Merge branch pull request #7 into aspeed-dev-v2019.04

Change-Id: I4c4f36b8edf63beb7b3afea6e4ba71f254b895c5

hash: Allow for SHA512 hardware implementations

Similar to support for SHA1 and SHA256, allow the use of hardware hashing
engine by enabling the algorithm and setting CONFIG_SHA_HW_ACCEL /
CONFIG_S

hash: Allow for SHA512 hardware implementations

Similar to support for SHA1 and SHA256, allow the use of hardware hashing
engine by enabling the algorithm and setting CONFIG_SHA_HW_ACCEL /
CONFIG_SHA_PROG_HW_ACCEL.

(cherry picked from commit a479f103dc1c801d0c6fe90bbaf99ae1700a84dc)
Signed-off-by: Joel Stanley <joel@jms.id.au>

show more ...

common: hash: Remove a debug printf statement

Remove a left-over debug printf that was introduced with SHA512 support.

Fixes: d16b38f42704 ("Add support for SHA384 and SHA512")
Signed-off-by: Haral

common: hash: Remove a debug printf statement

Remove a left-over debug printf that was introduced with SHA512 support.

Fixes: d16b38f42704 ("Add support for SHA384 and SHA512")
Signed-off-by: Harald Seiler <hws@denx.de>
(cherry picked from commit 7a81989b7b04bd87d1e684f2bafdc92a9c16fecc)
Signed-off-by: Joel Stanley <joel@jms.id.au>

show more ...

Add support for SHA384 and SHA512

The current recommendation for best security practice from the US government
is to use SHA384 for TOP SECRET [1].

This patch adds support for SHA384 and SHA512 in

Add support for SHA384 and SHA512

The current recommendation for best security practice from the US government
is to use SHA384 for TOP SECRET [1].

This patch adds support for SHA384 and SHA512 in the hash command, and also
allows FIT images to be hashed with these algorithms, and signed with
sha384,rsaXXXX and sha512,rsaXXXX

The SHA implementation is adapted from the linux kernel implementation.

[1] Commercial National Security Algorithm Suite
http://www.iad.gov/iad/programs/iad-initiatives/cnsa-suite.cfm

Signed-off-by: Reuben Dowle <reuben.dowle@4rf.com>
(cherry picked from commit d16b38f42704fe3cc94fbee1601be96045013151)
Signed-off-by: Joel Stanley <joel@jms.id.au>

show more ...

Roll CRC16-CCITT into the hash infrastructure

The CRC16-CCITT checksum function is useful for space-constrained
applications (such as obtaining a checksum across a 2KBit or 4KBit
EEPROM) in boot app

Roll CRC16-CCITT into the hash infrastructure

The CRC16-CCITT checksum function is useful for space-constrained
applications (such as obtaining a checksum across a 2KBit or 4KBit
EEPROM) in boot applications. It has not been accessible from boot
scripts until now (due to not having a dedicated command and not being
supported by the hash infrstructure) limiting its applicability
outside of custom commands.

This adds the CRC16-CCITT (poly 0x1021, init 0x0) algorithm to the
list of available hashes and adds a new crc16_ccitt_wd_buf() to make
this possible.

Signed-off-by: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
[trini: Fix building crc16.o for SPL/TPL]
Signed-off-by: Tom Rini <trini@konsulko.com>

show more ...

SPDX: Convert all of our single license tags to Linux Kernel style

When U-Boot started using SPDX tags we were among the early adopters and
there weren't a lot of other examples to borrow from. So

SPDX: Convert all of our single license tags to Linux Kernel style

When U-Boot started using SPDX tags we were among the early adopters and
there weren't a lot of other examples to borrow from. So we picked the
area of the file that usually had a full license text and replaced it
with an appropriate SPDX-License-Identifier: entry. Since then, the
Linux Kernel has adopted SPDX tags and they place it as the very first
line in a file (except where shebangs are used, then it's second line)
and with slightly different comment styles than us.

In part due to community overlap, in part due to better tag visibility
and in part for other minor reasons, switch over to that style.

This commit changes all instances where we have a single declared
license in the tag as both the before and after are identical in tag
contents. There's also a few places where I found we did not have a tag
and have introduced one.

Signed-off-by: Tom Rini <trini@konsulko.com>

show more ...

Merge git://git.denx.de/u-boot-fsl-qoriq

crypto/fsl: Fix HW accelerated hash commands

The hash command function were not flushing the dcache before passing data
to CAAM/DMA and not invalidating the dcache when getting data back.

Due the d

crypto/fsl: Fix HW accelerated hash commands

The hash command function were not flushing the dcache before passing data
to CAAM/DMA and not invalidating the dcache when getting data back.

Due the data cache incoherency, HW accelerated hash commands used to fail
with CAAM errors like "Invalid KEY Command".

Check if pbuf and pout buffers are properly aligned to the cache line size
and flush/invalidate the memory regions to address this issue.

This solution is based in a previous work from Clemens Gruber in
commit 598e9dccc75d ("crypto/fsl: fix BLOB encapsulation and
decapsulation")

Reported-by: Anatolij Gustschin <agust@denx.de>
Signed-off-by: Breno Lima <breno.lima@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>

show more ...

hash: Compile only hardware or software versions of SHA algorithms

Commit 089df18bfe9d ("lib: move hash CONFIG options to Kconfig") moved
CONFIG_SHA1, CONFIG_SHA256, CONFIG_SHA_HW_ACCEL, and
CONFIG_

hash: Compile only hardware or software versions of SHA algorithms

Commit 089df18bfe9d ("lib: move hash CONFIG options to Kconfig") moved
CONFIG_SHA1, CONFIG_SHA256, CONFIG_SHA_HW_ACCEL, and
CONFIG_SHA_PROG_HW_ACCEL config options to Kconfig. So in the case of
SPL, CONFIG_SPL_HASH_SUPPORT enables CONFIG_SHA1 and CONFIG_SHA256 which
enables SHA SW library by default. But in the case of platforms with
SHA HW library support, SHA SW library becomes redundant and increases
size of SPL by approx 18K. Rework the code so that we have named
members and only have either software or hardware versions of the
algorithm, depending on the relevant config options. Update the comment
around hash_algo to reflect this as well.

Reported-by: Sumit Garg <sumit.garg@nxp.com>
Cc: Sumit Garg <sumit.garg@nxp.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Sumit Garg <sumit.garg@nxp.com>

show more ...

env: Rename getenv/_f() to env_get()

We are now using an env_ prefix for environment functions. Rename these
two functions for consistency. Also add function comments in common.h.

Quite a few place

env: Rename getenv/_f() to env_get()

We are now using an env_ prefix for environment functions. Rename these
two functions for consistency. Also add function comments in common.h.

Quite a few places use getenv() in a condition context, provoking a
warning from checkpatch. These are fixed up in this patch also.

Suggested-by: Wolfgang Denk <wd@denx.de>
Signed-off-by: Simon Glass <sjg@chromium.org>

show more ...

env: Rename setenv() to env_set()

We are now using an env_ prefix for environment functions. Rename setenv()
for consistency. Also add function comments in common.h.

Suggested-by: Wolfgang Denk <wd

env: Rename setenv() to env_set()

We are now using an env_ prefix for environment functions. Rename setenv()
for consistency. Also add function comments in common.h.

Suggested-by: Wolfgang Denk <wd@denx.de>
Signed-off-by: Simon Glass <sjg@chromium.org>

show more ...

Kconfig: Finish migration of hashing commands

Currently these (board agnostic) commands cannot be selected using
menuconfig and friends. Fix this the obvious way. As part of this,
don't muddle the

Kconfig: Finish migration of hashing commands

Currently these (board agnostic) commands cannot be selected using
menuconfig and friends. Fix this the obvious way. As part of this,
don't muddle the meaning of CONFIG_HASH_VERIFY to mean both 'hash -v'
and "we have a hashing command" as this makes the Kconfig logic odd.

Signed-off-by: Daniel Thompson <daniel.thompson@linaro.org>
[trini: Re-apply, add imply for a few cases, run moveconfig.py, also
migrate CRC32_VERIFY]
Signed-off-by: Tom Rini <trini@konsulko.com>

show more ...

Kconfig: Add CONFIG_HASH to enable hashing API

At present CONFIG_CMD_HASH enables the 'hash' command which also brings
in the hashing API. Some boards may wish to enable the API without the
command.

Kconfig: Add CONFIG_HASH to enable hashing API

At present CONFIG_CMD_HASH enables the 'hash' command which also brings
in the hashing API. Some boards may wish to enable the API without the
command. Add a separate CONFIG to permit this.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@konsulko.com>

show more ...

treewide: replace #include <asm/errno.h> with <linux/errno.h>

Now, arch/${ARCH}/include/asm/errno.h and include/linux/errno.h have
the same content. (both just wrap <asm-generic/errno.h>)

Replace

treewide: replace #include <asm/errno.h> with <linux/errno.h>

Now, arch/${ARCH}/include/asm/errno.h and include/linux/errno.h have
the same content. (both just wrap <asm-generic/errno.h>)

Replace all include directives for <asm/errno.h> with <linux/errno.h>.

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
[trini: Fixup include/clk.]
Signed-off-by: Tom Rini <trini@konsulko.com>

show more ...

hash.c: Conditionally compile hash_command, static hash_show

The function hash_show is now only called by hash_command, so mark it as
static (and drop from hash.h). We only call hash_command when a

hash.c: Conditionally compile hash_command, static hash_show

The function hash_show is now only called by hash_command, so mark it as
static (and drop from hash.h). We only call hash_command when any of
CONFIG_CMD_CRC32, CONFIG_CMD_SHA1SUM or CONFIG_CMD_HASH are set. Since
hash.c is linked in unconditionally we must take extra care with
functions that bring in read-only strings as these will not be
discarded.

Signed-off-by: Tom Rini <trini@konsulko.com>

show more ...

Merge branch 'u-boot/master' into 'u-boot-arm/master'

autoboot.c: Add feature to stop autobooting via SHA256 encrypted password

This patch adds the feature to only stop the autobooting, and therefor
boot into the U-Boot prompt, when the input string /

autoboot.c: Add feature to stop autobooting via SHA256 encrypted password

This patch adds the feature to only stop the autobooting, and therefor
boot into the U-Boot prompt, when the input string / password matches
a values that is encypted via a SHA256 hash and saved in the environment.

This feature is enabled by defined these config options:
CONFIG_AUTOBOOT_KEYED
CONFIG_AUTOBOOT_STOP_STR_SHA256

Signed-off-by: Stefan Roese <sr@denx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>

show more ...

Merge branch 'u-boot/master' into 'u-boot-arm/master'

common: Make sure arch-specific map_sysmem() is defined

In the case where the arch defines a custom map_sysmem(), make sure that
including just mapmem.h is sufficient to have these functions as they

common: Make sure arch-specific map_sysmem() is defined

In the case where the arch defines a custom map_sysmem(), make sure that
including just mapmem.h is sufficient to have these functions as they
are when the arch does not override it.

Also split the non-arch specific functions out of common.h

Signed-off-by: Joe Hershberger <joe.hershberger@ni.com>
Reviewed-by: Simon Glass <sjg@chromium.org>

show more ...

Merge branch 'master' of git://git.denx.de/u-boot

Merge branch 'master' of git://git.denx.de/u-boot-fsl-qoriq

crypto/fsl - Add progressive hashing support using hardware acceleration.

Currently only normal hashing is supported using hardware acceleration.
Added support for progressive hashing using hardware

crypto/fsl - Add progressive hashing support using hardware acceleration.

Currently only normal hashing is supported using hardware acceleration.
Added support for progressive hashing using hardware.

Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com>
Signed-off-by: Gaurav Rana <gaurav.rana@freescale.com>
CC: Simon Glass <sjg@chromium.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: York Sun <yorksun@freescale.com>

show more ...

Merge remote-tracking branch 'u-boot/master' into 'u-boot-arm/master'

Merge branch 'master' of git://git.denx.de/u-boot

Merge branch 'master' of git://git.denx.de/u-boot-dm