diff mbox series

[v8,1/3] lib: introduce HASH_CALCULATE option

Message ID 20210514005337.5243-2-masahisa.kojima@linaro.org
State Accepted
Commit 87316da05f2fd49d3709275e64ef0c5980366ade
Headers show
Series PE/COFF measurement support | expand

Commit Message

Masahisa Kojima May 14, 2021, 12:53 a.m. UTC
Build error occurs when CONFIG_EFI_SECURE_BOOT or
CONFIG_EFI_CAPSULE_AUTHENTICATE is enabled,
because hash-checksum.c is not compiled.

Since hash_calculate() implemented in hash-checksum.c can be
commonly used aside from FIT image signature verification,
this commit itroduces HASH_CALCULATE option to decide
if hash-checksum.c shall be compiled.

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>

---

(no changes since v7)

Changes in v7:
- newly introduce HASH_CALCULATE option

Changes in v6:
- update lib/Makefile to compile hash-checksum.c, instead of
  selecting FIT_SIGNATURE in secure boot and capsule authentication.

Changes in v5:
- Missing option for EFI_TCG2_PROTOROL already added in different commit.
  This commit adds FIT_SIGNATURE only.

Changes in v4:
- newly added in this patch series, due to rebasing
  the base code.

 common/Kconfig.boot    | 1 +
 lib/Kconfig            | 3 +++
 lib/Makefile           | 2 +-
 lib/efi_loader/Kconfig | 2 ++
 4 files changed, 7 insertions(+), 1 deletion(-)

-- 
2.17.1

Comments

Heinrich Schuchardt May 24, 2021, 1:25 p.m. UTC | #1
On 5/14/21 2:53 AM, Masahisa Kojima wrote:
> Build error occurs when CONFIG_EFI_SECURE_BOOT or

> CONFIG_EFI_CAPSULE_AUTHENTICATE is enabled,

> because hash-checksum.c is not compiled.

>

> Since hash_calculate() implemented in hash-checksum.c can be

> commonly used aside from FIT image signature verification,

> this commit itroduces HASH_CALCULATE option to decide

> if hash-checksum.c shall be compiled.

>

> Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>


This patch is already merged.

Best regards

Heinrich
diff mbox series

Patch

diff --git a/common/Kconfig.boot b/common/Kconfig.boot
index 5a18d62d78..56608226cc 100644
--- a/common/Kconfig.boot
+++ b/common/Kconfig.boot
@@ -80,6 +80,7 @@  config FIT_SIGNATURE
 	select RSA_VERIFY
 	select IMAGE_SIGN_INFO
 	select FIT_FULL_CHECK
+	select HASH_CALCULATE
 	help
 	  This option enables signature verification of FIT uImages,
 	  using a hash signed and verified using RSA. If
diff --git a/lib/Kconfig b/lib/Kconfig
index 6d2d41de30..df67eb0503 100644
--- a/lib/Kconfig
+++ b/lib/Kconfig
@@ -428,6 +428,9 @@  config CRC32C
 config XXHASH
 	bool
 
+config HASH_CALCULATE
+	bool
+
 endmenu
 
 menu "Compression Support"
diff --git a/lib/Makefile b/lib/Makefile
index 6825671955..0835ea292c 100644
--- a/lib/Makefile
+++ b/lib/Makefile
@@ -61,7 +61,7 @@  endif
 obj-$(CONFIG_$(SPL_)ACPIGEN) += acpi/
 obj-$(CONFIG_$(SPL_)MD5) += md5.o
 obj-$(CONFIG_$(SPL_)RSA) += rsa/
-obj-$(CONFIG_FIT_SIGNATURE) += hash-checksum.o
+obj-$(CONFIG_HASH_CALCULATE) += hash-checksum.o
 obj-$(CONFIG_SHA1) += sha1.o
 obj-$(CONFIG_SHA256) += sha256.o
 obj-$(CONFIG_SHA512_ALGO) += sha512.o
diff --git a/lib/efi_loader/Kconfig b/lib/efi_loader/Kconfig
index c259abe033..eb5c4d6f29 100644
--- a/lib/efi_loader/Kconfig
+++ b/lib/efi_loader/Kconfig
@@ -174,6 +174,7 @@  config EFI_CAPSULE_AUTHENTICATE
 	select PKCS7_MESSAGE_PARSER
 	select PKCS7_VERIFY
 	select IMAGE_SIGN_INFO
+	select HASH_CALCULATE
 	default n
 	help
 	  Select this option if you want to enable capsule
@@ -342,6 +343,7 @@  config EFI_SECURE_BOOT
 	select X509_CERTIFICATE_PARSER
 	select PKCS7_MESSAGE_PARSER
 	select PKCS7_VERIFY
+	select HASH_CALCULATE
 	default n
 	help
 	  Select this option to enable EFI secure boot support.