From mboxrd@z Thu Jan 1 00:00:00 1970 From: Simon Glass Date: Thu, 6 May 2021 08:24:27 -0600 Subject: [PATCH v2 39/50] image: Drop IMAGE_ENABLE_EN/DECRYPT defines In-Reply-To: <20210506142438.1310977-1-sjg@chromium.org> References: <20210506142438.1310977-1-sjg@chromium.org> Message-ID: <20210506142438.1310977-12-sjg@chromium.org> List-Id: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: u-boot@lists.denx.de Add a host Kconfigs for IMAGE_ENABLE_ENCRYPT. With this we can use CONFIG_IS_ENABLED() directly in the host build, so drop the unnecessary indirections IMAGE_IMAGE_ENABLE_ENCRYPT and IMAGE_IMAGE_ENABLE_DECRYPT. Signed-off-by: Simon Glass --- (no changes since v1) common/image-cipher.c | 6 +++--- common/image-fit.c | 2 +- include/image.h | 16 +++------------- include/u-boot/aes.h | 8 ++++---- tools/Kconfig | 11 +++++++++++ tools/image-host.c | 2 +- 6 files changed, 23 insertions(+), 22 deletions(-) diff --git a/common/image-cipher.c b/common/image-cipher.c index b9061489396..453bab8c492 100644 --- a/common/image-cipher.c +++ b/common/image-cipher.c @@ -21,7 +21,7 @@ struct cipher_algo cipher_algos[] = { .name = "aes128", .key_len = AES128_KEY_LENGTH, .iv_len = AES_BLOCK_LENGTH, -#if IMAGE_ENABLE_ENCRYPT +#if CONFIG_IS_ENABLED(FIT_CIPHER_ENCRYPT) .calculate_type = EVP_aes_128_cbc, #endif .encrypt = image_aes_encrypt, @@ -32,7 +32,7 @@ struct cipher_algo cipher_algos[] = { .name = "aes192", .key_len = AES192_KEY_LENGTH, .iv_len = AES_BLOCK_LENGTH, -#if IMAGE_ENABLE_ENCRYPT +#if CONFIG_IS_ENABLED(FIT_CIPHER_ENCRYPT) .calculate_type = EVP_aes_192_cbc, #endif .encrypt = image_aes_encrypt, @@ -43,7 +43,7 @@ struct cipher_algo cipher_algos[] = { .name = "aes256", .key_len = AES256_KEY_LENGTH, .iv_len = AES_BLOCK_LENGTH, -#if IMAGE_ENABLE_ENCRYPT +#if CONFIG_IS_ENABLED(FIT_CIPHER_ENCRYPT) .calculate_type = EVP_aes_256_cbc, #endif .encrypt = image_aes_encrypt, diff --git a/common/image-fit.c b/common/image-fit.c index a0987fd52c8..3ee306143b3 100644 --- a/common/image-fit.c +++ b/common/image-fit.c @@ -2132,7 +2132,7 @@ int fit_image_load(bootm_headers_t *images, ulong addr, } /* Decrypt data before uncompress/move */ - if (IS_ENABLED(CONFIG_FIT_CIPHER) && IMAGE_ENABLE_DECRYPT) { + if (IS_ENABLED(CONFIG_FIT_CIPHER) && CONFIG_IS_ENABLED(FIT_CIPHER)) { puts(" Decrypting Data ... "); if (fit_image_uncipher(fit, noffset, &buf, &size)) { puts("Error\n"); diff --git a/include/image.h b/include/image.h index b388684cbdc..9adbda8ab70 100644 --- a/include/image.h +++ b/include/image.h @@ -1368,18 +1368,8 @@ static inline int fit_image_check_target_arch(const void *fdt, int node) * At present we only support ciphering on the host, and unciphering on the * device */ -#if defined(USE_HOSTCC) -# if defined(CONFIG_FIT_CIPHER) -# define IMAGE_ENABLE_ENCRYPT 1 -# define IMAGE_ENABLE_DECRYPT 1 -# include -# else -# define IMAGE_ENABLE_ENCRYPT 0 -# define IMAGE_ENABLE_DECRYPT 0 -# endif -#else -# define IMAGE_ENABLE_ENCRYPT 0 -# define IMAGE_ENABLE_DECRYPT CONFIG_IS_ENABLED(FIT_CIPHER) +#if CONFIG_IS_ENABLED(FIT_CIPHER_ENCRYPT) +#include #endif /* Information passed to the ciphering routines */ @@ -1402,7 +1392,7 @@ struct cipher_algo { int key_len; /* Length of the key */ int iv_len; /* Length of the IV */ -#if IMAGE_ENABLE_ENCRYPT +#if CONFIG_IS_ENABLED(FIT_CIPHER_ENCRYPT) const EVP_CIPHER * (*calculate_type)(void); #endif diff --git a/include/u-boot/aes.h b/include/u-boot/aes.h index acbc50b9e6f..1c064610952 100644 --- a/include/u-boot/aes.h +++ b/include/u-boot/aes.h @@ -9,7 +9,7 @@ #include #include -#if IMAGE_ENABLE_ENCRYPT +#if CONFIG_IS_ENABLED(FIT_CIPHER_ENCRYPT) int image_aes_encrypt(struct image_cipher_info *info, const unsigned char *data, int size, unsigned char **cipher, int *cipher_len); @@ -28,9 +28,9 @@ int image_aes_add_cipher_data(struct image_cipher_info *info, void *keydest, { return -ENXIO; } -#endif /* IMAGE_ENABLE_ENCRYPT */ +#endif /* FIT_CIPHER_ENCRYPT */ -#if IMAGE_ENABLE_DECRYPT +#if CONFIG_IS_ENABLED(FIT_CIPHER) int image_aes_decrypt(struct image_cipher_info *info, const void *cipher, size_t cipher_len, void **data, size_t *size); @@ -41,6 +41,6 @@ int image_aes_decrypt(struct image_cipher_info *info, { return -ENXIO; } -#endif /* IMAGE_ENABLE_DECRYPT */ +#endif /* CONFIG_IS_ENABLED(FIT_CIPHER) */ #endif diff --git a/tools/Kconfig b/tools/Kconfig index 13f923c7ac7..5dd33fcbc55 100644 --- a/tools/Kconfig +++ b/tools/Kconfig @@ -19,6 +19,17 @@ config HOST_FIT help Enable FIT support in the host build. +config HOST_FIT_CIPHER + def_bool y + help + Enable ciphering data in a FIT in the host build + +config HOST_FIT_CIPHER_ENCRYPT + def_bool y + depends on FIT_CIPHER + help + Enables encryption in a FIT in the host build + config HOST_FIT_FULL_CHECK def_bool y help diff --git a/tools/image-host.c b/tools/image-host.c index 2be897db943..1d2d9a6e323 100644 --- a/tools/image-host.c +++ b/tools/image-host.c @@ -560,7 +560,7 @@ int fit_image_cipher_data(const char *keydir, void *keydest, printf("Failure getting cipher node\n"); return -1; } - if (!IMAGE_ENABLE_ENCRYPT || !keydir) + if (!CONFIG_IS_ENABLED(FIT_CIPHER_ENCRYPT) || !keydir) return 0; return fit_image_process_cipher(keydir, keydest, fit, image_name, image_noffset, cipher_node_offset, data, size, cmdname); -- 2.31.1.607.g51e8a6a459-goog