[PATCH v8 1/3] lib: introduce HASH_CALCULATE option

From: Masahisa Kojima <masahisa.kojima@linaro.org>
To: u-boot@lists.denx.de
Subject: [PATCH v8 1/3] lib: introduce HASH_CALCULATE option
Date: Fri, 14 May 2021 09:53:35 +0900	[thread overview]
Message-ID: <20210514005337.5243-2-masahisa.kojima@linaro.org> (raw)
In-Reply-To: <20210514005337.5243-1-masahisa.kojima@linaro.org>

Build error occurs when CONFIG_EFI_SECURE_BOOT or
CONFIG_EFI_CAPSULE_AUTHENTICATE is enabled,
because hash-checksum.c is not compiled.

Since hash_calculate() implemented in hash-checksum.c can be
commonly used aside from FIT image signature verification,
this commit itroduces HASH_CALCULATE option to decide
if hash-checksum.c shall be compiled.

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
---

(no changes since v7)

Changes in v7:
- newly introduce HASH_CALCULATE option

Changes in v6:
- update lib/Makefile to compile hash-checksum.c, instead of
  selecting FIT_SIGNATURE in secure boot and capsule authentication.

Changes in v5:
- Missing option for EFI_TCG2_PROTOROL already added in different commit.
  This commit adds FIT_SIGNATURE only.

Changes in v4:
- newly added in this patch series, due to rebasing
  the base code.

 common/Kconfig.boot    | 1 +
 lib/Kconfig            | 3 +++
 lib/Makefile           | 2 +-
 lib/efi_loader/Kconfig | 2 ++
 4 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/common/Kconfig.boot b/common/Kconfig.boot
index 5a18d62d78..56608226cc 100644
--- a/common/Kconfig.boot
+++ b/common/Kconfig.boot
@@ -80,6 +80,7 @@ config FIT_SIGNATURE
 	select RSA_VERIFY
 	select IMAGE_SIGN_INFO
 	select FIT_FULL_CHECK
+	select HASH_CALCULATE
 	help
 	  This option enables signature verification of FIT uImages,
 	  using a hash signed and verified using RSA. If
diff --git a/lib/Kconfig b/lib/Kconfig
index 6d2d41de30..df67eb0503 100644
--- a/lib/Kconfig
+++ b/lib/Kconfig
@@ -428,6 +428,9 @@ config CRC32C
 config XXHASH
 	bool
 
+config HASH_CALCULATE
+	bool
+
 endmenu
 
 menu "Compression Support"
diff --git a/lib/Makefile b/lib/Makefile
index 6825671955..0835ea292c 100644
--- a/lib/Makefile
+++ b/lib/Makefile
@@ -61,7 +61,7 @@ endif
 obj-$(CONFIG_$(SPL_)ACPIGEN) += acpi/
 obj-$(CONFIG_$(SPL_)MD5) += md5.o
 obj-$(CONFIG_$(SPL_)RSA) += rsa/
-obj-$(CONFIG_FIT_SIGNATURE) += hash-checksum.o
+obj-$(CONFIG_HASH_CALCULATE) += hash-checksum.o
 obj-$(CONFIG_SHA1) += sha1.o
 obj-$(CONFIG_SHA256) += sha256.o
 obj-$(CONFIG_SHA512_ALGO) += sha512.o
diff --git a/lib/efi_loader/Kconfig b/lib/efi_loader/Kconfig
index c259abe033..eb5c4d6f29 100644
--- a/lib/efi_loader/Kconfig
+++ b/lib/efi_loader/Kconfig
@@ -174,6 +174,7 @@ config EFI_CAPSULE_AUTHENTICATE
 	select PKCS7_MESSAGE_PARSER
 	select PKCS7_VERIFY
 	select IMAGE_SIGN_INFO
+	select HASH_CALCULATE
 	default n
 	help
 	  Select this option if you want to enable capsule
@@ -342,6 +343,7 @@ config EFI_SECURE_BOOT
 	select X509_CERTIFICATE_PARSER
 	select PKCS7_MESSAGE_PARSER
 	select PKCS7_VERIFY
+	select HASH_CALCULATE
 	default n
 	help
 	  Select this option to enable EFI secure boot support.
-- 
2.17.1
