summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--Kconfig13
-rw-r--r--README9
-rw-r--r--configs/dlvision-10g_defconfig1
-rw-r--r--configs/dlvision_defconfig1
-rw-r--r--configs/h2200_defconfig1
-rw-r--r--configs/io_defconfig1
-rw-r--r--configs/iocon_defconfig1
-rw-r--r--configs/neo_defconfig1
-rw-r--r--include/configs/dlvision-10g.h3
-rw-r--r--include/configs/dlvision.h3
-rw-r--r--include/configs/h2200.h1
-rw-r--r--include/configs/io.h3
-rw-r--r--include/configs/iocon.h3
-rw-r--r--include/configs/neo.h3
-rw-r--r--include/image.h16
-rw-r--r--scripts/config_whitelist.txt1
16 files changed, 25 insertions, 36 deletions
diff --git a/Kconfig b/Kconfig
index 1cf990dfce3..0a445313f62 100644
--- a/Kconfig
+++ b/Kconfig
@@ -157,6 +157,19 @@ config FIT
if FIT
+config FIT_ENABLE_SHA256_SUPPORT
+ bool "Support SHA256 checksum of FIT image contents"
+ default y
+ help
+ Enable this to support SHA256 checksum of FIT image contents. A
+ SHA256 checksum is a 256-bit (32-byte) hash value used to check that
+ the image contents have not been corrupted. SHA256 is recommended
+ for use in secure applications since (as at 2016) there is no known
+ feasible attack that could produce a 'collision' with differing
+ input data. Use this for the highest security. Note that only the
+ SHA256 variant is supported: SHA512 and others are not currently
+ supported in U-Boot.
+
config FIT_SIGNATURE
bool "Enable signature verification of FIT uImages"
depends on DM
diff --git a/README b/README
index 350b805c380..15ef469e6c5 100644
--- a/README
+++ b/README
@@ -2973,15 +2973,6 @@ FIT uImage format:
This define is introduced, as the legacy image format is
enabled per default for backward compatibility.
-- FIT image support:
- CONFIG_FIT_DISABLE_SHA256
- Supporting SHA256 hashes has quite an impact on binary size.
- For constrained systems sha256 hash support can be disabled
- with this option.
-
- TODO(sjg@chromium.org): Adjust this option to be positive,
- and move it to Kconfig
-
- Standalone program support:
CONFIG_STANDALONE_LOAD_ADDR
diff --git a/configs/dlvision-10g_defconfig b/configs/dlvision-10g_defconfig
index c3574e19964..44f7527a9ce 100644
--- a/configs/dlvision-10g_defconfig
+++ b/configs/dlvision-10g_defconfig
@@ -3,6 +3,7 @@ CONFIG_IDENT_STRING=" dlvision-10g 0.06"
CONFIG_4xx=y
CONFIG_TARGET_DLVISION_10G=y
CONFIG_FIT=y
+# CONFIG_FIT_ENABLE_SHA256_SUPPORT is not set
CONFIG_FIT_VERBOSE=y
CONFIG_OF_BOARD_SETUP=y
CONFIG_BOOTDELAY=5
diff --git a/configs/dlvision_defconfig b/configs/dlvision_defconfig
index f9f07ee8f12..4dd09a2af8d 100644
--- a/configs/dlvision_defconfig
+++ b/configs/dlvision_defconfig
@@ -3,6 +3,7 @@ CONFIG_IDENT_STRING=" dlvision 0.02"
CONFIG_4xx=y
CONFIG_TARGET_DLVISION=y
CONFIG_FIT=y
+# CONFIG_FIT_ENABLE_SHA256_SUPPORT is not set
CONFIG_FIT_VERBOSE=y
CONFIG_OF_BOARD_SETUP=y
CONFIG_BOOTDELAY=5
diff --git a/configs/h2200_defconfig b/configs/h2200_defconfig
index b85ed598066..9d3698c5559 100644
--- a/configs/h2200_defconfig
+++ b/configs/h2200_defconfig
@@ -1,6 +1,7 @@
CONFIG_ARM=y
CONFIG_TARGET_H2200=y
CONFIG_FIT=y
+# CONFIG_FIT_ENABLE_SHA256_SUPPORT is not set
CONFIG_SYS_CONSOLE_IS_IN_ENV=y
# CONFIG_DISPLAY_CPUINFO is not set
# CONFIG_DISPLAY_BOARDINFO is not set
diff --git a/configs/io_defconfig b/configs/io_defconfig
index 5dca2b121c8..27edc5976b2 100644
--- a/configs/io_defconfig
+++ b/configs/io_defconfig
@@ -3,6 +3,7 @@ CONFIG_IDENT_STRING=" io 0.06"
CONFIG_4xx=y
CONFIG_TARGET_IO=y
CONFIG_FIT=y
+# CONFIG_FIT_ENABLE_SHA256_SUPPORT is not set
CONFIG_FIT_VERBOSE=y
CONFIG_OF_BOARD_SETUP=y
CONFIG_BOOTDELAY=5
diff --git a/configs/iocon_defconfig b/configs/iocon_defconfig
index c74df944a6a..2529181620d 100644
--- a/configs/iocon_defconfig
+++ b/configs/iocon_defconfig
@@ -3,6 +3,7 @@ CONFIG_IDENT_STRING=" iocon 0.06"
CONFIG_4xx=y
CONFIG_TARGET_IOCON=y
CONFIG_FIT=y
+# CONFIG_FIT_ENABLE_SHA256_SUPPORT is not set
CONFIG_OF_BOARD_SETUP=y
CONFIG_BOOTDELAY=5
CONFIG_SYS_CONSOLE_INFO_QUIET=y
diff --git a/configs/neo_defconfig b/configs/neo_defconfig
index fbb2da47f0a..1bf5151baad 100644
--- a/configs/neo_defconfig
+++ b/configs/neo_defconfig
@@ -3,6 +3,7 @@ CONFIG_IDENT_STRING=" neo 0.02"
CONFIG_4xx=y
CONFIG_TARGET_NEO=y
CONFIG_FIT=y
+# CONFIG_FIT_ENABLE_SHA256_SUPPORT is not set
CONFIG_FIT_VERBOSE=y
CONFIG_OF_BOARD_SETUP=y
CONFIG_BOOTDELAY=5
diff --git a/include/configs/dlvision-10g.h b/include/configs/dlvision-10g.h
index e32651f5411..c5e227650e5 100644
--- a/include/configs/dlvision-10g.h
+++ b/include/configs/dlvision-10g.h
@@ -31,9 +31,6 @@
#define PLLMR0_DEFAULT PLLMR0_266_133_66
#define PLLMR1_DEFAULT PLLMR1_266_133_66
-/* new uImage format support */
-#define CONFIG_FIT_DISABLE_SHA256
-
#define CONFIG_ENV_IS_IN_FLASH /* use FLASH for environment vars */
/*
diff --git a/include/configs/dlvision.h b/include/configs/dlvision.h
index 2b7d62b0348..f8d390ba33a 100644
--- a/include/configs/dlvision.h
+++ b/include/configs/dlvision.h
@@ -29,9 +29,6 @@
#define PLLMR0_DEFAULT PLLMR0_266_133_66_33
#define PLLMR1_DEFAULT PLLMR1_266_133_66_33
-/* new uImage format support */
-#define CONFIG_FIT_DISABLE_SHA256
-
#define CONFIG_ENV_IS_IN_FLASH /* use FLASH for environment vars */
/*
diff --git a/include/configs/h2200.h b/include/configs/h2200.h
index d8724f86a73..530a88e9e1a 100644
--- a/include/configs/h2200.h
+++ b/include/configs/h2200.h
@@ -109,7 +109,6 @@
#define CONFIG_SYS_BAUDRATE_TABLE { 9600, 38400, 115200 }
-#define CONFIG_FIT_DISABLE_SHA256
#define CONFIG_SETUP_MEMORY_TAGS
#define CONFIG_CMDLINE_TAG
#define CONFIG_INITRD_TAG
diff --git a/include/configs/io.h b/include/configs/io.h
index 3e44a8c6075..ee2b52a7ede 100644
--- a/include/configs/io.h
+++ b/include/configs/io.h
@@ -31,9 +31,6 @@
#define PLLMR0_DEFAULT PLLMR0_266_133_66
#define PLLMR1_DEFAULT PLLMR1_266_133_66
-/* new uImage format support */
-#define CONFIG_FIT_DISABLE_SHA256
-
#define CONFIG_ENV_IS_IN_FLASH /* use FLASH for environment vars */
/*
diff --git a/include/configs/iocon.h b/include/configs/iocon.h
index 9c3be78bc73..afa69942e84 100644
--- a/include/configs/iocon.h
+++ b/include/configs/iocon.h
@@ -33,9 +33,6 @@
#define PLLMR0_DEFAULT PLLMR0_266_133_66
#define PLLMR1_DEFAULT PLLMR1_266_133_66
-/* new uImage format support */
-#define CONFIG_FIT_DISABLE_SHA256
-
#define CONFIG_ENV_IS_IN_FLASH /* use FLASH for environment vars */
/*
diff --git a/include/configs/neo.h b/include/configs/neo.h
index 9115e251b1b..1d8e13f0353 100644
--- a/include/configs/neo.h
+++ b/include/configs/neo.h
@@ -31,9 +31,6 @@
#define PLLMR0_DEFAULT PLLMR0_266_133_66_33
#define PLLMR1_DEFAULT PLLMR1_266_133_66_33
-/* new uImage format support */
-#define CONFIG_FIT_DISABLE_SHA256
-
#define CONFIG_ENV_IS_IN_FLASH /* use FLASH for environment vars */
/*
diff --git a/include/image.h b/include/image.h
index 3f26f9bd1f6..800426d51f9 100644
--- a/include/image.h
+++ b/include/image.h
@@ -29,6 +29,7 @@ struct lmb;
#define IMAGE_ENABLE_FIT 1
#define IMAGE_ENABLE_OF_LIBFDT 1
#define CONFIG_FIT_VERBOSE 1 /* enable fit_format_{error,warning}() */
+#define CONFIG_FIT_ENABLE_SHA256_SUPPORT
#define IMAGE_ENABLE_IGNORE 0
#define IMAGE_INDENT_STRING ""
@@ -62,9 +63,6 @@ struct lmb;
# ifdef CONFIG_SPL_SHA1_SUPPORT
# define IMAGE_ENABLE_SHA1 1
# endif
-# ifdef CONFIG_SPL_SHA256_SUPPORT
-# define IMAGE_ENABLE_SHA256 1
-# endif
# else
# define CONFIG_CRC32 /* FIT images need CRC32 support */
# define CONFIG_SHA1 /* and SHA1 */
@@ -72,14 +70,8 @@ struct lmb;
# define IMAGE_ENABLE_CRC32 1
# define IMAGE_ENABLE_MD5 1
# define IMAGE_ENABLE_SHA1 1
-# define IMAGE_ENABLE_SHA256 1
# endif
-#ifdef CONFIG_FIT_DISABLE_SHA256
-#undef CONFIG_SHA256
-#undef IMAGE_ENABLE_SHA256
-#endif
-
#ifndef IMAGE_ENABLE_CRC32
#define IMAGE_ENABLE_CRC32 0
#endif
@@ -92,7 +84,11 @@ struct lmb;
#define IMAGE_ENABLE_SHA1 0
#endif
-#ifndef IMAGE_ENABLE_SHA256
+#if defined(CONFIG_FIT_ENABLE_SHA256_SUPPORT) || \
+ defined(CONFIG_SPL_SHA256_SUPPORT)
+#define CONFIG_SHA256
+#define IMAGE_ENABLE_SHA256 1
+#else
#define IMAGE_ENABLE_SHA256 0
#endif
diff --git a/scripts/config_whitelist.txt b/scripts/config_whitelist.txt
index fa9c3fc8cbd..4ed76f3d66b 100644
--- a/scripts/config_whitelist.txt
+++ b/scripts/config_whitelist.txt
@@ -947,7 +947,6 @@ CONFIG_FFUART
CONFIG_FILE
CONFIG_FIRMWARE_OFFSET
CONFIG_FIRMWARE_SIZE
-CONFIG_FIT_DISABLE_SHA256
CONFIG_FIXED_PHY
CONFIG_FIXED_PHY_ADDR
CONFIG_FIXED_SDHCI_ALIGNED_BUFFER