[PATCH u-boot v2019.04-aspeed-openbmc 11/11] configs/openbmc: Enable hw accelerated sha

Joel Stanley joel at jms.id.au
Tue Apr 13 18:07:55 AEST 2021


SHA512 will be used by the openbmc secure boot implementation when
verifying FIT images of both u-boot proper and the kernel.

The hash command is useful, and adds only a small amount of binary size
given the algorithms are already included in the image.

Using hardware acceleration instead of a software implementation saves a
significant amount of binary size (approx. 12KB for the SPL).

Note that the hardware implementation is only useful when booting from a
payload in memory, as is the case with MMC or network boot. It cannot be
used when booting from SPI NOR.

Signed-off-by: Joel Stanley <joel at jms.id.au>
---
 configs/ast2600_openbmc_spl_emmc_defconfig | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/configs/ast2600_openbmc_spl_emmc_defconfig b/configs/ast2600_openbmc_spl_emmc_defconfig
index e59d3595ebf0..05069084cbc5 100644
--- a/configs/ast2600_openbmc_spl_emmc_defconfig
+++ b/configs/ast2600_openbmc_spl_emmc_defconfig
@@ -36,6 +36,7 @@ CONFIG_ARMV7_BOOT_SEC_DEFAULT=y
 CONFIG_ARMV7_PSCI_NR_CPUS=2
 CONFIG_NR_DRAM_BANKS=1
 CONFIG_FIT=y
+CONFIG_FIT_ENABLE_SHA512_SUPPORT=y
 CONFIG_FIT_SIGNATURE=y
 CONFIG_SPL_FIT_SIGNATURE=y
 CONFIG_SPL_LOAD_FIT=y
@@ -53,6 +54,8 @@ CONFIG_SPL_STACK_R=y
 CONFIG_SPL_SEPARATE_BSS=y
 CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_USE_SECTOR=y
 CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_SECTOR=0x80
+CONFIG_SPL_SHA256_SUPPORT=y
+CONFIG_SPL_SHA512_SUPPORT=y
 CONFIG_SPL_FIT_IMAGE_TINY=y
 CONFIG_SPL_DM_RESET=y
 CONFIG_SPL_RAM_SUPPORT=y
@@ -80,6 +83,7 @@ CONFIG_CMD_DHCP=y
 CONFIG_CMD_MII=y
 CONFIG_CMD_PING=y
 CONFIG_CMD_NCSI=y
+CONFIG_CMD_HASH=y
 CONFIG_CMD_EXT2=y
 CONFIG_CMD_EXT4=y
 CONFIG_CMD_EXT4_WRITE=y
@@ -97,6 +101,7 @@ CONFIG_SYSCON=y
 CONFIG_SPL_OF_TRANSLATE=y
 CONFIG_CLK=y
 CONFIG_SPL_CLK=y
+CONFIG_ASPEED_HACE=y
 CONFIG_DM_GPIO=y
 CONFIG_ASPEED_GPIO=y
 CONFIG_DM_I2C=y
@@ -135,4 +140,6 @@ CONFIG_USE_TINY_PRINTF=y
 CONFIG_SPL_TINY_MEMSET=y
 CONFIG_TPM=y
 CONFIG_SPL_TPM=y
+CONFIG_SHA_HW_ACCEL=y
+CONFIG_SHA_PROG_HW_ACCEL=y
 # CONFIG_EFI_LOADER is not set
-- 
2.30.2



More information about the openbmc mailing list