[PATCH v2 0/6] Fix FIT hash algos in SPL (Fixes v2021.10-rc3)

[PATCH v2 0/6] Fix FIT hash algos in SPL (Fixes v2021.10-rc3)

[Alexandru Gagniuc]

Simon and I recently worked on killing a bunch extra definitions. One
of the side-effects is that certain hash algorithms won't work in SPL
when used in the context of FIT verification.

For example, in FIT verification, CONFIG_IS_ENABLED(SHA256) is used
(good), but there is no corresponding CONFIG_SPL_SHA256 (bad). This
will always be false for SPL, hence certain "hash" algos are broken.

This series resolves the selection by replacing the broken selection
with hash_lookup_algo(), which does not have the aforementioned
problem. This at the very least allows 'algo = "sha256"' FIT nodes to
work in SPL.

This series does not attempt to add individual SHA/CRC/MD5 configs for
SPL. Hash algo selection for SPL has been problematic even before. This
series is meant as an emergency fix, so it does not attempt to tackle
general refactoring issues.

Changes since v1:
  - Taken in all of Tom's fixes from WIP/30Aug2021 branch
  - CMD_MVEBU_BUBT: select SHA256 if ARMADA_3700 (sha256_update() reference)
  - fsl: FSL_CAAM: imply SPL_CRYPTO (Fixes undefined reference to hw_sha1)
  - Add MD5 to hash_algos[] (Fixes "Can't add hashes to FIT: -93")


Alexandru Gagniuc (6):
  common: Remove unused CONFIG_FIT_SHAxxx selectors
  lib: Drop SHA512_ALGO in lieu of SHA512
  common/spl: Drop [ST]PL_HASH_SUPPORT in favor of [ST]PL_HASH
  common: Move MD5 hash to hash_algo[] array.
  image: Drop if/elseif hash selection in calculate_hash()
  image: Drop IMAGE_ENABLE_{MD5, CRC32} #defines

 arch/arm/mach-socfpga/Kconfig                 |  2 +-
 board/freescale/common/Kconfig                |  1 +
 cmd/mvebu/Kconfig                             |  1 +
 common/Kconfig.boot                           | 32 +--------
 common/Makefile                               |  4 +-
 common/hash.c                                 | 13 ++++
 common/image-fit.c                            | 45 ++++++-------
 common/spl/Kconfig                            | 65 +------------------
 ...s1021atwr_sdcard_ifc_SECURE_BOOT_defconfig |  1 -
 configs/ls1043ardb_nand_SECURE_BOOT_defconfig |  1 -
 .../ls1043ardb_sdcard_SECURE_BOOT_defconfig   |  1 -
 .../ls1046ardb_sdcard_SECURE_BOOT_defconfig   |  1 -
 ...1088ardb_sdcard_qspi_SECURE_BOOT_defconfig |  1 -
 configs/mt8516_pumpkin_defconfig              |  2 +-
 drivers/crypto/fsl/Kconfig                    |  2 +
 include/configs/xilinx_zynqmp.h               |  2 +-
 include/image.h                               | 24 +------
 include/u-boot/md5.h                          |  6 +-
 lib/Kconfig                                   | 12 ++--
 lib/Makefile                                  |  4 +-
 lib/crypt/Kconfig                             |  2 +-
 lib/efi_loader/Kconfig                        |  2 +-
 lib/md5.c                                     |  4 +-
 lib/sha512.c                                  |  2 -
 24 files changed, 59 insertions(+), 171 deletions(-)

-- 
2.31.1

[PATCH v2 1/6] common: Remove unused CONFIG_FIT_SHAxxx selectors

[Alexandru Gagniuc]

Originally CONFIG_FIT_SHAxxx enabled specific SHA algos for and only
for has_calculate() in common/image-fit.c. However, since commit
14f061dcb1 ("image: Drop IMAGE_ENABLE_SHAxxx"),
the correct selector was changed to CONFIG_SHAxxx.

The extra "_FIT_" variants are neither used, nor needed. Remove them.
One defconfig disables FIT_SHA256, which is now changed to 'SHA256'.

CMD_MVEBU_BUBT needs to select select SHA256 to avoid undefined
references to "sha256_*()". bubt.c needs sha256, so this selection is
correct. It is not clear why this problem did not manifest before.

Note that SHA selection in SPL is broken for this exact reason. There
is no corresponding SPL_SHAxxx. Fixing this is is beyond the scope of
this change.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
---
 cmd/mvebu/Kconfig                |  1 +
 common/Kconfig.boot              | 28 ---------------------
 common/spl/Kconfig               | 42 --------------------------------
 configs/mt8516_pumpkin_defconfig |  2 +-
 include/image.h                  |  3 ---
 5 files changed, 2 insertions(+), 74 deletions(-)

diff --git a/cmd/mvebu/Kconfig b/cmd/mvebu/Kconfig
index 7c42c75afb..340fb3aff6 100644
--- a/cmd/mvebu/Kconfig
+++ b/cmd/mvebu/Kconfig
@@ -4,6 +4,7 @@ depends on ARCH_MVEBU
 config CMD_MVEBU_BUBT
 	bool "bubt"
 	default n
+	select SHA256 if ARMADA_3700
 	help
 	  bubt - Burn a u-boot image to flash
 	  For details about bubt command please see the documentation
diff --git a/common/Kconfig.boot b/common/Kconfig.boot
index 0d4c38402c..2399d5849e 100644
--- a/common/Kconfig.boot
+++ b/common/Kconfig.boot
@@ -35,34 +35,6 @@ config FIT_EXTERNAL_OFFSET
 	  could be put in the hole between data payload and fit image
 	  header, such as CSF data on i.MX platform.
 
-config FIT_SHA256
-	bool "Support SHA256 checksum of FIT image contents"
-	default y
-	select SHA256
-	help
-	  Enable this to support SHA256 checksum of FIT image contents. A
-	  SHA256 checksum is a 256-bit (32-byte) hash value used to check that
-	  the image contents have not been corrupted.
-
-config FIT_SHA384
-	bool "Support SHA384 checksum of FIT image contents"
-	default n
-	select SHA384
-	help
-	  Enable this to support SHA384 checksum of FIT image contents. A
-	  SHA384 checksum is a 384-bit (48-byte) hash value used to check that
-	  the image contents have not been corrupted. Use this for the highest
-	  security.
-
-config FIT_SHA512
-	bool "Support SHA512 checksum of FIT image contents"
-	default n
-	select SHA512
-	help
-	  Enable this to support SHA512 checksum of FIT image contents. A
-	  SHA512 checksum is a 512-bit (64-byte) hash value used to check that
-	  the image contents have not been corrupted.
-
 config FIT_FULL_CHECK
 	bool "Do a full check of the FIT before using it"
 	default y
diff --git a/common/spl/Kconfig b/common/spl/Kconfig
index c155a3b5fc..d69d1fa5f7 100644
--- a/common/spl/Kconfig
+++ b/common/spl/Kconfig
@@ -439,48 +439,6 @@ config SPL_MD5
 	  applications where images may be changed maliciously, you should
 	  consider SHA256 or SHA384.
 
-config SPL_FIT_SHA1
-	bool "Support SHA1"
-	depends on SPL_FIT
-	select SHA1
-	help
-	  Enable this to support SHA1 in FIT images within SPL. A SHA1
-	  checksum is a 160-bit (20-byte) hash value used to check that the
-	  image contents have not been corrupted or maliciously altered.
-	  While SHA1 is fairly secure it is coming to the end of its life
-	  due to the expanding computing power available to brute-force
-	  attacks. For more security, consider SHA256 or SHA384.
-
-config SPL_FIT_SHA256
-	bool "Support SHA256"
-	depends on SPL_FIT
-	select SHA256
-	help
-	  Enable this to support SHA256 in FIT images within SPL. A SHA256
-	  checksum is a 256-bit (32-byte) hash value used to check that the
-	  image contents have not been corrupted.
-
-config SPL_FIT_SHA384
-	bool "Support SHA384"
-	depends on SPL_FIT
-	select SHA384
-	select SHA512_ALGO
-	help
-	  Enable this to support SHA384 in FIT images within SPL. A SHA384
-	  checksum is a 384-bit (48-byte) hash value used to check that the
-	  image contents have not been corrupted. Use this for the highest
-	  security.
-
-config SPL_FIT_SHA512
-	bool "Support SHA512"
-	depends on SPL_FIT
-	select SHA512
-	select SHA512_ALGO
-	help
-	  Enable this to support SHA512 in FIT images within SPL. A SHA512
-	  checksum is a 512-bit (64-byte) hash value used to check that the
-	  image contents have not been corrupted.
-
 config SPL_FIT_IMAGE_TINY
 	bool "Remove functionality from SPL FIT loading to reduce size"
 	depends on SPL_FIT
diff --git a/configs/mt8516_pumpkin_defconfig b/configs/mt8516_pumpkin_defconfig
index 0a6c1fccae..1478b01716 100644
--- a/configs/mt8516_pumpkin_defconfig
+++ b/configs/mt8516_pumpkin_defconfig
@@ -13,7 +13,7 @@ CONFIG_DEBUG_UART_CLOCK=26000000
 # CONFIG_PSCI_RESET is not set
 CONFIG_DEBUG_UART=y
 CONFIG_FIT=y
-# CONFIG_FIT_SHA256 is not set
+# CONFIG_SHA256 is not set
 # CONFIG_ARCH_FIXUP_FDT_MEMORY is not set
 CONFIG_DEFAULT_FDT_FILE="mt8516-pumpkin"
 # CONFIG_DISPLAY_BOARDINFO is not set
diff --git a/include/image.h b/include/image.h
index e20f0b69d5..489b220eba 100644
--- a/include/image.h
+++ b/include/image.h
@@ -31,9 +31,6 @@ struct fdt_region;
 #define IMAGE_ENABLE_OF_LIBFDT	1
 #define CONFIG_FIT_VERBOSE	1 /* enable fit_format_{error,warning}() */
 #define CONFIG_FIT_RSASSA_PSS 1
-#define CONFIG_FIT_SHA256
-#define CONFIG_FIT_SHA384
-#define CONFIG_FIT_SHA512
 #define CONFIG_SHA1
 #define CONFIG_SHA256
 #define CONFIG_SHA384
-- 
2.31.1

[PATCH v2 2/6] lib: Drop SHA512_ALGO in lieu of SHA512

[Alexandru Gagniuc]

SHA512_ALGO was used as a "either SHA512 or SHA384", although the
implementations of these two algorithms share a majority of code.

From a Kconfig interface perspective, it makes sense to present two
distinct options. This requires #ifdefing out the SHA512
implementation from sha512.c. The latter doesn't make any sense.

It's reasonable to say in Kconfig that SHA384 depends on SHA512, and
seems to be the more polite way to handle the selection.

Thus, automatically select SHA512 when SHA384 is enabled.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
---
 arch/arm/mach-socfpga/Kconfig |  2 +-
 lib/Kconfig                   | 12 ++++--------
 lib/Makefile                  |  2 +-
 lib/crypt/Kconfig             |  2 +-
 lib/efi_loader/Kconfig        |  2 +-
 lib/sha512.c                  |  2 --
 6 files changed, 8 insertions(+), 14 deletions(-)

diff --git a/arch/arm/mach-socfpga/Kconfig b/arch/arm/mach-socfpga/Kconfig
index f4791c1ebe..bddfd44427 100644
--- a/arch/arm/mach-socfpga/Kconfig
+++ b/arch/arm/mach-socfpga/Kconfig
@@ -11,7 +11,7 @@ config SOCFPGA_SECURE_VAB_AUTH
 	depends on TARGET_SOCFPGA_AGILEX || TARGET_SOCFPGA_N5X
 	select FIT_IMAGE_POST_PROCESS
 	select SHA384
-	select SHA512_ALGO
+	select SHA512
 	select SPL_FIT_IMAGE_POST_PROCESS
 	help
 	 All images loaded from FIT will be authenticated by Secure Device
diff --git a/lib/Kconfig b/lib/Kconfig
index c535147aea..48565a4169 100644
--- a/lib/Kconfig
+++ b/lib/Kconfig
@@ -375,14 +375,9 @@ config SHA256
 	  The SHA256 algorithm produces a 256-bit (32-byte) hash value
 	  (digest).
 
-config SHA512_ALGO
-	bool "Enable SHA512 algorithm"
-	help
-	  This option enables support of internal SHA512 algorithm.
 
 config SHA512
 	bool "Enable SHA512 support"
-	depends on SHA512_ALGO
 	help
 	  This option enables support of hashing using SHA512 algorithm.
 	  The hash is calculated in software.
@@ -391,10 +386,11 @@ config SHA512
 
 config SHA384
 	bool "Enable SHA384 support"
-	depends on SHA512_ALGO
+	select SHA512
 	help
 	  This option enables support of hashing using SHA384 algorithm.
-	  The hash is calculated in software.
+	  The hash is calculated in software. This is also selects SHA512,
+	  because these implementations share the bulk of the code..
 	  The SHA384 algorithm produces a 384-bit (48-byte) hash value
 	  (digest).
 
@@ -409,7 +405,7 @@ if SHA_HW_ACCEL
 
 config SHA512_HW_ACCEL
 	bool "Enable hardware acceleration for SHA512"
-	depends on SHA512_ALGO
+	depends on SHA512
 	help
 	  This option enables hardware acceleration for the SHA384 and SHA512
 	  hashing algorithms. This affects the 'hash' command and also the
diff --git a/lib/Makefile b/lib/Makefile
index 8ba745faa0..6aa48ca3d5 100644
--- a/lib/Makefile
+++ b/lib/Makefile
@@ -65,7 +65,7 @@ obj-$(CONFIG_$(SPL_)RSA) += rsa/
 obj-$(CONFIG_HASH) += hash-checksum.o
 obj-$(CONFIG_SHA1) += sha1.o
 obj-$(CONFIG_SHA256) += sha256.o
-obj-$(CONFIG_SHA512_ALGO) += sha512.o
+obj-$(CONFIG_SHA512) += sha512.o
 obj-$(CONFIG_CRYPT_PW) += crypt/
 
 obj-$(CONFIG_$(SPL_)ZLIB) += zlib/
diff --git a/lib/crypt/Kconfig b/lib/crypt/Kconfig
index 5495ae8d4c..6a50029642 100644
--- a/lib/crypt/Kconfig
+++ b/lib/crypt/Kconfig
@@ -20,7 +20,7 @@ config CRYPT_PW_SHA256
 config CRYPT_PW_SHA512
 	bool "Provide sha512crypt"
 	select SHA512
-	select SHA512_ALGO
+	select SHA512
 	help
 	  Enables support for the sha512crypt password-hashing algorithm.
 	  The prefix is "$6$".
diff --git a/lib/efi_loader/Kconfig b/lib/efi_loader/Kconfig
index dacc3b5881..08463251cd 100644
--- a/lib/efi_loader/Kconfig
+++ b/lib/efi_loader/Kconfig
@@ -323,7 +323,7 @@ config EFI_TCG2_PROTOCOL
 	depends on TPM_V2
 	select SHA1
 	select SHA256
-	select SHA512_ALGO
+	select SHA512
 	select SHA384
 	select SHA512
 	select HASH
diff --git a/lib/sha512.c b/lib/sha512.c
index 35f31e3dc5..a421f249ba 100644
--- a/lib/sha512.c
+++ b/lib/sha512.c
@@ -320,7 +320,6 @@ void sha384_csum_wd(const unsigned char *input, unsigned int ilen,
 
 #endif
 
-#if defined(CONFIG_SHA512)
 void sha512_starts(sha512_context * ctx)
 {
 	ctx->state[0] = SHA512_H0;
@@ -381,4 +380,3 @@ void sha512_csum_wd(const unsigned char *input, unsigned int ilen,
 
 	sha512_finish(&ctx, output);
 }
-#endif
-- 
2.31.1

[PATCH v2 3/6] common/spl: Drop [ST]PL_HASH_SUPPORT in favor of [ST]PL_HASH

[Alexandru Gagniuc]

All of these configs exist. Stick to using CONFIG_[ST]PL_HASH, and drop all
references to CONFIG_[ST]PL_HASH_SUPPORT.  This means we need for
CHAIN_OF_TRUST to select SPL_HASH now.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
[trini: Add TPL case, fix CHAIN_OF_TRUST, other tweaks]
Signed-off-by: Tom Rini <trini@konsulko.com>
---
 board/freescale/common/Kconfig                |  1 +
 common/Kconfig.boot                           |  2 +-
 common/Makefile                               |  4 +---
 common/spl/Kconfig                            | 23 +------------------
 ...s1021atwr_sdcard_ifc_SECURE_BOOT_defconfig |  1 -
 configs/ls1043ardb_nand_SECURE_BOOT_defconfig |  1 -
 .../ls1043ardb_sdcard_SECURE_BOOT_defconfig   |  1 -
 .../ls1046ardb_sdcard_SECURE_BOOT_defconfig   |  1 -
 ...1088ardb_sdcard_qspi_SECURE_BOOT_defconfig |  1 -
 include/configs/xilinx_zynqmp.h               |  2 +-
 lib/Makefile                                  |  2 +-
 11 files changed, 6 insertions(+), 33 deletions(-)

diff --git a/board/freescale/common/Kconfig b/board/freescale/common/Kconfig
index ab9c14ae88..35a6115e5e 100644
--- a/board/freescale/common/Kconfig
+++ b/board/freescale/common/Kconfig
@@ -4,6 +4,7 @@ config CHAIN_OF_TRUST
 	imply CMD_HASH if ARM
 	select FSL_CAAM
 	select SPL_BOARD_INIT if (ARM && SPL)
+	select SPL_HASH if (ARM && SPL)
 	select SHA_HW_ACCEL
 	select SHA_PROG_HW_ACCEL
 	select ENV_IS_NOWHERE
diff --git a/common/Kconfig.boot b/common/Kconfig.boot
index 2399d5849e..314f1e50a0 100644
--- a/common/Kconfig.boot
+++ b/common/Kconfig.boot
@@ -157,7 +157,7 @@ config SPL_FIT_SIGNATURE
 	select FIT_SIGNATURE
 	select SPL_FIT
 	select SPL_CRYPTO
-	select SPL_HASH_SUPPORT
+	select SPL_HASH
 	imply SPL_RSA
 	imply SPL_RSA_VERIFY
 	select SPL_IMAGE_SIGN_INFO
diff --git a/common/Makefile b/common/Makefile
index 9063ed9391..ae0430c35f 100644
--- a/common/Makefile
+++ b/common/Makefile
@@ -8,7 +8,6 @@ ifndef CONFIG_SPL_BUILD
 obj-y += init/
 obj-y += main.o
 obj-y += exports.o
-obj-$(CONFIG_HASH) += hash.o
 obj-$(CONFIG_HUSH_PARSER) += cli_hush.o
 obj-$(CONFIG_AUTOBOOT) += autoboot.o
 
@@ -66,8 +65,6 @@ ifdef CONFIG_SPL_BUILD
 ifdef CONFIG_SPL_DFU
 obj-$(CONFIG_DFU_OVER_USB) += dfu.o
 endif
-obj-$(CONFIG_SPL_HASH_SUPPORT) += hash.o
-obj-$(CONFIG_TPL_HASH_SUPPORT) += hash.o
 obj-$(CONFIG_SPL_LOAD_FIT) += common_fit.o
 obj-$(CONFIG_SPL_NET_SUPPORT) += miiphyutil.o
 obj-$(CONFIG_$(SPL_TPL_)OF_LIBFDT) += fdt_support.o
@@ -105,6 +102,7 @@ endif
 endif
 
 obj-y += image.o
+obj-$(CONFIG_$(SPL_TPL_)HASH) += hash.o
 obj-$(CONFIG_ANDROID_AB) += android_ab.o
 obj-$(CONFIG_ANDROID_BOOT_IMAGE) += image-android.o image-android-dt.o
 obj-$(CONFIG_$(SPL_TPL_)OF_LIBFDT) += image-fdt.o
diff --git a/common/spl/Kconfig b/common/spl/Kconfig
index d69d1fa5f7..29a46c4787 100644
--- a/common/spl/Kconfig
+++ b/common/spl/Kconfig
@@ -477,27 +477,6 @@ config SPL_CRYPTO
 	  this option to build the drivers in drivers/crypto as part of an
 	  SPL build.
 
-config SPL_HASH_SUPPORT
-	bool "Support hashing drivers"
-	select SHA1
-	select SHA256
-	help
-	  Enable hashing drivers in SPL. These drivers can be used to
-	  accelerate secure boot processing in secure applications. Enable
-	  this option to build system-specific drivers for hash acceleration
-	  as part of an SPL build.
-
-config TPL_HASH_SUPPORT
-	bool "Support hashing drivers in TPL"
-	depends on TPL
-	select SHA1
-	select SHA256
-	help
-	  Enable hashing drivers in SPL. These drivers can be used to
-	  accelerate secure boot processing in secure applications. Enable
-	  this option to build system-specific drivers for hash acceleration
-	  as part of an SPL build.
-
 config SPL_DMA
 	bool "Support DMA drivers"
 	help
@@ -1193,7 +1172,7 @@ config SPL_USB_ETHER
 
 config SPL_DFU
 	bool "Support DFU (Device Firmware Upgrade)"
-	select SPL_HASH_SUPPORT
+	select SPL_HASH
 	select SPL_DFU_NO_RESET
 	depends on SPL_RAM_SUPPORT
 	help
diff --git a/configs/ls1021atwr_sdcard_ifc_SECURE_BOOT_defconfig b/configs/ls1021atwr_sdcard_ifc_SECURE_BOOT_defconfig
index 78196e6485..f9d551c6a8 100644
--- a/configs/ls1021atwr_sdcard_ifc_SECURE_BOOT_defconfig
+++ b/configs/ls1021atwr_sdcard_ifc_SECURE_BOOT_defconfig
@@ -31,7 +31,6 @@ CONFIG_SPL_FSL_PBL=y
 CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_USE_SECTOR=y
 CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_SECTOR=0xe8
 CONFIG_SPL_CRYPTO=y
-CONFIG_SPL_HASH_SUPPORT=y
 CONFIG_SPL_ENV_SUPPORT=y
 CONFIG_SPL_I2C=y
 CONFIG_SPL_MPC8XXX_INIT_DDR_SUPPORT=y
diff --git a/configs/ls1043ardb_nand_SECURE_BOOT_defconfig b/configs/ls1043ardb_nand_SECURE_BOOT_defconfig
index 3736445d47..2733ca8358 100644
--- a/configs/ls1043ardb_nand_SECURE_BOOT_defconfig
+++ b/configs/ls1043ardb_nand_SECURE_BOOT_defconfig
@@ -27,7 +27,6 @@ CONFIG_SPL_FSL_PBL=y
 CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_USE_SECTOR=y
 CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_SECTOR=0xf0
 CONFIG_SPL_CRYPTO=y
-CONFIG_SPL_HASH_SUPPORT=y
 CONFIG_SPL_ENV_SUPPORT=y
 CONFIG_SPL_MPC8XXX_INIT_DDR_SUPPORT=y
 CONFIG_SPL_NAND_SUPPORT=y
diff --git a/configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig b/configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig
index b879a0c361..392ef1cbd5 100644
--- a/configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig
+++ b/configs/ls1043ardb_sdcard_SECURE_BOOT_defconfig
@@ -27,7 +27,6 @@ CONFIG_SPL_FSL_PBL=y
 CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_USE_SECTOR=y
 CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_SECTOR=0x110
 CONFIG_SPL_CRYPTO=y
-CONFIG_SPL_HASH_SUPPORT=y
 CONFIG_SPL_ENV_SUPPORT=y
 CONFIG_SPL_MPC8XXX_INIT_DDR_SUPPORT=y
 CONFIG_SPL_WATCHDOG=y
diff --git a/configs/ls1046ardb_sdcard_SECURE_BOOT_defconfig b/configs/ls1046ardb_sdcard_SECURE_BOOT_defconfig
index c46d0dbedd..3d5783aa26 100644
--- a/configs/ls1046ardb_sdcard_SECURE_BOOT_defconfig
+++ b/configs/ls1046ardb_sdcard_SECURE_BOOT_defconfig
@@ -27,7 +27,6 @@ CONFIG_SPL_FSL_PBL=y
 CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_USE_SECTOR=y
 CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_SECTOR=0x110
 CONFIG_SPL_CRYPTO=y
-CONFIG_SPL_HASH_SUPPORT=y
 CONFIG_SPL_ENV_SUPPORT=y
 CONFIG_SPL_I2C=y
 CONFIG_SPL_MPC8XXX_INIT_DDR_SUPPORT=y
diff --git a/configs/ls1088ardb_sdcard_qspi_SECURE_BOOT_defconfig b/configs/ls1088ardb_sdcard_qspi_SECURE_BOOT_defconfig
index 96d44799fa..0d94027ccb 100644
--- a/configs/ls1088ardb_sdcard_qspi_SECURE_BOOT_defconfig
+++ b/configs/ls1088ardb_sdcard_qspi_SECURE_BOOT_defconfig
@@ -33,7 +33,6 @@ CONFIG_MISC_INIT_R=y
 CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_USE_SECTOR=y
 CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_SECTOR=0x8b0
 CONFIG_SPL_CRYPTO=y
-CONFIG_SPL_HASH_SUPPORT=y
 CONFIG_SPL_ENV_SUPPORT=y
 CONFIG_SPL_I2C=y
 CONFIG_SPL_MPC8XXX_INIT_DDR_SUPPORT=y
diff --git a/include/configs/xilinx_zynqmp.h b/include/configs/xilinx_zynqmp.h
index 262154cdff..42758ba758 100644
--- a/include/configs/xilinx_zynqmp.h
+++ b/include/configs/xilinx_zynqmp.h
@@ -258,7 +258,7 @@
 
 #if defined(CONFIG_SPL_BUILD) && defined(CONFIG_SPL_DFU)
 # define CONFIG_SPL_ENV_SUPPORT
-# define CONFIG_SPL_HASH_SUPPORT
+# define CONFIG_SPL_HASH
 # define CONFIG_ENV_MAX_ENTRIES	10
 #endif
 
diff --git a/lib/Makefile b/lib/Makefile
index 6aa48ca3d5..93be86c34a 100644
--- a/lib/Makefile
+++ b/lib/Makefile
@@ -87,7 +87,7 @@ endif
 
 ifdef CONFIG_SPL_BUILD
 obj-$(CONFIG_SPL_YMODEM_SUPPORT) += crc16.o
-obj-$(CONFIG_$(SPL_TPL_)HASH_SUPPORT) += crc16.o
+obj-$(CONFIG_$(SPL_TPL_)HASH) += crc16.o
 obj-y += net_utils.o
 endif
 obj-$(CONFIG_ADDR_MAP) += addr_map.o
-- 
2.31.1

[PATCH v2 4/6] common: Move MD5 hash to hash_algo[] array.

[Alexandru Gagniuc]

MD5 is being called directly in some places, but it is not available
via hash_lookup_algo("md5"). This is inconsistent with other hasing
routines. To resolve this, add an "md5" entry to hash_algos[].

The #ifdef clause looks funnier than those for other entries. This is
because both MD5 and SPL_MD5 configs exist, whereas the other hashes
do not have "SPL_" entries. The long term plan is to get rid of the
ifdefs, so those should not be expected to survive much longer.

The md5 entry does not have .hash_init/update/finish members. That's
okay because hash_progressive_lookup_algo() will catch that, and
return -EPROTONOSUPPORT, while hash_lookup_algo() will return the
correct pointer.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
---
 common/hash.c        | 13 +++++++++++++
 include/image.h      |  1 +
 include/u-boot/md5.h |  6 ++++--
 lib/md5.c            |  4 ++--
 4 files changed, 20 insertions(+), 4 deletions(-)

diff --git a/common/hash.c b/common/hash.c
index dca23635ab..4587d78301 100644
--- a/common/hash.c
+++ b/common/hash.c
@@ -207,12 +207,25 @@ static int hash_finish_crc32(struct hash_algo *algo, void *ctx, void *dest_buf,
 	return 0;
 }
 
+#ifdef USE_HOSTCC
+# define I_WANT_MD5	1
+#else
+# define I_WANT_MD5	IS_ENABLED(MD5)
+#endif
 /*
  * These are the hash algorithms we support.  If we have hardware acceleration
  * is enable we will use that, otherwise a software version of the algorithm.
  * Note that algorithm names must be in lower case.
  */
 static struct hash_algo hash_algo[] = {
+#if I_WANT_MD5
+	{
+		.name		= "md5",
+		.digest_size	= MD5_SUM_LEN,
+		.chunk_size	= CHUNKSZ_MD5,
+		.hash_func_ws	= md5_wd,
+	},
+#endif
 #ifdef CONFIG_SHA1
 	{
 		.name 		= "sha1",
diff --git a/include/image.h b/include/image.h
index 489b220eba..e4b9cd0df2 100644
--- a/include/image.h
+++ b/include/image.h
@@ -31,6 +31,7 @@ struct fdt_region;
 #define IMAGE_ENABLE_OF_LIBFDT	1
 #define CONFIG_FIT_VERBOSE	1 /* enable fit_format_{error,warning}() */
 #define CONFIG_FIT_RSASSA_PSS 1
+#define CONFIG_MD5
 #define CONFIG_SHA1
 #define CONFIG_SHA256
 #define CONFIG_SHA384
diff --git a/include/u-boot/md5.h b/include/u-boot/md5.h
index e09c16a6e3..6d48592aa6 100644
--- a/include/u-boot/md5.h
+++ b/include/u-boot/md5.h
@@ -8,6 +8,8 @@
 
 #include "compiler.h"
 
+#define MD5_SUM_LEN	16
+
 struct MD5Context {
 	__u32 buf[4];
 	__u32 bits[2];
@@ -28,7 +30,7 @@ void md5 (unsigned char *input, int len, unsigned char output[16]);
  * 'output' must have enough space to hold 16 bytes. If 'chunk' Trigger the
  * watchdog every 'chunk_sz' bytes of input processed.
  */
-void md5_wd (unsigned char *input, int len, unsigned char output[16],
-		unsigned int chunk_sz);
+void md5_wd(const unsigned char *input, unsigned int len,
+	     unsigned char output[16], unsigned int chunk_sz);
 
 #endif /* _MD5_H */
diff --git a/lib/md5.c b/lib/md5.c
index 2ae4a06319..e2ba622ea4 100644
--- a/lib/md5.c
+++ b/lib/md5.c
@@ -284,12 +284,12 @@ md5 (unsigned char *input, int len, unsigned char output[16])
  * watchdog every 'chunk_sz' bytes of input processed.
  */
 void
-md5_wd (unsigned char *input, int len, unsigned char output[16],
+md5_wd(const unsigned char *input, unsigned int len, unsigned char output[16],
 	unsigned int chunk_sz)
 {
 	struct MD5Context context;
 #if defined(CONFIG_HW_WATCHDOG) || defined(CONFIG_WATCHDOG)
-	unsigned char *end, *curr;
+	const unsigned char *end, *curr;
 	int chunk;
 #endif
 
-- 
2.31.1

[PATCH v2 5/6] image: Drop if/elseif hash selection in calculate_hash()

[Alexandru Gagniuc]

calculate_hash() would try to select the appropriate hashing function
by a if/elseif contruct. But that is exactly why hash_lookup_algo()
exists, so use it instead.

This does mean that we now have to 'select HASH' to make sure we get
the hash_lookup_algo() symbol. However, the change makes sense because
even basic FITs will have to deal with "hash" nodes.

My only concern is that the 'select SPL_HASH' might cause some
platform to grow above its SPL size allowance

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
---
 common/Kconfig.boot        |  2 ++
 common/image-fit.c         | 45 ++++++++++++++++----------------------
 drivers/crypto/fsl/Kconfig |  2 ++
 3 files changed, 23 insertions(+), 26 deletions(-)

diff --git a/common/Kconfig.boot b/common/Kconfig.boot
index 314f1e50a0..c2d6c89372 100644
--- a/common/Kconfig.boot
+++ b/common/Kconfig.boot
@@ -13,6 +13,7 @@ config FIT
 	bool "Support Flattened Image Tree"
 	select MD5
 	select SHA1
+	select HASH
 	help
 	  This option allows you to boot the new uImage structure,
 	  Flattened Image Tree.  FIT is formally a FDT, which can include
@@ -133,6 +134,7 @@ if SPL
 config SPL_FIT
 	bool "Support Flattened Image Tree within SPL"
 	depends on SPL
+	select SPL_HASH
 	select SPL_OF_LIBFDT
 
 config SPL_FIT_PRINT
diff --git a/common/image-fit.c b/common/image-fit.c
index aff4670be3..92d9141bcd 100644
--- a/common/image-fit.c
+++ b/common/image-fit.c
@@ -1193,6 +1193,12 @@ int fit_set_timestamp(void *fit, int noffset, time_t timestamp)
 	return 0;
 }
 
+static void crc32_uimage_fixup(void *value)
+{
+	/* TODO: In C, this type punning is undefined behavior: */
+	*((uint32_t *)value) = cpu_to_uimage(*((uint32_t *)value));
+}
+
 /**
  * calculate_hash - calculate and return hash for provided input data
  * @data: pointer to the input data
@@ -1211,37 +1217,24 @@ int fit_set_timestamp(void *fit, int noffset, time_t timestamp)
  *     0, on success
  *    -1, when algo is unsupported
  */
-int calculate_hash(const void *data, int data_len, const char *algo,
+int calculate_hash(const void *data, int data_len, const char *name,
 			uint8_t *value, int *value_len)
 {
-	if (IMAGE_ENABLE_CRC32 && strcmp(algo, "crc32") == 0) {
-		*((uint32_t *)value) = crc32_wd(0, data, data_len,
-							CHUNKSZ_CRC32);
-		*((uint32_t *)value) = cpu_to_uimage(*((uint32_t *)value));
-		*value_len = 4;
-	} else if (CONFIG_IS_ENABLED(SHA1) && strcmp(algo, "sha1") == 0) {
-		sha1_csum_wd((unsigned char *)data, data_len,
-			     (unsigned char *)value, CHUNKSZ_SHA1);
-		*value_len = 20;
-	} else if (CONFIG_IS_ENABLED(SHA256) && strcmp(algo, "sha256") == 0) {
-		sha256_csum_wd((unsigned char *)data, data_len,
-			       (unsigned char *)value, CHUNKSZ_SHA256);
-		*value_len = SHA256_SUM_LEN;
-	} else if (CONFIG_IS_ENABLED(SHA384) && strcmp(algo, "sha384") == 0) {
-		sha384_csum_wd((unsigned char *)data, data_len,
-			       (unsigned char *)value, CHUNKSZ_SHA384);
-		*value_len = SHA384_SUM_LEN;
-	} else if (CONFIG_IS_ENABLED(SHA512) && strcmp(algo, "sha512") == 0) {
-		sha512_csum_wd((unsigned char *)data, data_len,
-			       (unsigned char *)value, CHUNKSZ_SHA512);
-		*value_len = SHA512_SUM_LEN;
-	} else if (IMAGE_ENABLE_MD5 && strcmp(algo, "md5") == 0) {
-		md5_wd((unsigned char *)data, data_len, value, CHUNKSZ_MD5);
-		*value_len = 16;
-	} else {
+	struct hash_algo *algo;
+	int ret;
+
+	ret = hash_lookup_algo(name, &algo);
+	if (ret < 0) {
 		debug("Unsupported hash alogrithm\n");
 		return -1;
 	}
+
+	algo->hash_func_ws(data, data_len, value, algo->chunk_size);
+	*value_len = algo->digest_size;
+
+	if (!strcmp(name, "crc32"))
+		crc32_uimage_fixup(value);
+
 	return 0;
 }
 
diff --git a/drivers/crypto/fsl/Kconfig b/drivers/crypto/fsl/Kconfig
index 1f5dfb94bb..e467ab1b71 100644
--- a/drivers/crypto/fsl/Kconfig
+++ b/drivers/crypto/fsl/Kconfig
@@ -1,6 +1,8 @@
 config FSL_CAAM
 	bool "Freescale Crypto Driver Support"
 	select SHA_HW_ACCEL
+	# hw_sha1() under drivers/crypto, and needed with SHA_HW_ACCEL
+	imply SPL_CRYPTO
 	imply CMD_HASH
 	help
 	  Enables the Freescale's Cryptographic Accelerator and Assurance
-- 
2.31.1

[PATCH v2 6/6] image: Drop IMAGE_ENABLE_{MD5, CRC32} #defines

[Alexandru Gagniuc]

These are no longer used, so drop them.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
---
 include/image.h | 20 --------------------
 1 file changed, 20 deletions(-)

diff --git a/include/image.h b/include/image.h
index e4b9cd0df2..98b33d0629 100644
--- a/include/image.h
+++ b/include/image.h
@@ -60,26 +60,6 @@ struct fdt_region;
 #include <hash.h>
 #include <linux/libfdt.h>
 #include <fdt_support.h>
-# ifdef CONFIG_SPL_BUILD
-#  ifdef CONFIG_SPL_CRC32
-#   define IMAGE_ENABLE_CRC32	1
-#  endif
-#  ifdef CONFIG_SPL_MD5
-#   define IMAGE_ENABLE_MD5	1
-#  endif
-# else
-#  define IMAGE_ENABLE_CRC32	1
-#  define IMAGE_ENABLE_MD5	1
-# endif
-
-#ifndef IMAGE_ENABLE_CRC32
-#define IMAGE_ENABLE_CRC32	0
-#endif
-
-#ifndef IMAGE_ENABLE_MD5
-#define IMAGE_ENABLE_MD5	0
-#endif
-
 #endif /* IMAGE_ENABLE_FIT */
 
 #ifdef CONFIG_SYS_BOOT_GET_CMDLINE
-- 
2.31.1

Re: [PATCH v2 1/6] common: Remove unused CONFIG_FIT_SHAxxx selectors

[Tom Rini]

[-- Attachment #1: Type: text/plain, Size: 1042 bytes --]

On Thu, Sep 02, 2021 at 07:54:17PM -0500, Alexandru Gagniuc wrote:

> Originally CONFIG_FIT_SHAxxx enabled specific SHA algos for and only
> for hash_calculate() in common/image-fit.c. However, since commit
> 14f061dcb1 ("image: Drop IMAGE_ENABLE_SHAxxx"),
> the correct selector was changed to CONFIG_SHAxxx.
> 
> The extra "_FIT_" variants are neither used, nor needed. Remove them.
> One defconfig disables FIT_SHA256, which is now changed to 'SHA256'.
> 
> CMD_MVEBU_BUBT needs to select select SHA256 to avoid undefined
> references to "sha256_*()". bubt.c needs sha256, so this selection is
> correct. It is not clear why this problem did not manifest before.
> 
> Note that SHA selection in SPL is broken for this exact reason. There
> is no corresponding SPL_SHAxxx. Fixing this is is beyond the scope of
> this change.
> 
> Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>

After making SHA256 be an implied option under FIT, to mirror the
current behavior, applied to u-boot/master, thanks!

-- 
Tom

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 659 bytes --]

Re: [PATCH v2 2/6] lib: Drop SHA512_ALGO in lieu of SHA512

[Tom Rini]

[-- Attachment #1: Type: text/plain, Size: 724 bytes --]

On Thu, Sep 02, 2021 at 07:54:18PM -0500, Alexandru Gagniuc wrote:

> SHA512_ALGO was used as a "either SHA512 or SHA384", although the
> implementations of these two algorithms share a majority of code.
> 
> From a Kconfig interface perspective, it makes sense to present two
> distinct options. This requires #ifdefing out the SHA512
> implementation from sha512.c. The latter doesn't make any sense.
> 
> It's reasonable to say in Kconfig that SHA384 depends on SHA512, and
> seems to be the more polite way to handle the selection.
> 
> Thus, automatically select SHA512 when SHA384 is enabled.
> 
> Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>

Applied to u-boot/master, thanks!

-- 
Tom

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 659 bytes --]

Re: [PATCH v2 3/6] common/spl: Drop [ST]PL_HASH_SUPPORT in favor of [ST]PL_HASH

[Tom Rini]

[-- Attachment #1: Type: text/plain, Size: 479 bytes --]

On Thu, Sep 02, 2021 at 07:54:19PM -0500, Alexandru Gagniuc wrote:

> All of these configs exist. Stick to using CONFIG_[ST]PL_HASH, and drop all
> references to CONFIG_[ST]PL_HASH_SUPPORT.  This means we need for
> CHAIN_OF_TRUST to select SPL_HASH now.
> 
> Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
> [trini: Add TPL case, fix CHAIN_OF_TRUST, other tweaks]
> Signed-off-by: Tom Rini <trini@konsulko.com>

Applied to u-boot/master, thanks!

-- 
Tom

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 659 bytes --]

Re: [PATCH v2 4/6] common: Move MD5 hash to hash_algo[] array.

[Tom Rini]

[-- Attachment #1: Type: text/plain, Size: 949 bytes --]

On Thu, Sep 02, 2021 at 07:54:20PM -0500, Alexandru Gagniuc wrote:

> MD5 is being called directly in some places, but it is not available
> via hash_lookup_algo("md5"). This is inconsistent with other hasing
> routines. To resolve this, add an "md5" entry to hash_algos[].
> 
> The #ifdef clause looks funnier than those for other entries. This is
> because both MD5 and SPL_MD5 configs exist, whereas the other hashes
> do not have "SPL_" entries. The long term plan is to get rid of the
> ifdefs, so those should not be expected to survive much longer.
> 
> The md5 entry does not have .hash_init/update/finish members. That's
> okay because hash_progressive_lookup_algo() will catch that, and
> return -EPROTONOSUPPORT, while hash_lookup_algo() will return the
> correct pointer.
> 
> Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>

With a fix to CONFIG_IS_ENABLED(MD5), applied to u-boot/master, thanks!

-- 
Tom

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 659 bytes --]

Re: [PATCH v2 5/6] image: Drop if/elseif hash selection in calculate_hash()

[Tom Rini]

[-- Attachment #1: Type: text/plain, Size: 681 bytes --]

On Thu, Sep 02, 2021 at 07:54:21PM -0500, Alexandru Gagniuc wrote:

> calculate_hash() would try to select the appropriate hashing function
> by a if/elseif contruct. But that is exactly why hash_lookup_algo()
> exists, so use it instead.
> 
> This does mean that we now have to 'select HASH' to make sure we get
> the hash_lookup_algo() symbol. However, the change makes sense because
> even basic FITs will have to deal with "hash" nodes.
> 
> My only concern is that the 'select SPL_HASH' might cause some
> platform to grow above its SPL size allowance
> 
> Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>

Applied to u-boot/master, thanks!

-- 
Tom

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 659 bytes --]

Re: [PATCH v2 6/6] image: Drop IMAGE_ENABLE_{MD5, CRC32} #defines

[Tom Rini]

[-- Attachment #1: Type: text/plain, Size: 225 bytes --]

On Thu, Sep 02, 2021 at 07:54:22PM -0500, Alexandru Gagniuc wrote:

> These are no longer used, so drop them.
> 
> Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>

Applied to u-boot/master, thanks!

-- 
Tom

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 659 bytes --]

Re: [PATCH v2 2/6] lib: Drop SHA512_ALGO in lieu of SHA512

[Andreas Schwab]

On Sep 02 2021, Alexandru Gagniuc wrote:

> diff --git a/lib/crypt/Kconfig b/lib/crypt/Kconfig
> index 5495ae8d4c..6a50029642 100644
> --- a/lib/crypt/Kconfig
> +++ b/lib/crypt/Kconfig
> @@ -20,7 +20,7 @@ config CRYPT_PW_SHA256
>  config CRYPT_PW_SHA512
>  	bool "Provide sha512crypt"
>  	select SHA512
> -	select SHA512_ALGO
> +	select SHA512

SHA512 is now selected twice.

> diff --git a/lib/efi_loader/Kconfig b/lib/efi_loader/Kconfig
> index dacc3b5881..08463251cd 100644
> --- a/lib/efi_loader/Kconfig
> +++ b/lib/efi_loader/Kconfig
> @@ -323,7 +323,7 @@ config EFI_TCG2_PROTOCOL
>  	depends on TPM_V2
>  	select SHA1
>  	select SHA256
> -	select SHA512_ALGO
> +	select SHA512
>  	select SHA384
>  	select SHA512
>  	select HASH

Likewise.

Andreas.

-- 
Andreas Schwab, SUSE Labs, schwab@suse.de
GPG Key fingerprint = 0196 BAD8 1CE9 1970 F4BE  1748 E4D4 88E3 0EEA B9D7
"And now for something completely different."