From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 55480C433F5 for ; Mon, 27 Sep 2021 15:53:58 +0000 (UTC) Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id D812260F94 for ; Mon, 27 Sep 2021 15:53:57 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org D812260F94 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=lists.denx.de Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id EDC37827C5; Mon, 27 Sep 2021 17:53:55 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="hC7LkTUB"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 1BE7E812B6; Mon, 27 Sep 2021 17:53:53 +0200 (CEST) Received: from mail-oi1-x22e.google.com (mail-oi1-x22e.google.com [IPv6:2607:f8b0:4864:20::22e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 61A2582D93 for ; Mon, 27 Sep 2021 17:53:46 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=mr.nuke.me@gmail.com Received: by mail-oi1-x22e.google.com with SMTP id x124so26124399oix.9 for ; Mon, 27 Sep 2021 08:53:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=lMnjTgf6wCb7UTDrI5A0IPBSxGd9NMcAO4MWc9bTwtY=; b=hC7LkTUBYGmQB2YlnfiI59e2K5yCeK1ScutvMRpq7BIhb6xKB0fNIOuSGB4wSnAI/b t8aVeglvgJCCWwUu2671E8RVgnUuAJ+zTz61qg/6mrfeoJRcDAAVUZO0o5mrEegb8TDm Z45Mq6re5nGh+n8UQHVrpzLOHNUGeaJLgZlQLGwNm3hsmLp6iK82fjXCX0sU5kdVJEGV 36Jf7ZEAiMywKiLkInuk/8EnQXh2wAGryoEWLugzUEoq+BshJR8SCOYvGxl7fjHqJnj0 Lq+M+kQY4JdJITdrUgFxaJGUnDqjq4RJHikPyja+56ZonMk+EivdJRmUU3WEhtrTTI1Q l/og== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=lMnjTgf6wCb7UTDrI5A0IPBSxGd9NMcAO4MWc9bTwtY=; b=qlNXpEcaO9eHUU3DdKPZAa0jdcEhcwwJ/Td/6ARWluqSEVbJo/cjErNtFOe6On9mhP 4Owih1wwKbwRQzDnbF2acc7q+Z0xNjmRqxjYOEXN61/RIPS7wbRo55rhKy63lKagXlv2 zUe4UkayTAQE4sreC5yumQ8dBAfIVkwRqQutLS4OvWhg7GRFxdE+XQZYNNTlHiXdSUx/ cJse1MKVwWRTpFrGkAGKNRXX5Z4e7RnpQUfcqUSpfjNtu1WelUKpfOwh6VVEkhlpQbg1 kQWmeWXbyzYCPlDJ8VZwpUSH1RAKbEiUQK6zSgNqeyepbv4BZnbtteJ5mf6K5URQa1x+ xATw== X-Gm-Message-State: AOAM53169HMyxTcgk12EUAOZ4gjiPAFZWotB4vH82zIToiroIQag5AsG PE2mFQiQsf+khgPiCQEbHIs= X-Google-Smtp-Source: ABdhPJwSks3LZIpHAp5/IfzXtSbPv20xX9OjetKnplmVOzD7n54b2588JcLFT8eqtBjKAFCvryTg/A== X-Received: by 2002:a05:6808:1ca:: with SMTP id x10mr506586oic.122.1632758025019; Mon, 27 Sep 2021 08:53:45 -0700 (PDT) Received: from nuclearis3.gtech (c-98-195-139-126.hsd1.tx.comcast.net. [98.195.139.126]) by smtp.gmail.com with ESMTPSA id w21sm4006216oif.13.2021.09.27.08.53.43 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 27 Sep 2021 08:53:44 -0700 (PDT) Subject: Re: [PATCH v5 05/29] hash: Use Kconfig to enable hashing in host tools and SPL To: Simon Glass , U-Boot Mailing List Cc: Andre Przywara , Rasmus Villemoes , Robert Marko , Masahiro Yamada , Tom Rini , Joe Hershberger References: <20210926014342.127913-1-sjg@chromium.org> <20210925194327.v5.5.Idf4bfa823b4e1a5b357e141a8496acece5051102@changeid> From: "Alex G." Message-ID: Date: Mon, 27 Sep 2021 10:53:42 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.8.1 MIME-Version: 1.0 In-Reply-To: <20210925194327.v5.5.Idf4bfa823b4e1a5b357e141a8496acece5051102@changeid> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de X-Virus-Status: Clean Hi Simon On 9/25/21 8:43 PM, Simon Glass wrote: > At present when building host tools, we force CONFIG_SHAxxx to be enabled > regardless of the board Kconfig setting. This is done in the image.h > header file. > > For SPL we currently just assume the algorithm is desired if U-Boot proper > enables it. > > Clean this up by adding new Kconfig options to enable hashing on the host, > relying on CONFIG_IS_ENABLED() to deal with the different builds. > > Add new SPL Kconfigs for hardware-accelerated hashing, to maintain the > current settings. > > This allows us to drop the image.h code and the I_WANT_MD5 hack. > > Signed-off-by: Simon Glass > --- > > Changes in v5: > - Drop I_WANT_MD5 > - Use TOOLS_ instead of HOST_ > I was planning to move hash algos to a linker list for target code, and a simple, ifdef-free list for the host, like we've done for crypto algos, and I think padding algos. We'd be able to drop #define I_WANT_MD5 (which is temporary), and drop define CONFIG_SHA_*, and by extension, drop the need for CONFIG_TOOLS_SHA*. I think that's far more elegant. Alex > Changes in v2: > - Add SPL_ Kconfigs also, since otherwise hashing algorithms drop from SPL > > common/hash.c | 49 +++++++++++++++++++++++-------------------------- > include/image.h | 5 ----- > lib/Kconfig | 18 ++++++++++++++++++ > tools/Kconfig | 25 +++++++++++++++++++++++++ > 4 files changed, 66 insertions(+), 31 deletions(-) > > diff --git a/common/hash.c b/common/hash.c > index 6277fe65b3e..0fe65c959d0 100644 > --- a/common/hash.c > +++ b/common/hash.c > @@ -25,6 +25,7 @@ > #else > #include "mkimage.h" > #include > +#include > #endif /* !USE_HOSTCC*/ > > #include > @@ -41,7 +42,7 @@ DECLARE_GLOBAL_DATA_PTR; > > static void reloc_update(void); > > -#if defined(CONFIG_SHA1) && !defined(CONFIG_SHA_PROG_HW_ACCEL) > +#if CONFIG_IS_ENABLED(SHA1) && !CONFIG_IS_ENABLED(SHA_PROG_HW_ACCEL) > static int hash_init_sha1(struct hash_algo *algo, void **ctxp) > { > sha1_context *ctx = malloc(sizeof(sha1_context)); > @@ -69,7 +70,7 @@ static int hash_finish_sha1(struct hash_algo *algo, void *ctx, void *dest_buf, > } > #endif > > -#if defined(CONFIG_SHA256) && !defined(CONFIG_SHA_PROG_HW_ACCEL) > +#if CONFIG_IS_ENABLED(SHA256) && !CONFIG_IS_ENABLED(SHA_PROG_HW_ACCEL) > static int hash_init_sha256(struct hash_algo *algo, void **ctxp) > { > sha256_context *ctx = malloc(sizeof(sha256_context)); > @@ -97,7 +98,7 @@ static int hash_finish_sha256(struct hash_algo *algo, void *ctx, void > } > #endif > > -#if defined(CONFIG_SHA384) && !defined(CONFIG_SHA_PROG_HW_ACCEL) > +#if CONFIG_IS_ENABLED(SHA384) && !CONFIG_IS_ENABLED(SHA_PROG_HW_ACCEL) > static int hash_init_sha384(struct hash_algo *algo, void **ctxp) > { > sha512_context *ctx = malloc(sizeof(sha512_context)); > @@ -125,7 +126,7 @@ static int hash_finish_sha384(struct hash_algo *algo, void *ctx, void > } > #endif > > -#if defined(CONFIG_SHA512) && !defined(CONFIG_SHA_PROG_HW_ACCEL) > +#if CONFIG_IS_ENABLED(SHA512) && !CONFIG_IS_ENABLED(SHA_PROG_HW_ACCEL) > static int hash_init_sha512(struct hash_algo *algo, void **ctxp) > { > sha512_context *ctx = malloc(sizeof(sha512_context)); > @@ -207,18 +208,13 @@ static int hash_finish_crc32(struct hash_algo *algo, void *ctx, void *dest_buf, > return 0; > } > > -#ifdef USE_HOSTCC > -# define I_WANT_MD5 1 > -#else > -# define I_WANT_MD5 CONFIG_IS_ENABLED(MD5) > -#endif > /* > * These are the hash algorithms we support. If we have hardware acceleration > * is enable we will use that, otherwise a software version of the algorithm. > * Note that algorithm names must be in lower case. > */ > static struct hash_algo hash_algo[] = { > -#if I_WANT_MD5 > +#if CONFIG_IS_ENABLED(MD5) > { > .name = "md5", > .digest_size = MD5_SUM_LEN, > @@ -226,17 +222,17 @@ static struct hash_algo hash_algo[] = { > .hash_func_ws = md5_wd, > }, > #endif > -#ifdef CONFIG_SHA1 > +#if CONFIG_IS_ENABLED(SHA1) > { > .name = "sha1", > .digest_size = SHA1_SUM_LEN, > .chunk_size = CHUNKSZ_SHA1, > -#ifdef CONFIG_SHA_HW_ACCEL > +#if CONFIG_IS_ENABLED(SHA_HW_ACCEL) > .hash_func_ws = hw_sha1, > #else > .hash_func_ws = sha1_csum_wd, > #endif > -#ifdef CONFIG_SHA_PROG_HW_ACCEL > +#if CONFIG_IS_ENABLED(SHA_PROG_HW_ACCEL) > .hash_init = hw_sha_init, > .hash_update = hw_sha_update, > .hash_finish = hw_sha_finish, > @@ -247,17 +243,17 @@ static struct hash_algo hash_algo[] = { > #endif > }, > #endif > -#ifdef CONFIG_SHA256 > +#if CONFIG_IS_ENABLED(SHA256) > { > .name = "sha256", > .digest_size = SHA256_SUM_LEN, > .chunk_size = CHUNKSZ_SHA256, > -#ifdef CONFIG_SHA_HW_ACCEL > +#if CONFIG_IS_ENABLED(SHA_HW_ACCEL) > .hash_func_ws = hw_sha256, > #else > .hash_func_ws = sha256_csum_wd, > #endif > -#ifdef CONFIG_SHA_PROG_HW_ACCEL > +#if CONFIG_IS_ENABLED(SHA_PROG_HW_ACCEL) > .hash_init = hw_sha_init, > .hash_update = hw_sha_update, > .hash_finish = hw_sha_finish, > @@ -268,17 +264,17 @@ static struct hash_algo hash_algo[] = { > #endif > }, > #endif > -#ifdef CONFIG_SHA384 > +#if CONFIG_IS_ENABLED(SHA384) > { > .name = "sha384", > .digest_size = SHA384_SUM_LEN, > .chunk_size = CHUNKSZ_SHA384, > -#ifdef CONFIG_SHA512_HW_ACCEL > +#if CONFIG_IS_ENABLED(SHA512_HW_ACCEL) > .hash_func_ws = hw_sha384, > #else > .hash_func_ws = sha384_csum_wd, > #endif > -#if defined(CONFIG_SHA512_HW_ACCEL) && defined(CONFIG_SHA_PROG_HW_ACCEL) > +#if CONFIG_IS_ENABLED(SHA512_HW_ACCEL) && CONFIG_IS_ENABLED(SHA_PROG_HW_ACCEL) > .hash_init = hw_sha_init, > .hash_update = hw_sha_update, > .hash_finish = hw_sha_finish, > @@ -289,17 +285,17 @@ static struct hash_algo hash_algo[] = { > #endif > }, > #endif > -#ifdef CONFIG_SHA512 > +#if CONFIG_IS_ENABLED(SHA512) > { > .name = "sha512", > .digest_size = SHA512_SUM_LEN, > .chunk_size = CHUNKSZ_SHA512, > -#ifdef CONFIG_SHA512_HW_ACCEL > +#if CONFIG_IS_ENABLED(SHA512_HW_ACCEL) > .hash_func_ws = hw_sha512, > #else > .hash_func_ws = sha512_csum_wd, > #endif > -#if defined(CONFIG_SHA512_HW_ACCEL) && defined(CONFIG_SHA_PROG_HW_ACCEL) > +#if CONFIG_IS_ENABLED(SHA512_HW_ACCEL) && CONFIG_IS_ENABLED(SHA_PROG_HW_ACCEL) > .hash_init = hw_sha_init, > .hash_update = hw_sha_update, > .hash_finish = hw_sha_finish, > @@ -331,9 +327,9 @@ static struct hash_algo hash_algo[] = { > }; > > /* Try to minimize code size for boards that don't want much hashing */ > -#if defined(CONFIG_SHA256) || defined(CONFIG_CMD_SHA1SUM) || \ > - defined(CONFIG_CRC32_VERIFY) || defined(CONFIG_CMD_HASH) || \ > - defined(CONFIG_SHA384) || defined(CONFIG_SHA512) > +#if CONFIG_IS_ENABLED(SHA256) || CONFIG_IS_ENABLED(CMD_SHA1SUM) || \ > + CONFIG_IS_ENABLED(CRC32_VERIFY) || CONFIG_IS_ENABLED(CMD_HASH) || \ > + CONFIG_IS_ENABLED(SHA384) || CONFIG_IS_ENABLED(SHA512) > #define multi_hash() 1 > #else > #define multi_hash() 0 > @@ -438,7 +434,8 @@ int hash_block(const char *algo_name, const void *data, unsigned int len, > return 0; > } > > -#if defined(CONFIG_CMD_HASH) || defined(CONFIG_CMD_SHA1SUM) || defined(CONFIG_CMD_CRC32) > +#if !defined(CONFIG_SPL_BUILD) && (defined(CONFIG_CMD_HASH) || \ > + defined(CONFIG_CMD_SHA1SUM) || defined(CONFIG_CMD_CRC32)) > /** > * store_result: Store the resulting sum to an address or variable > * > diff --git a/include/image.h b/include/image.h > index 73a763a6936..03857f4b500 100644 > --- a/include/image.h > +++ b/include/image.h > @@ -31,11 +31,6 @@ struct fdt_region; > #define IMAGE_ENABLE_OF_LIBFDT 1 > #define CONFIG_FIT_VERBOSE 1 /* enable fit_format_{error,warning}() */ > #define CONFIG_FIT_RSASSA_PSS 1 > -#define CONFIG_MD5 > -#define CONFIG_SHA1 > -#define CONFIG_SHA256 > -#define CONFIG_SHA384 > -#define CONFIG_SHA512 > > #define IMAGE_ENABLE_IGNORE 0 > #define IMAGE_INDENT_STRING "" > diff --git a/lib/Kconfig b/lib/Kconfig > index 7899e756f99..64765acfa61 100644 > --- a/lib/Kconfig > +++ b/lib/Kconfig > @@ -438,6 +438,24 @@ config SPL_SHA384 > The SHA384 algorithm produces a 384-bit (48-byte) hash value > (digest). > > +config SPL_SHA_HW_ACCEL > + bool "Enable hardware acceleration for SHA hash functions" > + default y if SHA_HW_ACCEL > + help > + This option enables hardware acceleration for the SHA1 and SHA256 > + hashing algorithms. This affects the 'hash' command and also the > + hash_lookup_algo() function. > + > +config SPL_SHA_PROG_HW_ACCEL > + bool "Enable Progressive hashing support using hardware in SPL" > + depends on SHA_PROG_HW_ACCEL > + default y > + help > + This option enables hardware-acceleration for SHA progressive > + hashing. > + Data can be streamed in a block at a time and the hashing is > + performed in hardware. > + > endif > > if SHA_HW_ACCEL > diff --git a/tools/Kconfig b/tools/Kconfig > index ea986ab0479..6ffc2c0aa31 100644 > --- a/tools/Kconfig > +++ b/tools/Kconfig > @@ -45,4 +45,29 @@ config TOOLS_FIT_SIGNATURE_MAX_SIZE > depends on TOOLS_FIT_SIGNATURE > default 0x10000000 > > +config TOOLS_MD5 > + def_bool y > + help > + Enable MD5 support in the tools builds > + > +config TOOLS_SHA1 > + def_bool y > + help > + Enable SHA1 support in the tools builds > + > +config TOOLS_SHA256 > + def_bool y > + help > + Enable SHA256 support in the tools builds > + > +config TOOLS_SHA384 > + def_bool y > + help > + Enable SHA384 support in the tools builds > + > +config TOOLS_SHA512 > + def_bool y > + help > + Enable SHA512 support in the tools builds > + > endmenu >