diff mbox series

[U-Boot,RFC,05/15] include: image.h: export hash algorithm helper functions

Message ID 20190918012643.25192-6-takahiro.akashi@linaro.org
State RFC
Delegated to: Heinrich Schuchardt
Headers show
Series efi_loader: add secure boot support | expand

Commit Message

AKASHI Takahiro Sept. 18, 2019, 1:26 a.m. UTC
This commit allows us to use common/image-sig.c even if CONFIG_FIT
is disabled but CONFIG_EFI_LOADER is enabled.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
---
 include/image.h | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

Comments

Simon Glass Sept. 25, 2019, 8:42 p.m. UTC | #1
On Tue, 17 Sep 2019 at 19:23, AKASHI Takahiro
<takahiro.akashi@linaro.org> wrote:
>
> This commit allows us to use common/image-sig.c even if CONFIG_FIT
> is disabled but CONFIG_EFI_LOADER is enabled.
>
> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
> ---
>  include/image.h | 15 +++++++++------
>  1 file changed, 9 insertions(+), 6 deletions(-)

Reviewed-by: Simon Glass <sjg@chromium.org>

BTW I think it should be possible to remove these things in the header
file now. Please see below.

>
> diff --git a/include/image.h b/include/image.h
> index 685f5181c829..c9fe1d8eaed8 100644
> --- a/include/image.h
> +++ b/include/image.h
> @@ -53,7 +53,7 @@ struct fdt_region;
>
>  #endif /* USE_HOSTCC */
>
> -#if IMAGE_ENABLE_FIT
> +#if IMAGE_ENABLE_FIT || defined(CONFIG_EFI_SECURE_BOOT)
>  #include <hash.h>
>  #include <linux/libfdt.h>
>  #include <fdt_support.h>
> @@ -86,13 +86,14 @@ struct fdt_region;
>  #endif
>
>  #if defined(CONFIG_FIT_ENABLE_SHA256_SUPPORT) || \
> -       defined(CONFIG_SPL_SHA256_SUPPORT)
> +       defined(CONFIG_SPL_SHA256_SUPPORT) || \
> +       defined(CONFIG_EFI_SECURE_BOOT)
>  #define IMAGE_ENABLE_SHA256    1
>  #else
>  #define IMAGE_ENABLE_SHA256    0
>  #endif

We can probably use (in the C file):

if (IS_ENABLED(CONFIG_...) || IS_ENABLED(CONFIG_...) ...

>
> -#endif /* IMAGE_ENABLE_FIT */
> +#endif /* IMAGE_ENABLE_FIT || defined(CONFIG_EFI_SECURE_BOOT) */
>
>  #ifdef CONFIG_SYS_BOOT_GET_CMDLINE
>  # define IMAGE_BOOT_GET_CMDLINE                1
> @@ -1085,6 +1086,7 @@ int fit_conf_get_prop_node(const void *fit, int noffset,
>
>  int fit_check_ramdisk(const void *fit, int os_noffset,
>                 uint8_t arch, int verify);
> +#endif /* IMAGE_ENABLE_FIT */
>
>  int calculate_hash(const void *data, int data_len, const char *algo,
>                         uint8_t *value, int *value_len);
> @@ -1143,7 +1145,6 @@ struct image_sign_info {
>         const char *require_keys;       /* Value for 'required' property */
>         const char *engine_id;          /* Engine to use for signing */
>  };
> -#endif /* Allow struct image_region to always be defined for rsa.h */
>
>  /* A part of an image, used for hashing */
>  struct image_region {
> @@ -1151,7 +1152,7 @@ struct image_region {
>         int size;
>  };
>
> -#if IMAGE_ENABLE_FIT
> +#if IMAGE_ENABLE_FIT || defined(CONFIG_EFI_SECURE_BOOT)
>
>  #if IMAGE_ENABLE_VERIFY
>  # include <u-boot/rsa-checksum.h>
> @@ -1252,7 +1253,9 @@ struct crypto_algo *image_get_crypto_algo(const char *full_name);
>   * @return pointer to algorithm information, or NULL if not found
>   */
>  struct padding_algo *image_get_padding_algo(const char *name);
> +#endif /* IMAGE_ENABLE_FIT || defined(CONFIG_EFI_SECURE_BOOT) */
>
> +#if IMAGE_ENABLE_FIT
>  /**
>   * fit_image_verify_required_sigs() - Verify signatures marked as 'required'
>   *
> @@ -1328,7 +1331,7 @@ static inline int fit_image_check_target_arch(const void *fdt, int node)
>  #define fit_unsupported(msg)
>  #define fit_unsupported_reset(msg)
>  #endif /* CONFIG_FIT_VERBOSE */
> -#endif /* CONFIG_FIT */
> +#endif /* IMAGE_ENABLE_FIT */
>
>  #if defined(CONFIG_ANDROID_BOOT_IMAGE)
>  struct andr_img_hdr;
> --
> 2.21.0
>

Regards,
Simon
diff mbox series

Patch

diff --git a/include/image.h b/include/image.h
index 685f5181c829..c9fe1d8eaed8 100644
--- a/include/image.h
+++ b/include/image.h
@@ -53,7 +53,7 @@  struct fdt_region;
 
 #endif /* USE_HOSTCC */
 
-#if IMAGE_ENABLE_FIT
+#if IMAGE_ENABLE_FIT || defined(CONFIG_EFI_SECURE_BOOT)
 #include <hash.h>
 #include <linux/libfdt.h>
 #include <fdt_support.h>
@@ -86,13 +86,14 @@  struct fdt_region;
 #endif
 
 #if defined(CONFIG_FIT_ENABLE_SHA256_SUPPORT) || \
-	defined(CONFIG_SPL_SHA256_SUPPORT)
+	defined(CONFIG_SPL_SHA256_SUPPORT) || \
+	defined(CONFIG_EFI_SECURE_BOOT)
 #define IMAGE_ENABLE_SHA256	1
 #else
 #define IMAGE_ENABLE_SHA256	0
 #endif
 
-#endif /* IMAGE_ENABLE_FIT */
+#endif /* IMAGE_ENABLE_FIT || defined(CONFIG_EFI_SECURE_BOOT) */
 
 #ifdef CONFIG_SYS_BOOT_GET_CMDLINE
 # define IMAGE_BOOT_GET_CMDLINE		1
@@ -1085,6 +1086,7 @@  int fit_conf_get_prop_node(const void *fit, int noffset,
 
 int fit_check_ramdisk(const void *fit, int os_noffset,
 		uint8_t arch, int verify);
+#endif /* IMAGE_ENABLE_FIT */
 
 int calculate_hash(const void *data, int data_len, const char *algo,
 			uint8_t *value, int *value_len);
@@ -1143,7 +1145,6 @@  struct image_sign_info {
 	const char *require_keys;	/* Value for 'required' property */
 	const char *engine_id;		/* Engine to use for signing */
 };
-#endif /* Allow struct image_region to always be defined for rsa.h */
 
 /* A part of an image, used for hashing */
 struct image_region {
@@ -1151,7 +1152,7 @@  struct image_region {
 	int size;
 };
 
-#if IMAGE_ENABLE_FIT
+#if IMAGE_ENABLE_FIT || defined(CONFIG_EFI_SECURE_BOOT)
 
 #if IMAGE_ENABLE_VERIFY
 # include <u-boot/rsa-checksum.h>
@@ -1252,7 +1253,9 @@  struct crypto_algo *image_get_crypto_algo(const char *full_name);
  * @return pointer to algorithm information, or NULL if not found
  */
 struct padding_algo *image_get_padding_algo(const char *name);
+#endif /* IMAGE_ENABLE_FIT || defined(CONFIG_EFI_SECURE_BOOT) */
 
+#if IMAGE_ENABLE_FIT
 /**
  * fit_image_verify_required_sigs() - Verify signatures marked as 'required'
  *
@@ -1328,7 +1331,7 @@  static inline int fit_image_check_target_arch(const void *fdt, int node)
 #define fit_unsupported(msg)
 #define fit_unsupported_reset(msg)
 #endif /* CONFIG_FIT_VERBOSE */
-#endif /* CONFIG_FIT */
+#endif /* IMAGE_ENABLE_FIT */
 
 #if defined(CONFIG_ANDROID_BOOT_IMAGE)
 struct andr_img_hdr;