On Thu, Mar 16, 2017 at 04:06:40PM -0600, Simon Glass wrote: > Hi Tom, > > On 9 March 2017 at 11:44, Tom Rini <tr...@konsulko.com> wrote: > > On Tue, Mar 07, 2017 at 11:20:08AM -0500, Tom Rini wrote: > >> Commit 94e3c8c4fd7b ("crypto/fsl - Add progressive hashing support > >> using hardware acceleration.") created entries for CONFIG_SHA1, > >> CONFIG_SHA256, CONFIG_SHA_HW_ACCEL, and CONFIG_SHA_PROG_HW_ACCEL. > >> However, no defconfig has migrated to it. Complete the move by first > >> adding additional logic to various Kconfig files to select this when > >> required and then use the moveconfig tool. In many cases we can select > >> these because they are required to implement other drivers. We also > >> correct how we include the various hashing algorithms in SPL. > >> > >> This commit was generated as follows (after Kconfig additions): > >> > >> [1] tools/moveconfig.py -y SHA1 SHA256 SHA_HW_ACCEL > >> [2] tools/moveconfig.py -y SHA_PROG_HW_ACCEL > >> > >> Note: > >> We cannot move SHA_HW_ACCEL and SHA_PROG_HW_ACCEL simultaneously > >> because there is dependency between them. > > > > This, oddly, breaks the verified boot tests on sandbox. And I can't > > obviously see why. The u-boot.map files are identical even. > > It looks like this is not U-Boot itself: > > => +build-sandbox/tools/fit_check_sign -f > u-boot/files/build-sandbox/test.fit -k u-boot/files/build-sandbox/ -k > files/build-sandbox/sandbox-u-boot.dtb > Signature check Bad (error 1) > Verifying Hash Integrity ... sha1,rsa2048:dev- > Failed to verify required signature 'key-dev' > > It SHA1 somehow missing with the fit_check_sign tool with this commit?
Ah, I think that's the crumb I needed. We move SHA1/SHA256 from include/images.h to Kconfig select'ing them and thus what the host tools (likely) are doing is broken. I'll figure this out now I think, thanks! -- Tom
signature.asc
Description: Digital signature
_______________________________________________ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot