diff options
-rw-r--r-- | Kconfig | 13 | ||||
-rw-r--r-- | README | 9 | ||||
-rw-r--r-- | configs/dlvision-10g_defconfig | 1 | ||||
-rw-r--r-- | configs/dlvision_defconfig | 1 | ||||
-rw-r--r-- | configs/h2200_defconfig | 1 | ||||
-rw-r--r-- | configs/io_defconfig | 1 | ||||
-rw-r--r-- | configs/iocon_defconfig | 1 | ||||
-rw-r--r-- | configs/neo_defconfig | 1 | ||||
-rw-r--r-- | include/configs/dlvision-10g.h | 3 | ||||
-rw-r--r-- | include/configs/dlvision.h | 3 | ||||
-rw-r--r-- | include/configs/h2200.h | 1 | ||||
-rw-r--r-- | include/configs/io.h | 3 | ||||
-rw-r--r-- | include/configs/iocon.h | 3 | ||||
-rw-r--r-- | include/configs/neo.h | 3 | ||||
-rw-r--r-- | include/image.h | 16 | ||||
-rw-r--r-- | scripts/config_whitelist.txt | 1 |
16 files changed, 25 insertions, 36 deletions
@@ -157,6 +157,19 @@ config FIT if FIT +config FIT_ENABLE_SHA256_SUPPORT + bool "Support SHA256 checksum of FIT image contents" + default y + help + Enable this to support SHA256 checksum of FIT image contents. A + SHA256 checksum is a 256-bit (32-byte) hash value used to check that + the image contents have not been corrupted. SHA256 is recommended + for use in secure applications since (as at 2016) there is no known + feasible attack that could produce a 'collision' with differing + input data. Use this for the highest security. Note that only the + SHA256 variant is supported: SHA512 and others are not currently + supported in U-Boot. + config FIT_SIGNATURE bool "Enable signature verification of FIT uImages" depends on DM @@ -2973,15 +2973,6 @@ FIT uImage format: This define is introduced, as the legacy image format is enabled per default for backward compatibility. -- FIT image support: - CONFIG_FIT_DISABLE_SHA256 - Supporting SHA256 hashes has quite an impact on binary size. - For constrained systems sha256 hash support can be disabled - with this option. - - TODO(sjg@chromium.org): Adjust this option to be positive, - and move it to Kconfig - - Standalone program support: CONFIG_STANDALONE_LOAD_ADDR diff --git a/configs/dlvision-10g_defconfig b/configs/dlvision-10g_defconfig index c3574e19964..44f7527a9ce 100644 --- a/configs/dlvision-10g_defconfig +++ b/configs/dlvision-10g_defconfig @@ -3,6 +3,7 @@ CONFIG_IDENT_STRING=" dlvision-10g 0.06" CONFIG_4xx=y CONFIG_TARGET_DLVISION_10G=y CONFIG_FIT=y +# CONFIG_FIT_ENABLE_SHA256_SUPPORT is not set CONFIG_FIT_VERBOSE=y CONFIG_OF_BOARD_SETUP=y CONFIG_BOOTDELAY=5 diff --git a/configs/dlvision_defconfig b/configs/dlvision_defconfig index f9f07ee8f12..4dd09a2af8d 100644 --- a/configs/dlvision_defconfig +++ b/configs/dlvision_defconfig @@ -3,6 +3,7 @@ CONFIG_IDENT_STRING=" dlvision 0.02" CONFIG_4xx=y CONFIG_TARGET_DLVISION=y CONFIG_FIT=y +# CONFIG_FIT_ENABLE_SHA256_SUPPORT is not set CONFIG_FIT_VERBOSE=y CONFIG_OF_BOARD_SETUP=y CONFIG_BOOTDELAY=5 diff --git a/configs/h2200_defconfig b/configs/h2200_defconfig index b85ed598066..9d3698c5559 100644 --- a/configs/h2200_defconfig +++ b/configs/h2200_defconfig @@ -1,6 +1,7 @@ CONFIG_ARM=y CONFIG_TARGET_H2200=y CONFIG_FIT=y +# CONFIG_FIT_ENABLE_SHA256_SUPPORT is not set CONFIG_SYS_CONSOLE_IS_IN_ENV=y # CONFIG_DISPLAY_CPUINFO is not set # CONFIG_DISPLAY_BOARDINFO is not set diff --git a/configs/io_defconfig b/configs/io_defconfig index 5dca2b121c8..27edc5976b2 100644 --- a/configs/io_defconfig +++ b/configs/io_defconfig @@ -3,6 +3,7 @@ CONFIG_IDENT_STRING=" io 0.06" CONFIG_4xx=y CONFIG_TARGET_IO=y CONFIG_FIT=y +# CONFIG_FIT_ENABLE_SHA256_SUPPORT is not set CONFIG_FIT_VERBOSE=y CONFIG_OF_BOARD_SETUP=y CONFIG_BOOTDELAY=5 diff --git a/configs/iocon_defconfig b/configs/iocon_defconfig index c74df944a6a..2529181620d 100644 --- a/configs/iocon_defconfig +++ b/configs/iocon_defconfig @@ -3,6 +3,7 @@ CONFIG_IDENT_STRING=" iocon 0.06" CONFIG_4xx=y CONFIG_TARGET_IOCON=y CONFIG_FIT=y +# CONFIG_FIT_ENABLE_SHA256_SUPPORT is not set CONFIG_OF_BOARD_SETUP=y CONFIG_BOOTDELAY=5 CONFIG_SYS_CONSOLE_INFO_QUIET=y diff --git a/configs/neo_defconfig b/configs/neo_defconfig index fbb2da47f0a..1bf5151baad 100644 --- a/configs/neo_defconfig +++ b/configs/neo_defconfig @@ -3,6 +3,7 @@ CONFIG_IDENT_STRING=" neo 0.02" CONFIG_4xx=y CONFIG_TARGET_NEO=y CONFIG_FIT=y +# CONFIG_FIT_ENABLE_SHA256_SUPPORT is not set CONFIG_FIT_VERBOSE=y CONFIG_OF_BOARD_SETUP=y CONFIG_BOOTDELAY=5 diff --git a/include/configs/dlvision-10g.h b/include/configs/dlvision-10g.h index e32651f5411..c5e227650e5 100644 --- a/include/configs/dlvision-10g.h +++ b/include/configs/dlvision-10g.h @@ -31,9 +31,6 @@ #define PLLMR0_DEFAULT PLLMR0_266_133_66 #define PLLMR1_DEFAULT PLLMR1_266_133_66 -/* new uImage format support */ -#define CONFIG_FIT_DISABLE_SHA256 - #define CONFIG_ENV_IS_IN_FLASH /* use FLASH for environment vars */ /* diff --git a/include/configs/dlvision.h b/include/configs/dlvision.h index 2b7d62b0348..f8d390ba33a 100644 --- a/include/configs/dlvision.h +++ b/include/configs/dlvision.h @@ -29,9 +29,6 @@ #define PLLMR0_DEFAULT PLLMR0_266_133_66_33 #define PLLMR1_DEFAULT PLLMR1_266_133_66_33 -/* new uImage format support */ -#define CONFIG_FIT_DISABLE_SHA256 - #define CONFIG_ENV_IS_IN_FLASH /* use FLASH for environment vars */ /* diff --git a/include/configs/h2200.h b/include/configs/h2200.h index d8724f86a73..530a88e9e1a 100644 --- a/include/configs/h2200.h +++ b/include/configs/h2200.h @@ -109,7 +109,6 @@ #define CONFIG_SYS_BAUDRATE_TABLE { 9600, 38400, 115200 } -#define CONFIG_FIT_DISABLE_SHA256 #define CONFIG_SETUP_MEMORY_TAGS #define CONFIG_CMDLINE_TAG #define CONFIG_INITRD_TAG diff --git a/include/configs/io.h b/include/configs/io.h index 3e44a8c6075..ee2b52a7ede 100644 --- a/include/configs/io.h +++ b/include/configs/io.h @@ -31,9 +31,6 @@ #define PLLMR0_DEFAULT PLLMR0_266_133_66 #define PLLMR1_DEFAULT PLLMR1_266_133_66 -/* new uImage format support */ -#define CONFIG_FIT_DISABLE_SHA256 - #define CONFIG_ENV_IS_IN_FLASH /* use FLASH for environment vars */ /* diff --git a/include/configs/iocon.h b/include/configs/iocon.h index 9c3be78bc73..afa69942e84 100644 --- a/include/configs/iocon.h +++ b/include/configs/iocon.h @@ -33,9 +33,6 @@ #define PLLMR0_DEFAULT PLLMR0_266_133_66 #define PLLMR1_DEFAULT PLLMR1_266_133_66 -/* new uImage format support */ -#define CONFIG_FIT_DISABLE_SHA256 - #define CONFIG_ENV_IS_IN_FLASH /* use FLASH for environment vars */ /* diff --git a/include/configs/neo.h b/include/configs/neo.h index 9115e251b1b..1d8e13f0353 100644 --- a/include/configs/neo.h +++ b/include/configs/neo.h @@ -31,9 +31,6 @@ #define PLLMR0_DEFAULT PLLMR0_266_133_66_33 #define PLLMR1_DEFAULT PLLMR1_266_133_66_33 -/* new uImage format support */ -#define CONFIG_FIT_DISABLE_SHA256 - #define CONFIG_ENV_IS_IN_FLASH /* use FLASH for environment vars */ /* diff --git a/include/image.h b/include/image.h index 3f26f9bd1f6..800426d51f9 100644 --- a/include/image.h +++ b/include/image.h @@ -29,6 +29,7 @@ struct lmb; #define IMAGE_ENABLE_FIT 1 #define IMAGE_ENABLE_OF_LIBFDT 1 #define CONFIG_FIT_VERBOSE 1 /* enable fit_format_{error,warning}() */ +#define CONFIG_FIT_ENABLE_SHA256_SUPPORT #define IMAGE_ENABLE_IGNORE 0 #define IMAGE_INDENT_STRING "" @@ -62,9 +63,6 @@ struct lmb; # ifdef CONFIG_SPL_SHA1_SUPPORT # define IMAGE_ENABLE_SHA1 1 # endif -# ifdef CONFIG_SPL_SHA256_SUPPORT -# define IMAGE_ENABLE_SHA256 1 -# endif # else # define CONFIG_CRC32 /* FIT images need CRC32 support */ # define CONFIG_SHA1 /* and SHA1 */ @@ -72,14 +70,8 @@ struct lmb; # define IMAGE_ENABLE_CRC32 1 # define IMAGE_ENABLE_MD5 1 # define IMAGE_ENABLE_SHA1 1 -# define IMAGE_ENABLE_SHA256 1 # endif -#ifdef CONFIG_FIT_DISABLE_SHA256 -#undef CONFIG_SHA256 -#undef IMAGE_ENABLE_SHA256 -#endif - #ifndef IMAGE_ENABLE_CRC32 #define IMAGE_ENABLE_CRC32 0 #endif @@ -92,7 +84,11 @@ struct lmb; #define IMAGE_ENABLE_SHA1 0 #endif -#ifndef IMAGE_ENABLE_SHA256 +#if defined(CONFIG_FIT_ENABLE_SHA256_SUPPORT) || \ + defined(CONFIG_SPL_SHA256_SUPPORT) +#define CONFIG_SHA256 +#define IMAGE_ENABLE_SHA256 1 +#else #define IMAGE_ENABLE_SHA256 0 #endif diff --git a/scripts/config_whitelist.txt b/scripts/config_whitelist.txt index fa9c3fc8cbd..4ed76f3d66b 100644 --- a/scripts/config_whitelist.txt +++ b/scripts/config_whitelist.txt @@ -947,7 +947,6 @@ CONFIG_FFUART CONFIG_FILE CONFIG_FIRMWARE_OFFSET CONFIG_FIRMWARE_SIZE -CONFIG_FIT_DISABLE_SHA256 CONFIG_FIXED_PHY CONFIG_FIXED_PHY_ADDR CONFIG_FIXED_SDHCI_ALIGNED_BUFFER |