04AM +1200, Reuben Dowle wrote:
> The current recommendation for best security practice from the US government
> is to use SHA384 for TOP SECRET [1].
>
> This patch adds support for SHA384 and SHA512 in the hash command, and also
> allows FIT images to be hashed with these algorithms, and signed with
> sha384,rsaXXXX and sha512,rsaXXXX
>
> The SHA implementation is adapted from the linux kernel implementation.
>
> [1] Commercial National Security Algorithm Suite
> http://www.iad.gov/iad/programs/iad-initiatives/cnsa-suite.cfm
>
> Signed-off-by: Reuben Dowle <reuben.dowle@4rf.com>
Two general comments. First, please use CONFIG_IS_ENABLED() to test for
the new symbols so that we won't have any growth in SPL if we have one
of these enabled in the main binary but NOT SPL. Second, please
make sure that all new files have an SPDX license tag on them. Finally,
when porting code from the Linux kernel please make sure to include what
release or githash they came from, thanks!
--
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20200424/6cff3c4c/attachment.sig>
next prev parent reply other threads:[~2020-04-24 15:08 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-16 20:19 [PATCH] Add support for SHA384 and SHA512 Reuben Dowle
2020-04-24 15:08 ` Tom Rini [this message]
2020-04-27 7:01 ` Reuben Dowle
2020-05-29 4:47 ` Reuben Dowle
2020-06-05 14:38 ` Tom Rini
-- strict thread matches above, loose matches on Subject: below --
2020-04-16 5:36 Reuben Dowle
2020-06-12 15:24 ` Tom Rini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200424150815.GM4555@bill-the-cat \
--to=trini@konsulko.com \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.