hash: Use Kconfig to enable hashing in host tools and SPL
At present when building host tools, we force CONFIG_SHAxxx to be enabled
regardless of the board Kconfig setting. This is done in the image.h
header file.
For SPL we currently just assume the algorithm is desired if U-Boot proper
enables it.
Clean this up by adding new Kconfig options to enable hashing on the host,
relying on CONFIG_IS_ENABLED() to deal with the different builds.
Add new SPL Kconfigs for hardware-accelerated hashing, to maintain the
current settings.
This allows us to drop the image.h code and the I_WANT_MD5 hack.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
diff --git a/common/hash.c b/common/hash.c
index 3884298..2b8e7a4 100644
--- a/common/hash.c
+++ b/common/hash.c
@@ -25,6 +25,7 @@
#else
#include "mkimage.h"
#include <time.h>
+#include <linux/kconfig.h>
#endif /* !USE_HOSTCC*/
#include <hash.h>
@@ -41,7 +42,7 @@
static void reloc_update(void);
-#if defined(CONFIG_SHA1) && !defined(CONFIG_SHA_PROG_HW_ACCEL)
+#if CONFIG_IS_ENABLED(SHA1) && !CONFIG_IS_ENABLED(SHA_PROG_HW_ACCEL)
static int hash_init_sha1(struct hash_algo *algo, void **ctxp)
{
sha1_context *ctx = malloc(sizeof(sha1_context));
@@ -69,7 +70,7 @@
}
#endif
-#if defined(CONFIG_SHA256) && !defined(CONFIG_SHA_PROG_HW_ACCEL)
+#if CONFIG_IS_ENABLED(SHA256) && !CONFIG_IS_ENABLED(SHA_PROG_HW_ACCEL)
static int hash_init_sha256(struct hash_algo *algo, void **ctxp)
{
sha256_context *ctx = malloc(sizeof(sha256_context));
@@ -97,7 +98,7 @@
}
#endif
-#if defined(CONFIG_SHA384) && !defined(CONFIG_SHA_PROG_HW_ACCEL)
+#if CONFIG_IS_ENABLED(SHA384) && !CONFIG_IS_ENABLED(SHA_PROG_HW_ACCEL)
static int hash_init_sha384(struct hash_algo *algo, void **ctxp)
{
sha512_context *ctx = malloc(sizeof(sha512_context));
@@ -125,7 +126,7 @@
}
#endif
-#if defined(CONFIG_SHA512) && !defined(CONFIG_SHA_PROG_HW_ACCEL)
+#if CONFIG_IS_ENABLED(SHA512) && !CONFIG_IS_ENABLED(SHA_PROG_HW_ACCEL)
static int hash_init_sha512(struct hash_algo *algo, void **ctxp)
{
sha512_context *ctx = malloc(sizeof(sha512_context));
@@ -207,18 +208,13 @@
return 0;
}
-#ifdef USE_HOSTCC
-# define I_WANT_MD5 1
-#else
-# define I_WANT_MD5 CONFIG_IS_ENABLED(MD5)
-#endif
/*
* These are the hash algorithms we support. If we have hardware acceleration
* is enable we will use that, otherwise a software version of the algorithm.
* Note that algorithm names must be in lower case.
*/
static struct hash_algo hash_algo[] = {
-#if I_WANT_MD5
+#if CONFIG_IS_ENABLED(MD5)
{
.name = "md5",
.digest_size = MD5_SUM_LEN,
@@ -226,17 +222,17 @@
.hash_func_ws = md5_wd,
},
#endif
-#ifdef CONFIG_SHA1
+#if CONFIG_IS_ENABLED(SHA1)
{
.name = "sha1",
.digest_size = SHA1_SUM_LEN,
.chunk_size = CHUNKSZ_SHA1,
-#ifdef CONFIG_SHA_HW_ACCEL
+#if CONFIG_IS_ENABLED(SHA_HW_ACCEL)
.hash_func_ws = hw_sha1,
#else
.hash_func_ws = sha1_csum_wd,
#endif
-#ifdef CONFIG_SHA_PROG_HW_ACCEL
+#if CONFIG_IS_ENABLED(SHA_PROG_HW_ACCEL)
.hash_init = hw_sha_init,
.hash_update = hw_sha_update,
.hash_finish = hw_sha_finish,
@@ -247,17 +243,17 @@
#endif
},
#endif
-#ifdef CONFIG_SHA256
+#if CONFIG_IS_ENABLED(SHA256)
{
.name = "sha256",
.digest_size = SHA256_SUM_LEN,
.chunk_size = CHUNKSZ_SHA256,
-#ifdef CONFIG_SHA_HW_ACCEL
+#if CONFIG_IS_ENABLED(SHA_HW_ACCEL)
.hash_func_ws = hw_sha256,
#else
.hash_func_ws = sha256_csum_wd,
#endif
-#ifdef CONFIG_SHA_PROG_HW_ACCEL
+#if CONFIG_IS_ENABLED(SHA_PROG_HW_ACCEL)
.hash_init = hw_sha_init,
.hash_update = hw_sha_update,
.hash_finish = hw_sha_finish,
@@ -268,17 +264,17 @@
#endif
},
#endif
-#ifdef CONFIG_SHA384
+#if CONFIG_IS_ENABLED(SHA384)
{
.name = "sha384",
.digest_size = SHA384_SUM_LEN,
.chunk_size = CHUNKSZ_SHA384,
-#ifdef CONFIG_SHA512_HW_ACCEL
+#if CONFIG_IS_ENABLED(SHA512_HW_ACCEL)
.hash_func_ws = hw_sha384,
#else
.hash_func_ws = sha384_csum_wd,
#endif
-#if defined(CONFIG_SHA512_HW_ACCEL) && defined(CONFIG_SHA_PROG_HW_ACCEL)
+#if CONFIG_IS_ENABLED(SHA512_HW_ACCEL) && CONFIG_IS_ENABLED(SHA_PROG_HW_ACCEL)
.hash_init = hw_sha_init,
.hash_update = hw_sha_update,
.hash_finish = hw_sha_finish,
@@ -289,17 +285,17 @@
#endif
},
#endif
-#ifdef CONFIG_SHA512
+#if CONFIG_IS_ENABLED(SHA512)
{
.name = "sha512",
.digest_size = SHA512_SUM_LEN,
.chunk_size = CHUNKSZ_SHA512,
-#ifdef CONFIG_SHA512_HW_ACCEL
+#if CONFIG_IS_ENABLED(SHA512_HW_ACCEL)
.hash_func_ws = hw_sha512,
#else
.hash_func_ws = sha512_csum_wd,
#endif
-#if defined(CONFIG_SHA512_HW_ACCEL) && defined(CONFIG_SHA_PROG_HW_ACCEL)
+#if CONFIG_IS_ENABLED(SHA512_HW_ACCEL) && CONFIG_IS_ENABLED(SHA_PROG_HW_ACCEL)
.hash_init = hw_sha_init,
.hash_update = hw_sha_update,
.hash_finish = hw_sha_finish,
@@ -331,9 +327,9 @@
};
/* Try to minimize code size for boards that don't want much hashing */
-#if defined(CONFIG_SHA256) || defined(CONFIG_CMD_SHA1SUM) || \
- defined(CONFIG_CRC32_VERIFY) || defined(CONFIG_CMD_HASH) || \
- defined(CONFIG_SHA384) || defined(CONFIG_SHA512)
+#if CONFIG_IS_ENABLED(SHA256) || CONFIG_IS_ENABLED(CMD_SHA1SUM) || \
+ CONFIG_IS_ENABLED(CRC32_VERIFY) || CONFIG_IS_ENABLED(CMD_HASH) || \
+ CONFIG_IS_ENABLED(SHA384) || CONFIG_IS_ENABLED(SHA512)
#define multi_hash() 1
#else
#define multi_hash() 0
@@ -438,7 +434,8 @@
return 0;
}
-#if defined(CONFIG_CMD_HASH) || defined(CONFIG_CMD_SHA1SUM) || defined(CONFIG_CMD_CRC32)
+#if !defined(CONFIG_SPL_BUILD) && (defined(CONFIG_CMD_HASH) || \
+ defined(CONFIG_CMD_SHA1SUM) || defined(CONFIG_CMD_CRC32))
/**
* store_result: Store the resulting sum to an address or variable
*
diff --git a/include/fdt_support.h b/include/fdt_support.h
index 72a5b90..88d129c 100644
--- a/include/fdt_support.h
+++ b/include/fdt_support.h
@@ -7,7 +7,7 @@
#ifndef __FDT_SUPPORT_H
#define __FDT_SUPPORT_H
-#ifdef CONFIG_OF_LIBFDT
+#if defined(CONFIG_OF_LIBFDT) && !defined(USE_HOSTCC)
#include <asm/u-boot.h>
#include <linux/libfdt.h>
diff --git a/include/hash.h b/include/hash.h
index 97bb3ed..cfafbe7 100644
--- a/include/hash.h
+++ b/include/hash.h
@@ -6,13 +6,17 @@
#ifndef _HASH_H
#define _HASH_H
+#ifdef USE_HOSTCC
+#include <linux/kconfig.h>
+#endif
+
struct cmd_tbl;
/*
* Maximum digest size for all algorithms we support. Having this value
* avoids a malloc() or C99 local declaration in common/cmd_hash.c.
*/
-#if defined(CONFIG_SHA384) || defined(CONFIG_SHA512)
+#if CONFIG_IS_ENABLED(SHA384) || CONFIG_IS_ENABLED(SHA512)
#define HASH_MAX_DIGEST_SIZE 64
#else
#define HASH_MAX_DIGEST_SIZE 32
diff --git a/include/image.h b/include/image.h
index 73a763a..03857f4 100644
--- a/include/image.h
+++ b/include/image.h
@@ -31,11 +31,6 @@
#define IMAGE_ENABLE_OF_LIBFDT 1
#define CONFIG_FIT_VERBOSE 1 /* enable fit_format_{error,warning}() */
#define CONFIG_FIT_RSASSA_PSS 1
-#define CONFIG_MD5
-#define CONFIG_SHA1
-#define CONFIG_SHA256
-#define CONFIG_SHA384
-#define CONFIG_SHA512
#define IMAGE_ENABLE_IGNORE 0
#define IMAGE_INDENT_STRING ""
diff --git a/lib/Kconfig b/lib/Kconfig
index 7899e75..64765ac 100644
--- a/lib/Kconfig
+++ b/lib/Kconfig
@@ -438,6 +438,24 @@
The SHA384 algorithm produces a 384-bit (48-byte) hash value
(digest).
+config SPL_SHA_HW_ACCEL
+ bool "Enable hardware acceleration for SHA hash functions"
+ default y if SHA_HW_ACCEL
+ help
+ This option enables hardware acceleration for the SHA1 and SHA256
+ hashing algorithms. This affects the 'hash' command and also the
+ hash_lookup_algo() function.
+
+config SPL_SHA_PROG_HW_ACCEL
+ bool "Enable Progressive hashing support using hardware in SPL"
+ depends on SHA_PROG_HW_ACCEL
+ default y
+ help
+ This option enables hardware-acceleration for SHA progressive
+ hashing.
+ Data can be streamed in a block at a time and the hashing is
+ performed in hardware.
+
endif
if SHA_HW_ACCEL
diff --git a/tools/Kconfig b/tools/Kconfig
index ea986ab..6ffc2c0 100644
--- a/tools/Kconfig
+++ b/tools/Kconfig
@@ -45,4 +45,29 @@
depends on TOOLS_FIT_SIGNATURE
default 0x10000000
+config TOOLS_MD5
+ def_bool y
+ help
+ Enable MD5 support in the tools builds
+
+config TOOLS_SHA1
+ def_bool y
+ help
+ Enable SHA1 support in the tools builds
+
+config TOOLS_SHA256
+ def_bool y
+ help
+ Enable SHA256 support in the tools builds
+
+config TOOLS_SHA384
+ def_bool y
+ help
+ Enable SHA384 support in the tools builds
+
+config TOOLS_SHA512
+ def_bool y
+ help
+ Enable SHA512 support in the tools builds
+
endmenu