Hi Simon,
> From: Simon Glass <[email protected]>
> Sent: Wednesday, October 6, 2021 10:10 PM
>
> Hi Chia-Wei,
>
> On Thu, 16 Sept 2021 at 00:39, Chia-Wei Wang
> <[email protected]> wrote:
> >
> > Use DM_HASH to perform hashing operations if supported.
> > Thus either SW or HW-assisted hashing could be leveraged.
>
> This is missing a full motivation. Please can you explain why this code is
> needed on a board, rather than just the host?
>
> As of recently, this has become host-only code.
The entry to non-DM hash function for U-Boot is kind of inconsistent.
When a FIT image is verified by a hash digest:
hash-1 {
algo = "sha256";
};
The hash is calculated by calculate_hash() in image-fit.c.
fit_image_verify_with_data() -> fit_image_check_hash() -> calculate_hash()
However, when a FIT image is verified by a checksum signature:
signature {
algo = "sha256,rsa2048";
key-name-hint = "dev";
};
The hash comes from hash_calculate() in hash-checksum.c.
fit_image_verify_with_data() -> fit_image_setup_verify() ->
image_get_checksum_algo() -> hash_calculate()
I checked the master and next branches. It seems that the logic still exists.
(correct me if I am wrong)
This patch is like a temporary solution to make the DM_HASH work smoothly.
I believe a patch to refactor hash calculation of U-boot itself and the host
tools is needed in the future.
Regards,
Chiawei
