We rename CONFIG_FIT_DISABLE_SHA256 to CONFIG_FIT_ENABLE_SHA256_SUPPORT which
is enabled by default and now a positive option. Convert the handful of boards
that were disabling it before to save space.
Cc: Dirk Eibach <eibach@gdsys.de>
Cc: Lukasz Dalek <luk0104@gmail.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
16 files changed:
+config FIT_ENABLE_SHA256_SUPPORT
+ bool "Support SHA256 checksum of FIT image contents"
+ default y
+ help
+ Enable this to support SHA256 checksum of FIT image contents. A
+ SHA256 checksum is a 256-bit (32-byte) hash value used to check that
+ the image contents have not been corrupted. SHA256 is recommended
+ for use in secure applications since (as at 2016) there is no known
+ feasible attack that could produce a 'collision' with differing
+ input data. Use this for the highest security. Note that only the
+ SHA256 variant is supported: SHA512 and others are not currently
+ supported in U-Boot.
+
config FIT_SIGNATURE
bool "Enable signature verification of FIT uImages"
depends on DM
config FIT_SIGNATURE
bool "Enable signature verification of FIT uImages"
depends on DM
This define is introduced, as the legacy image format is
enabled per default for backward compatibility.
This define is introduced, as the legacy image format is
enabled per default for backward compatibility.
-- FIT image support:
- CONFIG_FIT_DISABLE_SHA256
- Supporting SHA256 hashes has quite an impact on binary size.
- For constrained systems sha256 hash support can be disabled
- with this option.
-
- TODO(sjg@chromium.org): Adjust this option to be positive,
- and move it to Kconfig
-
- Standalone program support:
CONFIG_STANDALONE_LOAD_ADDR
- Standalone program support:
CONFIG_STANDALONE_LOAD_ADDR
CONFIG_4xx=y
CONFIG_TARGET_DLVISION_10G=y
CONFIG_FIT=y
CONFIG_4xx=y
CONFIG_TARGET_DLVISION_10G=y
CONFIG_FIT=y
+# CONFIG_FIT_ENABLE_SHA256_SUPPORT is not set
CONFIG_FIT_VERBOSE=y
CONFIG_OF_BOARD_SETUP=y
CONFIG_BOOTDELAY=5
CONFIG_FIT_VERBOSE=y
CONFIG_OF_BOARD_SETUP=y
CONFIG_BOOTDELAY=5
CONFIG_4xx=y
CONFIG_TARGET_DLVISION=y
CONFIG_FIT=y
CONFIG_4xx=y
CONFIG_TARGET_DLVISION=y
CONFIG_FIT=y
+# CONFIG_FIT_ENABLE_SHA256_SUPPORT is not set
CONFIG_FIT_VERBOSE=y
CONFIG_OF_BOARD_SETUP=y
CONFIG_BOOTDELAY=5
CONFIG_FIT_VERBOSE=y
CONFIG_OF_BOARD_SETUP=y
CONFIG_BOOTDELAY=5
CONFIG_ARM=y
CONFIG_TARGET_H2200=y
CONFIG_FIT=y
CONFIG_ARM=y
CONFIG_TARGET_H2200=y
CONFIG_FIT=y
+# CONFIG_FIT_ENABLE_SHA256_SUPPORT is not set
CONFIG_SYS_CONSOLE_IS_IN_ENV=y
# CONFIG_DISPLAY_CPUINFO is not set
# CONFIG_DISPLAY_BOARDINFO is not set
CONFIG_SYS_CONSOLE_IS_IN_ENV=y
# CONFIG_DISPLAY_CPUINFO is not set
# CONFIG_DISPLAY_BOARDINFO is not set
CONFIG_4xx=y
CONFIG_TARGET_IO=y
CONFIG_FIT=y
CONFIG_4xx=y
CONFIG_TARGET_IO=y
CONFIG_FIT=y
+# CONFIG_FIT_ENABLE_SHA256_SUPPORT is not set
CONFIG_FIT_VERBOSE=y
CONFIG_OF_BOARD_SETUP=y
CONFIG_BOOTDELAY=5
CONFIG_FIT_VERBOSE=y
CONFIG_OF_BOARD_SETUP=y
CONFIG_BOOTDELAY=5
CONFIG_4xx=y
CONFIG_TARGET_IOCON=y
CONFIG_FIT=y
CONFIG_4xx=y
CONFIG_TARGET_IOCON=y
CONFIG_FIT=y
+# CONFIG_FIT_ENABLE_SHA256_SUPPORT is not set
CONFIG_OF_BOARD_SETUP=y
CONFIG_BOOTDELAY=5
CONFIG_SYS_CONSOLE_INFO_QUIET=y
CONFIG_OF_BOARD_SETUP=y
CONFIG_BOOTDELAY=5
CONFIG_SYS_CONSOLE_INFO_QUIET=y
CONFIG_4xx=y
CONFIG_TARGET_NEO=y
CONFIG_FIT=y
CONFIG_4xx=y
CONFIG_TARGET_NEO=y
CONFIG_FIT=y
+# CONFIG_FIT_ENABLE_SHA256_SUPPORT is not set
CONFIG_FIT_VERBOSE=y
CONFIG_OF_BOARD_SETUP=y
CONFIG_BOOTDELAY=5
CONFIG_FIT_VERBOSE=y
CONFIG_OF_BOARD_SETUP=y
CONFIG_BOOTDELAY=5
#define PLLMR0_DEFAULT PLLMR0_266_133_66
#define PLLMR1_DEFAULT PLLMR1_266_133_66
#define PLLMR0_DEFAULT PLLMR0_266_133_66
#define PLLMR1_DEFAULT PLLMR1_266_133_66
-/* new uImage format support */
-#define CONFIG_FIT_DISABLE_SHA256
-
#define CONFIG_ENV_IS_IN_FLASH /* use FLASH for environment vars */
/*
#define CONFIG_ENV_IS_IN_FLASH /* use FLASH for environment vars */
/*
#define PLLMR0_DEFAULT PLLMR0_266_133_66_33
#define PLLMR1_DEFAULT PLLMR1_266_133_66_33
#define PLLMR0_DEFAULT PLLMR0_266_133_66_33
#define PLLMR1_DEFAULT PLLMR1_266_133_66_33
-/* new uImage format support */
-#define CONFIG_FIT_DISABLE_SHA256
-
#define CONFIG_ENV_IS_IN_FLASH /* use FLASH for environment vars */
/*
#define CONFIG_ENV_IS_IN_FLASH /* use FLASH for environment vars */
/*
#define CONFIG_SYS_BAUDRATE_TABLE { 9600, 38400, 115200 }
#define CONFIG_SYS_BAUDRATE_TABLE { 9600, 38400, 115200 }
-#define CONFIG_FIT_DISABLE_SHA256
#define CONFIG_SETUP_MEMORY_TAGS
#define CONFIG_CMDLINE_TAG
#define CONFIG_INITRD_TAG
#define CONFIG_SETUP_MEMORY_TAGS
#define CONFIG_CMDLINE_TAG
#define CONFIG_INITRD_TAG
#define PLLMR0_DEFAULT PLLMR0_266_133_66
#define PLLMR1_DEFAULT PLLMR1_266_133_66
#define PLLMR0_DEFAULT PLLMR0_266_133_66
#define PLLMR1_DEFAULT PLLMR1_266_133_66
-/* new uImage format support */
-#define CONFIG_FIT_DISABLE_SHA256
-
#define CONFIG_ENV_IS_IN_FLASH /* use FLASH for environment vars */
/*
#define CONFIG_ENV_IS_IN_FLASH /* use FLASH for environment vars */
/*
#define PLLMR0_DEFAULT PLLMR0_266_133_66
#define PLLMR1_DEFAULT PLLMR1_266_133_66
#define PLLMR0_DEFAULT PLLMR0_266_133_66
#define PLLMR1_DEFAULT PLLMR1_266_133_66
-/* new uImage format support */
-#define CONFIG_FIT_DISABLE_SHA256
-
#define CONFIG_ENV_IS_IN_FLASH /* use FLASH for environment vars */
/*
#define CONFIG_ENV_IS_IN_FLASH /* use FLASH for environment vars */
/*
#define PLLMR0_DEFAULT PLLMR0_266_133_66_33
#define PLLMR1_DEFAULT PLLMR1_266_133_66_33
#define PLLMR0_DEFAULT PLLMR0_266_133_66_33
#define PLLMR1_DEFAULT PLLMR1_266_133_66_33
-/* new uImage format support */
-#define CONFIG_FIT_DISABLE_SHA256
-
#define CONFIG_ENV_IS_IN_FLASH /* use FLASH for environment vars */
/*
#define CONFIG_ENV_IS_IN_FLASH /* use FLASH for environment vars */
/*
#define IMAGE_ENABLE_FIT 1
#define IMAGE_ENABLE_OF_LIBFDT 1
#define CONFIG_FIT_VERBOSE 1 /* enable fit_format_{error,warning}() */
#define IMAGE_ENABLE_FIT 1
#define IMAGE_ENABLE_OF_LIBFDT 1
#define CONFIG_FIT_VERBOSE 1 /* enable fit_format_{error,warning}() */
+#define CONFIG_FIT_ENABLE_SHA256_SUPPORT
#define IMAGE_ENABLE_IGNORE 0
#define IMAGE_INDENT_STRING ""
#define IMAGE_ENABLE_IGNORE 0
#define IMAGE_INDENT_STRING ""
# ifdef CONFIG_SPL_SHA1_SUPPORT
# define IMAGE_ENABLE_SHA1 1
# endif
# ifdef CONFIG_SPL_SHA1_SUPPORT
# define IMAGE_ENABLE_SHA1 1
# endif
-# ifdef CONFIG_SPL_SHA256_SUPPORT
-# define IMAGE_ENABLE_SHA256 1
-# endif
# else
# define CONFIG_CRC32 /* FIT images need CRC32 support */
# define CONFIG_SHA1 /* and SHA1 */
# else
# define CONFIG_CRC32 /* FIT images need CRC32 support */
# define CONFIG_SHA1 /* and SHA1 */
# define IMAGE_ENABLE_CRC32 1
# define IMAGE_ENABLE_MD5 1
# define IMAGE_ENABLE_SHA1 1
# define IMAGE_ENABLE_CRC32 1
# define IMAGE_ENABLE_MD5 1
# define IMAGE_ENABLE_SHA1 1
-# define IMAGE_ENABLE_SHA256 1
-#ifdef CONFIG_FIT_DISABLE_SHA256
-#undef CONFIG_SHA256
-#undef IMAGE_ENABLE_SHA256
-#endif
-
#ifndef IMAGE_ENABLE_CRC32
#define IMAGE_ENABLE_CRC32 0
#endif
#ifndef IMAGE_ENABLE_CRC32
#define IMAGE_ENABLE_CRC32 0
#endif
#define IMAGE_ENABLE_SHA1 0
#endif
#define IMAGE_ENABLE_SHA1 0
#endif
-#ifndef IMAGE_ENABLE_SHA256
+#if defined(CONFIG_FIT_ENABLE_SHA256_SUPPORT) || \
+ defined(CONFIG_SPL_SHA256_SUPPORT)
+#define CONFIG_SHA256
+#define IMAGE_ENABLE_SHA256 1
+#else
#define IMAGE_ENABLE_SHA256 0
#endif
#define IMAGE_ENABLE_SHA256 0
#endif
CONFIG_FILE
CONFIG_FIRMWARE_OFFSET
CONFIG_FIRMWARE_SIZE
CONFIG_FILE
CONFIG_FIRMWARE_OFFSET
CONFIG_FIRMWARE_SIZE
-CONFIG_FIT_DISABLE_SHA256
CONFIG_FIXED_PHY
CONFIG_FIXED_PHY_ADDR
CONFIG_FIXED_SDHCI_ALIGNED_BUFFER
CONFIG_FIXED_PHY
CONFIG_FIXED_PHY_ADDR
CONFIG_FIXED_SDHCI_ALIGNED_BUFFER
projects / u-boot / commitdiff