From mboxrd@z Thu Jan 1 00:00:00 1970 From: Tom Rini Date: Fri, 24 Apr 2020 11:08:15 -0400 Subject: [PATCH] Add support for SHA384 and SHA512 In-Reply-To: <1587068344-32511-1-git-send-email-reuben.dowle@4rf.com> References: <1587068344-32511-1-git-send-email-reuben.dowle@4rf.com> Message-ID: <20200424150815.GM4555@bill-the-cat> List-Id: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: u-boot@lists.denx.de On Fri, Apr 17, 2020 at 08:19:04AM +1200, Reuben Dowle wrote: > The current recommendation for best security practice from the US government > is to use SHA384 for TOP SECRET [1]. > > This patch adds support for SHA384 and SHA512 in the hash command, and also > allows FIT images to be hashed with these algorithms, and signed with > sha384,rsaXXXX and sha512,rsaXXXX > > The SHA implementation is adapted from the linux kernel implementation. > > [1] Commercial National Security Algorithm Suite > http://www.iad.gov/iad/programs/iad-initiatives/cnsa-suite.cfm > > Signed-off-by: Reuben Dowle Two general comments. First, please use CONFIG_IS_ENABLED() to test for the new symbols so that we won't have any growth in SPL if we have one of these enabled in the main binary but NOT SPL. Second, please make sure that all new files have an SPDX license tag on them. Finally, when porting code from the Linux kernel please make sure to include what release or githash they came from, thanks! -- Tom -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 659 bytes Desc: not available URL: