Hi ChiaWei, +Alexandru Gagniuc too
On Wed, 6 Oct 2021 at 20:07, ChiaWei Wang <[email protected]> wrote: > > Hi Simon, > > > From: Simon Glass <[email protected]> > > Sent: Wednesday, October 6, 2021 10:10 PM > > > > Hi Chia-Wei, > > > > On Thu, 16 Sept 2021 at 00:39, Chia-Wei Wang > > <[email protected]> wrote: > > > > > > Use DM_HASH to perform hashing operations if supported. > > > Thus either SW or HW-assisted hashing could be leveraged. > > > > This is missing a full motivation. Please can you explain why this code is > > needed on a board, rather than just the host? > > > > As of recently, this has become host-only code. > > The entry to non-DM hash function for U-Boot is kind of inconsistent. > > When a FIT image is verified by a hash digest: > hash-1 { > algo = "sha256"; > }; > > The hash is calculated by calculate_hash() in image-fit.c. > fit_image_verify_with_data() -> fit_image_check_hash() -> calculate_hash() > > However, when a FIT image is verified by a checksum signature: > signature { > algo = "sha256,rsa2048"; > key-name-hint = "dev"; > }; > > The hash comes from hash_calculate() in hash-checksum.c. > fit_image_verify_with_data() -> fit_image_setup_verify() -> > image_get_checksum_algo() -> hash_calculate() > > I checked the master and next branches. It seems that the logic still exists. > (correct me if I am wrong) > This patch is like a temporary solution to make the DM_HASH work smoothly. > I believe a patch to refactor hash calculation of U-boot itself and the host > tools is needed in the future. Yes I see. We should move this code into common then, I suppose. You patch looks reasonable to me. Alex, can you comment on this? Regards, Simon
