@@ -35,34 +35,6 @@ config FIT_EXTERNAL_OFFSET
could be put in the hole between data payload and fit image
header, such as CSF data on i.MX platform.
-config FIT_SHA256
- bool "Support SHA256 checksum of FIT image contents"
- default y
- select SHA256
- help
- Enable this to support SHA256 checksum of FIT image contents. A
- SHA256 checksum is a 256-bit (32-byte) hash value used to check that
- the image contents have not been corrupted.
-
-config FIT_SHA384
- bool "Support SHA384 checksum of FIT image contents"
- default n
- select SHA384
- help
- Enable this to support SHA384 checksum of FIT image contents. A
- SHA384 checksum is a 384-bit (48-byte) hash value used to check that
- the image contents have not been corrupted. Use this for the highest
- security.
-
-config FIT_SHA512
- bool "Support SHA512 checksum of FIT image contents"
- default n
- select SHA512
- help
- Enable this to support SHA512 checksum of FIT image contents. A
- SHA512 checksum is a 512-bit (64-byte) hash value used to check that
- the image contents have not been corrupted.
-
config FIT_FULL_CHECK
bool "Do a full check of the FIT before using it"
default y
@@ -439,48 +439,6 @@ config SPL_MD5
applications where images may be changed maliciously, you should
consider SHA256 or SHA384.
-config SPL_FIT_SHA1
- bool "Support SHA1"
- depends on SPL_FIT
- select SHA1
- help
- Enable this to support SHA1 in FIT images within SPL. A SHA1
- checksum is a 160-bit (20-byte) hash value used to check that the
- image contents have not been corrupted or maliciously altered.
- While SHA1 is fairly secure it is coming to the end of its life
- due to the expanding computing power available to brute-force
- attacks. For more security, consider SHA256 or SHA384.
-
-config SPL_FIT_SHA256
- bool "Support SHA256"
- depends on SPL_FIT
- select SHA256
- help
- Enable this to support SHA256 in FIT images within SPL. A SHA256
- checksum is a 256-bit (32-byte) hash value used to check that the
- image contents have not been corrupted.
-
-config SPL_FIT_SHA384
- bool "Support SHA384"
- depends on SPL_FIT
- select SHA384
- select SHA512_ALGO
- help
- Enable this to support SHA384 in FIT images within SPL. A SHA384
- checksum is a 384-bit (48-byte) hash value used to check that the
- image contents have not been corrupted. Use this for the highest
- security.
-
-config SPL_FIT_SHA512
- bool "Support SHA512"
- depends on SPL_FIT
- select SHA512
- select SHA512_ALGO
- help
- Enable this to support SHA512 in FIT images within SPL. A SHA512
- checksum is a 512-bit (64-byte) hash value used to check that the
- image contents have not been corrupted.
-
config SPL_FIT_IMAGE_TINY
bool "Remove functionality from SPL FIT loading to reduce size"
depends on SPL_FIT
@@ -13,7 +13,7 @@ CONFIG_DEBUG_UART_CLOCK=26000000
# CONFIG_PSCI_RESET is not set
CONFIG_DEBUG_UART=y
CONFIG_FIT=y
-# CONFIG_FIT_SHA256 is not set
+# CONFIG_SHA256 is not set
# CONFIG_ARCH_FIXUP_FDT_MEMORY is not set
CONFIG_DEFAULT_FDT_FILE="mt8516-pumpkin"
# CONFIG_DISPLAY_BOARDINFO is not set
@@ -31,9 +31,6 @@ struct fdt_region;
#define IMAGE_ENABLE_OF_LIBFDT 1
#define CONFIG_FIT_VERBOSE 1 /* enable fit_format_{error,warning}() */
#define CONFIG_FIT_RSASSA_PSS 1
-#define CONFIG_FIT_SHA256
-#define CONFIG_FIT_SHA384
-#define CONFIG_FIT_SHA512
#define CONFIG_SHA1
#define CONFIG_SHA256
#define CONFIG_SHA384
Originally CONFIG_FIT_SHAxxx enabled specific SHA algos for and only for has_calculate() in common/image-fit.c. However, since commit 14f061dcb1 ("image: Drop IMAGE_ENABLE_SHAxxx"), the correct selector was changed to CONFIG_SHAxxx. The extra "_FIT_" variants are neither used, nor needed. Remove them. One defconfig disables FIT_SHA256, which is now changed to 'SHA256'. Note that SHA selection in SPL is broken for this exact reason. There is no corresponding SPL_SHAxxx. Fixing this is is beyond the scope of this change. Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com> --- common/Kconfig.boot | 28 --------------------- common/spl/Kconfig | 42 -------------------------------- configs/mt8516_pumpkin_defconfig | 2 +- include/image.h | 3 --- 4 files changed, 1 insertion(+), 74 deletions(-)