[v5,05/29] hash: Use Kconfig to enable hashing in host tools and SPL

At present when building host tools, we force CONFIG_SHAxxx to be enabled
regardless of the board Kconfig setting. This is done in the image.h
header file.

For SPL we currently just assume the algorithm is desired if U-Boot proper
enables it.

Clean this up by adding new Kconfig options to enable hashing on the host,
relying on CONFIG_IS_ENABLED() to deal with the different builds.

Add new SPL Kconfigs for hardware-accelerated hashing, to maintain the
current settings.

This allows us to drop the image.h code and the I_WANT_MD5 hack.

Signed-off-by: Simon Glass <sjg@chromium.org>
---

Changes in v5:
- Drop I_WANT_MD5
- Use TOOLS_ instead of HOST_

Changes in v2:
- Add SPL_ Kconfigs also, since otherwise hashing algorithms drop from SPL

 common/hash.c   | 49 +++++++++++++++++++++++--------------------------
 include/image.h |  5 -----
 lib/Kconfig     | 18 ++++++++++++++++++
 tools/Kconfig   | 25 +++++++++++++++++++++++++
 4 files changed, 66 insertions(+), 31 deletions(-)

Hi Simon

On 9/25/21 8:43 PM, Simon Glass wrote:
> At present when building host tools, we force CONFIG_SHAxxx to be enabled
> regardless of the board Kconfig setting. This is done in the image.h
> header file.
> 
> For SPL we currently just assume the algorithm is desired if U-Boot proper
> enables it.
> 
> Clean this up by adding new Kconfig options to enable hashing on the host,
> relying on CONFIG_IS_ENABLED() to deal with the different builds.
> 
> Add new SPL Kconfigs for hardware-accelerated hashing, to maintain the
> current settings.
> 
> This allows us to drop the image.h code and the I_WANT_MD5 hack.
> 
> Signed-off-by: Simon Glass <sjg@chromium.org>
> ---
> 
> Changes in v5:
> - Drop I_WANT_MD5
> - Use TOOLS_ instead of HOST_
> 
I was planning to move hash algos to a linker list for target code, and 
a simple, ifdef-free list for the host, like we've done for crypto 
algos, and I think padding algos.

We'd be able to drop #define I_WANT_MD5 (which is temporary), and drop 
define CONFIG_SHA_*, and by extension, drop the need for 
CONFIG_TOOLS_SHA*. I think that's far more elegant.

Alex

> Changes in v2:
> - Add SPL_ Kconfigs also, since otherwise hashing algorithms drop from SPL
> 
>   common/hash.c   | 49 +++++++++++++++++++++++--------------------------
>   include/image.h |  5 -----
>   lib/Kconfig     | 18 ++++++++++++++++++
>   tools/Kconfig   | 25 +++++++++++++++++++++++++
>   4 files changed, 66 insertions(+), 31 deletions(-)
> 
> diff --git a/common/hash.c b/common/hash.c
> index 6277fe65b3e..0fe65c959d0 100644
> --- a/common/hash.c
> +++ b/common/hash.c
> @@ -25,6 +25,7 @@
>   #else
>   #include "mkimage.h"
>   #include <time.h>
> +#include <linux/kconfig.h>
>   #endif /* !USE_HOSTCC*/
>   
>   #include <hash.h>
> @@ -41,7 +42,7 @@ DECLARE_GLOBAL_DATA_PTR;
>   
>   static void reloc_update(void);
>   
> -#if defined(CONFIG_SHA1) && !defined(CONFIG_SHA_PROG_HW_ACCEL)
> +#if CONFIG_IS_ENABLED(SHA1) && !CONFIG_IS_ENABLED(SHA_PROG_HW_ACCEL)
>   static int hash_init_sha1(struct hash_algo *algo, void **ctxp)
>   {
>   	sha1_context *ctx = malloc(sizeof(sha1_context));
> @@ -69,7 +70,7 @@ static int hash_finish_sha1(struct hash_algo *algo, void *ctx, void *dest_buf,
>   }
>   #endif
>   
> -#if defined(CONFIG_SHA256) && !defined(CONFIG_SHA_PROG_HW_ACCEL)
> +#if CONFIG_IS_ENABLED(SHA256) && !CONFIG_IS_ENABLED(SHA_PROG_HW_ACCEL)
>   static int hash_init_sha256(struct hash_algo *algo, void **ctxp)
>   {
>   	sha256_context *ctx = malloc(sizeof(sha256_context));
> @@ -97,7 +98,7 @@ static int hash_finish_sha256(struct hash_algo *algo, void *ctx, void
>   }
>   #endif
>   
> -#if defined(CONFIG_SHA384) && !defined(CONFIG_SHA_PROG_HW_ACCEL)
> +#if CONFIG_IS_ENABLED(SHA384) && !CONFIG_IS_ENABLED(SHA_PROG_HW_ACCEL)
>   static int hash_init_sha384(struct hash_algo *algo, void **ctxp)
>   {
>   	sha512_context *ctx = malloc(sizeof(sha512_context));
> @@ -125,7 +126,7 @@ static int hash_finish_sha384(struct hash_algo *algo, void *ctx, void
>   }
>   #endif
>   
> -#if defined(CONFIG_SHA512) && !defined(CONFIG_SHA_PROG_HW_ACCEL)
> +#if CONFIG_IS_ENABLED(SHA512) && !CONFIG_IS_ENABLED(SHA_PROG_HW_ACCEL)
>   static int hash_init_sha512(struct hash_algo *algo, void **ctxp)
>   {
>   	sha512_context *ctx = malloc(sizeof(sha512_context));
> @@ -207,18 +208,13 @@ static int hash_finish_crc32(struct hash_algo *algo, void *ctx, void *dest_buf,
>   	return 0;
>   }
>   
> -#ifdef USE_HOSTCC
> -# define I_WANT_MD5	1
> -#else
> -# define I_WANT_MD5	CONFIG_IS_ENABLED(MD5)
> -#endif
>   /*
>    * These are the hash algorithms we support.  If we have hardware acceleration
>    * is enable we will use that, otherwise a software version of the algorithm.
>    * Note that algorithm names must be in lower case.
>    */
>   static struct hash_algo hash_algo[] = {
> -#if I_WANT_MD5
> +#if CONFIG_IS_ENABLED(MD5)
>   	{
>   		.name		= "md5",
>   		.digest_size	= MD5_SUM_LEN,
> @@ -226,17 +222,17 @@ static struct hash_algo hash_algo[] = {
>   		.hash_func_ws	= md5_wd,
>   	},
>   #endif
> -#ifdef CONFIG_SHA1
> +#if CONFIG_IS_ENABLED(SHA1)
>   	{
>   		.name 		= "sha1",
>   		.digest_size	= SHA1_SUM_LEN,
>   		.chunk_size	= CHUNKSZ_SHA1,
> -#ifdef CONFIG_SHA_HW_ACCEL
> +#if CONFIG_IS_ENABLED(SHA_HW_ACCEL)
>   		.hash_func_ws	= hw_sha1,
>   #else
>   		.hash_func_ws	= sha1_csum_wd,
>   #endif
> -#ifdef CONFIG_SHA_PROG_HW_ACCEL
> +#if CONFIG_IS_ENABLED(SHA_PROG_HW_ACCEL)
>   		.hash_init	= hw_sha_init,
>   		.hash_update	= hw_sha_update,
>   		.hash_finish	= hw_sha_finish,
> @@ -247,17 +243,17 @@ static struct hash_algo hash_algo[] = {
>   #endif
>   	},
>   #endif
> -#ifdef CONFIG_SHA256
> +#if CONFIG_IS_ENABLED(SHA256)
>   	{
>   		.name		= "sha256",
>   		.digest_size	= SHA256_SUM_LEN,
>   		.chunk_size	= CHUNKSZ_SHA256,
> -#ifdef CONFIG_SHA_HW_ACCEL
> +#if CONFIG_IS_ENABLED(SHA_HW_ACCEL)
>   		.hash_func_ws	= hw_sha256,
>   #else
>   		.hash_func_ws	= sha256_csum_wd,
>   #endif
> -#ifdef CONFIG_SHA_PROG_HW_ACCEL
> +#if CONFIG_IS_ENABLED(SHA_PROG_HW_ACCEL)
>   		.hash_init	= hw_sha_init,
>   		.hash_update	= hw_sha_update,
>   		.hash_finish	= hw_sha_finish,
> @@ -268,17 +264,17 @@ static struct hash_algo hash_algo[] = {
>   #endif
>   	},
>   #endif
> -#ifdef CONFIG_SHA384
> +#if CONFIG_IS_ENABLED(SHA384)
>   	{
>   		.name		= "sha384",
>   		.digest_size	= SHA384_SUM_LEN,
>   		.chunk_size	= CHUNKSZ_SHA384,
> -#ifdef CONFIG_SHA512_HW_ACCEL
> +#if CONFIG_IS_ENABLED(SHA512_HW_ACCEL)
>   		.hash_func_ws	= hw_sha384,
>   #else
>   		.hash_func_ws	= sha384_csum_wd,
>   #endif
> -#if defined(CONFIG_SHA512_HW_ACCEL) && defined(CONFIG_SHA_PROG_HW_ACCEL)
> +#if CONFIG_IS_ENABLED(SHA512_HW_ACCEL) && CONFIG_IS_ENABLED(SHA_PROG_HW_ACCEL)
>   		.hash_init	= hw_sha_init,
>   		.hash_update	= hw_sha_update,
>   		.hash_finish	= hw_sha_finish,
> @@ -289,17 +285,17 @@ static struct hash_algo hash_algo[] = {
>   #endif
>   	},
>   #endif
> -#ifdef CONFIG_SHA512
> +#if CONFIG_IS_ENABLED(SHA512)
>   	{
>   		.name		= "sha512",
>   		.digest_size	= SHA512_SUM_LEN,
>   		.chunk_size	= CHUNKSZ_SHA512,
> -#ifdef CONFIG_SHA512_HW_ACCEL
> +#if CONFIG_IS_ENABLED(SHA512_HW_ACCEL)
>   		.hash_func_ws	= hw_sha512,
>   #else
>   		.hash_func_ws	= sha512_csum_wd,
>   #endif
> -#if defined(CONFIG_SHA512_HW_ACCEL) && defined(CONFIG_SHA_PROG_HW_ACCEL)
> +#if CONFIG_IS_ENABLED(SHA512_HW_ACCEL) && CONFIG_IS_ENABLED(SHA_PROG_HW_ACCEL)
>   		.hash_init	= hw_sha_init,
>   		.hash_update	= hw_sha_update,
>   		.hash_finish	= hw_sha_finish,
> @@ -331,9 +327,9 @@ static struct hash_algo hash_algo[] = {
>   };
>   
>   /* Try to minimize code size for boards that don't want much hashing */
> -#if defined(CONFIG_SHA256) || defined(CONFIG_CMD_SHA1SUM) || \
> -	defined(CONFIG_CRC32_VERIFY) || defined(CONFIG_CMD_HASH) || \
> -	defined(CONFIG_SHA384) || defined(CONFIG_SHA512)
> +#if CONFIG_IS_ENABLED(SHA256) || CONFIG_IS_ENABLED(CMD_SHA1SUM) || \
> +	CONFIG_IS_ENABLED(CRC32_VERIFY) || CONFIG_IS_ENABLED(CMD_HASH) || \
> +	CONFIG_IS_ENABLED(SHA384) || CONFIG_IS_ENABLED(SHA512)
>   #define multi_hash()	1
>   #else
>   #define multi_hash()	0
> @@ -438,7 +434,8 @@ int hash_block(const char *algo_name, const void *data, unsigned int len,
>   	return 0;
>   }
>   
> -#if defined(CONFIG_CMD_HASH) || defined(CONFIG_CMD_SHA1SUM) || defined(CONFIG_CMD_CRC32)
> +#if !defined(CONFIG_SPL_BUILD) && (defined(CONFIG_CMD_HASH) || \
> +	defined(CONFIG_CMD_SHA1SUM) || defined(CONFIG_CMD_CRC32))
>   /**
>    * store_result: Store the resulting sum to an address or variable
>    *
> diff --git a/include/image.h b/include/image.h
> index 73a763a6936..03857f4b500 100644
> --- a/include/image.h
> +++ b/include/image.h
> @@ -31,11 +31,6 @@ struct fdt_region;
>   #define IMAGE_ENABLE_OF_LIBFDT	1
>   #define CONFIG_FIT_VERBOSE	1 /* enable fit_format_{error,warning}() */
>   #define CONFIG_FIT_RSASSA_PSS 1
> -#define CONFIG_MD5
> -#define CONFIG_SHA1
> -#define CONFIG_SHA256
> -#define CONFIG_SHA384
> -#define CONFIG_SHA512
>   
>   #define IMAGE_ENABLE_IGNORE	0
>   #define IMAGE_INDENT_STRING	""
> diff --git a/lib/Kconfig b/lib/Kconfig
> index 7899e756f99..64765acfa61 100644
> --- a/lib/Kconfig
> +++ b/lib/Kconfig
> @@ -438,6 +438,24 @@ config SPL_SHA384
>   	  The SHA384 algorithm produces a 384-bit (48-byte) hash value
>   	  (digest).
>   
> +config SPL_SHA_HW_ACCEL
> +	bool "Enable hardware acceleration for SHA hash functions"
> +	default y if SHA_HW_ACCEL
> +	help
> +	  This option enables hardware acceleration for the SHA1 and SHA256
> +	  hashing algorithms. This affects the 'hash' command and also the
> +	  hash_lookup_algo() function.
> +
> +config SPL_SHA_PROG_HW_ACCEL
> +	bool "Enable Progressive hashing support using hardware in SPL"
> +	depends on SHA_PROG_HW_ACCEL
> +	default y
> +	help
> +	  This option enables hardware-acceleration for SHA progressive
> +	  hashing.
> +	  Data can be streamed in a block at a time and the hashing is
> +	  performed in hardware.
> +
>   endif
>   
>   if SHA_HW_ACCEL
> diff --git a/tools/Kconfig b/tools/Kconfig
> index ea986ab0479..6ffc2c0aa31 100644
> --- a/tools/Kconfig
> +++ b/tools/Kconfig
> @@ -45,4 +45,29 @@ config TOOLS_FIT_SIGNATURE_MAX_SIZE
>   	depends on TOOLS_FIT_SIGNATURE
>   	default 0x10000000
>   
> +config TOOLS_MD5
> +	def_bool y
> +	help
> +	  Enable MD5 support in the tools builds
> +
> +config TOOLS_SHA1
> +	def_bool y
> +	help
> +	  Enable SHA1 support in the tools builds
> +
> +config TOOLS_SHA256
> +	def_bool y
> +	help
> +	  Enable SHA256 support in the tools builds
> +
> +config TOOLS_SHA384
> +	def_bool y
> +	help
> +	  Enable SHA384 support in the tools builds
> +
> +config TOOLS_SHA512
> +	def_bool y
> +	help
> +	  Enable SHA512 support in the tools builds
> +
>   endmenu
>

Hi Alex,

On Mon, 27 Sept 2021 at 09:53, Alex G. <mr.nuke.me@gmail.com> wrote:
>
> Hi Simon
>
> On 9/25/21 8:43 PM, Simon Glass wrote:
> > At present when building host tools, we force CONFIG_SHAxxx to be enabled
> > regardless of the board Kconfig setting. This is done in the image.h
> > header file.
> >
> > For SPL we currently just assume the algorithm is desired if U-Boot proper
> > enables it.
> >
> > Clean this up by adding new Kconfig options to enable hashing on the host,
> > relying on CONFIG_IS_ENABLED() to deal with the different builds.
> >
> > Add new SPL Kconfigs for hardware-accelerated hashing, to maintain the
> > current settings.
> >
> > This allows us to drop the image.h code and the I_WANT_MD5 hack.
> >
> > Signed-off-by: Simon Glass <sjg@chromium.org>
> > ---
> >
> > Changes in v5:
> > - Drop I_WANT_MD5
> > - Use TOOLS_ instead of HOST_
> >
> I was planning to move hash algos to a linker list for target code, and
> a simple, ifdef-free list for the host, like we've done for crypto
> algos, and I think padding algos.
>
> We'd be able to drop #define I_WANT_MD5 (which is temporary), and drop
> define CONFIG_SHA_*, and by extension, drop the need for
> CONFIG_TOOLS_SHA*. I think that's far more elegant.

OK but can we do that after my series goes in? The series is a
significant #ifdef clean-up and I think you can easily do that on top
of the series.

Regards,
Simon

On 9/27/21 11:06 AM, Simon Glass wrote:
> Hi Alex,
> 
> On Mon, 27 Sept 2021 at 09:53, Alex G. <mr.nuke.me@gmail.com> wrote:
>>
>> Hi Simon
>>
>> On 9/25/21 8:43 PM, Simon Glass wrote:
>>> At present when building host tools, we force CONFIG_SHAxxx to be enabled
>>> regardless of the board Kconfig setting. This is done in the image.h
>>> header file.
>>>
>>> For SPL we currently just assume the algorithm is desired if U-Boot proper
>>> enables it.
>>>
>>> Clean this up by adding new Kconfig options to enable hashing on the host,
>>> relying on CONFIG_IS_ENABLED() to deal with the different builds.
>>>
>>> Add new SPL Kconfigs for hardware-accelerated hashing, to maintain the
>>> current settings.
>>>
>>> This allows us to drop the image.h code and the I_WANT_MD5 hack.
>>>
>>> Signed-off-by: Simon Glass <sjg@chromium.org>
>>> ---
>>>
>>> Changes in v5:
>>> - Drop I_WANT_MD5
>>> - Use TOOLS_ instead of HOST_
>>>
>> I was planning to move hash algos to a linker list for target code, and
>> a simple, ifdef-free list for the host, like we've done for crypto
>> algos, and I think padding algos.
>>
>> We'd be able to drop #define I_WANT_MD5 (which is temporary), and drop
>> define CONFIG_SHA_*, and by extension, drop the need for
>> CONFIG_TOOLS_SHA*. I think that's far more elegant.
> 
> OK but can we do that after my series goes in? The series is a
> significant #ifdef clean-up and I think you can easily do that on top
> of the series.

Of course!

Alex

On 9/25/21 8:43 PM, Simon Glass wrote:
> At present when building host tools, we force CONFIG_SHAxxx to be enabled
> regardless of the board Kconfig setting. This is done in the image.h
> header file.
> 
> For SPL we currently just assume the algorithm is desired if U-Boot proper
> enables it.
> 
> Clean this up by adding new Kconfig options to enable hashing on the host,
> relying on CONFIG_IS_ENABLED() to deal with the different builds.
> 
> Add new SPL Kconfigs for hardware-accelerated hashing, to maintain the
> current settings.
> 
> This allows us to drop the image.h code and the I_WANT_MD5 hack.
> 
> Signed-off-by: Simon Glass <sjg@chromium.org>

Reviewed-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>

> ---
> 
> Changes in v5:
> - Drop I_WANT_MD5
> - Use TOOLS_ instead of HOST_
> 
> Changes in v2:
> - Add SPL_ Kconfigs also, since otherwise hashing algorithms drop from SPL
> 
>   common/hash.c   | 49 +++++++++++++++++++++++--------------------------
>   include/image.h |  5 -----
>   lib/Kconfig     | 18 ++++++++++++++++++
>   tools/Kconfig   | 25 +++++++++++++++++++++++++
>   4 files changed, 66 insertions(+), 31 deletions(-)
> 
> diff --git a/common/hash.c b/common/hash.c
> index 6277fe65b3e..0fe65c959d0 100644
> --- a/common/hash.c
> +++ b/common/hash.c
> @@ -25,6 +25,7 @@
>   #else
>   #include "mkimage.h"
>   #include <time.h>
> +#include <linux/kconfig.h>
>   #endif /* !USE_HOSTCC*/
>   
>   #include <hash.h>
> @@ -41,7 +42,7 @@ DECLARE_GLOBAL_DATA_PTR;
>   
>   static void reloc_update(void);
>   
> -#if defined(CONFIG_SHA1) && !defined(CONFIG_SHA_PROG_HW_ACCEL)
> +#if CONFIG_IS_ENABLED(SHA1) && !CONFIG_IS_ENABLED(SHA_PROG_HW_ACCEL)
>   static int hash_init_sha1(struct hash_algo *algo, void **ctxp)
>   {
>   	sha1_context *ctx = malloc(sizeof(sha1_context));
> @@ -69,7 +70,7 @@ static int hash_finish_sha1(struct hash_algo *algo, void *ctx, void *dest_buf,
>   }
>   #endif

One day, I'd like to make these init_<hasnmane>_ functions part of 
linker lists and move each to their respective <hashname>.c

One day.

>   
> -#if defined(CONFIG_SHA256) && !defined(CONFIG_SHA_PROG_HW_ACCEL)
> +#if CONFIG_IS_ENABLED(SHA256) && !CONFIG_IS_ENABLED(SHA_PROG_HW_ACCEL)
>   static int hash_init_sha256(struct hash_algo *algo, void **ctxp)
>   {
>   	sha256_context *ctx = malloc(sizeof(sha256_context));
> @@ -97,7 +98,7 @@ static int hash_finish_sha256(struct hash_algo *algo, void *ctx, void
>   }
>   #endif
>   
> -#if defined(CONFIG_SHA384) && !defined(CONFIG_SHA_PROG_HW_ACCEL)
> +#if CONFIG_IS_ENABLED(SHA384) && !CONFIG_IS_ENABLED(SHA_PROG_HW_ACCEL)
>   static int hash_init_sha384(struct hash_algo *algo, void **ctxp)
>   {
>   	sha512_context *ctx = malloc(sizeof(sha512_context));
> @@ -125,7 +126,7 @@ static int hash_finish_sha384(struct hash_algo *algo, void *ctx, void
>   }
>   #endif
>   
> -#if defined(CONFIG_SHA512) && !defined(CONFIG_SHA_PROG_HW_ACCEL)
> +#if CONFIG_IS_ENABLED(SHA512) && !CONFIG_IS_ENABLED(SHA_PROG_HW_ACCEL)
>   static int hash_init_sha512(struct hash_algo *algo, void **ctxp)
>   {
>   	sha512_context *ctx = malloc(sizeof(sha512_context));
> @@ -207,18 +208,13 @@ static int hash_finish_crc32(struct hash_algo *algo, void *ctx, void *dest_buf,
>   	return 0;
>   }
>   
> -#ifdef USE_HOSTCC
> -# define I_WANT_MD5	1
> -#else
> -# define I_WANT_MD5	CONFIG_IS_ENABLED(MD5)
> -#endif
>   /*
>    * These are the hash algorithms we support.  If we have hardware acceleration
>    * is enable we will use that, otherwise a software version of the algorithm.
>    * Note that algorithm names must be in lower case.
>    */
>   static struct hash_algo hash_algo[] = {
> -#if I_WANT_MD5
> +#if CONFIG_IS_ENABLED(MD5)
>   	{
>   		.name		= "md5",
>   		.digest_size	= MD5_SUM_LEN,
> @@ -226,17 +222,17 @@ static struct hash_algo hash_algo[] = {
>   		.hash_func_ws	= md5_wd,
>   	},
>   #endif
> -#ifdef CONFIG_SHA1
> +#if CONFIG_IS_ENABLED(SHA1)
>   	{
>   		.name 		= "sha1",
>   		.digest_size	= SHA1_SUM_LEN,
>   		.chunk_size	= CHUNKSZ_SHA1,
> -#ifdef CONFIG_SHA_HW_ACCEL
> +#if CONFIG_IS_ENABLED(SHA_HW_ACCEL)
>   		.hash_func_ws	= hw_sha1,
>   #else
>   		.hash_func_ws	= sha1_csum_wd,
>   #endif
> -#ifdef CONFIG_SHA_PROG_HW_ACCEL
> +#if CONFIG_IS_ENABLED(SHA_PROG_HW_ACCEL)
>   		.hash_init	= hw_sha_init,
>   		.hash_update	= hw_sha_update,
>   		.hash_finish	= hw_sha_finish,
> @@ -247,17 +243,17 @@ static struct hash_algo hash_algo[] = {
>   #endif
>   	},
>   #endif
> -#ifdef CONFIG_SHA256
> +#if CONFIG_IS_ENABLED(SHA256)
>   	{
>   		.name		= "sha256",
>   		.digest_size	= SHA256_SUM_LEN,
>   		.chunk_size	= CHUNKSZ_SHA256,
> -#ifdef CONFIG_SHA_HW_ACCEL
> +#if CONFIG_IS_ENABLED(SHA_HW_ACCEL)
>   		.hash_func_ws	= hw_sha256,
>   #else
>   		.hash_func_ws	= sha256_csum_wd,
>   #endif
> -#ifdef CONFIG_SHA_PROG_HW_ACCEL
> +#if CONFIG_IS_ENABLED(SHA_PROG_HW_ACCEL)
>   		.hash_init	= hw_sha_init,
>   		.hash_update	= hw_sha_update,
>   		.hash_finish	= hw_sha_finish,
> @@ -268,17 +264,17 @@ static struct hash_algo hash_algo[] = {
>   #endif
>   	},
>   #endif
> -#ifdef CONFIG_SHA384
> +#if CONFIG_IS_ENABLED(SHA384)
>   	{
>   		.name		= "sha384",
>   		.digest_size	= SHA384_SUM_LEN,
>   		.chunk_size	= CHUNKSZ_SHA384,
> -#ifdef CONFIG_SHA512_HW_ACCEL
> +#if CONFIG_IS_ENABLED(SHA512_HW_ACCEL)
>   		.hash_func_ws	= hw_sha384,
>   #else
>   		.hash_func_ws	= sha384_csum_wd,
>   #endif
> -#if defined(CONFIG_SHA512_HW_ACCEL) && defined(CONFIG_SHA_PROG_HW_ACCEL)
> +#if CONFIG_IS_ENABLED(SHA512_HW_ACCEL) && CONFIG_IS_ENABLED(SHA_PROG_HW_ACCEL)
>   		.hash_init	= hw_sha_init,
>   		.hash_update	= hw_sha_update,
>   		.hash_finish	= hw_sha_finish,
> @@ -289,17 +285,17 @@ static struct hash_algo hash_algo[] = {
>   #endif
>   	},
>   #endif
> -#ifdef CONFIG_SHA512
> +#if CONFIG_IS_ENABLED(SHA512)
>   	{
>   		.name		= "sha512",
>   		.digest_size	= SHA512_SUM_LEN,
>   		.chunk_size	= CHUNKSZ_SHA512,
> -#ifdef CONFIG_SHA512_HW_ACCEL
> +#if CONFIG_IS_ENABLED(SHA512_HW_ACCEL)
>   		.hash_func_ws	= hw_sha512,
>   #else
>   		.hash_func_ws	= sha512_csum_wd,
>   #endif
> -#if defined(CONFIG_SHA512_HW_ACCEL) && defined(CONFIG_SHA_PROG_HW_ACCEL)
> +#if CONFIG_IS_ENABLED(SHA512_HW_ACCEL) && CONFIG_IS_ENABLED(SHA_PROG_HW_ACCEL)
>   		.hash_init	= hw_sha_init,
>   		.hash_update	= hw_sha_update,
>   		.hash_finish	= hw_sha_finish,
> @@ -331,9 +327,9 @@ static struct hash_algo hash_algo[] = {
>   };
>   
>   /* Try to minimize code size for boards that don't want much hashing */
> -#if defined(CONFIG_SHA256) || defined(CONFIG_CMD_SHA1SUM) || \
> -	defined(CONFIG_CRC32_VERIFY) || defined(CONFIG_CMD_HASH) || \
> -	defined(CONFIG_SHA384) || defined(CONFIG_SHA512)
> +#if CONFIG_IS_ENABLED(SHA256) || CONFIG_IS_ENABLED(CMD_SHA1SUM) || \
> +	CONFIG_IS_ENABLED(CRC32_VERIFY) || CONFIG_IS_ENABLED(CMD_HASH) || \
> +	CONFIG_IS_ENABLED(SHA384) || CONFIG_IS_ENABLED(SHA512)
>   #define multi_hash()	1
>   #else
>   #define multi_hash()	0
> @@ -438,7 +434,8 @@ int hash_block(const char *algo_name, const void *data, unsigned int len,
>   	return 0;
>   }
>   
> -#if defined(CONFIG_CMD_HASH) || defined(CONFIG_CMD_SHA1SUM) || defined(CONFIG_CMD_CRC32)
> +#if !defined(CONFIG_SPL_BUILD) && (defined(CONFIG_CMD_HASH) || \
> +	defined(CONFIG_CMD_SHA1SUM) || defined(CONFIG_CMD_CRC32))
>   /**
>    * store_result: Store the resulting sum to an address or variable
>    *
> diff --git a/include/image.h b/include/image.h
> index 73a763a6936..03857f4b500 100644
> --- a/include/image.h
> +++ b/include/image.h
> @@ -31,11 +31,6 @@ struct fdt_region;
>   #define IMAGE_ENABLE_OF_LIBFDT	1
>   #define CONFIG_FIT_VERBOSE	1 /* enable fit_format_{error,warning}() */
>   #define CONFIG_FIT_RSASSA_PSS 1
> -#define CONFIG_MD5
> -#define CONFIG_SHA1
> -#define CONFIG_SHA256
> -#define CONFIG_SHA384
> -#define CONFIG_SHA512
>   
>   #define IMAGE_ENABLE_IGNORE	0
>   #define IMAGE_INDENT_STRING	""
> diff --git a/lib/Kconfig b/lib/Kconfig
> index 7899e756f99..64765acfa61 100644
> --- a/lib/Kconfig
> +++ b/lib/Kconfig
> @@ -438,6 +438,24 @@ config SPL_SHA384
>   	  The SHA384 algorithm produces a 384-bit (48-byte) hash value
>   	  (digest).
>   
> +config SPL_SHA_HW_ACCEL
> +	bool "Enable hardware acceleration for SHA hash functions"
> +	default y if SHA_HW_ACCEL
> +	help
> +	  This option enables hardware acceleration for the SHA1 and SHA256
> +	  hashing algorithms. This affects the 'hash' command and also the
> +	  hash_lookup_algo() function.
> +
> +config SPL_SHA_PROG_HW_ACCEL
> +	bool "Enable Progressive hashing support using hardware in SPL"
> +	depends on SHA_PROG_HW_ACCEL
> +	default y
> +	help
> +	  This option enables hardware-acceleration for SHA progressive
> +	  hashing.
> +	  Data can be streamed in a block at a time and the hashing is
> +	  performed in hardware.
> +
>   endif
>   
>   if SHA_HW_ACCEL
> diff --git a/tools/Kconfig b/tools/Kconfig
> index ea986ab0479..6ffc2c0aa31 100644
> --- a/tools/Kconfig
> +++ b/tools/Kconfig
> @@ -45,4 +45,29 @@ config TOOLS_FIT_SIGNATURE_MAX_SIZE
>   	depends on TOOLS_FIT_SIGNATURE
>   	default 0x10000000
>   
> +config TOOLS_MD5
> +	def_bool y
> +	help
> +	  Enable MD5 support in the tools builds
> +
> +config TOOLS_SHA1
> +	def_bool y
> +	help
> +	  Enable SHA1 support in the tools builds
> +
> +config TOOLS_SHA256
> +	def_bool y
> +	help
> +	  Enable SHA256 support in the tools builds
> +
> +config TOOLS_SHA384
> +	def_bool y
> +	help
> +	  Enable SHA384 support in the tools builds
> +
> +config TOOLS_SHA512
> +	def_bool y
> +	help
> +	  Enable SHA512 support in the tools builds
> +
>   endmenu
>

On Sat, Sep 25, 2021 at 07:43:18PM -0600, Simon Glass wrote:

> At present when building host tools, we force CONFIG_SHAxxx to be enabled
> regardless of the board Kconfig setting. This is done in the image.h
> header file.
> 
> For SPL we currently just assume the algorithm is desired if U-Boot proper
> enables it.
> 
> Clean this up by adding new Kconfig options to enable hashing on the host,
> relying on CONFIG_IS_ENABLED() to deal with the different builds.
> 
> Add new SPL Kconfigs for hardware-accelerated hashing, to maintain the
> current settings.
> 
> This allows us to drop the image.h code and the I_WANT_MD5 hack.
> 
> Signed-off-by: Simon Glass <sjg@chromium.org>
> Reviewed-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>

Applied to u-boot/master, thanks!