diff options
| author | Alexandru Gagniuc <mr.nuke.me@gmail.com> | 2021-09-03 03:54:17 +0300 |
|---|---|---|
| committer | Tom Rini <trini@konsulko.com> | 2021-09-08 23:10:34 +0300 |
| commit | eb5171ddec9d3b04c2517b60e69dc707e92cf716 (patch) | |
| tree | e8dba362a7f14c30ac5a4f5f0b00b6eb0092a74f /common/spl | |
| parent | 1c02fd4686e7bc17b583b55cc6f2e3e83f38b381 (diff) | |
| download | u-boot-eb5171ddec9d3b04c2517b60e69dc707e92cf716.tar.xz | |
common: Remove unused CONFIG_FIT_SHAxxx selectors
Originally CONFIG_FIT_SHAxxx enabled specific SHA algos for and only
for hash_calculate() in common/image-fit.c. However, since commit
14f061dcb1 ("image: Drop IMAGE_ENABLE_SHAxxx"),
the correct selector was changed to CONFIG_SHAxxx.
The extra "_FIT_" variants are neither used, nor needed. Remove them.
One defconfig disables FIT_SHA256, which is now changed to 'SHA256'.
CMD_MVEBU_BUBT needs to select select SHA256 to avoid undefined
references to "sha256_*()". bubt.c needs sha256, so this selection is
correct. It is not clear why this problem did not manifest before.
Note that SHA selection in SPL is broken for this exact reason. There
is no corresponding SPL_SHAxxx. Fixing this is is beyond the scope of
this change.
Also note that we make CONFIG_FIT now imply SHA256, to make up for
FIT_SHA256 previously being a default y option.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
[trini: Add imply SHA256 to FIT]
Signed-off-by: Tom Rini <trini@konsulko.com>
Diffstat (limited to 'common/spl')
| -rw-r--r-- | common/spl/Kconfig | 42 |
1 files changed, 0 insertions, 42 deletions
diff --git a/common/spl/Kconfig b/common/spl/Kconfig index c155a3b5fc..d69d1fa5f7 100644 --- a/common/spl/Kconfig +++ b/common/spl/Kconfig @@ -439,48 +439,6 @@ config SPL_MD5 applications where images may be changed maliciously, you should consider SHA256 or SHA384. -config SPL_FIT_SHA1 - bool "Support SHA1" - depends on SPL_FIT - select SHA1 - help - Enable this to support SHA1 in FIT images within SPL. A SHA1 - checksum is a 160-bit (20-byte) hash value used to check that the - image contents have not been corrupted or maliciously altered. - While SHA1 is fairly secure it is coming to the end of its life - due to the expanding computing power available to brute-force - attacks. For more security, consider SHA256 or SHA384. - -config SPL_FIT_SHA256 - bool "Support SHA256" - depends on SPL_FIT - select SHA256 - help - Enable this to support SHA256 in FIT images within SPL. A SHA256 - checksum is a 256-bit (32-byte) hash value used to check that the - image contents have not been corrupted. - -config SPL_FIT_SHA384 - bool "Support SHA384" - depends on SPL_FIT - select SHA384 - select SHA512_ALGO - help - Enable this to support SHA384 in FIT images within SPL. A SHA384 - checksum is a 384-bit (48-byte) hash value used to check that the - image contents have not been corrupted. Use this for the highest - security. - -config SPL_FIT_SHA512 - bool "Support SHA512" - depends on SPL_FIT - select SHA512 - select SHA512_ALGO - help - Enable this to support SHA512 in FIT images within SPL. A SHA512 - checksum is a 512-bit (64-byte) hash value used to check that the - image contents have not been corrupted. - config SPL_FIT_IMAGE_TINY bool "Remove functionality from SPL FIT loading to reduce size" depends on SPL_FIT |