From patchwork Thu Aug 3 16:05:39 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Oleksandr Suvorov X-Patchwork-Id: 1816552 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=foundries.io header.i=@foundries.io header.a=rsa-sha256 header.s=google header.b=G97692aE; dkim-atps=neutral Received: from phobos.denx.de (phobos.denx.de [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4RGtxr6Mf8z1yds for ; Fri, 4 Aug 2023 02:06:24 +1000 (AEST) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 1CC4686CC8; Thu, 3 Aug 2023 18:06:01 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=foundries.io Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=foundries.io header.i=@foundries.io header.b="G97692aE"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 56F9086785; Thu, 3 Aug 2023 18:05:59 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.2 Received: from mail-lj1-x22d.google.com (mail-lj1-x22d.google.com [IPv6:2a00:1450:4864:20::22d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 95DD686C8A for ; Thu, 3 Aug 2023 18:05:55 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=foundries.io Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=oleksandr.suvorov@foundries.io Received: by mail-lj1-x22d.google.com with SMTP id 38308e7fff4ca-2b9c55e0fbeso17023541fa.2 for ; Thu, 03 Aug 2023 09:05:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=foundries.io; s=google; t=1691078754; x=1691683554; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=ZRYI3+x+mYoeQQl/qobOKyPOrSRPFLpudDfzaMR7eU0=; b=G97692aESP93w9OpnCdXPkrzGN9v106qFSTxanyW4I6vsUh7gDbKa2iBEXPMdDZhEB XntmfraiStNPaT3G9Y1mdo2wSROYwVotXpqkt2OqGB9L5H2seRQPKg0kcC6pw0Okkyrj x/USGG5cgzUGXcwjYhw0nVc3g2U684ModKgbPGs8vlbJLsVAy5FzXGCK5xqmp69iXjHy gsHx0R9hfeA/iV/uGifNOeKRjghZgv068y39h/zwjPpqb75KlA9wuPnWkSzGBqIKSzil x8GjQzpld8EOd9SyTzOFTAIRJiBg4urhiukMH2YL9k1XGJUlAaQJFSZwh1D95vVj7FrI BwLg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1691078754; x=1691683554; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=ZRYI3+x+mYoeQQl/qobOKyPOrSRPFLpudDfzaMR7eU0=; b=MIQUlK37Pi7HDpITZySuTLF9L47vFT59NEU7X6D+2nDWKRDlxJ4RZ/1SPuIOzrsLJy dVVNQuEjub+Sdcu/lZaCvbTOpEvJbVtmpjUrQ5J8jmMuuial22iapxCnS0LuFP6Vj5Py yrDeAumReLi7g1H8/zbCWG1D925TZ6DtJtRbZCbp/scUMwVmHZ0ptxrqRvtm42e6ANU+ OqJnfppNrx1eS9JxmcKB8GhlXvyGbcRu9iGwtKEN57eP5IztkomtihgFeGm2sFFxLaZh NKJgllf8d+KrjwH/btPCtdmSRR4nLnVrpRUiNYRpaNHdqhXnxkKsH4rPn1BpVIouQe1J 3WDQ== X-Gm-Message-State: ABy/qLbAjxrT7WhuX7lAVTapR0ERaamhMgdkIaZsUVu6T8wNXQcLj5S/ blaNkbGqNuS3avVto6aFrOhko9wb/A8cnwveyPE= X-Google-Smtp-Source: APBJJlGDgbWnQZnBsPX3dQqc7gbhRkvpQonRtsQ/HFm7tHPTP1DPh3+y/1EvO4neLB+QJqtPg9oMjA== X-Received: by 2002:a2e:998b:0:b0:2b4:6e21:637e with SMTP id w11-20020a2e998b000000b002b46e21637emr7657448lji.16.1691078754357; Thu, 03 Aug 2023 09:05:54 -0700 (PDT) Received: from localhost.localdomain ([194.104.22.162]) by smtp.gmail.com with ESMTPSA id c7-20020a17090603c700b00997e99a662bsm21854eja.20.2023.08.03.09.05.53 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 03 Aug 2023 09:05:53 -0700 (PDT) From: Oleksandr Suvorov To: u-boot@lists.denx.de Cc: Oleksandr Suvorov , Alexandru Gagniuc , Leo Yu-Chi Liang , Marek Vasut , Mayuresh Chitale , Nikita Shubin , =?utf-8?q?Pali_Roh=C3=A1r?= , Roger Quadros , Simon Glass , Stefan Roese Subject: [PATCH v2 1/2] spl: remove duplicate SPL_MD5 option Date: Thu, 3 Aug 2023 19:05:39 +0300 Message-Id: <20230803160541.734853-1-oleksandr.suvorov@foundries.io> X-Mailer: git-send-email 2.40.1 MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de X-Virus-Status: Clean There is another SPL_MD5 option defined in lib/Kconfig. Renaming SPL_MD5_SUPPORT introduced duplicate option with different description. As for now FIT and hash algorithm options are not related to each others, removing a duplicate option seems OK. Fixes: 4b00fd1a84c ("Kconfig: Rename SPL_MD5_SUPPORT to SPL_MD5") Signed-off-by: Oleksandr Suvorov --- (no changes since v1) common/spl/Kconfig | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/common/spl/Kconfig b/common/spl/Kconfig index bee231b583a..c66d70e2a99 100644 --- a/common/spl/Kconfig +++ b/common/spl/Kconfig @@ -561,18 +561,6 @@ config SPL_CRC32 for detected accidental image corruption. For secure applications you should consider SHA1 or SHA256. -config SPL_MD5 - bool "Support MD5" - depends on SPL_FIT - help - Enable this to support MD5 in FIT images within SPL. An MD5 - checksum is a 128-bit hash value used to check that the image - contents have not been corrupted. Note that MD5 is not considered - secure as it is possible (with a brute-force attack) to adjust the - image while still retaining the same MD5 hash value. For secure - applications where images may be changed maliciously, you should - consider SHA256 or SHA384. - config SPL_FIT_IMAGE_TINY bool "Remove functionality from SPL FIT loading to reduce size" depends on SPL_FIT From patchwork Thu Aug 3 16:05:40 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Oleksandr Suvorov X-Patchwork-Id: 1816553 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=foundries.io header.i=@foundries.io header.a=rsa-sha256 header.s=google header.b=MYBN5nSj; dkim-atps=neutral Received: from phobos.denx.de (phobos.denx.de [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4RGty60Kt1z1yZl for ; Fri, 4 Aug 2023 02:06:38 +1000 (AEST) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id D8E878662F; Thu, 3 Aug 2023 18:06:02 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=foundries.io Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=foundries.io header.i=@foundries.io header.b="MYBN5nSj"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 5C57F86CDB; Thu, 3 Aug 2023 18:06:01 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.2 Received: from mail-ej1-x629.google.com (mail-ej1-x629.google.com [IPv6:2a00:1450:4864:20::629]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id D1C6B86CD9 for ; Thu, 3 Aug 2023 18:05:56 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=foundries.io Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=oleksandr.suvorov@foundries.io Received: by mail-ej1-x629.google.com with SMTP id a640c23a62f3a-99bfcf4c814so161444666b.0 for ; Thu, 03 Aug 2023 09:05:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=foundries.io; s=google; t=1691078756; x=1691683556; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=DI0+T41M0+iVjGC+Fnc585sf0pXFHw1oMsB8AfRoeGM=; b=MYBN5nSj8YvFO5wJvyziToQn43jhzIbimYkwcpIc5Jg/HcVPzJ6oeZ+X9sHTQrtBps 3Y3mG7fbMrj5IFNBjK0zDa9dWwUU/W/hPcORx4ckea0YCt/3YLDJkyKn1L5oLtlBQwXo dpYZewgQmHDoPt4NUSqCj4XJlesm+7tfGlSaqh0cvuM3aOc9y+3idP2lM5Lo9eqmvw2W whgRepKZlA7Ua0Mlin9e3ajqAN30m9vqDKkYPLajhwhI5vbP/DF0e6bH2tlMHrtIp8ED SE4YUeP4xHvx7N+08XPDoPTRlK+wtJG+esAMMQCWdm7IGMZMP4zwkJM4eKJFZQukk840 olYw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1691078756; x=1691683556; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=DI0+T41M0+iVjGC+Fnc585sf0pXFHw1oMsB8AfRoeGM=; b=O6LZkW6XalW882O4GI2AQQn94SNxnxvz8UYdcQkQz4DGrxHVvH4jr6is0pCUYcDElh YYCi5DDFyvtZjj95DPjwfckGfiTbqaXh1WiJ/LPWHaYiMEdGi7ySy9shULx6Q89AqqA4 NrBODbfWil4kCojD4xh8lqbqCsXmeuY3koXHE+esQQ0aDeGqW5FRFEpTDY5sc46mYZHT cVtuQkTZuH2gstjjU9Bk+SO1CgjQ4aICIsBH3HI0HvE6b5EdJHwt77PbgKbSm3R+V2YV i6JA1Gcu4XD7LOK5KPXoXZ9Q/1HgTW+BIFd2Bap2uQtwHRObBTVL1TcF4vfeIaiivfIo /ZIg== X-Gm-Message-State: ABy/qLZgXa48e3q4LTQaaR29dhFbjK45a7CA0uwjYYQ/lpvHrjzGZfHC mwfSp47LCH1gei3u+s3Khi6/9Y1EUBgD9mtGB3A= X-Google-Smtp-Source: APBJJlGtKp+Ujn995o8u1l0HxhSc/u6qII1VaIaAHFp55vh4tq0OSE9/kuj7w++d29JuwO05tv/88g== X-Received: by 2002:a17:907:7841:b0:993:22a2:8158 with SMTP id lb1-20020a170907784100b0099322a28158mr8007965ejc.61.1691078756030; Thu, 03 Aug 2023 09:05:56 -0700 (PDT) Received: from localhost.localdomain ([194.104.22.162]) by smtp.gmail.com with ESMTPSA id c7-20020a17090603c700b00997e99a662bsm21854eja.20.2023.08.03.09.05.54 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 03 Aug 2023 09:05:55 -0700 (PDT) From: Oleksandr Suvorov To: u-boot@lists.denx.de Cc: Oleksandr Suvorov , Brandon Maier , Kautuk Consul , Leo Yu-Chi Liang , Marek Vasut , Mayuresh Chitale , Nikita Shubin , =?utf-8?q?Pali_Roh=C3=A1r?= , Patrick Delaunay , Roger Quadros , Simon Glass , Sjoerd Simons , Stefan Roese Subject: [PATCH v2 2/2] spl: move SPL_CRC32 option to lib/Kconfig Date: Thu, 3 Aug 2023 19:05:40 +0300 Message-Id: <20230803160541.734853-2-oleksandr.suvorov@foundries.io> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230803160541.734853-1-oleksandr.suvorov@foundries.io> References: <20230803160541.734853-1-oleksandr.suvorov@foundries.io> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de X-Virus-Status: Clean All SPL hash algorithm options are collected in lib/Kconfig. Move SPL_CRC32 there as well. Signed-off-by: Oleksandr Suvorov Reviewed-by: Simon Glass --- Changes in v2: - add a related commit to the series. common/spl/Kconfig | 11 ----------- lib/Kconfig | 11 +++++++++++ 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/common/spl/Kconfig b/common/spl/Kconfig index c66d70e2a99..c5dd476db58 100644 --- a/common/spl/Kconfig +++ b/common/spl/Kconfig @@ -550,17 +550,6 @@ config SYS_MMCSD_RAW_MODE_EMMC_BOOT_PARTITION the eMMC EXT_CSC_PART_CONFIG selection should be overridden in SPL by user defined partition number. -config SPL_CRC32 - bool "Support CRC32" - default y if SPL_LEGACY_IMAGE_FORMAT || SPL_EFI_PARTITION - default y if SPL_ENV_SUPPORT || TPL_BLOBLIST - help - Enable this to support CRC32 in uImages or FIT images within SPL. - This is a 32-bit checksum value that can be used to verify images. - For FIT images, this is the least secure type of checksum, suitable - for detected accidental image corruption. For secure applications you - should consider SHA1 or SHA256. - config SPL_FIT_IMAGE_TINY bool "Remove functionality from SPL FIT loading to reduce size" depends on SPL_FIT diff --git a/lib/Kconfig b/lib/Kconfig index 3926652db63..07e61de5b64 100644 --- a/lib/Kconfig +++ b/lib/Kconfig @@ -534,6 +534,17 @@ config SHA_HW_ACCEL if SPL +config SPL_CRC32 + bool "Enable CRC32 support in SPL" + default y if SPL_LEGACY_IMAGE_SUPPORT || SPL_EFI_PARTITION + default y if SPL_ENV_SUPPORT || TPL_BLOBLIST + help + This option enables support of hashing using CRC32 algorithm. + The CRC32 algorithm produces 32-bit checksum value. For FIT + images, this is the least secure type of checksum, suitable for + detected accidental image corruption. For secure applications you + should consider SHA256 or SHA384. + config SPL_SHA1 bool "Enable SHA1 support in SPL" default y if SHA1