ipq5332: TINY NOR: disable sha1, sha256 and md5

SHA1, SHA256 and MD5 are enabled by default. Added below configs to configure them easily. CONFIG_FIT_DISABLE_MD5 CONFIG_FIT_DISABLE_SHA1 CONFIG_FIT_DISABLE_SHA256 SHA1 hash verification was used for FIT image verification along with CRC32. Added a check in FIT image hash verification to skip SHA1, if TINY profile is enabled. Change-Id: Ie3dbcde46b30938e693e8060218aa9834513bcff Signed-off-by: Gokul Sriram Palanisamy <quic_gokulsri@quicinc.com> Signed-off-by: Timple Raj M <quic_timple@quicinc.com>
2025-12-10 07:44:53 +01:00 · 2022-07-18 09:21:27 +05:30 · 2022-07-18 09:21:27 +05:30 · b9778c94fe
commit b9778c94fe
parent 51a8fd3ae4
3 changed files with 31 additions and 0 deletions
--- a/common/image-fit.c
+++ b/common/image-fit.c
@ -914,17 +914,23 @@ int calculate_hash(const void *data, int data_len, const char *algo,
 							CHUNKSZ_CRC32);
 		*((uint32_t *)value) = cpu_to_uimage(*((uint32_t *)value));
 		*value_len = 4;
+#ifdef CONFIG_SHA1
 	} else if (IMAGE_ENABLE_SHA1 && strcmp(algo, "sha1") == 0) {
 		sha1_csum_wd((unsigned char *)data, data_len,
 			     (unsigned char *)value, CHUNKSZ_SHA1);
 		*value_len = 20;
+#endif
+#ifdef CONFIG_SHA256
 	} else if (IMAGE_ENABLE_SHA256 && strcmp(algo, "sha256") == 0) {
 		sha256_csum_wd((unsigned char *)data, data_len,
 			       (unsigned char *)value, CHUNKSZ_SHA256);
 		*value_len = SHA256_SUM_LEN;
+#endif
+#ifdef CONFIG_MD5
 	} else if (IMAGE_ENABLE_MD5 && strcmp(algo, "md5") == 0) {
 		md5_wd((unsigned char *)data, data_len, value, CHUNKSZ_MD5);
 		*value_len = 16;
+#endif
 	} else {
 		debug("Unsupported hash alogrithm\n");
 		return -1;
@ -948,6 +954,13 @@ static int fit_image_check_hash(const void *fit, int noffset, const void *data,
 		*err_msgp = "Can't get hash algo property";
 		return -1;
 	}
+
+#ifndef CONFIG_SHA1
+	if (!strncmp(algo, "sha1", 4)) {
+		debug("- skipping");
+		return 0;
+	}
+#endif
 	printf("%s", algo);

 	if (IMAGE_ENABLE_IGNORE) {
--- a/include/configs/ipq5332.h
+++ b/include/configs/ipq5332.h
@ -441,6 +441,9 @@ extern loff_t board_env_size;
 #define CONFIG_CMD_DISABLE_BOOTP
 #define CONFIG_CMD_DISABLE_CHPART
 #define CONFIG_CMD_DISABLE_FDT
+#define CONFIG_FIT_DISABLE_MD5
+#define CONFIG_FIT_DISABLE_SHA1
+#define CONFIG_FIT_DISABLE_SHA256
 #endif

 /*
--- a/include/image.h
+++ b/include/image.h
@ -78,6 +78,21 @@ struct lmb;
 #undef IMAGE_ENABLE_SHA256
 #endif

+#ifdef CONFIG_FIT_DISABLE_SHA1
+#undef CONFIG_SHA1
+#undef IMAGE_ENABLE_SHA1
+#endif
+
+#ifdef CONFIG_FIT_DISABLE_MD5
+#undef CONFIG_MD5
+#undef IMAGE_ENABLE_MD5
+#endif
+
+#ifdef CONFIG_FIT_DISABLE_CRC32
+#undef CONFIG_CRC32
+#undef IMAGE_ENABLE_CRC32
+#endif
+
 #ifndef IMAGE_ENABLE_CRC32
 #define IMAGE_ENABLE_CRC32	0
 #endif