[PATCH u-boot v2019.04-aspeed-openbmc 11/11] configs/openbmc: Enable hw accelerated sha

Klaus Heinrich Kiwi klaus at linux.vnet.ibm.com
Wed Apr 14 06:42:03 AEST 2021 


On 4/13/2021 5:07 AM, Joel Stanley wrote:
> SHA512 will be used by the openbmc secure boot implementation when
> verifying FIT images of both u-boot proper and the kernel.
> 
> The hash command is useful, and adds only a small amount of binary size
> given the algorithms are already included in the image.
> 
> Using hardware acceleration instead of a software implementation saves a
> significant amount of binary size (approx. 12KB for the SPL).
> 
> Note that the hardware implementation is only useful when booting from a
> payload in memory, as is the case with MMC or network boot. It cannot be
> used when booting from SPI NOR.
> 
> Signed-off-by: Joel Stanley <joel at jms.id.au>
Reviewed-by: Klaus Heinrich Kiwi <klaus at linux.vnet.ibm.com>
> ---
>   configs/ast2600_openbmc_spl_emmc_defconfig | 7 +++++++
>   1 file changed, 7 insertions(+)
> 
> diff --git a/configs/ast2600_openbmc_spl_emmc_defconfig b/configs/ast2600_openbmc_spl_emmc_defconfig
> index e59d3595ebf0..05069084cbc5 100644
> --- a/configs/ast2600_openbmc_spl_emmc_defconfig
> +++ b/configs/ast2600_openbmc_spl_emmc_defconfig
> @@ -36,6 +36,7 @@ CONFIG_ARMV7_BOOT_SEC_DEFAULT=y
>   CONFIG_ARMV7_PSCI_NR_CPUS=2
>   CONFIG_NR_DRAM_BANKS=1
>   CONFIG_FIT=y
> +CONFIG_FIT_ENABLE_SHA512_SUPPORT=y
>   CONFIG_FIT_SIGNATURE=y
>   CONFIG_SPL_FIT_SIGNATURE=y
>   CONFIG_SPL_LOAD_FIT=y
> @@ -53,6 +54,8 @@ CONFIG_SPL_STACK_R=y
>   CONFIG_SPL_SEPARATE_BSS=y
>   CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_USE_SECTOR=y
>   CONFIG_SYS_MMCSD_RAW_MODE_U_BOOT_SECTOR=0x80
> +CONFIG_SPL_SHA256_SUPPORT=y
> +CONFIG_SPL_SHA512_SUPPORT=y
>   CONFIG_SPL_FIT_IMAGE_TINY=y
>   CONFIG_SPL_DM_RESET=y
>   CONFIG_SPL_RAM_SUPPORT=y
> @@ -80,6 +83,7 @@ CONFIG_CMD_DHCP=y
>   CONFIG_CMD_MII=y
>   CONFIG_CMD_PING=y
>   CONFIG_CMD_NCSI=y
> +CONFIG_CMD_HASH=y
>   CONFIG_CMD_EXT2=y
>   CONFIG_CMD_EXT4=y
>   CONFIG_CMD_EXT4_WRITE=y
> @@ -97,6 +101,7 @@ CONFIG_SYSCON=y
>   CONFIG_SPL_OF_TRANSLATE=y
>   CONFIG_CLK=y
>   CONFIG_SPL_CLK=y
> +CONFIG_ASPEED_HACE=y
>   CONFIG_DM_GPIO=y
>   CONFIG_ASPEED_GPIO=y
>   CONFIG_DM_I2C=y
> @@ -135,4 +140,6 @@ CONFIG_USE_TINY_PRINTF=y
>   CONFIG_SPL_TINY_MEMSET=y
>   CONFIG_TPM=y
>   CONFIG_SPL_TPM=y
> +CONFIG_SHA_HW_ACCEL=y
> +CONFIG_SHA_PROG_HW_ACCEL=y
>   # CONFIG_EFI_LOADER is not set
> 

-- 
Klaus Heinrich Kiwi <klaus at linux.vnet.ibm.com>

More information about the openbmc mailing list