On Tue, Oct 08, 2024 at 09:57:07AM +0200, Cédric Le Goater wrote: > Hello, > > This is a resping of Alejandro's series fixing SG Accumulative Hash > Calculations. See [1] for more details. > > The goal of this patch series is to fix accumulative hashing support > in the Aspeed HACE module. The issue that stemmed this patch was a > failure to boot an OpenBMC image using the "ast2600-evb" machine. The > U-boot 2019.04 loader failed to verify image hashes. > > These incorrect image hashes given by the HACE to the U-boot guest are > due to an oversight in the HACE module. Previously when operating in > scatter-gather accumulative mode, the HACE would cache the address > provided by the guest which contained the source data. However, there > was no deep copy, so when HACE generated the digest upon the reception > of the final accumulative chunk the digest was incorrect, as the > addresses provided had their regions overwritten by that time. > > This fix consists of two main steps: > * Add an accumulative hashing function to the qcrypto library > * Modify the HACE module to use the accumulative hashing functions > > All the crypto library backends (nettle, gnutls, etc.) support > accumulative hashing, so it was trivial to create wrappers for those > functions.
I'll queue all except patch 16, and send a PULL request for it, and let you handle the last patch. With regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
