Hi Raymond, On Fri, 6 Sept 2024 at 17:00, Raymond Mao <raymond....@linaro.org> wrote: > > Hi Ilias, > > On Fri, 6 Sept 2024 at 03:36, Ilias Apalodimas <ilias.apalodi...@linaro.org> > wrote: >> >> Hi Raymond, >> >> On Tue, 3 Sept 2024 at 18:54, Raymond Mao <raymond....@linaro.org> wrote: >> > >> > Hi Ilias, >> > >> > On Fri, 30 Aug 2024 at 05:37, Ilias Apalodimas >> > <ilias.apalodi...@linaro.org> wrote: >> >> >> >> Hi Simon, >> >> >> >> On Thu, 29 Aug 2024 at 18:01, Simon Glass <s...@chromium.org> wrote: >> >> > >> >> > Hi Raymond, >> >> > >> >> > On Fri, 16 Aug 2024 at 15:47, Raymond Mao <raymond....@linaro.org> >> >> > wrote: >> >> > > >> >> > > Integrate common/hash.c on the hash shim layer so that hash APIs >> >> > > from mbedtls can be leveraged by boot/image and efi_loader. >> >> > > >> >> > > Signed-off-by: Raymond Mao <raymond....@linaro.org> >> >> > > --- >> >> > > Changes in v2 >> >> > > - Use the original head files instead of creating new ones. >> >> > > Changes in v3 >> >> > > - Add handle checkers for malloc. >> >> > > Changes in v4 >> >> > > - None. >> >> > > Changes in v5 >> >> > > - Add __maybe_unused to solve linker errors in some platforms. >> >> > > - replace malloc with calloc. >> >> > > Changes in v6 >> >> > > - None. >> >> > > >> >> > > common/hash.c | 146 >> >> > > ++++++++++++++++++++++++++++++++++++++++++++++++++ >> >> > > 1 file changed, 146 insertions(+) >> >> > >> >> > I am not seeing the benefit of replacing U-Boot's hashing algorithms. >> >> > They work well and don't change. Also it seems to be making the code a >> >> > lot uglier, with an uncertain timeline for clean-up. >> >> >> >> A lot uglier where? It adds a few wrappers that fit into the current >> >> design and callbacks. >> >> I don't think what you are asking is possible. To do assymetric >> >> crypto, signatures etc -- and in the future add TLS support in wget >> >> mbedTLS relies on its internal hashing functions for the cipher suites >> >> it supports. So what you are asking would just make the code even >> >> larger. Raymond can you please double check? >> >> >> > Digest is the basic library of MbedTLS, I don't believe we can disable it >> > but only use the ones for certificates, unless MbedTLS makes changes >> > to allow hooking external digest libraries - as I mentioned in a previous >> > reply, >> > I don't think this is what MbedTLS wants. >> >> There's a config option on config.h we could use to override shaXXX, >> but given that mbedTLS can be used to add more hashing alogorithms, I >> dont think we should do that >> > If you mean the _ALT macros, they are used for porting HW acceleration. > Maybe we can point this to the original U-Boot ones, but I didn't try. >
That will work, it's not for hw accel only, it's for an alternative implementation. But then again you have to change the args of the u-boot ones to match mbedTLS. I really don't think it's worth the effort. Besides the main advantage here, is that we can use more than just the SHAXXX U-Boot has, without adding any crypto code to U-Boot -- just a glue layer. Thanks /Ilias > Raymond
