On Mon, Mar 22, 2021 at 08:33:31AM -0500, Alexandru Gagniuc wrote: > When God said, "May there be FIT signature verification in SPL", > Chuck Norris said "SPL image too big". And then there was this patch. > > Enabling SPL_FIT_SIGNATURE increased the code size (armv7 platform) by > about 16KiB, just enough to go over the SPL image limit. Of that: > * .text.sha256_process 3.8 KiB > * SHA1 implementation 4.4 KiB > Although SHA1 wasn't required, it could not be disabled. > > The hash algorithms are implemented in lib/, as is their Kconfig > selection for u-boot main. However, Kconfig selection for SPL is > implemented in common/. To put it mildly, this is inconsistent. > MD5 selection, on the other hand, does not have this problem. > > Moving the SPL hash switches to lib/ solves half the problem. They > have to be renamed from SPL_<hash>_SUPPORT to SPL_<hash> to make > them work elegantly with the CONFIG_IS_ENABLED() macro. > > The second half of the problem is not referencing the <hash> symbols > when <hash> is disabled. Unfortunately, this requires some more > > The above #ifdef problem could be solved in several ways. One way > could be to move the hash handlers to linker lists. This, however, > won't work for userspace tools (mkimage), as they don't implement > custom linker scripts. One could implement a <hash>_register() > function for this case, and manually register all hashes. However, > this is beyond the scope of this patch. > > Signed-off-by: Alexandru Gagniuc <mr.nuke...@gmail.com> > --- > > This is designed to apply on top of the following series: > * [PATCH v6 00/11] Add support for ECDSA image signing > > common/hash.c | 4 ++-- > common/image-sig.c | 8 +++++-- > common/spl/Kconfig | 54 ---------------------------------------------- > include/image.h | 12 +++++------ > lib/Kconfig | 39 +++++++++++++++++++++++++++++++++ > lib/Makefile | 6 +++--- > 6 files changed, 56 insertions(+), 67 deletions(-)
I like this idea. As-is, there's a few problems. socfpga_agilex_vab and imx8mm_venice now fail to build due to missing sha384 support for the former and sram overflow for the latter. ls1046ardb_qspi_spl now also grows SPL a bit by adding sha1 support. Can you look in to these please? Thanks. -- Tom
signature.asc
Description: PGP signature