From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 48D6BC433EF for ; Tue, 5 Oct 2021 18:22:04 +0000 (UTC) Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id B758D61166 for ; Tue, 5 Oct 2021 18:22:03 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org B758D61166 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=lists.denx.de Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 1AF4A82DA1; Tue, 5 Oct 2021 20:22:01 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="A2fbNitP"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id B293682DA1; Tue, 5 Oct 2021 20:21:58 +0200 (CEST) Received: from mail-ot1-x330.google.com (mail-ot1-x330.google.com [IPv6:2607:f8b0:4864:20::330]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id D8D4882BC7 for ; Tue, 5 Oct 2021 20:21:53 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=mr.nuke.me@gmail.com Received: by mail-ot1-x330.google.com with SMTP id o27-20020a9d411b000000b0054e0e86020aso126497ote.0 for ; Tue, 05 Oct 2021 11:21:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=U5sxlaGl8g5fYmgrm/T95nRpFmYkp3g7jtByS9/vVCI=; b=A2fbNitPLgYOuQu0+LdMzSvBVhMrvR/TWPIPoWUpeAkWAZSk0MJFpV1KFmZNCTM1g7 gE2imSXwumPreXJi2fHxuTnPDbYR/56SyGsL5CjA8aEzRK6dkPDen2LwnIzUc9Zu4/3k 04UQHP7+2SojVtdexcPVlv+fyO78i1QKTNZagpJoIeUdwp8Y1jJkxyssag6pWQ3RlKxG gTDOA5eqrOuiSt5XXaJolDeiXLGHi+FwLLBwQHu5UVH5tnw9qy/l/mcTOACy4g4K9ti/ 50e/CNNT0ExwqXn5i//58grp8WaP99bH8gOqV07whcG89P+JQU1sY9zZIZDjF9u/z45d XMWA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=U5sxlaGl8g5fYmgrm/T95nRpFmYkp3g7jtByS9/vVCI=; b=dz6FH2H3FzDkt63x44O2F2Zo6A8k2NAtF7rREk7M5lrXZNH1OcrAgGQWrdOft16sH6 kGd+OVuB2bz18q9Er21Qd/rjudNYtoy+i6P1+GhAnZnXv3F2bVZ2z0OvjjrEYR0GNp3K pPy1nNkmqC/3zlEb6S5r/fdbOrqmSYk4NDEKST61ndKBBYrH9q+gm/2olN+2ieP6aKjY BkYB22UI6qTeRsIkJdFzVygeVDIcb0LdLIRxKe6S8ae0N8tycnAP4Z15k3iV1FMK65Be bze8nLD3DMkwiucAAf5yfgahE1SJpwtqBFT5ONrrjWn4Ew5up3UvCnZIZXndldhUBCho L4ig== X-Gm-Message-State: AOAM531pw45qz048N1giM9JmO3oTFcKn73Y13Zf/QEI5bXiPq+1yxYEb vh1tlGEMrEJF0rHgsqtNUPI= X-Google-Smtp-Source: ABdhPJyntCg5mD5FpQ84xuGA1pb4rY2y40RakU3uZu/Wjilb+WY5cTVw0e+6IaLxmVtRGIx6E9TKhg== X-Received: by 2002:a05:6830:2486:: with SMTP id u6mr15067768ots.353.1633458112351; Tue, 05 Oct 2021 11:21:52 -0700 (PDT) Received: from nuclearis3.gtech (c-98-195-139-126.hsd1.tx.comcast.net. [98.195.139.126]) by smtp.gmail.com with ESMTPSA id w14sm3685148oth.5.2021.10.05.11.21.50 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 05 Oct 2021 11:21:51 -0700 (PDT) Subject: Re: [PATCH v5 05/29] hash: Use Kconfig to enable hashing in host tools and SPL To: Simon Glass , U-Boot Mailing List Cc: Andre Przywara , Rasmus Villemoes , Robert Marko , Masahiro Yamada , Tom Rini , Joe Hershberger References: <20210926014342.127913-1-sjg@chromium.org> <20210925194327.v5.5.Idf4bfa823b4e1a5b357e141a8496acece5051102@changeid> From: "Alex G." Message-ID: <5dfa216a-3518-5f4b-815b-078a6a9b141f@gmail.com> Date: Tue, 5 Oct 2021 13:21:50 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.8.1 MIME-Version: 1.0 In-Reply-To: <20210925194327.v5.5.Idf4bfa823b4e1a5b357e141a8496acece5051102@changeid> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de X-Virus-Status: Clean On 9/25/21 8:43 PM, Simon Glass wrote: > At present when building host tools, we force CONFIG_SHAxxx to be enabled > regardless of the board Kconfig setting. This is done in the image.h > header file. > > For SPL we currently just assume the algorithm is desired if U-Boot proper > enables it. > > Clean this up by adding new Kconfig options to enable hashing on the host, > relying on CONFIG_IS_ENABLED() to deal with the different builds. > > Add new SPL Kconfigs for hardware-accelerated hashing, to maintain the > current settings. > > This allows us to drop the image.h code and the I_WANT_MD5 hack. > > Signed-off-by: Simon Glass Reviewed-by: Alexandru Gagniuc > --- > > Changes in v5: > - Drop I_WANT_MD5 > - Use TOOLS_ instead of HOST_ > > Changes in v2: > - Add SPL_ Kconfigs also, since otherwise hashing algorithms drop from SPL > > common/hash.c | 49 +++++++++++++++++++++++-------------------------- > include/image.h | 5 ----- > lib/Kconfig | 18 ++++++++++++++++++ > tools/Kconfig | 25 +++++++++++++++++++++++++ > 4 files changed, 66 insertions(+), 31 deletions(-) > > diff --git a/common/hash.c b/common/hash.c > index 6277fe65b3e..0fe65c959d0 100644 > --- a/common/hash.c > +++ b/common/hash.c > @@ -25,6 +25,7 @@ > #else > #include "mkimage.h" > #include > +#include > #endif /* !USE_HOSTCC*/ > > #include > @@ -41,7 +42,7 @@ DECLARE_GLOBAL_DATA_PTR; > > static void reloc_update(void); > > -#if defined(CONFIG_SHA1) && !defined(CONFIG_SHA_PROG_HW_ACCEL) > +#if CONFIG_IS_ENABLED(SHA1) && !CONFIG_IS_ENABLED(SHA_PROG_HW_ACCEL) > static int hash_init_sha1(struct hash_algo *algo, void **ctxp) > { > sha1_context *ctx = malloc(sizeof(sha1_context)); > @@ -69,7 +70,7 @@ static int hash_finish_sha1(struct hash_algo *algo, void *ctx, void *dest_buf, > } > #endif One day, I'd like to make these init__ functions part of linker lists and move each to their respective .c One day. > > -#if defined(CONFIG_SHA256) && !defined(CONFIG_SHA_PROG_HW_ACCEL) > +#if CONFIG_IS_ENABLED(SHA256) && !CONFIG_IS_ENABLED(SHA_PROG_HW_ACCEL) > static int hash_init_sha256(struct hash_algo *algo, void **ctxp) > { > sha256_context *ctx = malloc(sizeof(sha256_context)); > @@ -97,7 +98,7 @@ static int hash_finish_sha256(struct hash_algo *algo, void *ctx, void > } > #endif > > -#if defined(CONFIG_SHA384) && !defined(CONFIG_SHA_PROG_HW_ACCEL) > +#if CONFIG_IS_ENABLED(SHA384) && !CONFIG_IS_ENABLED(SHA_PROG_HW_ACCEL) > static int hash_init_sha384(struct hash_algo *algo, void **ctxp) > { > sha512_context *ctx = malloc(sizeof(sha512_context)); > @@ -125,7 +126,7 @@ static int hash_finish_sha384(struct hash_algo *algo, void *ctx, void > } > #endif > > -#if defined(CONFIG_SHA512) && !defined(CONFIG_SHA_PROG_HW_ACCEL) > +#if CONFIG_IS_ENABLED(SHA512) && !CONFIG_IS_ENABLED(SHA_PROG_HW_ACCEL) > static int hash_init_sha512(struct hash_algo *algo, void **ctxp) > { > sha512_context *ctx = malloc(sizeof(sha512_context)); > @@ -207,18 +208,13 @@ static int hash_finish_crc32(struct hash_algo *algo, void *ctx, void *dest_buf, > return 0; > } > > -#ifdef USE_HOSTCC > -# define I_WANT_MD5 1 > -#else > -# define I_WANT_MD5 CONFIG_IS_ENABLED(MD5) > -#endif > /* > * These are the hash algorithms we support. If we have hardware acceleration > * is enable we will use that, otherwise a software version of the algorithm. > * Note that algorithm names must be in lower case. > */ > static struct hash_algo hash_algo[] = { > -#if I_WANT_MD5 > +#if CONFIG_IS_ENABLED(MD5) > { > .name = "md5", > .digest_size = MD5_SUM_LEN, > @@ -226,17 +222,17 @@ static struct hash_algo hash_algo[] = { > .hash_func_ws = md5_wd, > }, > #endif > -#ifdef CONFIG_SHA1 > +#if CONFIG_IS_ENABLED(SHA1) > { > .name = "sha1", > .digest_size = SHA1_SUM_LEN, > .chunk_size = CHUNKSZ_SHA1, > -#ifdef CONFIG_SHA_HW_ACCEL > +#if CONFIG_IS_ENABLED(SHA_HW_ACCEL) > .hash_func_ws = hw_sha1, > #else > .hash_func_ws = sha1_csum_wd, > #endif > -#ifdef CONFIG_SHA_PROG_HW_ACCEL > +#if CONFIG_IS_ENABLED(SHA_PROG_HW_ACCEL) > .hash_init = hw_sha_init, > .hash_update = hw_sha_update, > .hash_finish = hw_sha_finish, > @@ -247,17 +243,17 @@ static struct hash_algo hash_algo[] = { > #endif > }, > #endif > -#ifdef CONFIG_SHA256 > +#if CONFIG_IS_ENABLED(SHA256) > { > .name = "sha256", > .digest_size = SHA256_SUM_LEN, > .chunk_size = CHUNKSZ_SHA256, > -#ifdef CONFIG_SHA_HW_ACCEL > +#if CONFIG_IS_ENABLED(SHA_HW_ACCEL) > .hash_func_ws = hw_sha256, > #else > .hash_func_ws = sha256_csum_wd, > #endif > -#ifdef CONFIG_SHA_PROG_HW_ACCEL > +#if CONFIG_IS_ENABLED(SHA_PROG_HW_ACCEL) > .hash_init = hw_sha_init, > .hash_update = hw_sha_update, > .hash_finish = hw_sha_finish, > @@ -268,17 +264,17 @@ static struct hash_algo hash_algo[] = { > #endif > }, > #endif > -#ifdef CONFIG_SHA384 > +#if CONFIG_IS_ENABLED(SHA384) > { > .name = "sha384", > .digest_size = SHA384_SUM_LEN, > .chunk_size = CHUNKSZ_SHA384, > -#ifdef CONFIG_SHA512_HW_ACCEL > +#if CONFIG_IS_ENABLED(SHA512_HW_ACCEL) > .hash_func_ws = hw_sha384, > #else > .hash_func_ws = sha384_csum_wd, > #endif > -#if defined(CONFIG_SHA512_HW_ACCEL) && defined(CONFIG_SHA_PROG_HW_ACCEL) > +#if CONFIG_IS_ENABLED(SHA512_HW_ACCEL) && CONFIG_IS_ENABLED(SHA_PROG_HW_ACCEL) > .hash_init = hw_sha_init, > .hash_update = hw_sha_update, > .hash_finish = hw_sha_finish, > @@ -289,17 +285,17 @@ static struct hash_algo hash_algo[] = { > #endif > }, > #endif > -#ifdef CONFIG_SHA512 > +#if CONFIG_IS_ENABLED(SHA512) > { > .name = "sha512", > .digest_size = SHA512_SUM_LEN, > .chunk_size = CHUNKSZ_SHA512, > -#ifdef CONFIG_SHA512_HW_ACCEL > +#if CONFIG_IS_ENABLED(SHA512_HW_ACCEL) > .hash_func_ws = hw_sha512, > #else > .hash_func_ws = sha512_csum_wd, > #endif > -#if defined(CONFIG_SHA512_HW_ACCEL) && defined(CONFIG_SHA_PROG_HW_ACCEL) > +#if CONFIG_IS_ENABLED(SHA512_HW_ACCEL) && CONFIG_IS_ENABLED(SHA_PROG_HW_ACCEL) > .hash_init = hw_sha_init, > .hash_update = hw_sha_update, > .hash_finish = hw_sha_finish, > @@ -331,9 +327,9 @@ static struct hash_algo hash_algo[] = { > }; > > /* Try to minimize code size for boards that don't want much hashing */ > -#if defined(CONFIG_SHA256) || defined(CONFIG_CMD_SHA1SUM) || \ > - defined(CONFIG_CRC32_VERIFY) || defined(CONFIG_CMD_HASH) || \ > - defined(CONFIG_SHA384) || defined(CONFIG_SHA512) > +#if CONFIG_IS_ENABLED(SHA256) || CONFIG_IS_ENABLED(CMD_SHA1SUM) || \ > + CONFIG_IS_ENABLED(CRC32_VERIFY) || CONFIG_IS_ENABLED(CMD_HASH) || \ > + CONFIG_IS_ENABLED(SHA384) || CONFIG_IS_ENABLED(SHA512) > #define multi_hash() 1 > #else > #define multi_hash() 0 > @@ -438,7 +434,8 @@ int hash_block(const char *algo_name, const void *data, unsigned int len, > return 0; > } > > -#if defined(CONFIG_CMD_HASH) || defined(CONFIG_CMD_SHA1SUM) || defined(CONFIG_CMD_CRC32) > +#if !defined(CONFIG_SPL_BUILD) && (defined(CONFIG_CMD_HASH) || \ > + defined(CONFIG_CMD_SHA1SUM) || defined(CONFIG_CMD_CRC32)) > /** > * store_result: Store the resulting sum to an address or variable > * > diff --git a/include/image.h b/include/image.h > index 73a763a6936..03857f4b500 100644 > --- a/include/image.h > +++ b/include/image.h > @@ -31,11 +31,6 @@ struct fdt_region; > #define IMAGE_ENABLE_OF_LIBFDT 1 > #define CONFIG_FIT_VERBOSE 1 /* enable fit_format_{error,warning}() */ > #define CONFIG_FIT_RSASSA_PSS 1 > -#define CONFIG_MD5 > -#define CONFIG_SHA1 > -#define CONFIG_SHA256 > -#define CONFIG_SHA384 > -#define CONFIG_SHA512 > > #define IMAGE_ENABLE_IGNORE 0 > #define IMAGE_INDENT_STRING "" > diff --git a/lib/Kconfig b/lib/Kconfig > index 7899e756f99..64765acfa61 100644 > --- a/lib/Kconfig > +++ b/lib/Kconfig > @@ -438,6 +438,24 @@ config SPL_SHA384 > The SHA384 algorithm produces a 384-bit (48-byte) hash value > (digest). > > +config SPL_SHA_HW_ACCEL > + bool "Enable hardware acceleration for SHA hash functions" > + default y if SHA_HW_ACCEL > + help > + This option enables hardware acceleration for the SHA1 and SHA256 > + hashing algorithms. This affects the 'hash' command and also the > + hash_lookup_algo() function. > + > +config SPL_SHA_PROG_HW_ACCEL > + bool "Enable Progressive hashing support using hardware in SPL" > + depends on SHA_PROG_HW_ACCEL > + default y > + help > + This option enables hardware-acceleration for SHA progressive > + hashing. > + Data can be streamed in a block at a time and the hashing is > + performed in hardware. > + > endif > > if SHA_HW_ACCEL > diff --git a/tools/Kconfig b/tools/Kconfig > index ea986ab0479..6ffc2c0aa31 100644 > --- a/tools/Kconfig > +++ b/tools/Kconfig > @@ -45,4 +45,29 @@ config TOOLS_FIT_SIGNATURE_MAX_SIZE > depends on TOOLS_FIT_SIGNATURE > default 0x10000000 > > +config TOOLS_MD5 > + def_bool y > + help > + Enable MD5 support in the tools builds > + > +config TOOLS_SHA1 > + def_bool y > + help > + Enable SHA1 support in the tools builds > + > +config TOOLS_SHA256 > + def_bool y > + help > + Enable SHA256 support in the tools builds > + > +config TOOLS_SHA384 > + def_bool y > + help > + Enable SHA384 support in the tools builds > + > +config TOOLS_SHA512 > + def_bool y > + help > + Enable SHA512 support in the tools builds > + > endmenu >